RubyGems - dependabot-nuget - Versions diffs - 0.242.1 → 0.244.0 - Mend

dependabot-nuget 0.242.1 → 0.244.0

Files changed (60) hide show

data/lib/dependabot/nuget/update_checker/tfm_comparer.rb CHANGED Viewed

@@ -9,22 +9,20 @@ require "dependabot/shared_helpers"
 module Dependabot
   module Nuget
-    class UpdateChecker < Dependabot::UpdateCheckers::Base
-      class TfmComparer
-        def self.are_frameworks_compatible?(project_tfms, package_tfms)
-          return false if package_tfms.empty?
-          return false if project_tfms.empty?
+    class TfmComparer
+      def self.are_frameworks_compatible?(project_tfms, package_tfms)
+        return false if package_tfms.empty?
+        return false if project_tfms.empty?
-          key = "project_ftms:#{project_tfms.sort.join(',')}:package_tfms:#{package_tfms.sort.join(',')}".downcase
+        key = "project_ftms:#{project_tfms.sort.join(',')}:package_tfms:#{package_tfms.sort.join(',')}".downcase
-          @cached_framework_check ||= {}
-          unless @cached_framework_check.key?(key)
-            @cached_framework_check[key] =
-              NativeHelpers.run_nuget_framework_check(project_tfms,
-                                                      package_tfms)
-          end
-          @cached_framework_check[key]
+        @cached_framework_check ||= {}
+        unless @cached_framework_check.key?(key)
+          @cached_framework_check[key] =
+            NativeHelpers.run_nuget_framework_check(project_tfms,
+                                                    package_tfms)
         end
+        @cached_framework_check[key]
       end
     end
   end

