dependabot-nuget 0.243.0 → 0.244.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/SdkPackageUpdater.cs +2 -2
  3. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs +29 -12
  4. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorker.DirsProj.cs +152 -0
  5. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs +3 -3
  6. data/lib/dependabot/nuget/file_parser/project_file_parser.rb +66 -22
  7. data/lib/dependabot/nuget/file_parser.rb +2 -1
  8. data/lib/dependabot/nuget/file_updater.rb +2 -1
  9. data/lib/dependabot/nuget/update_checker/dependency_finder.rb +5 -3
  10. data/lib/dependabot/nuget/update_checker/property_updater.rb +7 -4
  11. data/lib/dependabot/nuget/update_checker/tfm_finder.rb +5 -3
  12. data/lib/dependabot/nuget/update_checker/version_finder.rb +6 -3
  13. data/lib/dependabot/nuget/update_checker.rb +6 -3
  14. metadata +5 -5
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 6ecad798e54b8e04842c43e88be3ba17db4d9db05593913fa8709a60abe4ff6c
4
- data.tar.gz: 3180c91c48986b9512477e05fe9479f02bf64dd2aa4c1883bcdc8e2b48b7459c
3
+ metadata.gz: be3a65448fe495f267cc054563bd29fd5a2142bb07613e2ed70a1cd21490bae5
4
+ data.tar.gz: 1fa876f1715e1ab11ccd5e0c323e58cd60b68d08560efe63a4c563755d36b1ca
5
5
  SHA512:
6
- metadata.gz: 3a01fbdf21447a7816e2a421ae23fb26facf9dfa1a96ad0e1182f160d5b615cc8100b6c7733465cd9894acd64300066fde48540f8062c60fbb0ca8684e5b25de
7
- data.tar.gz: 43d41b0c9b051671f5bafc6d050ca95d6c9f3e959ce6f1bdea896b834a1de3e0c63ee4b9e96ff981b216d33fee79be3f530736f9763ccddff2899bcc47f449e0
6
+ metadata.gz: b22d903bfd1bab554a9513aac135e7f4ea8e055ce8e6a5f163c9d8331e87c258805d333043953c5b7beeaeba6404792694150e7e9c035de29cd1568a09b2fc22
7
+ data.tar.gz: 00abcf17c29b5f98242b8ca97ab28c79f88e7c2425430f08d549364b16b160d640841ccd2e2b4c01978e96d7b0b4d51826795247f8087d1af6a4962abfba7809
data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/SdkPackageUpdater.cs CHANGED
@@ -33,7 +33,7 @@ internal static class SdkPackageUpdater
33
33
  var tfms = MSBuildHelper.GetTargetFrameworkMonikers(buildFiles);
34
34
 
35
35
  // Get the set of all top-level dependencies in the current project
36
- var topLevelDependencies = MSBuildHelper.GetTopLevelPackageDependenyInfos(buildFiles).ToArray();
36
+ var topLevelDependencies = MSBuildHelper.GetTopLevelPackageDependencyInfos(buildFiles).ToArray();
37
37
 
38
38
  var packageFoundInDependencies = false;
39
39
  var packageNeedsUpdating = false;
@@ -128,7 +128,7 @@ internal static class SdkPackageUpdater
128
128
  UpdateTopLevelDepdendency(buildFiles, dependencyName, previousDependencyVersion, newDependencyVersion, packagesAndVersions, logger);
129
129
  }
130
130
 
131
- var updatedTopLevelDependencies = MSBuildHelper.GetTopLevelPackageDependenyInfos(buildFiles);
131
+ var updatedTopLevelDependencies = MSBuildHelper.GetTopLevelPackageDependencyInfos(buildFiles);
132
132
  foreach (var tfm in tfms)
133
133
  {
134
134
  var updatedPackages = await MSBuildHelper.GetAllPackageDependenciesAsync(repoRootPath, projectPath, tfm, updatedTopLevelDependencies.ToArray(), logger);
data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs CHANGED
@@ -15,6 +15,7 @@ using Microsoft.Build.Definition;
15
15
  using Microsoft.Build.Evaluation;
16
16
  using Microsoft.Build.Exceptions;
17
17
  using Microsoft.Build.Locator;
18
+ using Microsoft.Extensions.FileSystemGlobbing;
18
19
 
19
20
  using NuGetUpdater.Core.Utilities;
20
21
 
@@ -101,6 +102,7 @@ internal static partial class MSBuildHelper
101
102
  {
102
103
  var projectStack = new Stack<(string folderPath, ProjectRootElement)>();
103
104
  var projectRootElement = ProjectRootElement.Open(projFilePath);
105
+ var processedProjectFiles = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
104
106
 
105
107
  projectStack.Push((Path.GetFullPath(Path.GetDirectoryName(projFilePath)!), projectRootElement));
106
108
 
@@ -114,27 +116,42 @@ internal static partial class MSBuildHelper
114
116
  continue;
115
117
  }
116
118
 
117
- projectPath = PathHelper.GetFullPathFromRelative(folderPath, projectPath);
119
+ Matcher matcher = new Matcher();
120
+ matcher.AddInclude(PathHelper.NormalizePathToUnix(projectReference.Include));
118
121
 
119
- var projectExtension = Path.GetExtension(projectPath).ToLowerInvariant();
120
- if (projectExtension == ".proj")
122
+ string searchDirectory = PathHelper.NormalizePathToUnix(folderPath);
123
+
124
+ IEnumerable<string> files = matcher.GetResultsInFullPath(searchDirectory);
125
+
126
+ foreach (var file in files)
121
127
  {
122
- // If there is some MSBuild logic that needs to run to fully resolve the path skip the project
123
- if (File.Exists(projectPath))
128
+ // Check that we haven't already processed this file
129
+ if (processedProjectFiles.Contains(file))
124
130
  {
125
- var additionalProjectRootElement = ProjectRootElement.Open(projectPath);
126
- projectStack.Push((Path.GetFullPath(Path.GetDirectoryName(projectPath)!), additionalProjectRootElement));
131
+ continue;
132
+ }
133
+
134
+ var projectExtension = Path.GetExtension(file).ToLowerInvariant();
135
+ if (projectExtension == ".proj")
136
+ {
137
+ // If there is some MSBuild logic that needs to run to fully resolve the path skip the project
138
+ if (File.Exists(file))
139
+ {
140
+ var additionalProjectRootElement = ProjectRootElement.Open(file);
141
+ projectStack.Push((Path.GetFullPath(Path.GetDirectoryName(file)!), additionalProjectRootElement));
142
+ processedProjectFiles.Add(file);
143
+ }
144
+ }
145
+ else if (projectExtension == ".csproj" || projectExtension == ".vbproj" || projectExtension == ".fsproj")
146
+ {
147
+ yield return file;
127
148
  }
128
- }
129
- else if (projectExtension == ".csproj" || projectExtension == ".vbproj" || projectExtension == ".fsproj")
130
- {
131
- yield return projectPath;
132
149
  }
133
150
  }
134
151
  }
135
152
  }
136
153
 
137
- public static IEnumerable<Dependency> GetTopLevelPackageDependenyInfos(ImmutableArray<ProjectBuildFile> buildFiles)
154
+ public static IEnumerable<Dependency> GetTopLevelPackageDependencyInfos(ImmutableArray<ProjectBuildFile> buildFiles)
138
155
  {
139
156
  Dictionary<string, (string, bool)> packageInfo = new(StringComparer.OrdinalIgnoreCase);
140
157
  Dictionary<string, string> packageVersionInfo = new(StringComparer.OrdinalIgnoreCase);
data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorker.DirsProj.cs CHANGED
@@ -170,6 +170,158 @@ public partial class UpdateWorkerTests
170
170
  ]);
171
171
  }
172
172
 
173
+ [Fact]
174
+ public async Task UpdateSingleDependencyInNestedDirsProjUsingWildcard()
175
+ {
176
+ await TestUpdateForDirsProj("Newtonsoft.Json", "9.0.1", "13.0.1",
177
+ // initial
178
+ projectContents: """
179
+ <Project Sdk="Microsoft.Build.NoTargets">
180
+
181
+ <ItemGroup>
182
+ <ProjectReference Include="src/*.proj" />
183
+ </ItemGroup>
184
+
185
+ </Project>
186
+ """,
187
+ additionalFiles:
188
+ [
189
+ ("src/dirs.proj",
190
+ """
191
+ <Project Sdk="Microsoft.Build.NoTargets">
192
+
193
+ <ItemGroup>
194
+ <ProjectReference Include="test-project/test-project.csproj" />
195
+ </ItemGroup>
196
+
197
+ </Project>
198
+ """),
199
+ ("src/test-project/test-project.csproj",
200
+ """
201
+ <Project Sdk="Microsoft.NET.Sdk">
202
+ <PropertyGroup>
203
+ <TargetFramework>netstandard2.0</TargetFramework>
204
+ </PropertyGroup>
205
+
206
+ <ItemGroup>
207
+ <PackageReference Include="Newtonsoft.Json" Version="9.0.1" />
208
+ </ItemGroup>
209
+ </Project>
210
+ """)
211
+ ],
212
+ // expected
213
+ expectedProjectContents: """
214
+ <Project Sdk="Microsoft.Build.NoTargets">
215
+
216
+ <ItemGroup>
217
+ <ProjectReference Include="src/*.proj" />
218
+ </ItemGroup>
219
+
220
+ </Project>
221
+ """,
222
+ additionalFilesExpected:
223
+ [
224
+ ("src/dirs.proj",
225
+ """
226
+ <Project Sdk="Microsoft.Build.NoTargets">
227
+
228
+ <ItemGroup>
229
+ <ProjectReference Include="test-project/test-project.csproj" />
230
+ </ItemGroup>
231
+
232
+ </Project>
233
+ """),
234
+ ("src/test-project/test-project.csproj",
235
+ """
236
+ <Project Sdk="Microsoft.NET.Sdk">
237
+ <PropertyGroup>
238
+ <TargetFramework>netstandard2.0</TargetFramework>
239
+ </PropertyGroup>
240
+
241
+ <ItemGroup>
242
+ <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
243
+ </ItemGroup>
244
+ </Project>
245
+ """)
246
+ ]);
247
+ }
248
+
249
+ [Fact]
250
+ public async Task UpdateSingleDependencyInNestedDirsProjUsingRecursiveWildcard()
251
+ {
252
+ await TestUpdateForDirsProj("Newtonsoft.Json", "9.0.1", "13.0.1",
253
+ // initial
254
+ projectContents: """
255
+ <Project Sdk="Microsoft.Build.NoTargets">
256
+
257
+ <ItemGroup>
258
+ <ProjectReference Include="**/*.proj" />
259
+ </ItemGroup>
260
+
261
+ </Project>
262
+ """,
263
+ additionalFiles:
264
+ [
265
+ ("src/dirs.proj",
266
+ """
267
+ <Project Sdk="Microsoft.Build.NoTargets">
268
+
269
+ <ItemGroup>
270
+ <ProjectReference Include="test-project/test-project.csproj" />
271
+ </ItemGroup>
272
+
273
+ </Project>
274
+ """),
275
+ ("src/test-project/test-project.csproj",
276
+ """
277
+ <Project Sdk="Microsoft.NET.Sdk">
278
+ <PropertyGroup>
279
+ <TargetFramework>netstandard2.0</TargetFramework>
280
+ </PropertyGroup>
281
+
282
+ <ItemGroup>
283
+ <PackageReference Include="Newtonsoft.Json" Version="9.0.1" />
284
+ </ItemGroup>
285
+ </Project>
286
+ """)
287
+ ],
288
+ // expected
289
+ expectedProjectContents: """
290
+ <Project Sdk="Microsoft.Build.NoTargets">
291
+
292
+ <ItemGroup>
293
+ <ProjectReference Include="**/*.proj" />
294
+ </ItemGroup>
295
+
296
+ </Project>
297
+ """,
298
+ additionalFilesExpected:
299
+ [
300
+ ("src/dirs.proj",
301
+ """
302
+ <Project Sdk="Microsoft.Build.NoTargets">
303
+
304
+ <ItemGroup>
305
+ <ProjectReference Include="test-project/test-project.csproj" />
306
+ </ItemGroup>
307
+
308
+ </Project>
309
+ """),
310
+ ("src/test-project/test-project.csproj",
311
+ """
312
+ <Project Sdk="Microsoft.NET.Sdk">
313
+ <PropertyGroup>
314
+ <TargetFramework>netstandard2.0</TargetFramework>
315
+ </PropertyGroup>
316
+
317
+ <ItemGroup>
318
+ <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
319
+ </ItemGroup>
320
+ </Project>
321
+ """)
322
+ ]);
323
+ }
324
+
173
325
  static async Task TestUpdateForDirsProj(
174
326
  string dependencyName,
175
327
  string oldVersion,
data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs CHANGED
@@ -128,7 +128,7 @@ public class MSBuildHelperTests
128
128
  }
129
129
 
130
130
  [Theory]
131
- [MemberData(nameof(GetTopLevelPackageDependenyInfosTestData))]
131
+ [MemberData(nameof(GetTopLevelPackageDependencyInfosTestData))]
132
132
  public async Task TopLevelPackageDependenciesCanBeDetermined((string Path, string Content)[] buildFileContents, Dependency[] expectedTopLevelDependencies)
133
133
  {
134
134
  using var testDirectory = new TemporaryDirectory();
@@ -140,7 +140,7 @@ public class MSBuildHelperTests
140
140
  buildFiles.Add(ProjectBuildFile.Parse(testDirectory.DirectoryPath, fullPath, content));
141
141
  }
142
142
 
143
- var actualTopLevelDependencies = MSBuildHelper.GetTopLevelPackageDependenyInfos(buildFiles.ToImmutableArray());
143
+ var actualTopLevelDependencies = MSBuildHelper.GetTopLevelPackageDependencyInfos(buildFiles.ToImmutableArray());
144
144
  Assert.Equal(expectedTopLevelDependencies, actualTopLevelDependencies);
145
145
  }
146
146
 
@@ -383,7 +383,7 @@ public class MSBuildHelperTests
383
383
  }
384
384
  }
385
385
 
386
- public static IEnumerable<object[]> GetTopLevelPackageDependenyInfosTestData()
386
+ public static IEnumerable<object[]> GetTopLevelPackageDependencyInfosTestData()
387
387
  {
388
388
  // simple case
389
389
  yield return
data/lib/dependabot/nuget/file_parser/project_file_parser.rb CHANGED
@@ -14,7 +14,9 @@ require "dependabot/nuget/nuget_client"
14
14
  module Dependabot
15
15
  module Nuget
16
16
  class FileParser
17
- class ProjectFileParser
17
+ class ProjectFileParser # rubocop:disable Metrics/ClassLength
18
+ extend T::Sig
19
+
18
20
  require "dependabot/file_parsers/base/dependency_set"
19
21
  require_relative "property_value_finder"
20
22
  require_relative "../update_checker/repository_finder"
@@ -46,16 +48,20 @@ module Dependabot
46
48
  CacheManager.cache("dependency_url_search_cache")
47
49
  end
48
50
 
49
- def initialize(dependency_files:, credentials:)
51
+ def initialize(dependency_files:, credentials:, repo_contents_path:)
50
52
  @dependency_files = dependency_files
51
53
  @credentials = credentials
54
+ @repo_contents_path = repo_contents_path
52
55
  end
53
56
 
54
- def dependency_set(project_file:)
57
+ def dependency_set(project_file:, visited_project_files: Set.new)
55
58
  key = "#{project_file.name.downcase}::#{project_file.content.hash}"
56
59
  cache = ProjectFileParser.dependency_set_cache
57
60
 
58
- cache[key] ||= parse_dependencies(project_file)
61
+ visited_project_files.add(cache[key])
62
+
63
+ # Pass the visited_project_files set to parse_dependencies
64
+ cache[key] ||= parse_dependencies(project_file, visited_project_files)
59
65
  end
60
66
 
61
67
  def downstream_file_references(project_file:)
@@ -70,7 +76,10 @@ module Dependabot
70
76
  dep_file = get_attribute_value(project_reference_node, "Include")
71
77
  full_project_path = full_path(project_file, dep_file)
72
78
  full_project_path = full_project_path[1..-1] if full_project_path.start_with?("/")
73
- file_set << full_project_path if full_project_path
79
+ full_project_paths = expand_wildcards_in_project_reference_path(full_project_path)
80
+ full_project_paths.each do |full_project_path_expanded|
81
+ file_set << full_project_path_expanded if full_project_path_expanded
82
+ end
74
83
  end
75
84
 
76
85
  file_set
@@ -115,7 +124,7 @@ module Dependabot
115
124
  result
116
125
  end
117
126
 
118
- def parse_dependencies(project_file)
127
+ def parse_dependencies(project_file, visited_project_files)
119
128
  dependency_set = Dependabot::FileParsers::Base::DependencySet.new
120
129
 
121
130
  doc = Nokogiri::XML(project_file.content)
@@ -134,7 +143,7 @@ module Dependabot
134
143
 
135
144
  add_global_package_references(dependency_set)
136
145
 
137
- add_transitive_dependencies(project_file, doc, dependency_set)
146
+ add_transitive_dependencies(project_file, doc, dependency_set, visited_project_files)
138
147
 
139
148
  # Look for SDK references; see:
140
149
  # https://docs.microsoft.com/en-us/visualstudio/msbuild/how-to-use-project-sdk
@@ -160,12 +169,16 @@ module Dependabot
160
169
  end
161
170
  end
162
171
 
163
- def add_transitive_dependencies(project_file, doc, dependency_set)
172
+ def add_transitive_dependencies(project_file, doc, dependency_set, visited_project_files)
164
173
  add_transitive_dependencies_from_packages(dependency_set)
165
- add_transitive_dependencies_from_project_references(project_file, doc, dependency_set)
174
+ add_transitive_dependencies_from_project_references(project_file, doc, dependency_set, visited_project_files)
166
175
  end
167
176
 
168
- def add_transitive_dependencies_from_project_references(project_file, doc, dependency_set)
177
+ def add_transitive_dependencies_from_project_references(project_file, doc, dependency_set,
178
+ visited_project_files)
179
+
180
+ # if visited_project_files is an empty set then new up a new set
181
+ visited_project_files = Set.new if visited_project_files.nil?
169
182
  # Look for regular project references
170
183
  project_refs = doc.css(PROJECT_REFERENCE_SELECTOR)
171
184
  # Look for ProjectFile references (dirs.proj)
@@ -179,21 +192,51 @@ module Dependabot
179
192
 
180
193
  full_project_path = full_path(project_file, relative_path)
181
194
 
182
- referenced_file = dependency_files.find { |f| f.name == full_project_path }
183
- next unless referenced_file
184
-
185
- dependency_set(project_file: referenced_file).dependencies.each do |dep|
186
- dependency = Dependency.new(
187
- name: dep.name,
188
- version: dep.version,
189
- package_manager: dep.package_manager,
190
- requirements: []
191
- )
192
- dependency_set << dependency
195
+ full_project_paths = expand_wildcards_in_project_reference_path(full_project_path)
196
+
197
+ full_project_paths.each do |path|
198
+ # Check if we've already visited this project file
199
+ next if visited_project_files.include?(path)
200
+
201
+ visited_project_files.add(path)
202
+ referenced_file = dependency_files.find { |f| f.name == path }
203
+ next unless referenced_file
204
+
205
+ dependency_set(project_file: referenced_file,
206
+ visited_project_files: visited_project_files).dependencies.each do |dep|
207
+ dependency = Dependency.new(
208
+ name: dep.name,
209
+ version: dep.version,
210
+ package_manager: dep.package_manager,
211
+ requirements: []
212
+ )
213
+ dependency_set << dependency
214
+ end
193
215
  end
194
216
  end
195
217
  end
196
218
 
219
+ sig { params(full_path: T.untyped).returns(T::Array[T.nilable(String)]) }
220
+ def expand_wildcards_in_project_reference_path(full_path)
221
+ full_path = T.let(File.join(@repo_contents_path, full_path), T.nilable(String))
222
+ expanded_wildcard = Dir.glob(T.must(full_path))
223
+
224
+ filtered_paths = []
225
+
226
+ # For each expanded path, remove the @repo_contents_path prefix and leading slash
227
+ expanded_wildcard.map do |path|
228
+ # Remove @repo_contents_path prefix
229
+ path = path.sub(@repo_contents_path, "")
230
+ # Remove leading slash
231
+ path = path[1..-1] if path.start_with?("/")
232
+ filtered_paths << path
233
+ path # Return the modified path
234
+ end
235
+
236
+ # If the wildcard didn't match anything, strip the @repo_contents_path prefix and return the original path.
237
+ filtered_paths.any? ? filtered_paths : [T.must(full_path).sub(@repo_contents_path, "")[1..-1]]
238
+ end
239
+
197
240
  def add_transitive_dependencies_from_packages(dependency_set)
198
241
  transitive_dependencies_from_packages(dependency_set.dependencies).each { |dep| dependency_set << dep }
199
242
  end
@@ -205,7 +248,8 @@ module Dependabot
205
248
  UpdateChecker::DependencyFinder.new(
206
249
  dependency: dependency,
207
250
  dependency_files: dependency_files,
208
- credentials: credentials
251
+ credentials: credentials,
252
+ repo_contents_path: @repo_contents_path
209
253
  ).transitive_dependencies.each do |transitive_dep|
210
254
  visited_dep = transitive_dependencies[transitive_dep.name.downcase]
211
255
  next if !visited_dep.nil? && visited_dep.numeric_version > transitive_dep.numeric_version
data/lib/dependabot/nuget/file_parser.rb CHANGED
@@ -78,7 +78,8 @@ module Dependabot
78
78
  @project_file_parser ||= T.let(
79
79
  ProjectFileParser.new(
80
80
  dependency_files: dependency_files,
81
- credentials: credentials
81
+ credentials: credentials,
82
+ repo_contents_path: @repo_contents_path
82
83
  ),
83
84
  T.nilable(Dependabot::Nuget::FileParser::ProjectFileParser)
84
85
  )
data/lib/dependabot/nuget/file_updater.rb CHANGED
@@ -144,7 +144,8 @@ module Dependabot
144
144
  @project_file_parser ||=
145
145
  FileParser::ProjectFileParser.new(
146
146
  dependency_files: dependency_files,
147
- credentials: credentials
147
+ credentials: credentials,
148
+ repo_contents_path: repo_contents_path
148
149
  )
149
150
  end
150
151
 
data/lib/dependabot/nuget/update_checker/dependency_finder.rb CHANGED
@@ -26,10 +26,11 @@ module Dependabot
26
26
  CacheManager.cache("dependency_finder_fetch_dependencies")
27
27
  end
28
28
 
29
- def initialize(dependency:, dependency_files:, credentials:)
29
+ def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
30
30
  @dependency = dependency
31
31
  @dependency_files = dependency_files
32
32
  @credentials = credentials
33
+ @repo_contents_path = repo_contents_path
33
34
  end
34
35
 
35
36
  def transitive_dependencies
@@ -93,7 +94,7 @@ module Dependabot
93
94
 
94
95
  private
95
96
 
96
- attr_reader :dependency, :dependency_files, :credentials
97
+ attr_reader :dependency, :dependency_files, :credentials, :repo_contents_path
97
98
 
98
99
  def updated_requirements(dep, target_version_details)
99
100
  @updated_requirements ||= {}
@@ -219,7 +220,8 @@ module Dependabot
219
220
  credentials: credentials,
220
221
  ignored_versions: [],
221
222
  raise_on_ignored: false,
222
- security_advisories: []
223
+ security_advisories: [],
224
+ repo_contents_path: repo_contents_path
223
225
  )
224
226
  end
225
227
  end
data/lib/dependabot/nuget/update_checker/property_updater.rb CHANGED
@@ -14,7 +14,7 @@ module Dependabot
14
14
 
15
15
  def initialize(dependency:, dependency_files:, credentials:,
16
16
  target_version_details:, ignored_versions:,
17
- raise_on_ignored: false)
17
+ raise_on_ignored: false, repo_contents_path:)
18
18
  @dependency = dependency
19
19
  @dependency_files = dependency_files
20
20
  @credentials = credentials
@@ -23,6 +23,7 @@ module Dependabot
23
23
  @target_version = target_version_details&.fetch(:version)
24
24
  @source_details = target_version_details
25
25
  &.slice(:nuspec_url, :repo_url, :source_url)
26
+ @repo_contents_path = repo_contents_path
26
27
  end
27
28
 
28
29
  def update_possible?
@@ -36,7 +37,8 @@ module Dependabot
36
37
  credentials: credentials,
37
38
  ignored_versions: ignored_versions,
38
39
  raise_on_ignored: @raise_on_ignored,
39
- security_advisories: []
40
+ security_advisories: [],
41
+ repo_contents_path: repo_contents_path
40
42
  ).versions.map { |v| v.fetch(:version) }
41
43
 
42
44
  versions.include?(target_version) || versions.none?
@@ -74,13 +76,14 @@ module Dependabot
74
76
  private
75
77
 
76
78
  attr_reader :dependency, :dependency_files, :target_version,
77
- :source_details, :credentials, :ignored_versions
79
+ :source_details, :credentials, :ignored_versions, :repo_contents_path
78
80
 
79
81
  def process_updated_peer_dependencies(dependency, dependencies)
80
82
  DependencyFinder.new(
81
83
  dependency: dependency,
82
84
  dependency_files: dependency_files,
83
- credentials: credentials
85
+ credentials: credentials,
86
+ repo_contents_path: repo_contents_path
84
87
  ).updated_peer_dependencies.each do |peer_dependency|
85
88
  # Only keep one copy of each dependency, the one with the highest target version.
86
89
  visited_dependency = dependencies[peer_dependency.name.downcase]
data/lib/dependabot/nuget/update_checker/tfm_finder.rb CHANGED
@@ -16,9 +16,10 @@ module Dependabot
16
16
  require "dependabot/nuget/file_parser/packages_config_parser"
17
17
  require "dependabot/nuget/file_parser/project_file_parser"
18
18
 
19
- def initialize(dependency_files:, credentials:)
19
+ def initialize(dependency_files:, credentials:, repo_contents_path:)
20
20
  @dependency_files = dependency_files
21
21
  @credentials = credentials
22
+ @repo_contents_path = repo_contents_path
22
23
  end
23
24
 
24
25
  def frameworks(dependency)
@@ -30,7 +31,7 @@ module Dependabot
30
31
 
31
32
  private
32
33
 
33
- attr_reader :dependency_files, :credentials
34
+ attr_reader :dependency_files, :credentials, :repo_contents_path
34
35
 
35
36
  def project_file_tfms(dependency)
36
37
  project_files_with_dependency(dependency).flat_map do |file|
@@ -80,7 +81,8 @@ module Dependabot
80
81
  @project_file_parser ||=
81
82
  FileParser::ProjectFileParser.new(
82
83
  dependency_files: dependency_files,
83
- credentials: credentials
84
+ credentials: credentials,
85
+ repo_contents_path: repo_contents_path
84
86
  )
85
87
  end
86
88
 
data/lib/dependabot/nuget/update_checker/version_finder.rb CHANGED
@@ -18,13 +18,15 @@ module Dependabot
18
18
 
19
19
  def initialize(dependency:, dependency_files:, credentials:,
20
20
  ignored_versions:, raise_on_ignored: false,
21
- security_advisories:)
21
+ security_advisories:,
22
+ repo_contents_path:)
22
23
  @dependency = dependency
23
24
  @dependency_files = dependency_files
24
25
  @credentials = credentials
25
26
  @ignored_versions = ignored_versions
26
27
  @raise_on_ignored = raise_on_ignored
27
28
  @security_advisories = security_advisories
29
+ @repo_contents_path = repo_contents_path
28
30
  end
29
31
 
30
32
  def latest_version_details
@@ -58,7 +60,7 @@ module Dependabot
58
60
  end
59
61
 
60
62
  attr_reader :dependency, :dependency_files, :credentials,
61
- :ignored_versions, :security_advisories
63
+ :ignored_versions, :security_advisories, :repo_contents_path
62
64
 
63
65
  private
64
66
 
@@ -101,7 +103,8 @@ module Dependabot
101
103
  dependency: dependency,
102
104
  tfm_finder: TfmFinder.new(
103
105
  dependency_files: dependency_files,
104
- credentials: credentials
106
+ credentials: credentials,
107
+ repo_contents_path: repo_contents_path
105
108
  )
106
109
  )
107
110
  end
data/lib/dependabot/nuget/update_checker.rb CHANGED
@@ -107,7 +107,8 @@ module Dependabot
107
107
  updated_dependencies += DependencyFinder.new(
108
108
  dependency: updated_dependency,
109
109
  dependency_files: dependency_files,
110
- credentials: credentials
110
+ credentials: credentials,
111
+ repo_contents_path: @repo_contents_path
111
112
  ).updated_peer_dependencies
112
113
  updated_dependencies
113
114
  end
@@ -135,7 +136,8 @@ module Dependabot
135
136
  credentials: credentials,
136
137
  ignored_versions: ignored_versions,
137
138
  raise_on_ignored: @raise_on_ignored,
138
- security_advisories: security_advisories
139
+ security_advisories: security_advisories,
140
+ repo_contents_path: @repo_contents_path
139
141
  )
140
142
  end
141
143
 
@@ -147,7 +149,8 @@ module Dependabot
147
149
  target_version_details: latest_version_details,
148
150
  credentials: credentials,
149
151
  ignored_versions: ignored_versions,
150
- raise_on_ignored: @raise_on_ignored
152
+ raise_on_ignored: @raise_on_ignored,
153
+ repo_contents_path: @repo_contents_path
151
154
  )
152
155
  end
153
156
 
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-nuget
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.243.0
4
+ version: 0.244.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-02-13 00:00:00.000000000 Z
11
+ date: 2024-02-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.243.0
19
+ version: 0.244.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.243.0
26
+ version: 0.244.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rubyzip
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -371,7 +371,7 @@ licenses:
371
371
  - Nonstandard
372
372
  metadata:
373
373
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
374
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.243.0
374
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.244.0
375
375
  post_install_message:
376
376
  rdoc_options: []
377
377
  require_paths: