dependabot-nuget 0.238.0 → 0.239.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/nuget/file_fetcher.rb +12 -19
- data/lib/dependabot/nuget/requirement.rb +5 -1
- data/lib/dependabot/nuget/update_checker/nupkg_fetcher.rb +92 -87
- data/lib/dependabot/nuget/update_checker/nuspec_fetcher.rb +56 -59
- data/lib/dependabot/nuget/update_checker/repository_finder.rb +4 -0
- metadata +7 -7
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 2bf5bdfc4f365f5d04c30193e1b44e7a82ddb5816461148e4172cabc1a86bea3
|
|
4
|
+
data.tar.gz: 0ca7483d0fdc3d3a7dc2af7c8f475e7b02a121d4a8a5c58f495ff857d32c3dad
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a0bd5448386d99ac0fa6a27ea6f5ec137885cd8a208762602d69284c1cdea6bb9e521a885b9a50cb42eb45b2de9ec760def87940c15023a910f7f9455a612fc9
|
|
7
|
+
data.tar.gz: 4096cfc58f861ec2f4f5d7a4022fd06f001d0f4421130bf0708e877a93ce2e12e722259d60b29f8303375d2e3cdc5f595e396cb4273d5c1e03a34e23a3a154ec
|
|
@@ -30,12 +30,10 @@ module Dependabot
|
|
|
30
30
|
"Repo must contain a .proj file, .(cs|vb|fs)proj file, or a packages.config."
|
|
31
31
|
end
|
|
32
32
|
|
|
33
|
-
# rubocop:disable Metrics/AbcSize
|
|
34
33
|
sig { override.returns(T::Array[DependencyFile]) }
|
|
35
34
|
def fetch_files
|
|
36
35
|
fetched_files = []
|
|
37
36
|
fetched_files += project_files
|
|
38
|
-
fetched_files += project_files.filter_map { |f| directory_packages_props_file_from_project_file(f) }
|
|
39
37
|
fetched_files += directory_build_files
|
|
40
38
|
fetched_files += imported_property_files
|
|
41
39
|
|
|
@@ -47,7 +45,7 @@ module Dependabot
|
|
|
47
45
|
|
|
48
46
|
# dedup files based on their absolute path
|
|
49
47
|
fetched_files = fetched_files.uniq do |fetched_file|
|
|
50
|
-
Pathname.new(
|
|
48
|
+
Pathname.new(fetched_file.directory).join(fetched_file.name).cleanpath.to_path
|
|
51
49
|
end
|
|
52
50
|
|
|
53
51
|
if project_files.none? && packages_config_files.none?
|
|
@@ -61,7 +59,6 @@ module Dependabot
|
|
|
61
59
|
|
|
62
60
|
fetched_files
|
|
63
61
|
end
|
|
64
|
-
# rubocop:enable Metrics/AbcSize
|
|
65
62
|
|
|
66
63
|
private
|
|
67
64
|
|
|
@@ -72,8 +69,9 @@ module Dependabot
|
|
|
72
69
|
project_files += csproj_file
|
|
73
70
|
project_files += vbproj_file
|
|
74
71
|
project_files += fsproj_file
|
|
75
|
-
|
|
76
72
|
project_files += sln_project_files
|
|
73
|
+
project_files += proj_files
|
|
74
|
+
project_files += project_files.filter_map { |f| directory_packages_props_file_from_project_file(f) }
|
|
77
75
|
project_files
|
|
78
76
|
end
|
|
79
77
|
rescue Octokit::NotFound, Gitlab::Error::NotFound
|
|
@@ -120,22 +118,15 @@ module Dependabot
|
|
|
120
118
|
@directory_build_files ||= fetch_directory_build_files
|
|
121
119
|
end
|
|
122
120
|
|
|
123
|
-
# rubocop:disable Metrics/AbcSize
|
|
124
121
|
def fetch_directory_build_files
|
|
125
122
|
attempted_dirs = []
|
|
126
123
|
directory_build_files = []
|
|
127
124
|
directory_path = Pathname.new(directory)
|
|
128
125
|
|
|
129
126
|
# find all build files (Directory.Build.props/.targets) relative to the given project file
|
|
130
|
-
project_files.map { |f|
|
|
127
|
+
project_files.map { |f| Pathname.new(f.directory).join(f.name).dirname }.uniq.each do |dir|
|
|
131
128
|
# Simulate MSBuild walking up the directory structure looking for a file
|
|
132
|
-
|
|
133
|
-
candidate_dir = dir.split("/").first(i + 1).join("/")
|
|
134
|
-
candidate_dir = "/#{candidate_dir}" unless candidate_dir.start_with?("/")
|
|
135
|
-
candidate_dir
|
|
136
|
-
end.reverse
|
|
137
|
-
|
|
138
|
-
possible_dirs.each do |possible_dir|
|
|
129
|
+
dir.descend.each do |possible_dir|
|
|
139
130
|
break if attempted_dirs.include?(possible_dir)
|
|
140
131
|
|
|
141
132
|
attempted_dirs << possible_dir
|
|
@@ -150,7 +141,6 @@ module Dependabot
|
|
|
150
141
|
|
|
151
142
|
directory_build_files
|
|
152
143
|
end
|
|
153
|
-
# rubocop:enable Metrics/AbcSize
|
|
154
144
|
|
|
155
145
|
def sln_project_files
|
|
156
146
|
return [] unless sln_files
|
|
@@ -196,18 +186,21 @@ module Dependabot
|
|
|
196
186
|
@fsproj_file ||= find_and_fetch_with_suffix(".fsproj")
|
|
197
187
|
end
|
|
198
188
|
|
|
189
|
+
def proj_files
|
|
190
|
+
@proj_files ||= find_and_fetch_with_suffix(".proj")
|
|
191
|
+
end
|
|
192
|
+
|
|
199
193
|
def directory_packages_props_file_from_project_file(project_file)
|
|
200
194
|
# walk up the tree from each project file stopping at the first `Directory.Packages.props` file found
|
|
201
195
|
# https://learn.microsoft.com/en-us/nuget/consume-packages/central-package-management#central-package-management-rules
|
|
202
196
|
|
|
203
197
|
found_directory_packages_props_file = nil
|
|
204
198
|
directory_path = Pathname.new(directory)
|
|
205
|
-
full_project_dir =
|
|
206
|
-
full_project_dir.
|
|
199
|
+
full_project_dir = Pathname.new(project_file.directory).join(project_file.name).dirname
|
|
200
|
+
full_project_dir.ascend.each do |base|
|
|
207
201
|
break if found_directory_packages_props_file
|
|
208
202
|
|
|
209
|
-
|
|
210
|
-
candidate_file_path = Pathname.new(base + "/Directory.Packages.props").cleanpath.to_path
|
|
203
|
+
candidate_file_path = Pathname.new(base).join("Directory.Packages.props").cleanpath.to_path
|
|
211
204
|
candidate_directory = Pathname.new(File.dirname(candidate_file_path))
|
|
212
205
|
relative_candidate_directory = candidate_directory.relative_path_from(directory_path)
|
|
213
206
|
candidate_file = repo_contents(dir: relative_candidate_directory).find do |f|
|
|
@@ -1,6 +1,9 @@
|
|
|
1
1
|
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "sorbet-runtime"
|
|
5
|
+
|
|
6
|
+
require "dependabot/requirement"
|
|
4
7
|
require "dependabot/utils"
|
|
5
8
|
require "dependabot/nuget/version"
|
|
6
9
|
|
|
@@ -8,7 +11,7 @@ require "dependabot/nuget/version"
|
|
|
8
11
|
# https://docs.microsoft.com/en-us/nuget/reference/package-versioning
|
|
9
12
|
module Dependabot
|
|
10
13
|
module Nuget
|
|
11
|
-
class Requirement <
|
|
14
|
+
class Requirement < Dependabot::Requirement
|
|
12
15
|
def self.parse(obj)
|
|
13
16
|
return ["=", Nuget::Version.new(obj.to_s)] if obj.is_a?(Gem::Version)
|
|
14
17
|
|
|
@@ -25,6 +28,7 @@ module Dependabot
|
|
|
25
28
|
# For consistency with other languages, we define a requirements array.
|
|
26
29
|
# Dotnet doesn't have an `OR` separator for requirements, so it always
|
|
27
30
|
# contains a single element.
|
|
31
|
+
sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
|
|
28
32
|
def self.requirements_array(requirement_string)
|
|
29
33
|
[new(requirement_string)]
|
|
30
34
|
end
|
|
@@ -1,111 +1,116 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "nokogiri"
|
|
5
5
|
require "zip"
|
|
6
6
|
require "stringio"
|
|
7
|
-
require "dependabot/nuget/update_checker"
|
|
8
7
|
|
|
9
8
|
module Dependabot
|
|
10
9
|
module Nuget
|
|
11
|
-
class
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
nupkg_buffer || fetch_nupkg_buffer_from_repository(repository_details, package_id, package_version)
|
|
19
|
-
end
|
|
10
|
+
class NupkgFetcher
|
|
11
|
+
require_relative "repository_finder"
|
|
12
|
+
|
|
13
|
+
def self.fetch_nupkg_buffer(dependency_urls, package_id, package_version)
|
|
14
|
+
# check all repositories for the first one that has the nupkg
|
|
15
|
+
dependency_urls.reduce(nil) do |nupkg_buffer, repository_details|
|
|
16
|
+
nupkg_buffer || fetch_nupkg_buffer_from_repository(repository_details, package_id, package_version)
|
|
20
17
|
end
|
|
18
|
+
end
|
|
21
19
|
|
|
22
|
-
|
|
23
|
-
|
|
20
|
+
def self.fetch_nupkg_url_from_repository(repository_details, package_id, package_version)
|
|
21
|
+
return unless package_id && package_version && !package_version.empty?
|
|
24
22
|
|
|
25
|
-
|
|
26
|
-
|
|
23
|
+
feed_url = repository_details[:repository_url]
|
|
24
|
+
repository_type = repository_details[:repository_type]
|
|
27
25
|
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
26
|
+
azure_devops_match = try_match_azure_url(feed_url)
|
|
27
|
+
package_url = if azure_devops_match
|
|
28
|
+
get_azure_package_url(azure_devops_match, package_id, package_version)
|
|
29
|
+
elsif repository_type == "v2"
|
|
30
|
+
get_nuget_v2_package_url(feed_url, package_id, package_version)
|
|
31
|
+
elsif repository_type == "v3"
|
|
32
|
+
get_nuget_v3_package_url(repository_details, package_id, package_version)
|
|
33
|
+
else
|
|
34
|
+
raise Dependabot::DependencyFileNotResolvable, "Unexpected NuGet feed format: #{feed_url}"
|
|
35
|
+
end
|
|
38
36
|
|
|
39
|
-
|
|
40
|
-
|
|
37
|
+
package_url
|
|
38
|
+
end
|
|
39
|
+
|
|
40
|
+
def self.fetch_nupkg_buffer_from_repository(repository_details, package_id, package_version)
|
|
41
|
+
package_url = fetch_nupkg_url_from_repository(repository_details, package_id, package_version)
|
|
42
|
+
return unless package_url
|
|
43
|
+
|
|
44
|
+
auth_header = repository_details[:auth_header]
|
|
45
|
+
fetch_stream(package_url, auth_header)
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
def self.try_match_azure_url(feed_url)
|
|
49
|
+
# if url is azure devops
|
|
50
|
+
azure_devops_regexs = [
|
|
51
|
+
%r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/(?<project>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json},
|
|
52
|
+
%r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)},
|
|
53
|
+
%r{https://(?<organization>[^\.\/]+)\.pkgs\.visualstudio\.com/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)}
|
|
54
|
+
]
|
|
55
|
+
regex = azure_devops_regexs.find { |reg| reg.match(feed_url) }
|
|
56
|
+
return unless regex
|
|
57
|
+
|
|
58
|
+
regex.match(feed_url)
|
|
59
|
+
end
|
|
60
|
+
|
|
61
|
+
def self.get_azure_package_url(azure_devops_match, package_id, package_version)
|
|
62
|
+
organization = azure_devops_match[:organization]
|
|
63
|
+
project = azure_devops_match[:project]
|
|
64
|
+
feed_id = azure_devops_match[:feedId]
|
|
41
65
|
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
46
|
-
%r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)},
|
|
47
|
-
%r{https://(?<organization>[^\.\/]+)\.pkgs\.visualstudio\.com/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)}
|
|
48
|
-
]
|
|
49
|
-
regex = azure_devops_regexs.find { |reg| reg.match(feed_url) }
|
|
50
|
-
return unless regex
|
|
51
|
-
|
|
52
|
-
regex.match(feed_url)
|
|
66
|
+
if project.empty?
|
|
67
|
+
"https://pkgs.dev.azure.com/#{organization}/_apis/packaging/feeds/#{feed_id}/nuget/packages/#{package_id}/versions/#{package_version}/content?sourceProtocolVersion=nuget&api-version=7.0-preview"
|
|
68
|
+
else
|
|
69
|
+
"https://pkgs.dev.azure.com/#{organization}/#{project}/_apis/packaging/feeds/#{feed_id}/nuget/packages/#{package_id}/versions/#{package_version}/content?sourceProtocolVersion=nuget&api-version=7.0-preview"
|
|
53
70
|
end
|
|
71
|
+
end
|
|
54
72
|
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
|
|
73
|
+
def self.get_nuget_v3_package_url(repository_details, package_id, package_version)
|
|
74
|
+
base_url = repository_details[:base_url].delete_suffix("/")
|
|
75
|
+
package_id_downcased = package_id.downcase
|
|
76
|
+
"#{base_url}/#{package_id_downcased}/#{package_version}/#{package_id_downcased}.#{package_version}.nupkg"
|
|
77
|
+
end
|
|
59
78
|
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
79
|
+
def self.get_nuget_v2_package_url(feed_url, package_id, package_version)
|
|
80
|
+
base_url = feed_url
|
|
81
|
+
base_url += "/" unless base_url.end_with?("/")
|
|
82
|
+
package_id_downcased = package_id.downcase
|
|
83
|
+
"#{base_url}/package/#{package_id_downcased}/#{package_version}"
|
|
84
|
+
end
|
|
85
|
+
|
|
86
|
+
def self.fetch_stream(stream_url, auth_header, max_redirects = 5)
|
|
87
|
+
current_url = stream_url
|
|
88
|
+
current_redirects = 0
|
|
89
|
+
|
|
90
|
+
loop do
|
|
91
|
+
connection = Excon.new(current_url, persistent: true)
|
|
92
|
+
|
|
93
|
+
package_data = StringIO.new
|
|
94
|
+
response_block = lambda do |chunk, _remaining_bytes, _total_bytes|
|
|
95
|
+
package_data.write(chunk)
|
|
64
96
|
end
|
|
65
|
-
end
|
|
66
97
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
98
|
+
response = connection.request(
|
|
99
|
+
method: :get,
|
|
100
|
+
headers: auth_header,
|
|
101
|
+
response_block: response_block
|
|
102
|
+
)
|
|
72
103
|
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
package_id_downcased = package_id.downcase
|
|
77
|
-
"#{base_url}/package/#{package_id_downcased}/#{package_version}"
|
|
78
|
-
end
|
|
104
|
+
if response.status == 303
|
|
105
|
+
current_redirects += 1
|
|
106
|
+
return nil if current_redirects > max_redirects
|
|
79
107
|
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
package_data = StringIO.new
|
|
88
|
-
response_block = lambda do |chunk, _remaining_bytes, _total_bytes|
|
|
89
|
-
package_data.write(chunk)
|
|
90
|
-
end
|
|
91
|
-
|
|
92
|
-
response = connection.request(
|
|
93
|
-
method: :get,
|
|
94
|
-
headers: auth_header,
|
|
95
|
-
response_block: response_block
|
|
96
|
-
)
|
|
97
|
-
|
|
98
|
-
if response.status == 303
|
|
99
|
-
current_redirects += 1
|
|
100
|
-
return nil if current_redirects > max_redirects
|
|
101
|
-
|
|
102
|
-
current_url = response.headers["Location"]
|
|
103
|
-
elsif response.status == 200
|
|
104
|
-
package_data.rewind
|
|
105
|
-
return package_data
|
|
106
|
-
else
|
|
107
|
-
return nil
|
|
108
|
-
end
|
|
108
|
+
current_url = response.headers["Location"]
|
|
109
|
+
elsif response.status == 200
|
|
110
|
+
package_data.rewind
|
|
111
|
+
return package_data
|
|
112
|
+
else
|
|
113
|
+
return nil
|
|
109
114
|
end
|
|
110
115
|
end
|
|
111
116
|
end
|
|
@@ -1,85 +1,82 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "nokogiri"
|
|
5
5
|
require "zip"
|
|
6
6
|
require "stringio"
|
|
7
|
-
require "dependabot/nuget/update_checker"
|
|
8
7
|
|
|
9
8
|
module Dependabot
|
|
10
9
|
module Nuget
|
|
11
|
-
class
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
require_relative "repository_finder"
|
|
10
|
+
class NuspecFetcher
|
|
11
|
+
require_relative "nupkg_fetcher"
|
|
12
|
+
require_relative "repository_finder"
|
|
15
13
|
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
end
|
|
14
|
+
def self.fetch_nuspec(dependency_urls, package_id, package_version)
|
|
15
|
+
# check all repositories for the first one that has the nuspec
|
|
16
|
+
dependency_urls.reduce(nil) do |nuspec_xml, repository_details|
|
|
17
|
+
nuspec_xml || fetch_nuspec_from_repository(repository_details, package_id, package_version)
|
|
21
18
|
end
|
|
19
|
+
end
|
|
22
20
|
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
feed_url = repository_details[:repository_url]
|
|
27
|
-
auth_header = repository_details[:auth_header]
|
|
21
|
+
def self.fetch_nuspec_from_repository(repository_details, package_id, package_version)
|
|
22
|
+
return unless package_id && package_version && !package_version.empty?
|
|
28
23
|
|
|
29
|
-
|
|
24
|
+
feed_url = repository_details[:repository_url]
|
|
25
|
+
auth_header = repository_details[:auth_header]
|
|
30
26
|
|
|
31
|
-
|
|
32
|
-
# this is an azure devops url we can extract the nuspec from the nupkg
|
|
33
|
-
package_data = NupkgFetcher.fetch_nupkg_buffer_from_repository(repository_details, package_id,
|
|
34
|
-
package_version)
|
|
35
|
-
return if package_data.nil?
|
|
27
|
+
nuspec_xml = nil
|
|
36
28
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
package_id_downcased = package_id.downcase
|
|
43
|
-
nuspec_url = "#{base_url}/#{package_id_downcased}/#{package_version}/#{package_id_downcased}.nuspec"
|
|
29
|
+
if azure_package_feed?(feed_url)
|
|
30
|
+
# this is an azure devops url we can extract the nuspec from the nupkg
|
|
31
|
+
package_data = NupkgFetcher.fetch_nupkg_buffer_from_repository(repository_details, package_id,
|
|
32
|
+
package_version)
|
|
33
|
+
return if package_data.nil?
|
|
44
34
|
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
35
|
+
nuspec_string = extract_nuspec(package_data, package_id)
|
|
36
|
+
nuspec_xml = Nokogiri::XML(nuspec_string)
|
|
37
|
+
else
|
|
38
|
+
# we can use the normal nuget apis to get the nuspec and list out the dependencies
|
|
39
|
+
base_url = feed_url.gsub("/index.json", "-flatcontainer")
|
|
40
|
+
package_id_downcased = package_id.downcase
|
|
41
|
+
nuspec_url = "#{base_url}/#{package_id_downcased}/#{package_version}/#{package_id_downcased}.nuspec"
|
|
49
42
|
|
|
50
|
-
|
|
43
|
+
nuspec_response = Dependabot::RegistryClient.get(
|
|
44
|
+
url: nuspec_url,
|
|
45
|
+
headers: auth_header
|
|
46
|
+
)
|
|
51
47
|
|
|
52
|
-
|
|
53
|
-
nuspec_xml = Nokogiri::XML(nuspec_response_body)
|
|
54
|
-
end
|
|
48
|
+
return unless nuspec_response.status == 200
|
|
55
49
|
|
|
56
|
-
|
|
57
|
-
nuspec_xml
|
|
50
|
+
nuspec_response_body = remove_wrapping_zero_width_chars(nuspec_response.body)
|
|
51
|
+
nuspec_xml = Nokogiri::XML(nuspec_response_body)
|
|
58
52
|
end
|
|
59
53
|
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
%r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/(?<project>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json},
|
|
64
|
-
%r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)},
|
|
65
|
-
%r{https://(?<organization>[^\.\/]+)\.pkgs\.visualstudio\.com/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)}
|
|
66
|
-
]
|
|
67
|
-
azure_devops_regexs.any? { |reg| reg.match(feed_url) }
|
|
68
|
-
end
|
|
54
|
+
nuspec_xml.remove_namespaces!
|
|
55
|
+
nuspec_xml
|
|
56
|
+
end
|
|
69
57
|
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
58
|
+
def self.azure_package_feed?(feed_url)
|
|
59
|
+
# if url is azure devops
|
|
60
|
+
azure_devops_regexs = [
|
|
61
|
+
%r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/(?<project>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json},
|
|
62
|
+
%r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)},
|
|
63
|
+
%r{https://(?<organization>[^\.\/]+)\.pkgs\.visualstudio\.com/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)}
|
|
64
|
+
]
|
|
65
|
+
azure_devops_regexs.any? { |reg| reg.match(feed_url) }
|
|
66
|
+
end
|
|
77
67
|
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
68
|
+
def self.extract_nuspec(zip_stream, package_id)
|
|
69
|
+
Zip::File.open_buffer(zip_stream) do |zip|
|
|
70
|
+
nuspec_entry = zip.find { |entry| entry.name == "#{package_id}.nuspec" }
|
|
71
|
+
return nuspec_entry.get_input_stream.read if nuspec_entry
|
|
82
72
|
end
|
|
73
|
+
nil
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def self.remove_wrapping_zero_width_chars(string)
|
|
77
|
+
string.force_encoding("UTF-8").encode
|
|
78
|
+
.gsub(/\A[\u200B-\u200D\uFEFF]/, "")
|
|
79
|
+
.gsub(/[\u200B-\u200D\uFEFF]\Z/, "")
|
|
83
80
|
end
|
|
84
81
|
end
|
|
85
82
|
end
|
|
@@ -26,6 +26,7 @@ module Dependabot
|
|
|
26
26
|
|
|
27
27
|
def self.get_default_repository_details(dependency_name)
|
|
28
28
|
{
|
|
29
|
+
base_url: "https://api.nuget.org/v3-flatcontainer/",
|
|
29
30
|
repository_url: DEFAULT_REPOSITORY_URL,
|
|
30
31
|
versions_url: "https://api.nuget.org/v3-flatcontainer/" \
|
|
31
32
|
"#{dependency_name.downcase}/index.json",
|
|
@@ -60,9 +61,11 @@ module Dependabot
|
|
|
60
61
|
|
|
61
62
|
body = remove_wrapping_zero_width_chars(response.body)
|
|
62
63
|
base_url = base_url_from_v3_metadata(JSON.parse(body))
|
|
64
|
+
resolved_base_url = base_url || repo_details.fetch(:url).gsub("/index.json", "-flatcontainer")
|
|
63
65
|
search_url = search_url_from_v3_metadata(JSON.parse(body))
|
|
64
66
|
|
|
65
67
|
details = {
|
|
68
|
+
base_url: resolved_base_url,
|
|
66
69
|
repository_url: repo_details.fetch(:url),
|
|
67
70
|
auth_header: auth_header_for_token(repo_details.fetch(:token)),
|
|
68
71
|
repository_type: "v3"
|
|
@@ -120,6 +123,7 @@ module Dependabot
|
|
|
120
123
|
base_url ||= repo_details.fetch(:url)
|
|
121
124
|
|
|
122
125
|
{
|
|
126
|
+
base_url: base_url,
|
|
123
127
|
repository_url: base_url,
|
|
124
128
|
versions_url: File.join(
|
|
125
129
|
base_url,
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-nuget
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.239.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-12-
|
|
11
|
+
date: 2023-12-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.239.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.239.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: rubyzip
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -134,14 +134,14 @@ dependencies:
|
|
|
134
134
|
requirements:
|
|
135
135
|
- - "~>"
|
|
136
136
|
- !ruby/object:Gem::Version
|
|
137
|
-
version: 1.
|
|
137
|
+
version: 1.58.0
|
|
138
138
|
type: :development
|
|
139
139
|
prerelease: false
|
|
140
140
|
version_requirements: !ruby/object:Gem::Requirement
|
|
141
141
|
requirements:
|
|
142
142
|
- - "~>"
|
|
143
143
|
- !ruby/object:Gem::Version
|
|
144
|
-
version: 1.
|
|
144
|
+
version: 1.58.0
|
|
145
145
|
- !ruby/object:Gem::Dependency
|
|
146
146
|
name: rubocop-performance
|
|
147
147
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -267,7 +267,7 @@ licenses:
|
|
|
267
267
|
- Nonstandard
|
|
268
268
|
metadata:
|
|
269
269
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
270
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
270
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.239.0
|
|
271
271
|
post_install_message:
|
|
272
272
|
rdoc_options: []
|
|
273
273
|
require_paths:
|