dependabot-nuget 0.245.0 → 0.247.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/PackagesConfigUpdater.cs +42 -7
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/SdkPackageUpdater.cs +164 -90
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/UpdaterWorker.cs +38 -2
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs +92 -18
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/NuGetHelper.cs +1 -1
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/PathHelper.cs +27 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTestBase.cs +115 -14
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/{UpdateWorker.DirsProj.cs → UpdateWorkerTests.DirsProj.cs} +22 -24
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.PackagesConfig.cs +66 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.Sdk.cs +373 -83
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs +117 -4
- data/lib/dependabot/nuget/cache_manager.rb +9 -3
- data/lib/dependabot/nuget/file_fetcher/import_paths_finder.rb +15 -12
- data/lib/dependabot/nuget/file_fetcher/sln_project_paths_finder.rb +13 -3
- data/lib/dependabot/nuget/file_fetcher.rb +79 -31
- data/lib/dependabot/nuget/file_parser/dotnet_tools_json_parser.rb +10 -2
- data/lib/dependabot/nuget/file_parser/global_json_parser.rb +10 -2
- data/lib/dependabot/nuget/file_parser/packages_config_parser.rb +11 -2
- data/lib/dependabot/nuget/file_parser/project_file_parser.rb +140 -45
- data/lib/dependabot/nuget/file_parser/property_value_finder.rb +57 -5
- data/lib/dependabot/nuget/file_parser.rb +18 -4
- data/lib/dependabot/nuget/file_updater/property_value_updater.rb +25 -8
- data/lib/dependabot/nuget/file_updater.rb +74 -38
- data/lib/dependabot/nuget/http_response_helpers.rb +19 -0
- data/lib/dependabot/nuget/metadata_finder.rb +32 -4
- data/lib/dependabot/nuget/nuget_client.rb +31 -13
- data/lib/dependabot/nuget/requirement.rb +4 -1
- data/lib/dependabot/nuget/update_checker/compatibility_checker.rb +26 -15
- data/lib/dependabot/nuget/update_checker/dependency_finder.rb +23 -13
- data/lib/dependabot/nuget/update_checker/nupkg_fetcher.rb +83 -21
- data/lib/dependabot/nuget/update_checker/repository_finder.rb +29 -13
- data/lib/dependabot/nuget/update_checker/tfm_finder.rb +2 -2
- data/lib/dependabot/nuget/update_checker/version_finder.rb +15 -6
- data/lib/dependabot/nuget/update_checker.rb +6 -7
- data/lib/dependabot/nuget/version.rb +7 -2
- metadata +21 -7
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/SdkPackageUpdaterTests.cs +0 -317
@@ -66,23 +66,34 @@ module Dependabot
|
|
66
66
|
end
|
67
67
|
|
68
68
|
def fetch_package_tfms(dependency_version)
|
69
|
-
|
70
|
-
|
71
|
-
|
72
|
-
|
73
|
-
|
74
|
-
|
75
|
-
|
76
|
-
|
77
|
-
|
78
|
-
|
79
|
-
|
80
|
-
|
81
|
-
|
82
|
-
|
69
|
+
cache = CacheManager.cache("compatibility_checker_tfms_cache")
|
70
|
+
key = "#{dependency.name}::#{dependency_version}"
|
71
|
+
|
72
|
+
cache[key] ||= begin
|
73
|
+
nupkg_buffer = NupkgFetcher.fetch_nupkg_buffer(dependency_urls, dependency.name, dependency_version)
|
74
|
+
return [] unless nupkg_buffer
|
75
|
+
|
76
|
+
# Parse tfms from the folders beneath the lib folder
|
77
|
+
folder_name = "lib/"
|
78
|
+
tfms = Set.new
|
79
|
+
Zip::File.open_buffer(nupkg_buffer) do |zip|
|
80
|
+
lib_file_entries = zip.select { |entry| entry.name.start_with?(folder_name) }
|
81
|
+
# If there is no lib folder in this package, assume it is a development dependency
|
82
|
+
return nil if lib_file_entries.empty?
|
83
|
+
|
84
|
+
lib_file_entries.each do |entry|
|
85
|
+
_, tfm = entry.name.split("/").first(2)
|
86
|
+
|
87
|
+
# some zip compressors create empty directory entries (in this case `lib/`) which can cause the string
|
88
|
+
# split to return `nil`, so we have to explicitly guard against that
|
89
|
+
tfms << tfm if tfm
|
90
|
+
end
|
83
91
|
end
|
92
|
+
|
93
|
+
tfms.to_a
|
84
94
|
end
|
85
|
-
|
95
|
+
|
96
|
+
cache[key]
|
86
97
|
end
|
87
98
|
end
|
88
99
|
end
|
@@ -37,19 +37,29 @@ module Dependabot
|
|
37
37
|
key = "#{dependency.name.downcase}::#{dependency.version}"
|
38
38
|
cache = DependencyFinder.transitive_dependencies_cache
|
39
39
|
|
40
|
-
cache[key]
|
41
|
-
|
42
|
-
|
43
|
-
|
44
|
-
|
45
|
-
|
46
|
-
|
47
|
-
|
48
|
-
|
49
|
-
|
50
|
-
|
51
|
-
|
52
|
-
|
40
|
+
unless cache[key]
|
41
|
+
begin
|
42
|
+
# first do a quick sanity check on the version string; if it can't be parsed, an exception will be raised
|
43
|
+
_ = Version.new(dependency.version)
|
44
|
+
|
45
|
+
cache[key] = fetch_transitive_dependencies(
|
46
|
+
@dependency.name,
|
47
|
+
@dependency.version
|
48
|
+
).map do |dependency_info|
|
49
|
+
package_name = dependency_info["packageName"]
|
50
|
+
target_version = dependency_info["version"]
|
51
|
+
|
52
|
+
Dependency.new(
|
53
|
+
name: package_name,
|
54
|
+
version: target_version.to_s,
|
55
|
+
requirements: [], # Empty requirements for transitive dependencies
|
56
|
+
package_manager: @dependency.package_manager
|
57
|
+
)
|
58
|
+
end
|
59
|
+
rescue StandardError
|
60
|
+
# if anything happened above, there are no meaningful dependencies that can be derived
|
61
|
+
cache[key] = []
|
62
|
+
end
|
53
63
|
end
|
54
64
|
|
55
65
|
cache[key]
|
@@ -4,6 +4,7 @@
|
|
4
4
|
require "nokogiri"
|
5
5
|
require "zip"
|
6
6
|
require "stringio"
|
7
|
+
require "dependabot/nuget/http_response_helpers"
|
7
8
|
|
8
9
|
module Dependabot
|
9
10
|
module Nuget
|
@@ -24,7 +25,7 @@ module Dependabot
|
|
24
25
|
repository_type = repository_details[:repository_type]
|
25
26
|
|
26
27
|
package_url = if repository_type == "v2"
|
27
|
-
get_nuget_v2_package_url(
|
28
|
+
get_nuget_v2_package_url(repository_details, package_id, package_version)
|
28
29
|
elsif repository_type == "v3"
|
29
30
|
get_nuget_v3_package_url(repository_details, package_id, package_version)
|
30
31
|
else
|
@@ -43,16 +44,66 @@ module Dependabot
|
|
43
44
|
end
|
44
45
|
|
45
46
|
def self.get_nuget_v3_package_url(repository_details, package_id, package_version)
|
46
|
-
base_url = repository_details[:base_url]
|
47
|
+
base_url = repository_details[:base_url]
|
48
|
+
unless base_url
|
49
|
+
return get_nuget_v3_package_url_from_search(repository_details, package_id,
|
50
|
+
package_version)
|
51
|
+
end
|
52
|
+
|
53
|
+
base_url = base_url.delete_suffix("/")
|
47
54
|
package_id_downcased = package_id.downcase
|
48
55
|
"#{base_url}/#{package_id_downcased}/#{package_version}/#{package_id_downcased}.#{package_version}.nupkg"
|
49
56
|
end
|
50
57
|
|
51
|
-
|
52
|
-
|
53
|
-
|
54
|
-
|
55
|
-
|
58
|
+
# rubocop:disable Metrics/CyclomaticComplexity
|
59
|
+