data/lib/dependabot/nuget/update_checker/tfm_finder.rb CHANGED Viewed

@@ -12,115 +12,115 @@ require "dependabot/shared_helpers"
 module Dependabot
   module Nuget
-    class UpdateChecker < Dependabot::UpdateCheckers::Base
-      class TfmFinder
-        require "dependabot/nuget/file_parser/packages_config_parser"
-        require "dependabot/nuget/file_parser/project_file_parser"
-        def initialize(dependency_files:, credentials:)
-          @dependency_files       = dependency_files
-          @credentials            = credentials
-        end
+    class TfmFinder
+      require "dependabot/nuget/file_parser/packages_config_parser"
+      require "dependabot/nuget/file_parser/project_file_parser"
+      def initialize(dependency_files:, credentials:, repo_contents_path:)
+        @dependency_files       = dependency_files
+        @credentials            = credentials
+        @repo_contents_path     = repo_contents_path
+      end
-        def frameworks(dependency)
-          tfms = Set.new
-          tfms += project_file_tfms(dependency)
-          tfms += project_import_file_tfms
-          tfms.to_a
-        end
+      def frameworks(dependency)
+        tfms = Set.new
+        tfms += project_file_tfms(dependency)
+        tfms += project_import_file_tfms
+        tfms.to_a
+      end
-        private
+      private
-        attr_reader :dependency_files, :credentials
+      attr_reader :dependency_files, :credentials, :repo_contents_path
-        def project_file_tfms(dependency)
-          project_files_with_dependency(dependency).flat_map do |file|
-            project_file_parser.target_frameworks(project_file: file)
-          end
+      def project_file_tfms(dependency)
+        project_files_with_dependency(dependency).flat_map do |file|
+          project_file_parser.target_frameworks(project_file: file)
         end
+      end
-        def project_files_with_dependency(dependency)
-          project_files.select do |file|
-            packages_config_contains_dependency?(file, dependency) ||
-              project_file_contains_dependency?(file, dependency)
-          end
+      def project_files_with_dependency(dependency)
+        project_files.select do |file|
+          packages_config_contains_dependency?(file, dependency) ||
+            project_file_contains_dependency?(file, dependency)
         end
+      end
-        def packages_config_contains_dependency?(file, dependency)
-          config_file = find_packages_config_file(file)
-          return false unless config_file
+      def packages_config_contains_dependency?(file, dependency)
+        config_file = find_packages_config_file(file)
+        return false unless config_file
-          config_parser = FileParser::PackagesConfigParser.new(packages_config: config_file)
-          config_parser.dependency_set.dependencies.any? do |d|
-            d.name.casecmp(dependency.name).zero?
-          end
+        config_parser = FileParser::PackagesConfigParser.new(packages_config: config_file)
+        config_parser.dependency_set.dependencies.any? do |d|
+          d.name.casecmp(dependency.name).zero?
         end
+      end
-        def project_file_contains_dependency?(file, dependency)
-          project_file_parser.dependency_set(project_file: file).dependencies.any? do |d|
-            d.name.casecmp(dependency.name).zero?
-          end
+      def project_file_contains_dependency?(file, dependency)
+        project_file_parser.dependency_set(project_file: file).dependencies.any? do |d|
+          d.name.casecmp(dependency.name).zero?
         end
+      end
-        def find_packages_config_file(file)
-          return file if file.name.end_with?("packages.config")
+      def find_packages_config_file(file)
+        return file if file.name.end_with?("packages.config")
-          filename = File.basename(file.name)
-          search_path = file.name.sub(filename, "packages.config")
+        filename = File.basename(file.name)
+        search_path = file.name.sub(filename, "packages.config")
-          dependency_files.find { |f| f.name.casecmp(search_path).zero? }
-        end
+        dependency_files.find { |f| f.name.casecmp(search_path).zero? }
+      end
-        def project_import_file_tfms
-          @project_import_file_tfms ||= project_import_files.flat_map do |file|
-            project_file_parser.target_frameworks(project_file: file)
-          end
+      def project_import_file_tfms
+        @project_import_file_tfms ||= project_import_files.flat_map do |file|
+          project_file_parser.target_frameworks(project_file: file)
         end
+      end
-        def project_file_parser
-          @project_file_parser ||=
-            FileParser::ProjectFileParser.new(
-              dependency_files: dependency_files,
-              credentials: credentials
-            )
-        end
+      def project_file_parser
+        @project_file_parser ||=
+          FileParser::ProjectFileParser.new(
+            dependency_files: dependency_files,
+            credentials: credentials,
+            repo_contents_path: repo_contents_path
+          )
+      end
-        def project_files
-          projfile = /\.[a-z]{2}proj$/
-          packageprops = /[Dd]irectory.[Pp]ackages.props/
+      def project_files
+        projfile = /\.[a-z]{2}proj$/
+        packageprops = /[Dd]irectory.[Pp]ackages.props/
-          dependency_files.select do |df|
-            df.name.match?(projfile) ||
-              df.name.match?(packageprops)
-          end
+        dependency_files.select do |df|
+          df.name.match?(projfile) ||
+            df.name.match?(packageprops)
         end
+      end
-        def packages_config_files
-          dependency_files.select do |f|
-            f.name.split("/").last.casecmp("packages.config").zero?
-          end
+      def packages_config_files
+        dependency_files.select do |f|
+          f.name.split("/").last.casecmp("packages.config").zero?
         end
+      end
-        def project_import_files
-          dependency_files -
-            project_files -
-            packages_config_files -
-            nuget_configs -
-            [global_json] -
-            [dotnet_tools_json]
-        end
+      def project_import_files
+        dependency_files -
+          project_files -
+          packages_config_files -
+          nuget_configs -
+          [global_json] -
+          [dotnet_tools_json]
+      end
-        def nuget_configs
-          dependency_files.select { |f| f.name.match?(/nuget\.config$/i) }
-        end
+      def nuget_configs
+        dependency_files.select { |f| f.name.match?(/nuget\.config$/i) }
+      end
-        def global_json
-          dependency_files.find { |f| f.name.casecmp("global.json").zero? }
-        end
+      def global_json
+        dependency_files.find { |f| f.name.casecmp("global.json").zero? }
+      end
-        def dotnet_tools_json
-          dependency_files.find { |f| f.name.casecmp(".config/dotnet-tools.json").zero? }
-        end
+      def dotnet_tools_json
+        dependency_files.find { |f| f.name.casecmp(".config/dotnet-tools.json").zero? }
       end
     end
   end

data/lib/dependabot/nuget/update_checker/version_finder.rb CHANGED Viewed

@@ -18,13 +18,15 @@ module Dependabot
         def initialize(dependency:, dependency_files:, credentials:,
                        ignored_versions:, raise_on_ignored: false,
-                       security_advisories:)
+                       security_advisories:,
+                       repo_contents_path:)
           @dependency          = dependency
           @dependency_files    = dependency_files
           @credentials         = credentials
           @ignored_versions    = ignored_versions
           @raise_on_ignored    = raise_on_ignored
           @security_advisories = security_advisories
+          @repo_contents_path  = repo_contents_path
         end
         def latest_version_details
@@ -58,7 +60,7 @@ module Dependabot
         end
         attr_reader :dependency, :dependency_files, :credentials,
-                    :ignored_versions, :security_advisories
+                    :ignored_versions, :security_advisories, :repo_contents_path
         private
@@ -81,9 +83,10 @@ module Dependabot
           # If the current package version is incompatible, then we don't enforce compatibility.
           # It could appear incompatible because they are ignoring NU1701 or the package is poorly authored.
           return first_version unless version_compatible?(dependency.version)
-          return first_version if version_compatible?(first_version.fetch(:version))
-          sorted_versions.bsearch { |v| version_compatible?(v.fetch(:version)) }
+          # once sorted by version, the best we can do is search every package, because it's entirely possible for there
+          # to be incompatible packages both with a higher and lower version number, so no smart searching can be done.
+          sorted_versions.find { |v| version_compatible?(v.fetch(:version)) }
         end
         def version_compatible?(version)
@@ -100,7 +103,8 @@ module Dependabot
             dependency: dependency,
             tfm_finder: TfmFinder.new(
               dependency_files: dependency_files,
-              credentials: credentials
+              credentials: credentials,
+              repo_contents_path: repo_contents_path
             )
           )
         end

data/lib/dependabot/nuget/update_checker.rb CHANGED Viewed

@@ -107,7 +107,8 @@ module Dependabot
         updated_dependencies += DependencyFinder.new(
           dependency: updated_dependency,
           dependency_files: dependency_files,
-          credentials: credentials
+          credentials: credentials,
+          repo_contents_path: @repo_contents_path
         ).updated_peer_dependencies
         updated_dependencies
       end
@@ -135,7 +136,8 @@ module Dependabot
             credentials: credentials,
             ignored_versions: ignored_versions,
             raise_on_ignored: @raise_on_ignored,
-            security_advisories: security_advisories
+            security_advisories: security_advisories,
+            repo_contents_path: @repo_contents_path
           )
       end
@@ -147,7 +149,8 @@ module Dependabot
             target_version_details: latest_version_details,
             credentials: credentials,
             ignored_versions: ignored_versions,
-            raise_on_ignored: @raise_on_ignored
+            raise_on_ignored: @raise_on_ignored,
+            repo_contents_path: @repo_contents_path
           )
       end

data/lib/dependabot/nuget/version.rb CHANGED Viewed

@@ -1,8 +1,9 @@
-# typed: true
+# typed: strong
 # frozen_string_literal: true
 require "dependabot/version"
 require "dependabot/utils"
+require "sorbet-runtime"
 # Dotnet pre-release versions use 1.0.1-rc1 syntax, which Gem::Version
 # converts into 1.0.1.pre.rc1. We override the `to_s` method to stop that
@@ -11,30 +12,37 @@ require "dependabot/utils"
 module Dependabot
   module Nuget
     class Version < Dependabot::Version
-      VERSION_PATTERN = Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?'
+      extend T::Sig
+      VERSION_PATTERN = T.let(Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?', String)
       ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
+      sig { override.params(version: T.nilable(T.any(String, Integer, Float, Gem::Version))).returns(T::Boolean) }
       def self.correct?(version)
         return false if version.nil?
         version.to_s.match?(ANCHORED_VERSION_PATTERN)
       end
+      sig { override.params(version: T.nilable(T.any(String, Integer, Float, Gem::Version))).void }
       def initialize(version)
         version = version.to_s.split("+").first || ""
-        @version_string = version
+        @version_string = T.let(version, String)
         super
       end
+      sig { returns(String) }
       def to_s
         @version_string
       end
+      sig { returns(String) }
       def inspect # :nodoc:
         "#<#{self.class} #{@version_string}>"
       end
+      sig { params(other: Object).returns(Integer) }
       def <=>(other)
         version_comparison = compare_release(other)
         return version_comparison unless version_comparison.zero?
@@ -42,14 +50,16 @@ module Dependabot
         compare_prerelease_part(other)
       end
+      sig { params(other: Object).returns(Integer) }
       def compare_release(other)
         release_str = @version_string.split("-").first || ""
         other_release_str = other.to_s.split("-").first || ""
-        Gem::Version.new(release_str) <=> Gem::Version.new(other_release_str)
+        T.must(Gem::Version.new(release_str) <=> Gem::Version.new(other_release_str))
       end
       # rubocop:disable Metrics/PerceivedComplexity
+      sig { params(other: Object).returns(Integer) }
       def compare_prerelease_part(other)
         release_str = @version_string.split("-").first || ""
         prerelease_string = @version_string
@@ -67,8 +77,8 @@ module Dependabot
         return 1 if !prerelease_string && other_prerelease_string
         return 0 if !prerelease_string && !other_prerelease_string
-        split_prerelease_string = prerelease_string.split(".")
-        other_split_prerelease_string = other_prerelease_string.split(".")
+        split_prerelease_string = T.must(prerelease_string).split(".")
+        other_split_prerelease_string = T.must(other_prerelease_string).split(".")
         length = [split_prerelease_string.length, other_split_prerelease_string.length].max - 1
         (0..length).to_a.each do |index|
@@ -82,13 +92,14 @@ module Dependabot
       end
       # rubocop:enable Metrics/PerceivedComplexity
+      sig { params(lhs: T.nilable(String), rhs: T.nilable(String)).returns(Integer) }
       def compare_dot_separated_part(lhs, rhs)
         return -1 if lhs.nil?
         return 1 if rhs.nil?
         return lhs.to_i <=> rhs.to_i if lhs.match?(/^\d+$/) && rhs.match?(/^\d+$/)
-        lhs.upcase <=> rhs.upcase
+        T.must(lhs.upcase <=> rhs.upcase)
       end
     end
   end

data/lib/dependabot/nuget.rb CHANGED Viewed

@@ -24,5 +24,3 @@ Dependabot::Dependency.register_production_check(
     groups.include?("dependencies")
   end
 )
-Dependabot::Utils.register_always_clone("nuget")

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-nuget
 version: !ruby/object:Gem::Version
-  version: 0.242.1
+  version: 0.244.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-01-23 00:00:00.000000000 Z
+date: 2024-02-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.242.1
+        version: 0.244.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.242.1
+        version: 0.244.0
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
@@ -325,6 +325,8 @@ files:
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/SdkPackageUpdater.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/UpdateResult.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/UpdaterWorker.cs
+- helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/WebApplicationTargetsConditionPatcher.cs
+- helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/XmlFilePreAndPostProcessor.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/JsonHelper.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/Logger.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs
@@ -369,7 +371,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.242.1
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.244.0
 post_install_message:
 rdoc_options: []
 require_paths: