dependabot-nuget 0.243.0 → 0.245.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/SdkPackageUpdater.cs +2 -2
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs +40 -13
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorker.DirsProj.cs +152 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.Sdk.cs +32 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs +3 -3
- data/lib/dependabot/nuget/file_parser/project_file_parser.rb +66 -22
- data/lib/dependabot/nuget/file_parser.rb +2 -1
- data/lib/dependabot/nuget/file_updater.rb +2 -1
- data/lib/dependabot/nuget/native_helpers.rb +21 -12
- data/lib/dependabot/nuget/update_checker/dependency_finder.rb +5 -3
- data/lib/dependabot/nuget/update_checker/property_updater.rb +7 -4
- data/lib/dependabot/nuget/update_checker/tfm_finder.rb +5 -3
- data/lib/dependabot/nuget/update_checker/version_finder.rb +6 -3
- data/lib/dependabot/nuget/update_checker.rb +6 -3
- metadata +5 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 4e67c27ae4f1d9736ba0db82edf309551b56c5337213f72a71d5dc7502e2a91d
|
4
|
+
data.tar.gz: f04858bb986a722dbe26aae525f26885dbd7cc0dc514ee099ab5fed628dfbc43
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 9fc5b619a387d372e8b91007cb3a1983e93b891874e87e475286d177e3075a911c98cda226746f7e8bb792ba83da409ba9abaa29402857d3b01e82850bffbbc9
|
7
|
+
data.tar.gz: '0919b3eb28f2d1c1aa5e3d137eb0ef4d443458f92aaddfca0628353d9b49d2ad6b2ccc6698102f55ada4c04517017c143d5115c1ff0d6ba701c422b6547923f2'
|
@@ -33,7 +33,7 @@ internal static class SdkPackageUpdater
|
|
33
33
|
var tfms = MSBuildHelper.GetTargetFrameworkMonikers(buildFiles);
|
34
34
|
|
35
35
|
// Get the set of all top-level dependencies in the current project
|
36
|
-
var topLevelDependencies = MSBuildHelper.
|
36
|
+
var topLevelDependencies = MSBuildHelper.GetTopLevelPackageDependencyInfos(buildFiles).ToArray();
|
37
37
|
|
38
38
|
var packageFoundInDependencies = false;
|
39
39
|
var packageNeedsUpdating = false;
|
@@ -128,7 +128,7 @@ internal static class SdkPackageUpdater
|
|
128
128
|
UpdateTopLevelDepdendency(buildFiles, dependencyName, previousDependencyVersion, newDependencyVersion, packagesAndVersions, logger);
|
129
129
|
}
|
130
130
|
|
131
|
-
var updatedTopLevelDependencies = MSBuildHelper.
|
131
|
+
var updatedTopLevelDependencies = MSBuildHelper.GetTopLevelPackageDependencyInfos(buildFiles);
|
132
132
|
foreach (var tfm in tfms)
|
133
133
|
{
|
134
134
|
var updatedPackages = await MSBuildHelper.GetAllPackageDependenciesAsync(repoRootPath, projectPath, tfm, updatedTopLevelDependencies.ToArray(), logger);
|
@@ -15,6 +15,7 @@ using Microsoft.Build.Definition;
|
|
15
15
|
using Microsoft.Build.Evaluation;
|
16
16
|
using Microsoft.Build.Exceptions;
|
17
17
|
using Microsoft.Build.Locator;
|
18
|
+
using Microsoft.Extensions.FileSystemGlobbing;
|
18
19
|
|
19
20
|
using NuGetUpdater.Core.Utilities;
|
20
21
|
|
@@ -101,6 +102,7 @@ internal static partial class MSBuildHelper
|
|
101
102
|
{
|
102
103
|
var projectStack = new Stack<(string folderPath, ProjectRootElement)>();
|
103
104
|
var projectRootElement = ProjectRootElement.Open(projFilePath);
|
105
|
+
var processedProjectFiles = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
|
104
106
|
|
105
107
|
projectStack.Push((Path.GetFullPath(Path.GetDirectoryName(projFilePath)!), projectRootElement));
|
106
108
|
|
@@ -114,27 +116,42 @@ internal static partial class MSBuildHelper
|
|
114
116
|
continue;
|
115
117
|
}
|
116
118
|
|
117
|
-
|
119
|
+
Matcher matcher = new Matcher();
|
120
|
+
matcher.AddInclude(PathHelper.NormalizePathToUnix(projectReference.Include));
|
118
121
|
|
119
|
-
|
120
|
-
|
122
|
+
string searchDirectory = PathHelper.NormalizePathToUnix(folderPath);
|
123
|
+
|
124
|
+
IEnumerable<string> files = matcher.GetResultsInFullPath(searchDirectory);
|
125
|
+
|
126
|
+
foreach (var file in files)
|
121
127
|
{
|
122
|
-
//
|
123
|
-
if (
|
128
|
+
// Check that we haven't already processed this file
|
129
|
+
if (processedProjectFiles.Contains(file))
|
124
130
|
{
|
125
|
-
|
126
|
-
|
131
|
+
continue;
|
132
|
+
}
|
133
|
+
|
134
|
+
var projectExtension = Path.GetExtension(file).ToLowerInvariant();
|
135
|
+
if (projectExtension == ".proj")
|
136
|
+
{
|
137
|
+
// If there is some MSBuild logic that needs to run to fully resolve the path skip the project
|
138
|
+
if (File.Exists(file))
|
139
|
+
{
|
140
|
+
var additionalProjectRootElement = ProjectRootElement.Open(file);
|
141
|
+
projectStack.Push((Path.GetFullPath(Path.GetDirectoryName(file)!), additionalProjectRootElement));
|
142
|
+
processedProjectFiles.Add(file);
|
143
|
+
}
|
144
|
+
}
|
145
|
+
else if (projectExtension == ".csproj" || projectExtension == ".vbproj" || projectExtension == ".fsproj")
|
146
|
+
{
|
147
|
+
yield return file;
|
127
148
|
}
|
128
|
-
}
|
129
|
-
else if (projectExtension == ".csproj" || projectExtension == ".vbproj" || projectExtension == ".fsproj")
|
130
|
-
{
|
131
|
-
yield return projectPath;
|
132
149
|
}
|
133
150
|
}
|
134
151
|
}
|
135
152
|
}
|
136
153
|
|
137
|
-
public static IEnumerable<Dependency>
|
154
|
+
public static IEnumerable<Dependency> GetTopLevelPackageDependencyInfos(ImmutableArray<ProjectBuildFile> buildFiles)
|
138
155
|
{
|
139
156
|
Dictionary<string, (string, bool)> packageInfo = new(StringComparer.OrdinalIgnoreCase);
|
140
157
|
Dictionary<string, string> packageVersionInfo = new(StringComparer.OrdinalIgnoreCase);
|
@@ -343,7 +360,17 @@ internal static partial class MSBuildHelper
|
|
343
360
|
await File.WriteAllTextAsync(tempProjectPath, projectContents);
|
344
361
|
|
345
362
|
// prevent directory crawling
|
346
|
-
await File.WriteAllTextAsync(
|
363
|
+
await File.WriteAllTextAsync(
|
364
|
+
Path.Combine(tempDir.FullName, "Directory.Build.props"),
|
365
|
+
"""
|
366
|
+
<Project>
|
367
|
+
<PropertyGroup>
|
368
|
+
<!-- For Windows-specific apps -->
|
369
|
+
<EnableWindowsTargeting>true</EnableWindowsTargeting>
|
370
|
+
</PropertyGroup>
|
371
|
+
</Project>
|
372
|
+
""");
|
373
|
+
|
347
374
|
await File.WriteAllTextAsync(Path.Combine(tempDir.FullName, "Directory.Build.targets"), "<Project />");
|
348
375
|
await File.WriteAllTextAsync(Path.Combine(tempDir.FullName, "Directory.Packages.props"), "<Project />");
|
349
376
|
|
@@ -170,6 +170,158 @@ public partial class UpdateWorkerTests
|
|
170
170
|
]);
|
171
171
|
}
|
172
172
|
|
173
|
+
[Fact]
|
174
|
+
public async Task UpdateSingleDependencyInNestedDirsProjUsingWildcard()
|
175
|
+
{
|
176
|
+
await TestUpdateForDirsProj("Newtonsoft.Json", "9.0.1", "13.0.1",
|
177
|
+
// initial
|
178
|
+
projectContents: """
|
179
|
+
<Project Sdk="Microsoft.Build.NoTargets">
|
180
|
+
|
181
|
+
<ItemGroup>
|
182
|
+
<ProjectReference Include="src/*.proj" />
|
183
|
+
</ItemGroup>
|
184
|
+
|
185
|
+
</Project>
|
186
|
+
""",
|
187
|
+
additionalFiles:
|
188
|
+
[
|
189
|
+
("src/dirs.proj",
|
190
|
+
"""
|
191
|
+
<Project Sdk="Microsoft.Build.NoTargets">
|
192
|
+
|
193
|
+
<ItemGroup>
|
194
|
+
<ProjectReference Include="test-project/test-project.csproj" />
|
195
|
+
</ItemGroup>
|
196
|
+
|
197
|
+
</Project>
|
198
|
+
"""),
|
199
|
+
("src/test-project/test-project.csproj",
|
200
|
+
"""
|
201
|
+
<Project Sdk="Microsoft.NET.Sdk">
|
202
|
+
<PropertyGroup>
|
203
|
+
<TargetFramework>netstandard2.0</TargetFramework>
|
204
|
+
</PropertyGroup>
|
205
|
+
|
206
|
+
<ItemGroup>
|
207
|
+
<PackageReference Include="Newtonsoft.Json" Version="9.0.1" />
|
208
|
+
</ItemGroup>
|
209
|
+
</Project>
|
210
|
+
""")
|
211
|
+
],
|
212
|
+
// expected
|
213
|
+
expectedProjectContents: """
|
214
|
+
<Project Sdk="Microsoft.Build.NoTargets">
|
215
|
+
|
216
|
+
<ItemGroup>
|
217
|
+
<ProjectReference Include="src/*.proj" />
|
218
|
+
</ItemGroup>
|
219
|
+
|
220
|
+
</Project>
|
221
|
+
""",
|
222
|
+
additionalFilesExpected:
|
223
|
+
[
|
224
|
+
("src/dirs.proj",
|
225
|
+
"""
|
226
|
+
<Project Sdk="Microsoft.Build.NoTargets">
|
227
|
+
|
228
|
+
<ItemGroup>
|
229
|
+
<ProjectReference Include="test-project/test-project.csproj" />
|
230
|
+
</ItemGroup>
|
231
|
+
|
232
|
+
</Project>
|
233
|
+
"""),
|
234
|
+
("src/test-project/test-project.csproj",
|
235
|
+
"""
|
236
|
+
<Project Sdk="Microsoft.NET.Sdk">
|
237
|
+
<PropertyGroup>
|
238
|
+
<TargetFramework>netstandard2.0</TargetFramework>
|
239
|
+
</PropertyGroup>
|
240
|
+
|
241
|
+
<ItemGroup>
|
242
|
+
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
|
243
|
+
</ItemGroup>
|
244
|
+
</Project>
|
245
|
+
""")
|
246
|
+
]);
|
247
|
+
}
|
248
|
+
|
249
|
+
[Fact]
|
250
|
+
public async Task UpdateSingleDependencyInNestedDirsProjUsingRecursiveWildcard()
|
251
|
+
{
|
252
|
+
await TestUpdateForDirsProj("Newtonsoft.Json", "9.0.1", "13.0.1",
|
253
|
+
// initial
|
254
|
+
projectContents: """
|
255
|
+
<Project Sdk="Microsoft.Build.NoTargets">
|
256
|
+
|
257
|
+
<ItemGroup>
|
258
|
+
<ProjectReference Include="**/*.proj" />
|
259
|
+
</ItemGroup>
|
260
|
+
|
261
|
+
</Project>
|
262
|
+
""",
|
263
|
+
additionalFiles:
|
264
|
+
[
|
265
|
+
("src/dirs.proj",
|
266
|
+
"""
|
267
|
+
<Project Sdk="Microsoft.Build.NoTargets">
|
268
|
+
|
269
|
+
<ItemGroup>
|
270
|
+
<ProjectReference Include="test-project/test-project.csproj" />
|
271
|
+
</ItemGroup>
|
272
|
+
|
273
|
+
</Project>
|
274
|
+
"""),
|
275
|
+
("src/test-project/test-project.csproj",
|
276
|
+
"""
|
277
|
+
<Project Sdk="Microsoft.NET.Sdk">
|
278
|
+
<PropertyGroup>
|
279
|
+
<TargetFramework>netstandard2.0</TargetFramework>
|
280
|
+
</PropertyGroup>
|
281
|
+
|
282
|
+
<ItemGroup>
|
283
|
+
<PackageReference Include="Newtonsoft.Json" Version="9.0.1" />
|
284
|
+
</ItemGroup>
|
285
|
+
</Project>
|
286
|
+
""")
|
287
|
+
],
|
288
|
+
// expected
|
289
|
+
expectedProjectContents: """
|
290
|
+
<Project Sdk="Microsoft.Build.NoTargets">
|
291
|
+
|
292
|
+
<ItemGroup>
|
293
|
+
<ProjectReference Include="**/*.proj" />
|
294
|
+
</ItemGroup>
|
295
|
+
|
296
|
+
</Project>
|
297
|
+
""",
|
298
|
+
additionalFilesExpected:
|
299
|
+
[
|
300
|
+
("src/dirs.proj",
|
301
|
+
"""
|
302
|
+
<Project Sdk="Microsoft.Build.NoTargets">
|
303
|
+
|
304
|
+
<ItemGroup>
|
305
|
+
<ProjectReference Include="test-project/test-project.csproj" />
|
306
|
+
</ItemGroup>
|
307
|
+
|
308
|
+
</Project>
|
309
|
+
"""),
|
310
|
+
("src/test-project/test-project.csproj",
|
311
|
+
"""
|
312
|
+
<Project Sdk="Microsoft.NET.Sdk">
|
313
|
+
<PropertyGroup>
|
314
|
+
<TargetFramework>netstandard2.0</TargetFramework>
|
315
|
+
</PropertyGroup>
|
316
|
+
|
317
|
+
<ItemGroup>
|
318
|
+
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
|
319
|
+
</ItemGroup>
|
320
|
+
</Project>
|
321
|
+
""")
|
322
|
+
]);
|
323
|
+
}
|
324
|
+
|
173
325
|
static async Task TestUpdateForDirsProj(
|
174
326
|
string dependencyName,
|
175
327
|
string oldVersion,
|
@@ -50,6 +50,38 @@ public partial class UpdateWorkerTests
|
|
50
50
|
""");
|
51
51
|
}
|
52
52
|
|
53
|
+
[Fact]
|
54
|
+
public async Task UpdateVersionAttribute_InProjectFile_ForPackageReferenceInclude_Windows()
|
55
|
+
{
|
56
|
+
// update Newtonsoft.Json from 9.0.1 to 13.0.1
|
57
|
+
await TestUpdateForProject("Newtonsoft.Json", "9.0.1", "13.0.1",
|
58
|
+
// initial
|
59
|
+
projectContents: $"""
|
60
|
+
<Project Sdk="Microsoft.NET.Sdk">
|
61
|
+
<PropertyGroup>
|
62
|
+
<TargetFramework>net8.0-windows10.0.19041.0</TargetFramework>
|
63
|
+
<RuntimeIdentifier>win-x64</RuntimeIdentifier>
|
64
|
+
</PropertyGroup>
|
65
|
+
|
66
|
+
<ItemGroup>
|
67
|
+
<PackageReference Include="Newtonsoft.Json" Version="9.0.1" />
|
68
|
+
</ItemGroup>
|
69
|
+
</Project>
|
70
|
+
""",
|
71
|
+
// expected
|
72
|
+
expectedProjectContents: $"""
|
73
|
+
<Project Sdk="Microsoft.NET.Sdk">
|
74
|
+
<PropertyGroup>
|
75
|
+
<TargetFramework>net8.0-windows10.0.19041.0</TargetFramework>
|
76
|
+
<RuntimeIdentifier>win-x64</RuntimeIdentifier>
|
77
|
+
</PropertyGroup>
|
78
|
+
|
79
|
+
<ItemGroup>
|
80
|
+
<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
|
81
|
+
</ItemGroup>
|
82
|
+
</Project>
|
83
|
+
""");
|
84
|
+
}
|
53
85
|
|
54
86
|
[Theory]
|
55
87
|
[InlineData("$(NewtonsoftJsonVersion")]
|
@@ -128,7 +128,7 @@ public class MSBuildHelperTests
|
|
128
128
|
}
|
129
129
|
|
130
130
|
[Theory]
|
131
|
-
[MemberData(nameof(
|
131
|
+
[MemberData(nameof(GetTopLevelPackageDependencyInfosTestData))]
|
132
132
|
public async Task TopLevelPackageDependenciesCanBeDetermined((string Path, string Content)[] buildFileContents, Dependency[] expectedTopLevelDependencies)
|
133
133
|
{
|
134
134
|
using var testDirectory = new TemporaryDirectory();
|
@@ -140,7 +140,7 @@ public class MSBuildHelperTests
|
|
140
140
|
buildFiles.Add(ProjectBuildFile.Parse(testDirectory.DirectoryPath, fullPath, content));
|
141
141
|
}
|
142
142
|
|
143
|
-
var actualTopLevelDependencies = MSBuildHelper.
|
143
|
+
var actualTopLevelDependencies = MSBuildHelper.GetTopLevelPackageDependencyInfos(buildFiles.ToImmutableArray());
|
144
144
|
Assert.Equal(expectedTopLevelDependencies, actualTopLevelDependencies);
|
145
145
|
}
|
146
146
|
|
@@ -383,7 +383,7 @@ public class MSBuildHelperTests
|
|
383
383
|
}
|
384
384
|
}
|
385
385
|
|
386
|
-
public static IEnumerable<object[]>
|
386
|
+
public static IEnumerable<object[]> GetTopLevelPackageDependencyInfosTestData()
|
387
387
|
{
|
388
388
|
// simple case
|
389
389
|
yield return
|
@@ -14,7 +14,9 @@ require "dependabot/nuget/nuget_client"
|
|
14
14
|
module Dependabot
|
15
15
|
module Nuget
|
16
16
|
class FileParser
|
17
|
-
class ProjectFileParser
|
17
|
+
class ProjectFileParser # rubocop:disable Metrics/ClassLength
|
18
|
+
extend T::Sig
|
19
|
+
|
18
20
|
require "dependabot/file_parsers/base/dependency_set"
|
19
21
|
require_relative "property_value_finder"
|
20
22
|
require_relative "../update_checker/repository_finder"
|
@@ -46,16 +48,20 @@ module Dependabot
|
|
46
48
|
CacheManager.cache("dependency_url_search_cache")
|
47
49
|
end
|
48
50
|
|
49
|
-
def initialize(dependency_files:, credentials:)
|
51
|
+
def initialize(dependency_files:, credentials:, repo_contents_path:)
|
50
52
|
@dependency_files = dependency_files
|
51
53
|
@credentials = credentials
|
54
|
+
@repo_contents_path = repo_contents_path
|
52
55
|
end
|
53
56
|
|
54
|
-
def dependency_set(project_file:)
|
57
|
+
def dependency_set(project_file:, visited_project_files: Set.new)
|
55
58
|
key = "#{project_file.name.downcase}::#{project_file.content.hash}"
|
56
59
|
cache = ProjectFileParser.dependency_set_cache
|
57
60
|
|
58
|
-
cache[key]
|
61
|
+
visited_project_files.add(cache[key])
|
62
|
+
|
63
|
+
# Pass the visited_project_files set to parse_dependencies
|
64
|
+
cache[key] ||= parse_dependencies(project_file, visited_project_files)
|
59
65
|
end
|
60
66
|
|
61
67
|
def downstream_file_references(project_file:)
|
@@ -70,7 +76,10 @@ module Dependabot
|
|
70
76
|
dep_file = get_attribute_value(project_reference_node, "Include")
|
71
77
|
full_project_path = full_path(project_file, dep_file)
|
72
78
|
full_project_path = full_project_path[1..-1] if full_project_path.start_with?("/")
|
73
|
-
|
79
|
+
full_project_paths = expand_wildcards_in_project_reference_path(full_project_path)
|
80
|
+
full_project_paths.each do |full_project_path_expanded|
|
81
|
+
file_set << full_project_path_expanded if full_project_path_expanded
|
82
|
+
end
|
74
83
|
end
|
75
84
|
|
76
85
|
file_set
|
@@ -115,7 +124,7 @@ module Dependabot
|
|
115
124
|
result
|
116
125
|
end
|
117
126
|
|
118
|
-
def parse_dependencies(project_file)
|
127
|
+
def parse_dependencies(project_file, visited_project_files)
|
119
128
|
dependency_set = Dependabot::FileParsers::Base::DependencySet.new
|
120
129
|
|
121
130
|
doc = Nokogiri::XML(project_file.content)
|
@@ -134,7 +143,7 @@ module Dependabot
|
|
134
143
|
|
135
144
|
add_global_package_references(dependency_set)
|
136
145
|
|
137
|
-
add_transitive_dependencies(project_file, doc, dependency_set)
|
146
|
+
add_transitive_dependencies(project_file, doc, dependency_set, visited_project_files)
|
138
147
|
|
139
148
|
# Look for SDK references; see:
|
140
149
|
# https://docs.microsoft.com/en-us/visualstudio/msbuild/how-to-use-project-sdk
|
@@ -160,12 +169,16 @@ module Dependabot
|
|
160
169
|
end
|
161
170
|
end
|
162
171
|
|
163
|
-
def add_transitive_dependencies(project_file, doc, dependency_set)
|
172
|
+
def add_transitive_dependencies(project_file, doc, dependency_set, visited_project_files)
|
164
173
|
add_transitive_dependencies_from_packages(dependency_set)
|
165
|
-
add_transitive_dependencies_from_project_references(project_file, doc, dependency_set)
|
174
|
+
add_transitive_dependencies_from_project_references(project_file, doc, dependency_set, visited_project_files)
|
166
175
|
end
|
167
176
|
|
168
|
-
def add_transitive_dependencies_from_project_references(project_file, doc, dependency_set
|
177
|
+
def add_transitive_dependencies_from_project_references(project_file, doc, dependency_set,
|
178
|
+
visited_project_files)
|
179
|
+
|
180
|
+
# if visited_project_files is an empty set then new up a new set
|
181
|
+
visited_project_files = Set.new if visited_project_files.nil?
|
169
182
|
# Look for regular project references
|
170
183
|
project_refs = doc.css(PROJECT_REFERENCE_SELECTOR)
|
171
184
|
# Look for ProjectFile references (dirs.proj)
|
@@ -179,21 +192,51 @@ module Dependabot
|
|
179
192
|
|
180
193
|
full_project_path = full_path(project_file, relative_path)
|
181
194
|
|
182
|
-
|
183
|
-
|
184
|
-
|
185
|
-
|
186
|
-
|
187
|
-
|
188
|
-
|
189
|
-
|
190
|
-
|
191
|
-
|
192
|
-
dependency_set
|
195
|
+
full_project_paths = expand_wildcards_in_project_reference_path(full_project_path)
|
196
|
+
|
197
|
+
full_project_paths.each do |path|
|
198
|
+
# Check if we've already visited this project file
|
199
|
+
next if visited_project_files.include?(path)
|
200
|
+
|
201
|
+
visited_project_files.add(path)
|
202
|
+
referenced_file = dependency_files.find { |f| f.name == path }
|
203
|
+
next unless referenced_file
|
204
|
+
|
205
|
+
dependency_set(project_file: referenced_file,
|
206
|
+
visited_project_files: visited_project_files).dependencies.each do |dep|
|
207
|
+
dependency = Dependency.new(
|
208
|
+
name: dep.name,
|
209
|
+
version: dep.version,
|
210
|
+
package_manager: dep.package_manager,
|
211
|
+
requirements: []
|
212
|
+
)
|
213
|
+
dependency_set << dependency
|
214
|
+
end
|
193
215
|
end
|
194
216
|
end
|
195
217
|
end
|
196
218
|
|
219
|
+
sig { params(full_path: T.untyped).returns(T::Array[T.nilable(String)]) }
|
220
|
+
def expand_wildcards_in_project_reference_path(full_path)
|
221
|
+
full_path = T.let(File.join(@repo_contents_path, full_path), T.nilable(String))
|
222
|
+
expanded_wildcard = Dir.glob(T.must(full_path))
|
223
|
+
|
224
|
+
filtered_paths = []
|
225
|
+
|
226
|
+
# For each expanded path, remove the @repo_contents_path prefix and leading slash
|
227
|
+
expanded_wildcard.map do |path|
|
228
|
+
# Remove @repo_contents_path prefix
|
229
|
+
path = path.sub(@repo_contents_path, "")
|
230
|
+
# Remove leading slash
|
231
|
+
path = path[1..-1] if path.start_with?("/")
|
232
|
+
filtered_paths << path
|
233
|
+
path # Return the modified path
|
234
|
+
end
|
235
|
+
|
236
|
+
# If the wildcard didn't match anything, strip the @repo_contents_path prefix and return the original path.
|
237
|
+
filtered_paths.any? ? filtered_paths : [T.must(full_path).sub(@repo_contents_path, "")[1..-1]]
|
238
|
+
end
|
239
|
+
|
197
240
|
def add_transitive_dependencies_from_packages(dependency_set)
|
198
241
|
transitive_dependencies_from_packages(dependency_set.dependencies).each { |dep| dependency_set << dep }
|
199
242
|
end
|
@@ -205,7 +248,8 @@ module Dependabot
|
|
205
248
|
UpdateChecker::DependencyFinder.new(
|
206
249
|
dependency: dependency,
|
207
250
|
dependency_files: dependency_files,
|
208
|
-
credentials: credentials
|
251
|
+
credentials: credentials,
|
252
|
+
repo_contents_path: @repo_contents_path
|
209
253
|
).transitive_dependencies.each do |transitive_dep|
|
210
254
|
visited_dep = transitive_dependencies[transitive_dep.name.downcase]
|
211
255
|
next if !visited_dep.nil? && visited_dep.numeric_version > transitive_dep.numeric_version
|
@@ -78,7 +78,8 @@ module Dependabot
|
|
78
78
|
@project_file_parser ||= T.let(
|
79
79
|
ProjectFileParser.new(
|
80
80
|
dependency_files: dependency_files,
|
81
|
-
credentials: credentials
|
81
|
+
credentials: credentials,
|
82
|
+
repo_contents_path: @repo_contents_path
|
82
83
|
),
|
83
84
|
T.nilable(Dependabot::Nuget::FileParser::ProjectFileParser)
|
84
85
|
)
|
@@ -45,7 +45,7 @@ module Dependabot
|
|
45
45
|
|
46
46
|
puts "running NuGet updater:\n" + command
|
47
47
|
|
48
|
-
output = SharedHelpers.run_shell_command(command, fingerprint: fingerprint)
|
48
|
+
output = SharedHelpers.run_shell_command(command, allow_unsafe_shell_command: true, fingerprint: fingerprint)
|
49
49
|
puts output
|
50
50
|
|
51
51
|
# Exit code == 0 means that all project frameworks are compatible
|
@@ -55,17 +55,11 @@ module Dependabot
|
|
55
55
|
false
|
56
56
|
end
|
57
57
|
|
58
|
-
# rubocop:disable Metrics/MethodLength
|
59
58
|
sig do
|
60
|
-
params(
|
61
|
-
|
62
|
-
proj_path: String,
|
63
|
-
dependency: Dependency,
|
64
|
-
is_transitive: T::Boolean,
|
65
|
-
credentials: T::Array[T.untyped]
|
66
|
-
).void
|
59
|
+
params(repo_root: String, proj_path: String, dependency: Dependency,
|
60
|
+
is_transitive: T::Boolean).returns([String, String])
|
67
61
|
end
|
68
|
-
def self.
|
62
|
+
def self.get_nuget_updater_tool_command(repo_root:, proj_path:, dependency:, is_transitive:)
|
69
63
|
exe_path = File.join(native_helpers_root, "NuGetUpdater", "NuGetUpdater.Cli")
|
70
64
|
command_parts = [
|
71
65
|
exe_path,
|
@@ -103,14 +97,29 @@ module Dependabot
|
|
103
97
|
"--verbose"
|
104
98
|
].compact.join(" ")
|
105
99
|
|
100
|
+
[command, fingerprint]
|
101
|
+
end
|
102
|
+
|
103
|
+
sig do
|
104
|
+
params(
|
105
|
+
repo_root: String,
|
106
|
+
proj_path: String,
|
107
|
+
dependency: Dependency,
|
108
|
+
is_transitive: T::Boolean,
|
109
|
+
credentials: T::Array[Dependabot::Credential]
|
110
|
+
).void
|
111
|
+
end
|
112
|
+
def self.run_nuget_updater_tool(repo_root:, proj_path:, dependency:, is_transitive:, credentials:)
|
113
|
+
(command, fingerprint) = get_nuget_updater_tool_command(repo_root: repo_root, proj_path: proj_path,
|
114
|
+
dependency: dependency, is_transitive: is_transitive)
|
115
|
+
|
106
116
|
puts "running NuGet updater:\n" + command
|
107
117
|
|
108
118
|
NuGetConfigCredentialHelpers.patch_nuget_config_for_action(credentials) do
|
109
|
-
output = SharedHelpers.run_shell_command(command, fingerprint: fingerprint)
|
119
|
+
output = SharedHelpers.run_shell_command(command, allow_unsafe_shell_command: true, fingerprint: fingerprint)
|
110
120
|
puts output
|
111
121
|
end
|
112
122
|
end
|
113
|
-
# rubocop:enable Metrics/MethodLength
|
114
123
|
end
|
115
124
|
end
|
116
125
|
end
|
@@ -26,10 +26,11 @@ module Dependabot
|
|
26
26
|
CacheManager.cache("dependency_finder_fetch_dependencies")
|
27
27
|
end
|
28
28
|
|
29
|
-
def initialize(dependency:, dependency_files:, credentials:)
|
29
|
+
def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
|
30
30
|
@dependency = dependency
|
31
31
|
@dependency_files = dependency_files
|
32
32
|
@credentials = credentials
|
33
|
+
@repo_contents_path = repo_contents_path
|
33
34
|
end
|
34
35
|
|
35
36
|
def transitive_dependencies
|
@@ -93,7 +94,7 @@ module Dependabot
|
|
93
94
|
|
94
95
|
private
|
95
96
|
|
96
|
-
attr_reader :dependency, :dependency_files, :credentials
|
97
|
+
attr_reader :dependency, :dependency_files, :credentials, :repo_contents_path
|
97
98
|
|
98
99
|
def updated_requirements(dep, target_version_details)
|
99
100
|
@updated_requirements ||= {}
|
@@ -219,7 +220,8 @@ module Dependabot
|
|
219
220
|
credentials: credentials,
|
220
221
|
ignored_versions: [],
|
221
222
|
raise_on_ignored: false,
|
222
|
-
security_advisories: []
|
223
|
+
security_advisories: [],
|
224
|
+
repo_contents_path: repo_contents_path
|
223
225
|
)
|
224
226
|
end
|
225
227
|
end
|
@@ -14,7 +14,7 @@ module Dependabot
|
|
14
14
|
|
15
15
|
def initialize(dependency:, dependency_files:, credentials:,
|
16
16
|
target_version_details:, ignored_versions:,
|
17
|
-
raise_on_ignored: false)
|
17
|
+
raise_on_ignored: false, repo_contents_path:)
|
18
18
|
@dependency = dependency
|
19
19
|
@dependency_files = dependency_files
|
20
20
|
@credentials = credentials
|
@@ -23,6 +23,7 @@ module Dependabot
|
|
23
23
|
@target_version = target_version_details&.fetch(:version)
|
24
24
|
@source_details = target_version_details
|
25
25
|
&.slice(:nuspec_url, :repo_url, :source_url)
|
26
|
+
@repo_contents_path = repo_contents_path
|
26
27
|
end
|
27
28
|
|
28
29
|
def update_possible?
|
@@ -36,7 +37,8 @@ module Dependabot
|
|
36
37
|
credentials: credentials,
|
37
38
|
ignored_versions: ignored_versions,
|
38
39
|
raise_on_ignored: @raise_on_ignored,
|
39
|
-
security_advisories: []
|
40
|
+
security_advisories: [],
|
41
|
+
repo_contents_path: repo_contents_path
|
40
42
|
).versions.map { |v| v.fetch(:version) }
|
41
43
|
|
42
44
|
versions.include?(target_version) || versions.none?
|
@@ -74,13 +76,14 @@ module Dependabot
|
|
74
76
|
private
|
75
77
|
|
76
78
|
attr_reader :dependency, :dependency_files, :target_version,
|
77
|
-
:source_details, :credentials, :ignored_versions
|
79
|
+
:source_details, :credentials, :ignored_versions, :repo_contents_path
|
78
80
|
|
79
81
|
def process_updated_peer_dependencies(dependency, dependencies)
|
80
82
|
DependencyFinder.new(
|
81
83
|
dependency: dependency,
|
82
84
|
dependency_files: dependency_files,
|
83
|
-
credentials: credentials
|
85
|
+
credentials: credentials,
|
86
|
+
repo_contents_path: repo_contents_path
|
84
87
|
).updated_peer_dependencies.each do |peer_dependency|
|
85
88
|
# Only keep one copy of each dependency, the one with the highest target version.
|
86
89
|
visited_dependency = dependencies[peer_dependency.name.downcase]
|
@@ -16,9 +16,10 @@ module Dependabot
|
|
16
16
|
require "dependabot/nuget/file_parser/packages_config_parser"
|
17
17
|
require "dependabot/nuget/file_parser/project_file_parser"
|
18
18
|
|
19
|
-
def initialize(dependency_files:, credentials:)
|
19
|
+
def initialize(dependency_files:, credentials:, repo_contents_path:)
|
20
20
|
@dependency_files = dependency_files
|
21
21
|
@credentials = credentials
|
22
|
+
@repo_contents_path = repo_contents_path
|
22
23
|
end
|
23
24
|
|
24
25
|
def frameworks(dependency)
|
@@ -30,7 +31,7 @@ module Dependabot
|
|
30
31
|
|
31
32
|
private
|
32
33
|
|
33
|
-
attr_reader :dependency_files, :credentials
|
34
|
+
attr_reader :dependency_files, :credentials, :repo_contents_path
|
34
35
|
|
35
36
|
def project_file_tfms(dependency)
|
36
37
|
project_files_with_dependency(dependency).flat_map do |file|
|
@@ -80,7 +81,8 @@ module Dependabot
|
|
80
81
|
@project_file_parser ||=
|
81
82
|
FileParser::ProjectFileParser.new(
|
82
83
|
dependency_files: dependency_files,
|
83
|
-
credentials: credentials
|
84
|
+
credentials: credentials,
|
85
|
+
repo_contents_path: repo_contents_path
|
84
86
|
)
|
85
87
|
end
|
86
88
|
|
@@ -18,13 +18,15 @@ module Dependabot
|
|
18
18
|
|
19
19
|
def initialize(dependency:, dependency_files:, credentials:,
|
20
20
|
ignored_versions:, raise_on_ignored: false,
|
21
|
-
security_advisories
|
21
|
+
security_advisories:,
|
22
|
+
repo_contents_path:)
|
22
23
|
@dependency = dependency
|
23
24
|
@dependency_files = dependency_files
|
24
25
|
@credentials = credentials
|
25
26
|
@ignored_versions = ignored_versions
|
26
27
|
@raise_on_ignored = raise_on_ignored
|
27
28
|
@security_advisories = security_advisories
|
29
|
+
@repo_contents_path = repo_contents_path
|
28
30
|
end
|
29
31
|
|
30
32
|
def latest_version_details
|
@@ -58,7 +60,7 @@ module Dependabot
|
|
58
60
|
end
|
59
61
|
|
60
62
|
attr_reader :dependency, :dependency_files, :credentials,
|
61
|
-
:ignored_versions, :security_advisories
|
63
|
+
:ignored_versions, :security_advisories, :repo_contents_path
|
62
64
|
|
63
65
|
private
|
64
66
|
|
@@ -101,7 +103,8 @@ module Dependabot
|
|
101
103
|
dependency: dependency,
|
102
104
|
tfm_finder: TfmFinder.new(
|
103
105
|
dependency_files: dependency_files,
|
104
|
-
credentials: credentials
|
106
|
+
credentials: credentials,
|
107
|
+
repo_contents_path: repo_contents_path
|
105
108
|
)
|
106
109
|
)
|
107
110
|
end
|
@@ -107,7 +107,8 @@ module Dependabot
|
|
107
107
|
updated_dependencies += DependencyFinder.new(
|
108
108
|
dependency: updated_dependency,
|
109
109
|
dependency_files: dependency_files,
|
110
|
-
credentials: credentials
|
110
|
+
credentials: credentials,
|
111
|
+
repo_contents_path: @repo_contents_path
|
111
112
|
).updated_peer_dependencies
|
112
113
|
updated_dependencies
|
113
114
|
end
|
@@ -135,7 +136,8 @@ module Dependabot
|
|
135
136
|
credentials: credentials,
|
136
137
|
ignored_versions: ignored_versions,
|
137
138
|
raise_on_ignored: @raise_on_ignored,
|
138
|
-
security_advisories: security_advisories
|
139
|
+
security_advisories: security_advisories,
|
140
|
+
repo_contents_path: @repo_contents_path
|
139
141
|
)
|
140
142
|
end
|
141
143
|
|
@@ -147,7 +149,8 @@ module Dependabot
|
|
147
149
|
target_version_details: latest_version_details,
|
148
150
|
credentials: credentials,
|
149
151
|
ignored_versions: ignored_versions,
|
150
|
-
raise_on_ignored: @raise_on_ignored
|
152
|
+
raise_on_ignored: @raise_on_ignored,
|
153
|
+
repo_contents_path: @repo_contents_path
|
151
154
|
)
|
152
155
|
end
|
153
156
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-nuget
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.245.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-02-
|
11
|
+
date: 2024-02-22 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.245.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.245.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rubyzip
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -371,7 +371,7 @@ licenses:
|
|
371
371
|
- Nonstandard
|
372
372
|
metadata:
|
373
373
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
374
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
374
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.245.0
|
375
375
|
post_install_message:
|
376
376
|
rdoc_options: []
|
377
377
|
require_paths:
|