dependabot-nuget 0.242.0 → 0.243.0

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/SdkPackageUpdaterTests.cs

@@ -31,7 +31,7 @@ public class SdkPackageUpdaterTests
         // Simple case
         yield return new object[]
         {
-            new []
+            new[]
             {
                 (Path: "src/Project.csproj", Content: """
                     <Project Sdk="Microsoft.NET.Sdk">
@@ -44,7 +44,7 @@ public class SdkPackageUpdaterTests
                     </Project>
                     """)
             }, // starting contents
-            new []
+            new[]
             {
                 (Path: "src/Project.csproj", Content: """
                     <Project Sdk="Microsoft.NET.Sdk">
@@ -61,98 +61,104 @@ public class SdkPackageUpdaterTests
         };
 
         // Dependency package has version constraint
-        yield return new object[]
-        {
+        yield return
+        [
             new[]
             {
                 (Path: "src/Project/Project.csproj", Content: """
-                <Project Sdk="Microsoft.NET.Sdk">
-                  <PropertyGroup>
-                    <TargetFramework>netstandard2.0</TargetFramework>
-                  </PropertyGroup>
-                  <ItemGroup>
-                    <PackageReference Include="AWSSDK.S3" Version="3.3.17.3" />
-                    <PackageReference Include="AWSSDK.Core" Version="3.3.21.19" />
-                  </ItemGroup>
-                </Project>
-                """),
+                    <Project Sdk="Microsoft.NET.Sdk">
+                      <PropertyGroup>
+                        <TargetFramework>netstandard2.0</TargetFramework>
+                      </PropertyGroup>
+                      <ItemGroup>
+                        <PackageReference Include="AWSSDK.S3" Version="3.3.17.3" />
+                        <PackageReference Include="AWSSDK.Core" Version="3.3.21.19" />
+                      </ItemGroup>
+                    </Project>
+                    """),
             }, // starting contents
             new[]
             {
                 // If a dependency has a version constraint outside of our new-version, we don't update anything
                 (Path: "src/Project/Project.csproj", Content: """
-                <Project Sdk="Microsoft.NET.Sdk">
-                  <PropertyGroup>
-                    <TargetFramework>netstandard2.0</TargetFramework>
-                  </PropertyGroup>
-                  <ItemGroup>
-                    <PackageReference Include="AWSSDK.S3" Version="3.3.17.3" />
-                    <PackageReference Include="AWSSDK.Core" Version="3.3.21.19" />
-                  </ItemGroup>
-                </Project>
-                """),
-            },// expected contents
-            "AWSSDK.Core", "3.3.21.19", "3.7.300.20", false // isTransitive
-        };
+                    <Project Sdk="Microsoft.NET.Sdk">
+                      <PropertyGroup>
+                        <TargetFramework>netstandard2.0</TargetFramework>
+                      </PropertyGroup>
+                      <ItemGroup>
+                        <PackageReference Include="AWSSDK.S3" Version="3.3.17.3" />
+                        <PackageReference Include="AWSSDK.Core" Version="3.3.21.19" />
+                      </ItemGroup>
+                    </Project>
+                    """),
+            }, // expected contents
+            "AWSSDK.Core",
+            "3.3.21.19",
+            "3.7.300.20",
+            false // isTransitive
+        ];
 
         // Dependency project has version constraint
-        yield return new object[]
-        {
+        yield return
+        [
             new[]
             {
                 (Path: "src/Project2/Project2.csproj", Content: """
-                <Project Sdk="Microsoft.NET.Sdk">
-                  <PropertyGroup>
-                    <TargetFramework>netstandard2.0</TargetFramework>
-                  </PropertyGroup>
-                  <ItemGroup>
-                    <PackageReference Include="Newtonsoft.Json" Version="12.0.1" />
-                    <ProjectReference Include="../Project/Project.csproj" />
-                  </ItemGroup>
-                </Project>
-                """),
+                    <Project Sdk="Microsoft.NET.Sdk">
+                      <PropertyGroup>
+                        <TargetFramework>netstandard2.0</TargetFramework>
+                      </PropertyGroup>
+                      <ItemGroup>
+                        <PackageReference Include="Newtonsoft.Json" Version="12.0.1" />
+                        <ProjectReference Include="../Project/Project.csproj" />
+                      </ItemGroup>
+                    </Project>
+                    """),
                 (Path: "src/Project/Project.csproj", Content: """
-                <Project Sdk="Microsoft.NET.Sdk">
-                  <PropertyGroup>
-                    <TargetFramework>netstandard2.0</TargetFramework>
-                  </PropertyGroup>
-                  <ItemGroup>
-                    <PackageReference Include="Newtonsoft.Json" Version="[12.0.1, 13.0.0)" />
-                  </ItemGroup>
-                </Project>
-                """),
+                    <Project Sdk="Microsoft.NET.Sdk">
+                      <PropertyGroup>
+                        <TargetFramework>netstandard2.0</TargetFramework>
+                      </PropertyGroup>
+                      <ItemGroup>
+                        <PackageReference Include="Newtonsoft.Json" Version="[12.0.1, 13.0.0)" />
+                      </ItemGroup>
+                    </Project>
+                    """),
             }, // starting contents
             new[]
             {
                 (Path: "src/Project2/Project2.csproj", Content: """
-                <Project Sdk="Microsoft.NET.Sdk">
-                  <PropertyGroup>
-                    <TargetFramework>netstandard2.0</TargetFramework>
-                  </PropertyGroup>
-                  <ItemGroup>
-                    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
-                    <ProjectReference Include="../Project/Project.csproj" />
-                  </ItemGroup>
-                </Project>
-                """), // starting contents
+                    <Project Sdk="Microsoft.NET.Sdk">
+                      <PropertyGroup>
+                        <TargetFramework>netstandard2.0</TargetFramework>
+                      </PropertyGroup>
+                      <ItemGroup>
+                        <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
+                        <ProjectReference Include="../Project/Project.csproj" />
+                      </ItemGroup>
+                    </Project>
+                    """), // starting contents
                 (Path: "src/Project/Project.csproj", Content: """
-                <Project Sdk="Microsoft.NET.Sdk">
-                  <PropertyGroup>
-                    <TargetFramework>netstandard2.0</TargetFramework>
-                  </PropertyGroup>
-                  <ItemGroup>
-                    <PackageReference Include="Newtonsoft.Json" Version="[12.0.1, 13.0.0)" />
-                  </ItemGroup>
-                </Project>
-                """),
-            },// expected contents
-            "Newtonsoft.Json", "12.0.1", "13.0.1", false // isTransitive
-        };
+                    <Project Sdk="Microsoft.NET.Sdk">
+                      <PropertyGroup>
+                        <TargetFramework>netstandard2.0</TargetFramework>
+                      </PropertyGroup>
+                      <ItemGroup>
+                        <PackageReference Include="Newtonsoft.Json" Version="[12.0.1, 13.0.0)" />
+                      </ItemGroup>
+                    </Project>
+                    """),
+            }, // expected contents
+            "Newtonsoft.Json",
+            "12.0.1",
+            "13.0.1",
+            false // isTransitive
+        ];
 
         // Multiple references
-        yield return new object[]
-        {
-            new []
+        yield return
+        [
+            new[]
             {
                 (Path: "src/Project.csproj", Content: """
                     <Project Sdk="Microsoft.NET.Sdk">
@@ -168,7 +174,7 @@ public class SdkPackageUpdaterTests
                     </Project>
                     """)
             }, // starting contents
-            new []
+            new[]
             {
                 (Path: "src/Project.csproj", Content: """
                     <Project Sdk="Microsoft.NET.Sdk">
@@ -184,13 +190,83 @@ public class SdkPackageUpdaterTests
                     </Project>
                     """)
             }, // expected contents
-            "Newtonsoft.Json", "12.0.1", "13.0.1", false // isTransitive
-        };
+            "Newtonsoft.Json",
+            "12.0.1",
+            "13.0.1",
+            false // isTransitive
+        ];
+
+        // Make sure we don't update if there are incoherent versions
+        yield return
+        [
+            new[]
+            {
+                (Path: "src/Project.csproj", Content: """
+                    <Project Sdk="Microsoft.NET.Sdk">
+                        <PropertyGroup>
+                            <TargetFramework>netcoreapp2.1</TargetFramework>
+                        </PropertyGroup>
+                        <ItemGroup>
+                            <PackageReference Include="Microsoft.Extensions.Primitives" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Options" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Logging" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Configuration" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Caching.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore.Analyzers" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.AspNetCore.App" Version="2.1.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="2.1.0" />
+                        </ItemGroup>
+                    </Project>
+                    """)
+            }, // starting contents
+            new[]
+            {
+                (Path: "src/Project.csproj", Content: """
+                    <Project Sdk="Microsoft.NET.Sdk">
+                        <PropertyGroup>
+                            <TargetFramework>netcoreapp2.1</TargetFramework>
+                        </PropertyGroup>
+                        <ItemGroup>
+                            <PackageReference Include="Microsoft.Extensions.Primitives" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Options" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Logging" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Configuration" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Caching.Memory" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.Extensions.Caching.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore.Analyzers" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore.Abstractions" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore" Version="2.2.0" />
+                            <PackageReference Include="Microsoft.AspNetCore.App" Version="2.1.0" />
+                            <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="2.1.0" />
+                        </ItemGroup>
+                    </Project>
+                    """)
+            }, // expected contents
+            "Microsoft.EntityFrameworkCore.SqlServer",
+            "2.1.0",
+            "2.2.0",
+            false // isTransitive
+        ];
 
         // PackageReference with Version as child element
-        yield return new object[]
-        {
-            new []
+        yield return
+        [
+            new[]
             {
                 (Path: "src/Project.csproj", Content: """
                     <Project Sdk="Microsoft.NET.Sdk">
@@ -205,7 +281,7 @@ public class SdkPackageUpdaterTests
                     </Project>
                     """)
             }, // starting contents
-            new []
+            new[]
             {
                 (Path: "src/Project.csproj", Content: """
                     <Project Sdk="Microsoft.NET.Sdk">
@@ -220,8 +296,11 @@ public class SdkPackageUpdaterTests
                     </Project>
                     """)
             }, // expected contents
-            "Newtonsoft.Json", "12.0.1", "13.0.1", false // isTransitive
-        };
+            "Newtonsoft.Json",
+            "12.0.1",
+            "13.0.1",
+            false // isTransitive
+        ];
     }
 
     private static void AssertContentsEqual((string Path, string Contents)[] expectedContents, TemporaryDirectory directory)

data/lib/dependabot/nuget/file_fetcher.rb

@@ -72,7 +72,9 @@ module Dependabot
             project_files += fsproj_file
             project_files += sln_project_files
             project_files += proj_files
-            project_files += project_files.filter_map { |f| directory_packages_props_file_from_project_file(f) }
+            project_files += project_files.filter_map do |f|
+              named_file_up_tree_from_project_file(f, "Directory.Packages.props")
+            end
             project_files
           end
       rescue Octokit::NotFound, Gitlab::Error::NotFound
@@ -191,28 +193,6 @@ module Dependabot
         @proj_files ||= find_and_fetch_with_suffix(".proj")
       end
 
-      def directory_packages_props_file_from_project_file(project_file)
-        # walk up the tree from each project file stopping at the first `Directory.Packages.props` file found
-        # https://learn.microsoft.com/en-us/nuget/consume-packages/central-package-management#central-package-management-rules
-
-        found_directory_packages_props_file = nil
-        directory_path = Pathname.new(directory)
-        full_project_dir = Pathname.new(project_file.directory).join(project_file.name).dirname
-        full_project_dir.ascend.each do |base|
-          break if found_directory_packages_props_file
-
-          candidate_file_path = Pathname.new(base).join("Directory.Packages.props").cleanpath.to_path
-          candidate_directory = Pathname.new(File.dirname(candidate_file_path))
-          relative_candidate_directory = candidate_directory.relative_path_from(directory_path)
-          candidate_file = repo_contents(dir: relative_candidate_directory).find do |f|
-            f.name.casecmp?("Directory.Packages.props")
-          end
-          found_directory_packages_props_file = fetch_file_from_host(candidate_file.name) if candidate_file
-        end
-
-        found_directory_packages_props_file
-      end
-
       def find_and_fetch_with_suffix(suffix)
         repo_contents.select { |f| f.name.end_with?(suffix) }.map { |f| fetch_file_from_host(f.name) }
       end

data/lib/dependabot/nuget/file_parser/project_file_parser.rb

@@ -27,6 +27,8 @@ module Dependabot
 
         PROJECT_REFERENCE_SELECTOR = "ItemGroup > ProjectReference"
 
+        PROJECT_FILE_SELECTOR = "ItemGroup > ProjectFile"
+
         PACKAGE_REFERENCE_SELECTOR = "ItemGroup > PackageReference, " \
                                      "ItemGroup > GlobalPackageReference"
 
@@ -56,6 +58,24 @@ module Dependabot
           cache[key] ||= parse_dependencies(project_file)
         end
 
+        def downstream_file_references(project_file:)
+          file_set = Set.new
+
+          doc = Nokogiri::XML(project_file.content)
+          doc.remove_namespaces!
+          proj_refs = doc.css(PROJECT_REFERENCE_SELECTOR)
+          proj_files = doc.css(PROJECT_FILE_SELECTOR)
+          ref_nodes = proj_refs + proj_files
+          ref_nodes.each do |project_reference_node|
+            dep_file = get_attribute_value(project_reference_node, "Include")
+            full_project_path = full_path(project_file, dep_file)
+            full_project_path = full_project_path[1..-1] if full_project_path.start_with?("/")
+            file_set << full_project_path if full_project_path
+          end
+
+          file_set
+        end
+
         def target_frameworks(project_file:)
           target_framework = details_for_property("TargetFramework", project_file)
           return [target_framework&.fetch(:value)] if target_framework
@@ -80,6 +100,21 @@ module Dependabot
 
         attr_reader :dependency_files, :credentials
 
+        def full_path(project_file, ref_path)
+          project_file_directory = File.dirname(project_file.name)
+          is_rooted = project_file_directory.start_with?("/")
+          # Root the directory path to avoid expand_path prepending the working directory
+          project_file_directory = "/" + project_file_directory unless is_rooted
+
+          # normalize path separators
+          relative_path = ref_path.tr("\\", "/")
+          # path is relative to the project file directory
+          relative_path = File.join(project_file_directory, relative_path)
+          result = File.expand_path(relative_path)
+          result = result[1..-1] unless is_rooted
+          result
+        end
+
         def parse_dependencies(project_file)
           dependency_set = Dependabot::FileParsers::Base::DependencySet.new
 
@@ -131,27 +166,20 @@ module Dependabot
         end
 
         def add_transitive_dependencies_from_project_references(project_file, doc, dependency_set)
-          project_file_directory = File.dirname(project_file.name)
-          is_rooted = project_file_directory.start_with?("/")
-          # Root the directory path to avoid expand_path prepending the working directory
-          project_file_directory = "/" + project_file_directory unless is_rooted
-
           # Look for regular project references
-          doc.css(PROJECT_REFERENCE_SELECTOR).each do |reference_node|
+          project_refs = doc.css(PROJECT_REFERENCE_SELECTOR)
+          # Look for ProjectFile references (dirs.proj)
+          project_files = doc.css(PROJECT_FILE_SELECTOR)
+          ref_nodes = project_refs + project_files
+
+          ref_nodes.each do |reference_node|
             relative_path = dependency_name(reference_node, project_file)
             # This could result from a <ProjectReference Remove="..." /> item.
             next unless relative_path
 
-            # normalize path separators
-            relative_path = relative_path.tr("\\", "/")
-            # path is relative to the project file directory
-            relative_path = File.join(project_file_directory, relative_path)
-
-            # get absolute path
-            full_path = File.expand_path(relative_path)
-            full_path = full_path[1..-1] unless is_rooted
+            full_project_path = full_path(project_file, relative_path)
 
-            referenced_file = dependency_files.find { |f| f.name == full_path }
+            referenced_file = dependency_files.find { |f| f.name == full_project_path }
             next unless referenced_file
 
             dependency_set(project_file: referenced_file).dependencies.each do |dep|
@@ -279,61 +307,20 @@ module Dependabot
         end
 
         def dependency_has_search_results?(dependency)
-          dependency_urls = UpdateChecker::RepositoryFinder.new(
+          dependency_urls = RepositoryFinder.new(
             dependency: dependency,
             credentials: credentials,
             config_files: nuget_configs
           ).dependency_urls
-          if dependency_urls.empty?
-            dependency_urls = [UpdateChecker::RepositoryFinder.get_default_repository_details(dependency.name)]
-          end
+          dependency_urls = [RepositoryFinder.get_default_repository_details(dependency.name)] if dependency_urls.empty?
           dependency_urls.any? do |dependency_url|
             dependency_url_has_matching_result?(dependency.name, dependency_url)
           end
         end
 
         def dependency_url_has_matching_result?(dependency_name, dependency_url)
-          repository_type = dependency_url.fetch(:repository_type)
-          if repository_type == "v3"
-            dependency_url_has_matching_result_v3?(dependency_name, dependency_url)
-          elsif repository_type == "v2"
-            dependency_url_has_matching_result_v2?(dependency_name, dependency_url)
-          else
-            raise "Unknown repository type: #{repository_type}"
-          end
-        end
-
-        def dependency_url_has_matching_result_v3?(dependency_name, dependency_url)
-          versions = NugetClient.get_package_versions_v3(dependency_name, dependency_url)
-
-          versions != nil
-        end
-
-        def dependency_url_has_matching_result_v2?(dependency_name, dependency_url)
-          url = dependency_url.fetch(:versions_url)
-          auth_header = dependency_url.fetch(:auth_header)
-          response = execute_search_for_dependency_url(url, auth_header)
-          return false unless response.status == 200
-
-          doc = Nokogiri::XML(response.body)
-          doc.remove_namespaces!
-          id_nodes = doc.xpath("/feed/entry/properties/Id")
-          found_matching_result = id_nodes.any? do |id_node|
-            return false unless id_node.text
-
-            id_node.text.casecmp?(dependency_name)
-          end
-          found_matching_result
-        end
-
-        def execute_search_for_dependency_url(url, auth_header)
-          cache = ProjectFileParser.dependency_url_search_cache
-          cache[url] ||= Dependabot::RegistryClient.get(
-            url: url,
-            headers: auth_header
-          )
-
-          cache[url]
+          versions = NugetClient.get_package_versions(dependency_name, dependency_url)
+          versions&.any?
         end
 
         def dependency_name(dependency_node, project_file)

data/lib/dependabot/nuget/file_parser.rb

@@ -1,4 +1,4 @@
-# typed: false
+# typed: strict
 # frozen_string_literal: true
 
 require "nokogiri"
@@ -6,12 +6,15 @@ require "nokogiri"
 require "dependabot/dependency"
 require "dependabot/file_parsers"
 require "dependabot/file_parsers/base"
+require "sorbet-runtime"
 
 # For details on how dotnet handles version constraints, see:
 # https://docs.microsoft.com/en-us/nuget/reference/package-versioning
 module Dependabot
   module Nuget
     class FileParser < Dependabot::FileParsers::Base
+      extend T::Sig
+
       require "dependabot/file_parsers/base/dependency_set"
       require_relative "file_parser/project_file_parser"
       require_relative "file_parser/packages_config_parser"
@@ -20,6 +23,7 @@ module Dependabot
 
       PACKAGE_CONF_DEPENDENCY_SELECTOR = "packages > packages"
 
+      sig { override.returns(T::Array[Dependabot::Dependency]) }
       def parse
         dependency_set = DependencySet.new
         dependency_set += project_file_dependencies
@@ -31,6 +35,7 @@ module Dependabot
 
       private
 
+      sig { returns(Dependabot::FileParsers::Base::DependencySet) }
       def project_file_dependencies
         dependency_set = DependencySet.new
 
@@ -42,6 +47,7 @@ module Dependabot
         dependency_set
       end
 
+      sig { returns(Dependabot::FileParsers::Base::DependencySet) }
       def packages_config_dependencies
         dependency_set = DependencySet.new
 
@@ -53,26 +59,32 @@ module Dependabot
         dependency_set
       end
 
+      sig { returns(Dependabot::FileParsers::Base::DependencySet) }
       def global_json_dependencies
         return DependencySet.new unless global_json
 
         GlobalJsonParser.new(global_json: global_json).dependency_set
       end
 
+      sig { returns(Dependabot::FileParsers::Base::DependencySet) }
       def dotnet_tools_json_dependencies
         return DependencySet.new unless dotnet_tools_json
 
         DotNetToolsJsonParser.new(dotnet_tools_json: dotnet_tools_json).dependency_set
       end
 
+      sig { returns(Dependabot::Nuget::FileParser::ProjectFileParser) }
       def project_file_parser
-        @project_file_parser ||=
+        @project_file_parser ||= T.let(
           ProjectFileParser.new(
             dependency_files: dependency_files,
             credentials: credentials
-          )
+          ),
+          T.nilable(Dependabot::Nuget::FileParser::ProjectFileParser)
+        )
       end
 
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def project_files
         projfile = /\.([a-z]{2})?proj$/
         packageprops = /[Dd]irectory.[Pp]ackages.props/
@@ -83,12 +95,14 @@ module Dependabot
         end
       end
 
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def packages_config_files
         dependency_files.select do |f|
-          f.name.split("/").last.casecmp("packages.config").zero?
+          f.name.split("/").last&.casecmp("packages.config")&.zero?
         end
       end
 
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def project_import_files
         dependency_files -
           project_files -
@@ -98,18 +112,22 @@ module Dependabot
           [dotnet_tools_json]
       end
 
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def nuget_configs
         dependency_files.select { |f| f.name.match?(/nuget\.config$/i) }
       end
 
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def global_json
-        dependency_files.find { |f| f.name.casecmp("global.json").zero? }
+        dependency_files.find { |f| f.name.casecmp("global.json")&.zero? }
       end
 
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def dotnet_tools_json
-        dependency_files.find { |f| f.name.casecmp(".config/dotnet-tools.json").zero? }
+        dependency_files.find { |f| f.name.casecmp(".config/dotnet-tools.json")&.zero? }
       end
 
+      sig { override.void }
       def check_required_files
         return if project_files.any? || packages_config_files.any?