RubyGems - dependabot-nuget - Versions diffs - 0.242.0 → 0.243.0 - Mend

dependabot-nuget 0.242.0 → 0.243.0

Files changed (59) hide show

data/lib/dependabot/nuget/update_checker/tfm_finder.rb CHANGED Viewed

@@ -12,115 +12,113 @@ require "dependabot/shared_helpers"
 module Dependabot
   module Nuget
-    class UpdateChecker < Dependabot::UpdateCheckers::Base
-      class TfmFinder
-        require "dependabot/nuget/file_parser/packages_config_parser"
-        require "dependabot/nuget/file_parser/project_file_parser"
-        def initialize(dependency_files:, credentials:)
-          @dependency_files       = dependency_files
-          @credentials            = credentials
-        end
+    class TfmFinder
+      require "dependabot/nuget/file_parser/packages_config_parser"
+      require "dependabot/nuget/file_parser/project_file_parser"
-        def frameworks(dependency)
-          tfms = Set.new
-          tfms += project_file_tfms(dependency)
-          tfms += project_import_file_tfms
-          tfms.to_a
-        end
+      def initialize(dependency_files:, credentials:)
+        @dependency_files       = dependency_files
+        @credentials            = credentials
+      end
-        private
+      def frameworks(dependency)
+        tfms = Set.new
+        tfms += project_file_tfms(dependency)
+        tfms += project_import_file_tfms
+        tfms.to_a
+      end
+      private
-        attr_reader :dependency_files, :credentials
+      attr_reader :dependency_files, :credentials
-        def project_file_tfms(dependency)
-          project_files_with_dependency(dependency).flat_map do |file|
-            project_file_parser.target_frameworks(project_file: file)
-          end
+      def project_file_tfms(dependency)
+        project_files_with_dependency(dependency).flat_map do |file|
+          project_file_parser.target_frameworks(project_file: file)
         end
+      end
-        def project_files_with_dependency(dependency)
-          project_files.select do |file|
-            packages_config_contains_dependency?(file, dependency) ||
-              project_file_contains_dependency?(file, dependency)
-          end
+      def project_files_with_dependency(dependency)
+        project_files.select do |file|
+          packages_config_contains_dependency?(file, dependency) ||
+            project_file_contains_dependency?(file, dependency)
         end
+      end
-        def packages_config_contains_dependency?(file, dependency)
-          config_file = find_packages_config_file(file)
-          return false unless config_file
+      def packages_config_contains_dependency?(file, dependency)
+        config_file = find_packages_config_file(file)
+        return false unless config_file
-          config_parser = FileParser::PackagesConfigParser.new(packages_config: config_file)
-          config_parser.dependency_set.dependencies.any? do |d|
-            d.name.casecmp(dependency.name).zero?
-          end
+        config_parser = FileParser::PackagesConfigParser.new(packages_config: config_file)
+        config_parser.dependency_set.dependencies.any? do |d|
+          d.name.casecmp(dependency.name).zero?
         end
+      end
-        def project_file_contains_dependency?(file, dependency)
-          project_file_parser.dependency_set(project_file: file).dependencies.any? do |d|
-            d.name.casecmp(dependency.name).zero?
-          end
+      def project_file_contains_dependency?(file, dependency)
+        project_file_parser.dependency_set(project_file: file).dependencies.any? do |d|
+          d.name.casecmp(dependency.name).zero?
         end
+      end
-        def find_packages_config_file(file)
-          return file if file.name.end_with?("packages.config")
+      def find_packages_config_file(file)
+        return file if file.name.end_with?("packages.config")
-          filename = File.basename(file.name)
-          search_path = file.name.sub(filename, "packages.config")
+        filename = File.basename(file.name)
+        search_path = file.name.sub(filename, "packages.config")
-          dependency_files.find { |f| f.name.casecmp(search_path).zero? }
-        end
+        dependency_files.find { |f| f.name.casecmp(search_path).zero? }
+      end
-        def project_import_file_tfms
-          @project_import_file_tfms ||= project_import_files.flat_map do |file|
-            project_file_parser.target_frameworks(project_file: file)
-          end
+      def project_import_file_tfms
+        @project_import_file_tfms ||= project_import_files.flat_map do |file|
+          project_file_parser.target_frameworks(project_file: file)
         end
+      end
-        def project_file_parser
-          @project_file_parser ||=
-            FileParser::ProjectFileParser.new(
-              dependency_files: dependency_files,
-              credentials: credentials
-            )
-        end
+      def project_file_parser
+        @project_file_parser ||=
+          FileParser::ProjectFileParser.new(
+            dependency_files: dependency_files,
+            credentials: credentials
+          )
+      end
-        def project_files
-          projfile = /\.[a-z]{2}proj$/
-          packageprops = /[Dd]irectory.[Pp]ackages.props/
+      def project_files
+        projfile = /\.[a-z]{2}proj$/
+        packageprops = /[Dd]irectory.[Pp]ackages.props/
-          dependency_files.select do |df|
-            df.name.match?(projfile) ||
-              df.name.match?(packageprops)
-          end
+        dependency_files.select do |df|
+          df.name.match?(projfile) ||
+            df.name.match?(packageprops)
         end
+      end
-        def packages_config_files
-          dependency_files.select do |f|
-            f.name.split("/").last.casecmp("packages.config").zero?
-          end
+      def packages_config_files
+        dependency_files.select do |f|
+          f.name.split("/").last.casecmp("packages.config").zero?
         end
+      end
-        def project_import_files
-          dependency_files -
-            project_files -
-            packages_config_files -
-            nuget_configs -
-            [global_json] -
-            [dotnet_tools_json]
-        end
+      def project_import_files
+        dependency_files -
+          project_files -
+          packages_config_files -
+          nuget_configs -
+          [global_json] -
+          [dotnet_tools_json]
+      end
-        def nuget_configs
-          dependency_files.select { |f| f.name.match?(/nuget\.config$/i) }
-        end
+      def nuget_configs
+        dependency_files.select { |f| f.name.match?(/nuget\.config$/i) }
+      end
-        def global_json
-          dependency_files.find { |f| f.name.casecmp("global.json").zero? }
-        end
+      def global_json
+        dependency_files.find { |f| f.name.casecmp("global.json").zero? }
+      end
-        def dotnet_tools_json
-          dependency_files.find { |f| f.name.casecmp(".config/dotnet-tools.json").zero? }
-        end
+      def dotnet_tools_json
+        dependency_files.find { |f| f.name.casecmp(".config/dotnet-tools.json").zero? }
       end
     end
   end

data/lib/dependabot/nuget/update_checker/version_finder.rb CHANGED Viewed

@@ -81,9 +81,10 @@ module Dependabot
           # If the current package version is incompatible, then we don't enforce compatibility.
           # It could appear incompatible because they are ignoring NU1701 or the package is poorly authored.
           return first_version unless version_compatible?(dependency.version)
-          return first_version if version_compatible?(first_version.fetch(:version))
-          sorted_versions.bsearch { |v| version_compatible?(v.fetch(:version)) }
+          # once sorted by version, the best we can do is search every package, because it's entirely possible for there
+          # to be incompatible packages both with a higher and lower version number, so no smart searching can be done.
+          sorted_versions.find { |v| version_compatible?(v.fetch(:version)) }
         end
         def version_compatible?(version)
@@ -235,7 +236,7 @@ module Dependabot
             dependency_urls
             .select { |details| details.fetch(:repository_type) == "v3" }
             .filter_map do |url_details|
-              versions = versions_for_v3_repository(url_details)
+              versions = NugetClient.get_package_versions(dependency.name, url_details)
               next unless versions
               { "versions" => versions, "listing_details" => url_details }
@@ -294,10 +295,6 @@ module Dependabot
           nil
         end
-        def versions_for_v3_repository(repository_details)
-          NugetClient.get_package_versions_v3(dependency.name, repository_details)
-        end
         def dependency_urls
           @dependency_urls ||=
             RepositoryFinder.new(

data/lib/dependabot/nuget/version.rb CHANGED Viewed

@@ -1,8 +1,9 @@
-# typed: true
+# typed: strong
 # frozen_string_literal: true
 require "dependabot/version"
 require "dependabot/utils"
+require "sorbet-runtime"
 # Dotnet pre-release versions use 1.0.1-rc1 syntax, which Gem::Version
 # converts into 1.0.1.pre.rc1. We override the `to_s` method to stop that
@@ -11,30 +12,37 @@ require "dependabot/utils"
 module Dependabot
   module Nuget
     class Version < Dependabot::Version
-      VERSION_PATTERN = Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?'
+      extend T::Sig
+      VERSION_PATTERN = T.let(Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?', String)
       ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
+      sig { override.params(version: T.nilable(T.any(String, Integer, Float, Gem::Version))).returns(T::Boolean) }
       def self.correct?(version)
         return false if version.nil?
         version.to_s.match?(ANCHORED_VERSION_PATTERN)
       end
+      sig { override.params(version: T.nilable(T.any(String, Integer, Float, Gem::Version))).void }
       def initialize(version)
         version = version.to_s.split("+").first || ""
-        @version_string = version
+        @version_string = T.let(version, String)
         super
       end
+      sig { returns(String) }
       def to_s
         @version_string
       end
+      sig { returns(String) }
       def inspect # :nodoc:
         "#<#{self.class} #{@version_string}>"
       end
+      sig { params(other: Object).returns(Integer) }
       def <=>(other)
         version_comparison = compare_release(other)
         return version_comparison unless version_comparison.zero?
@@ -42,14 +50,16 @@ module Dependabot
         compare_prerelease_part(other)
       end
+      sig { params(other: Object).returns(Integer) }
       def compare_release(other)
         release_str = @version_string.split("-").first || ""
         other_release_str = other.to_s.split("-").first || ""
-        Gem::Version.new(release_str) <=> Gem::Version.new(other_release_str)
+        T.must(Gem::Version.new(release_str) <=> Gem::Version.new(other_release_str))
       end
       # rubocop:disable Metrics/PerceivedComplexity
+      sig { params(other: Object).returns(Integer) }
       def compare_prerelease_part(other)
         release_str = @version_string.split("-").first || ""
         prerelease_string = @version_string
@@ -67,8 +77,8 @@ module Dependabot
         return 1 if !prerelease_string && other_prerelease_string
         return 0 if !prerelease_string && !other_prerelease_string
-        split_prerelease_string = prerelease_string.split(".")
-        other_split_prerelease_string = other_prerelease_string.split(".")
+        split_prerelease_string = T.must(prerelease_string).split(".")
+        other_split_prerelease_string = T.must(other_prerelease_string).split(".")
         length = [split_prerelease_string.length, other_split_prerelease_string.length].max - 1
         (0..length).to_a.each do |index|
@@ -82,13 +92,14 @@ module Dependabot
       end
       # rubocop:enable Metrics/PerceivedComplexity
+      sig { params(lhs: T.nilable(String), rhs: T.nilable(String)).returns(Integer) }
       def compare_dot_separated_part(lhs, rhs)
         return -1 if lhs.nil?
         return 1 if rhs.nil?
         return lhs.to_i <=> rhs.to_i if lhs.match?(/^\d+$/) && rhs.match?(/^\d+$/)
-        lhs.upcase <=> rhs.upcase
+        T.must(lhs.upcase <=> rhs.upcase)
       end
     end
   end

data/lib/dependabot/nuget.rb CHANGED Viewed

@@ -24,5 +24,3 @@ Dependabot::Dependency.register_production_check(
     groups.include?("dependencies")
   end
 )
-Dependabot::Utils.register_always_clone("nuget")

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-nuget
 version: !ruby/object:Gem::Version
-  version: 0.242.0
+  version: 0.243.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-22 00:00:00.000000000 Z
+date: 2024-02-13 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.242.0
+        version: 0.243.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.242.0
+        version: 0.243.0
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
@@ -325,6 +325,8 @@ files:
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/SdkPackageUpdater.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/UpdateResult.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/UpdaterWorker.cs
+- helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/WebApplicationTargetsConditionPatcher.cs
+- helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/XmlFilePreAndPostProcessor.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/JsonHelper.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/Logger.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs
@@ -369,7 +371,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.242.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.243.0
 post_install_message:
 rdoc_options: []
 require_paths: