dependabot-nuget 0.238.0 → 0.240.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/nuget/cache_manager.rb +2 -0
- data/lib/dependabot/nuget/file_fetcher.rb +63 -59
- data/lib/dependabot/nuget/file_parser/packages_config_parser.rb +0 -6
- data/lib/dependabot/nuget/file_parser/project_file_parser.rb +7 -22
- data/lib/dependabot/nuget/file_parser.rb +1 -1
- data/lib/dependabot/nuget/file_updater.rb +6 -2
- data/lib/dependabot/nuget/native_helpers.rb +7 -4
- data/lib/dependabot/nuget/nuget_client.rb +99 -0
- data/lib/dependabot/nuget/nuget_config_credential_helpers.rb +71 -0
- data/lib/dependabot/nuget/requirement.rb +6 -2
- data/lib/dependabot/nuget/update_checker/compatibility_checker.rb +2 -2
- data/lib/dependabot/nuget/update_checker/dependency_finder.rb +2 -2
- data/lib/dependabot/nuget/update_checker/nupkg_fetcher.rb +65 -88
- data/lib/dependabot/nuget/update_checker/nuspec_fetcher.rb +56 -59
- data/lib/dependabot/nuget/update_checker/property_updater.rb +2 -2
- data/lib/dependabot/nuget/update_checker/repository_finder.rb +43 -8
- data/lib/dependabot/nuget/update_checker/requirements_updater.rb +2 -2
- data/lib/dependabot/nuget/update_checker/tfm_comparer.rb +2 -2
- data/lib/dependabot/nuget/update_checker/tfm_finder.rb +2 -2
- data/lib/dependabot/nuget/update_checker/version_finder.rb +4 -42
- metadata +23 -7
|
@@ -1,111 +1,88 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "nokogiri"
|
|
5
5
|
require "zip"
|
|
6
6
|
require "stringio"
|
|
7
|
-
require "dependabot/nuget/update_checker"
|
|
8
7
|
|
|
9
8
|
module Dependabot
|
|
10
9
|
module Nuget
|
|
11
|
-
class
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
nupkg_buffer || fetch_nupkg_buffer_from_repository(repository_details, package_id, package_version)
|
|
19
|
-
end
|
|
10
|
+
class NupkgFetcher
|
|
11
|
+
require_relative "repository_finder"
|
|
12
|
+
|
|
13
|
+
def self.fetch_nupkg_buffer(dependency_urls, package_id, package_version)
|
|
14
|
+
# check all repositories for the first one that has the nupkg
|
|
15
|
+
dependency_urls.reduce(nil) do |nupkg_buffer, repository_details|
|
|
16
|
+
nupkg_buffer || fetch_nupkg_buffer_from_repository(repository_details, package_id, package_version)
|
|
20
17
|
end
|
|
18
|
+
end
|
|
21
19
|
|
|
22
|
-
|
|
23
|
-
|
|
20
|
+
def self.fetch_nupkg_url_from_repository(repository_details, package_id, package_version)
|
|
21
|
+
return unless package_id && package_version && !package_version.empty?
|
|
24
22
|
|
|
25
|
-
|
|
26
|
-
|
|
23
|
+
feed_url = repository_details[:repository_url]
|
|
24
|
+
repository_type = repository_details[:repository_type]
|
|
27
25
|
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
else
|
|
36
|
-
raise Dependabot::DependencyFileNotResolvable, "Unexpected NuGet feed format: #{feed_url}"
|
|
37
|
-
end
|
|
26
|
+
package_url = if repository_type == "v2"
|
|
27
|
+
get_nuget_v2_package_url(feed_url, package_id, package_version)
|
|
28
|
+
elsif repository_type == "v3"
|
|
29
|
+
get_nuget_v3_package_url(repository_details, package_id, package_version)
|
|
30
|
+
else
|
|
31
|
+
raise Dependabot::DependencyFileNotResolvable, "Unexpected NuGet feed format: #{feed_url}"
|
|
32
|
+
end
|
|
38
33
|
|
|
39
|
-
|
|
40
|
-
|
|
34
|
+
package_url
|
|
35
|
+
end
|
|
41
36
|
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
%r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/(?<project>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json},
|
|
46
|
-
%r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)},
|
|
47
|
-
%r{https://(?<organization>[^\.\/]+)\.pkgs\.visualstudio\.com/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)}
|
|
48
|
-
]
|
|
49
|
-
regex = azure_devops_regexs.find { |reg| reg.match(feed_url) }
|
|
50
|
-
return unless regex
|
|
51
|
-
|
|
52
|
-
regex.match(feed_url)
|
|
53
|
-
end
|
|
37
|
+
def self.fetch_nupkg_buffer_from_repository(repository_details, package_id, package_version)
|
|
38
|
+
package_url = fetch_nupkg_url_from_repository(repository_details, package_id, package_version)
|
|
39
|
+
return unless package_url
|
|
54
40
|
|
|
55
|
-
|
|
56
|
-
|
|
57
|
-
|
|
58
|
-
feed_id = azure_devops_match[:feedId]
|
|
41
|
+
auth_header = repository_details[:auth_header]
|
|
42
|
+
fetch_stream(package_url, auth_header)
|
|
43
|
+
end
|
|
59
44
|
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
|
|
45
|
+
def self.get_nuget_v3_package_url(repository_details, package_id, package_version)
|
|
46
|
+
base_url = repository_details[:base_url].delete_suffix("/")
|
|
47
|
+
package_id_downcased = package_id.downcase
|
|
48
|
+
"#{base_url}/#{package_id_downcased}/#{package_version}/#{package_id_downcased}.#{package_version}.nupkg"
|
|
49
|
+
end
|
|
50
|
+
|
|
51
|
+
def self.get_nuget_v2_package_url(feed_url, package_id, package_version)
|
|
52
|
+
base_url = feed_url
|
|
53
|
+
base_url += "/" unless base_url.end_with?("/")
|
|
54
|
+
package_id_downcased = package_id.downcase
|
|
55
|
+
"#{base_url}/package/#{package_id_downcased}/#{package_version}"
|
|
56
|
+
end
|
|
57
|
+
|
|
58
|
+
def self.fetch_stream(stream_url, auth_header, max_redirects = 5)
|
|
59
|
+
current_url = stream_url
|
|
60
|
+
current_redirects = 0
|
|
61
|
+
|
|
62
|
+
loop do
|
|
63
|
+
connection = Excon.new(current_url, persistent: true)
|
|
64
|
+
|
|
65
|
+
package_data = StringIO.new
|
|
66
|
+
response_block = lambda do |chunk, _remaining_bytes, _total_bytes|
|
|
67
|
+
package_data.write(chunk)
|
|
64
68
|
end
|
|
65
|
-
end
|
|
66
69
|
|
|
67
|
-
|
|
68
|
-
|
|
69
|
-
|
|
70
|
-
|
|
71
|
-
|
|
70
|
+
response = connection.request(
|
|
71
|
+
method: :get,
|
|
72
|
+
headers: auth_header,
|
|
73
|
+
response_block: response_block
|
|
74
|
+
)
|
|
72
75
|
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
package_id_downcased = package_id.downcase
|
|
77
|
-
"#{base_url}/package/#{package_id_downcased}/#{package_version}"
|
|
78
|
-
end
|
|
76
|
+
if response.status == 303
|
|
77
|
+
current_redirects += 1
|
|
78
|
+
return nil if current_redirects > max_redirects
|
|
79
79
|
|
|
80
|
-
|
|
81
|
-
|
|
82
|
-
|
|
83
|
-
|
|
84
|
-
|
|
85
|
-
|
|
86
|
-
|
|
87
|
-
package_data = StringIO.new
|
|
88
|
-
response_block = lambda do |chunk, _remaining_bytes, _total_bytes|
|
|
89
|
-
package_data.write(chunk)
|
|
90
|
-
end
|
|
91
|
-
|
|
92
|
-
response = connection.request(
|
|
93
|
-
method: :get,
|
|
94
|
-
headers: auth_header,
|
|
95
|
-
response_block: response_block
|
|
96
|
-
)
|
|
97
|
-
|
|
98
|
-
if response.status == 303
|
|
99
|
-
current_redirects += 1
|
|
100
|
-
return nil if current_redirects > max_redirects
|
|
101
|
-
|
|
102
|
-
current_url = response.headers["Location"]
|
|
103
|
-
elsif response.status == 200
|
|
104
|
-
package_data.rewind
|
|
105
|
-
return package_data
|
|
106
|
-
else
|
|
107
|
-
return nil
|
|
108
|
-
end
|
|
80
|
+
current_url = response.headers["Location"]
|
|
81
|
+
elsif response.status == 200
|
|
82
|
+
package_data.rewind
|
|
83
|
+
return package_data
|
|
84
|
+
else
|
|
85
|
+
return nil
|
|
109
86
|
end
|
|
110
87
|
end
|
|
111
88
|
end
|
|
@@ -1,85 +1,82 @@
|
|
|
1
|
-
# typed:
|
|
1
|
+
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
4
|
require "nokogiri"
|
|
5
5
|
require "zip"
|
|
6
6
|
require "stringio"
|
|
7
|
-
require "dependabot/nuget/update_checker"
|
|
8
7
|
|
|
9
8
|
module Dependabot
|
|
10
9
|
module Nuget
|
|
11
|
-
class
|
|
12
|
-
|
|
13
|
-
|
|
14
|
-
require_relative "repository_finder"
|
|
10
|
+
class NuspecFetcher
|
|
11
|
+
require_relative "nupkg_fetcher"
|
|
12
|
+
require_relative "repository_finder"
|
|
15
13
|
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
end
|
|
14
|
+
def self.fetch_nuspec(dependency_urls, package_id, package_version)
|
|
15
|
+
# check all repositories for the first one that has the nuspec
|
|
16
|
+
dependency_urls.reduce(nil) do |nuspec_xml, repository_details|
|
|
17
|
+
nuspec_xml || fetch_nuspec_from_repository(repository_details, package_id, package_version)
|
|
21
18
|
end
|
|
19
|
+
end
|
|
22
20
|
|
|
23
|
-
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
feed_url = repository_details[:repository_url]
|
|
27
|
-
auth_header = repository_details[:auth_header]
|
|
21
|
+
def self.fetch_nuspec_from_repository(repository_details, package_id, package_version)
|
|
22
|
+
return unless package_id && package_version && !package_version.empty?
|
|
28
23
|
|
|
29
|
-
|
|
24
|
+
feed_url = repository_details[:repository_url]
|
|
25
|
+
auth_header = repository_details[:auth_header]
|
|
30
26
|
|
|
31
|
-
|
|
32
|
-
# this is an azure devops url we can extract the nuspec from the nupkg
|
|
33
|
-
package_data = NupkgFetcher.fetch_nupkg_buffer_from_repository(repository_details, package_id,
|
|
34
|
-
package_version)
|
|
35
|
-
return if package_data.nil?
|
|
27
|
+
nuspec_xml = nil
|
|
36
28
|
|
|
37
|
-
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
package_id_downcased = package_id.downcase
|
|
43
|
-
nuspec_url = "#{base_url}/#{package_id_downcased}/#{package_version}/#{package_id_downcased}.nuspec"
|
|
29
|
+
if azure_package_feed?(feed_url)
|
|
30
|
+
# this is an azure devops url we can extract the nuspec from the nupkg
|
|
31
|
+
package_data = NupkgFetcher.fetch_nupkg_buffer_from_repository(repository_details, package_id,
|
|
32
|
+
package_version)
|
|
33
|
+
return if package_data.nil?
|
|
44
34
|
|
|
45
|
-
|
|
46
|
-
|
|
47
|
-
|
|
48
|
-
|
|
35
|
+
nuspec_string = extract_nuspec(package_data, package_id)
|
|
36
|
+
nuspec_xml = Nokogiri::XML(nuspec_string)
|
|
37
|
+
else
|
|
38
|
+
# we can use the normal nuget apis to get the nuspec and list out the dependencies
|
|
39
|
+
base_url = feed_url.gsub("/index.json", "-flatcontainer")
|
|
40
|
+
package_id_downcased = package_id.downcase
|
|
41
|
+
nuspec_url = "#{base_url}/#{package_id_downcased}/#{package_version}/#{package_id_downcased}.nuspec"
|
|
49
42
|
|
|
50
|
-
|
|
43
|
+
nuspec_response = Dependabot::RegistryClient.get(
|
|
44
|
+
url: nuspec_url,
|
|
45
|
+
headers: auth_header
|
|
46
|
+
)
|
|
51
47
|
|
|
52
|
-
|
|
53
|
-
nuspec_xml = Nokogiri::XML(nuspec_response_body)
|
|
54
|
-
end
|
|
48
|
+
return unless nuspec_response.status == 200
|
|
55
49
|
|
|
56
|
-
|
|
57
|
-
nuspec_xml
|
|
50
|
+
nuspec_response_body = remove_wrapping_zero_width_chars(nuspec_response.body)
|
|
51
|
+
nuspec_xml = Nokogiri::XML(nuspec_response_body)
|
|
58
52
|
end
|
|
59
53
|
|
|
60
|
-
|
|
61
|
-
|
|
62
|
-
|
|
63
|
-
%r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/(?<project>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json},
|
|
64
|
-
%r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)},
|
|
65
|
-
%r{https://(?<organization>[^\.\/]+)\.pkgs\.visualstudio\.com/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)}
|
|
66
|
-
]
|
|
67
|
-
azure_devops_regexs.any? { |reg| reg.match(feed_url) }
|
|
68
|
-
end
|
|
54
|
+
nuspec_xml.remove_namespaces!
|
|
55
|
+
nuspec_xml
|
|
56
|
+
end
|
|
69
57
|
|
|
70
|
-
|
|
71
|
-
|
|
72
|
-
|
|
73
|
-
|
|
74
|
-
|
|
75
|
-
|
|
76
|
-
|
|
58
|
+
def self.azure_package_feed?(feed_url)
|
|
59
|
+
# if url is azure devops
|
|
60
|
+
azure_devops_regexs = [
|
|
61
|
+
%r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/(?<project>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json},
|
|
62
|
+
%r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)},
|
|
63
|
+
%r{https://(?<organization>[^\.\/]+)\.pkgs\.visualstudio\.com/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)}
|
|
64
|
+
]
|
|
65
|
+
azure_devops_regexs.any? { |reg| reg.match(feed_url) }
|
|
66
|
+
end
|
|
77
67
|
|
|
78
|
-
|
|
79
|
-
|
|
80
|
-
|
|
81
|
-
|
|
68
|
+
def self.extract_nuspec(zip_stream, package_id)
|
|
69
|
+
Zip::File.open_buffer(zip_stream) do |zip|
|
|
70
|
+
nuspec_entry = zip.find { |entry| entry.name == "#{package_id}.nuspec" }
|
|
71
|
+
return nuspec_entry.get_input_stream.read if nuspec_entry
|
|
82
72
|
end
|
|
73
|
+
nil
|
|
74
|
+
end
|
|
75
|
+
|
|
76
|
+
def self.remove_wrapping_zero_width_chars(string)
|
|
77
|
+
string.force_encoding("UTF-8").encode
|
|
78
|
+
.gsub(/\A[\u200B-\u200D\uFEFF]/, "")
|
|
79
|
+
.gsub(/[\u200B-\u200D\uFEFF]\Z/, "")
|
|
83
80
|
end
|
|
84
81
|
end
|
|
85
82
|
end
|
|
@@ -1,12 +1,12 @@
|
|
|
1
1
|
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "dependabot/update_checkers/base"
|
|
4
5
|
require "dependabot/nuget/file_parser"
|
|
5
|
-
require "dependabot/nuget/update_checker"
|
|
6
6
|
|
|
7
7
|
module Dependabot
|
|
8
8
|
module Nuget
|
|
9
|
-
class UpdateChecker
|
|
9
|
+
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
10
10
|
class PropertyUpdater
|
|
11
11
|
require_relative "version_finder"
|
|
12
12
|
require_relative "requirements_updater"
|
|
@@ -4,12 +4,13 @@
|
|
|
4
4
|
require "excon"
|
|
5
5
|
require "nokogiri"
|
|
6
6
|
require "dependabot/errors"
|
|
7
|
-
require "dependabot/
|
|
7
|
+
require "dependabot/update_checkers/base"
|
|
8
8
|
require "dependabot/registry_client"
|
|
9
|
+
require "dependabot/nuget/cache_manager"
|
|
9
10
|
|
|
10
11
|
module Dependabot
|
|
11
12
|
module Nuget
|
|
12
|
-
class UpdateChecker
|
|
13
|
+
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
13
14
|
class RepositoryFinder
|
|
14
15
|
DEFAULT_REPOSITORY_URL = "https://api.nuget.org/v3/index.json"
|
|
15
16
|
DEFAULT_REPOSITORY_API_KEY = "nuget.org"
|
|
@@ -26,6 +27,8 @@ module Dependabot
|
|
|
26
27
|
|
|
27
28
|
def self.get_default_repository_details(dependency_name)
|
|
28
29
|
{
|
|
30
|
+
base_url: "https://api.nuget.org/v3-flatcontainer/",
|
|
31
|
+
registration_url: "https://api.nuget.org/v3/registration5-gz-semver2/#{dependency_name.downcase}/index.json",
|
|
29
32
|
repository_url: DEFAULT_REPOSITORY_URL,
|
|
30
33
|
versions_url: "https://api.nuget.org/v3-flatcontainer/" \
|
|
31
34
|
"#{dependency_name.downcase}/index.json",
|
|
@@ -59,10 +62,14 @@ module Dependabot
|
|
|
59
62
|
return unless response.status == 200
|
|
60
63
|
|
|
61
64
|
body = remove_wrapping_zero_width_chars(response.body)
|
|
62
|
-
|
|
63
|
-
|
|
65
|
+
parsed_json = JSON.parse(body)
|
|
66
|
+
base_url = base_url_from_v3_metadata(parsed_json)
|
|
67
|
+
resolved_base_url = base_url || repo_details.fetch(:url).gsub("/index.json", "-flatcontainer")
|
|
68
|
+
search_url = search_url_from_v3_metadata(parsed_json)
|
|
69
|
+
registration_url = registration_url_from_v3_metadata(parsed_json)
|
|
64
70
|
|
|
65
71
|
details = {
|
|
72
|
+
base_url: resolved_base_url,
|
|
66
73
|
repository_url: repo_details.fetch(:url),
|
|
67
74
|
auth_header: auth_header_for_token(repo_details.fetch(:token)),
|
|
68
75
|
repository_type: "v3"
|
|
@@ -75,6 +82,11 @@ module Dependabot
|
|
|
75
82
|
details[:search_url] =
|
|
76
83
|
search_url + "?q=#{dependency.name.downcase}&prerelease=true&semVerLevel=2.0.0"
|
|
77
84
|
end
|
|
85
|
+
|
|
86
|
+
if registration_url
|
|
87
|
+
details[:registration_url] = File.join(registration_url, dependency.name.downcase, "index.json")
|
|
88
|
+
end
|
|
89
|
+
|
|
78
90
|
details
|
|
79
91
|
rescue JSON::ParserError
|
|
80
92
|
build_v2_url(response, repo_details)
|
|
@@ -83,10 +95,18 @@ module Dependabot
|
|
|
83
95
|
end
|
|
84
96
|
|
|
85
97
|
def get_repo_metadata(repo_details)
|
|
86
|
-
|
|
87
|
-
|
|
88
|
-
|
|
89
|
-
|
|
98
|
+
url = repo_details.fetch(:url)
|
|
99
|
+
cache = CacheManager.cache("repo_finder_metadatacache")
|
|
100
|
+
if cache[url]
|
|
101
|
+
cache[url]
|
|
102
|
+
else
|
|
103
|
+
result = Dependabot::RegistryClient.get(
|
|
104
|
+
url: url,
|
|
105
|
+
headers: auth_header_for_token(repo_details.fetch(:token))
|
|
106
|
+
)
|
|
107
|
+
cache[url] = result
|
|
108
|
+
result
|
|
109
|
+
end
|
|
90
110
|
end
|
|
91
111
|
|
|
92
112
|
def base_url_from_v3_metadata(metadata)
|
|
@@ -96,6 +116,20 @@ module Dependabot
|
|
|
96
116
|
&.fetch("@id")
|
|
97
117
|
end
|
|
98
118
|
|
|
119
|
+
def registration_url_from_v3_metadata(metadata)
|
|
120
|
+
allowed_registration_types = %w(
|
|
121
|
+
RegistrationsBaseUrl
|
|
122
|
+
RegistrationsBaseUrl/3.0.0-beta
|
|
123
|
+
RegistrationsBaseUrl/3.0.0-rc
|
|
124
|
+
RegistrationsBaseUrl/3.4.0
|
|
125
|
+
RegistrationsBaseUrl/3.6.0
|
|
126
|
+
)
|
|
127
|
+
metadata
|
|
128
|
+
.fetch("resources", [])
|
|
129
|
+
.find { |r| allowed_registration_types.find { |s| r.fetch("@type") == s } }
|
|
130
|
+
&.fetch("@id")
|
|
131
|
+
end
|
|
132
|
+
|
|
99
133
|
def search_url_from_v3_metadata(metadata)
|
|
100
134
|
# allowable values from here: https://learn.microsoft.com/en-us/nuget/api/search-query-service-resource#versioning
|
|
101
135
|
allowed_search_types = %w(
|
|
@@ -120,6 +154,7 @@ module Dependabot
|
|
|
120
154
|
base_url ||= repo_details.fetch(:url)
|
|
121
155
|
|
|
122
156
|
{
|
|
157
|
+
base_url: base_url,
|
|
123
158
|
repository_url: base_url,
|
|
124
159
|
versions_url: File.join(
|
|
125
160
|
base_url,
|
|
@@ -6,12 +6,12 @@
|
|
|
6
6
|
# https://docs.microsoft.com/en-us/nuget/reference/package-versioning #
|
|
7
7
|
#######################################################################
|
|
8
8
|
|
|
9
|
-
require "dependabot/
|
|
9
|
+
require "dependabot/update_checkers/base"
|
|
10
10
|
require "dependabot/nuget/version"
|
|
11
11
|
|
|
12
12
|
module Dependabot
|
|
13
13
|
module Nuget
|
|
14
|
-
class UpdateChecker
|
|
14
|
+
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
15
15
|
class RequirementsUpdater
|
|
16
16
|
def initialize(requirements:, latest_version:, source_details:)
|
|
17
17
|
@requirements = requirements
|
|
@@ -1,15 +1,15 @@
|
|
|
1
1
|
# typed: true
|
|
2
2
|
# frozen_string_literal: true
|
|
3
3
|
|
|
4
|
+
require "dependabot/update_checkers/base"
|
|
4
5
|
require "dependabot/nuget/version"
|
|
5
6
|
require "dependabot/nuget/requirement"
|
|
6
7
|
require "dependabot/nuget/native_helpers"
|
|
7
|
-
require "dependabot/nuget/update_checker"
|
|
8
8
|
require "dependabot/shared_helpers"
|
|
9
9
|
|
|
10
10
|
module Dependabot
|
|
11
11
|
module Nuget
|
|
12
|
-
class UpdateChecker
|
|
12
|
+
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
13
13
|
class TfmComparer
|
|
14
14
|
def self.are_frameworks_compatible?(project_tfms, package_tfms)
|
|
15
15
|
return false if package_tfms.empty?
|
|
@@ -4,15 +4,15 @@
|
|
|
4
4
|
require "excon"
|
|
5
5
|
require "nokogiri"
|
|
6
6
|
|
|
7
|
+
require "dependabot/update_checkers/base"
|
|
7
8
|
require "dependabot/nuget/version"
|
|
8
9
|
require "dependabot/nuget/requirement"
|
|
9
10
|
require "dependabot/nuget/native_helpers"
|
|
10
|
-
require "dependabot/nuget/update_checker"
|
|
11
11
|
require "dependabot/shared_helpers"
|
|
12
12
|
|
|
13
13
|
module Dependabot
|
|
14
14
|
module Nuget
|
|
15
|
-
class UpdateChecker
|
|
15
|
+
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
16
16
|
class TfmFinder
|
|
17
17
|
require "dependabot/nuget/file_parser/packages_config_parser"
|
|
18
18
|
require "dependabot/nuget/file_parser/project_file_parser"
|
|
@@ -3,12 +3,13 @@
|
|
|
3
3
|
|
|
4
4
|
require "dependabot/nuget/version"
|
|
5
5
|
require "dependabot/nuget/requirement"
|
|
6
|
+
require "dependabot/update_checkers/base"
|
|
6
7
|
require "dependabot/update_checkers/version_filters"
|
|
7
|
-
require "dependabot/nuget/
|
|
8
|
+
require "dependabot/nuget/nuget_client"
|
|
8
9
|
|
|
9
10
|
module Dependabot
|
|
10
11
|
module Nuget
|
|
11
|
-
class UpdateChecker
|
|
12
|
+
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
|
12
13
|
class VersionFinder
|
|
13
14
|
require_relative "compatibility_checker"
|
|
14
15
|
require_relative "repository_finder"
|
|
@@ -294,40 +295,7 @@ module Dependabot
|
|
|
294
295
|
end
|
|
295
296
|
|
|
296
297
|
def versions_for_v3_repository(repository_details)
|
|
297
|
-
|
|
298
|
-
# (since it will exclude unlisted versions)
|
|
299
|
-
if repository_details[:search_url]
|
|
300
|
-
fetch_versions_from_search_url(repository_details)
|
|
301
|
-
# Otherwise, use the versions URL
|
|
302
|
-
elsif repository_details[:versions_url]
|
|
303
|
-
response = Dependabot::RegistryClient.get(
|
|
304
|
-
url: repository_details[:versions_url],
|
|
305
|
-
headers: repository_details[:auth_header]
|
|
306
|
-
)
|
|
307
|
-
return unless response.status == 200
|
|
308
|
-
|
|
309
|
-
body = remove_wrapping_zero_width_chars(response.body)
|
|
310
|
-
JSON.parse(body).fetch("versions")
|
|
311
|
-
end
|
|
312
|
-
end
|
|
313
|
-
|
|
314
|
-
def fetch_versions_from_search_url(repository_details)
|
|
315
|
-
response = Dependabot::RegistryClient.get(
|
|
316
|
-
url: repository_details[:search_url],
|
|
317
|
-
headers: repository_details[:auth_header]
|
|
318
|
-
)
|
|
319
|
-
return unless response.status == 200
|
|
320
|
-
|
|
321
|
-
body = remove_wrapping_zero_width_chars(response.body)
|
|
322
|
-
JSON.parse(body).fetch("data")
|
|
323
|
-
.find { |d| d.fetch("id").casecmp(sanitized_name).zero? }
|
|
324
|
-
&.fetch("versions")
|
|
325
|
-
&.map { |d| d.fetch("version") }
|
|
326
|
-
rescue Excon::Error::Timeout, Excon::Error::Socket
|
|
327
|
-
repo_url = repository_details[:repository_url]
|
|
328
|
-
raise if repo_url == RepositoryFinder::DEFAULT_REPOSITORY_URL
|
|
329
|
-
|
|
330
|
-
raise PrivateSourceTimedOut, repo_url
|
|
298
|
+
NugetClient.get_package_versions_v3(dependency.name, repository_details)
|
|
331
299
|
end
|
|
332
300
|
|
|
333
301
|
def dependency_urls
|
|
@@ -356,12 +324,6 @@ module Dependabot
|
|
|
356
324
|
dependency.requirement_class
|
|
357
325
|
end
|
|
358
326
|
|
|
359
|
-
def remove_wrapping_zero_width_chars(string)
|
|
360
|
-
string.force_encoding("UTF-8").encode
|
|
361
|
-
.gsub(/\A[\u200B-\u200D\uFEFF]/, "")
|
|
362
|
-
.gsub(/[\u200B-\u200D\uFEFF]\Z/, "")
|
|
363
|
-
end
|
|
364
|
-
|
|
365
327
|
def excon_options
|
|
366
328
|
# For large JSON files we sometimes need a little longer than for
|
|
367
329
|
# other languages. For example, see:
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-nuget
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.240.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-01-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.
|
|
19
|
+
version: 0.240.0
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.
|
|
26
|
+
version: 0.240.0
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: rubyzip
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -134,14 +134,14 @@ dependencies:
|
|
|
134
134
|
requirements:
|
|
135
135
|
- - "~>"
|
|
136
136
|
- !ruby/object:Gem::Version
|
|
137
|
-
version: 1.
|
|
137
|
+
version: 1.58.0
|
|
138
138
|
type: :development
|
|
139
139
|
prerelease: false
|
|
140
140
|
version_requirements: !ruby/object:Gem::Requirement
|
|
141
141
|
requirements:
|
|
142
142
|
- - "~>"
|
|
143
143
|
- !ruby/object:Gem::Version
|
|
144
|
-
version: 1.
|
|
144
|
+
version: 1.58.0
|
|
145
145
|
- !ruby/object:Gem::Dependency
|
|
146
146
|
name: rubocop-performance
|
|
147
147
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -226,6 +226,20 @@ dependencies:
|
|
|
226
226
|
- - "~>"
|
|
227
227
|
- !ruby/object:Gem::Version
|
|
228
228
|
version: '3.18'
|
|
229
|
+
- !ruby/object:Gem::Dependency
|
|
230
|
+
name: webrick
|
|
231
|
+
requirement: !ruby/object:Gem::Requirement
|
|
232
|
+
requirements:
|
|
233
|
+
- - ">="
|
|
234
|
+
- !ruby/object:Gem::Version
|
|
235
|
+
version: '1.7'
|
|
236
|
+
type: :development
|
|
237
|
+
prerelease: false
|
|
238
|
+
version_requirements: !ruby/object:Gem::Requirement
|
|
239
|
+
requirements:
|
|
240
|
+
- - ">="
|
|
241
|
+
- !ruby/object:Gem::Version
|
|
242
|
+
version: '1.7'
|
|
229
243
|
description: Dependabot-Nuget provides support for bumping .NET (NuGet) packages via
|
|
230
244
|
Dependabot. If you want support for multiple package managers, you probably want
|
|
231
245
|
the meta-gem dependabot-omnibus.
|
|
@@ -249,6 +263,8 @@ files:
|
|
|
249
263
|
- lib/dependabot/nuget/file_updater/property_value_updater.rb
|
|
250
264
|
- lib/dependabot/nuget/metadata_finder.rb
|
|
251
265
|
- lib/dependabot/nuget/native_helpers.rb
|
|
266
|
+
- lib/dependabot/nuget/nuget_client.rb
|
|
267
|
+
- lib/dependabot/nuget/nuget_config_credential_helpers.rb
|
|
252
268
|
- lib/dependabot/nuget/requirement.rb
|
|
253
269
|
- lib/dependabot/nuget/update_checker.rb
|
|
254
270
|
- lib/dependabot/nuget/update_checker/compatibility_checker.rb
|
|
@@ -267,7 +283,7 @@ licenses:
|
|
|
267
283
|
- Nonstandard
|
|
268
284
|
metadata:
|
|
269
285
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
270
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
286
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.240.0
|
|
271
287
|
post_install_message:
|
|
272
288
|
rdoc_options: []
|
|
273
289
|
require_paths:
|