# rubocop:disable Metrics/PerceivedComplexity
|
60
|
+
def self.get_nuget_v3_package_url_from_search(repository_details, package_id, package_version)
|
61
|
+
search_url = repository_details[:search_url]
|
62
|
+
return nil unless search_url
|
63
|
+
|
64
|
+
# get search result
|
65
|
+
search_result_response = fetch_url(search_url, repository_details)
|
66
|
+
return nil unless search_result_response.status == 200
|
67
|
+
|
68
|
+
search_response_body = HttpResponseHelpers.remove_wrapping_zero_width_chars(search_result_response.body)
|
69
|
+
search_results = JSON.parse(search_response_body)
|
70
|
+
|
71
|
+
# find matching package and version
|
72
|
+
package_search_result = search_results&.[]("data")&.find { |d| package_id.casecmp?(d&.[]("id")) }
|
73
|
+
version_search_result = package_search_result&.[]("versions")&.find do |v|
|
74
|
+
package_version.casecmp?(v&.[]("version"))
|
75
|
+
end
|
76
|
+
registration_leaf_url = version_search_result&.[]("@id")
|
77
|
+
return nil unless registration_leaf_url
|
78
|
+
|
79
|
+
registration_leaf_response = fetch_url(registration_leaf_url, repository_details)
|
80
|
+
return nil unless registration_leaf_response
|
81
|
+
return nil unless registration_leaf_response.status == 200
|
82
|
+
|
83
|
+
registration_leaf_response_body =
|
84
|
+
HttpResponseHelpers.remove_wrapping_zero_width_chars(registration_leaf_response.body)
|
85
|
+
registration_leaf = JSON.parse(registration_leaf_response_body)
|
86
|
+
|
87
|
+
# finally, get the .nupkg url
|
88
|
+
registration_leaf&.[]("packageContent")
|
89
|
+
end
|
90
|
+
# rubocop:enable Metrics/PerceivedComplexity
|
91
|
+
# rubocop:enable Metrics/CyclomaticComplexity
|
92
|
+
|
93
|
+
def self.get_nuget_v2_package_url(repository_details, package_id, package_version)
|
94
|
+
# get package XML
|
95
|
+
base_url = repository_details[:base_url].delete_suffix("/")
|
96
|
+
package_url = "#{base_url}/Packages(Id='#{package_id}',Version='#{package_version}')"
|
97
|
+
response = fetch_url(package_url, repository_details)
|
98
|
+
return nil unless response.status == 200
|
99
|
+
|
100
|
+
# find relevant element
|
101
|
+
doc = Nokogiri::XML(response.body)
|
102
|
+
doc.remove_namespaces!
|
103
|
+
|
104
|
+
content_element = doc.xpath("/entry/content")
|
105
|
+
nupkg_url = content_element&.attribute("src")&.value
|
106
|
+
nupkg_url
|
56
107
|
end
|
57
108
|
|
58
109
|
def self.fetch_stream(stream_url, auth_header, max_redirects = 5)
|
@@ -60,32 +111,43 @@ module Dependabot
|
|
60
111
|
current_redirects = 0
|
61
112
|
|
62
113
|
loop do
|
63
|
-
|
64
|
-
|
65
|
-
|
66
|
-
|
67
|
-
package_data.write(chunk)
|
68
|
-
end
|
69
|
-
|
70
|
-
response = connection.request(
|
71
|
-
method: :get,
|
114
|
+
# Directly download the stream without any additional settings _except_ for `omit_default_port: true` which
|
115
|
+
# is necessary to not break the URL signing that some NuGet feeds use.
|
116
|
+
response = Excon.get(
|
117
|
+
current_url,
|
72
118
|
headers: auth_header,
|
73
|
-
|
119
|
+
omit_default_port: true
|
74
120
|
)
|
75
121
|
|
76
|
-
|
122
|
+
# redirect the HTTP response as appropriate based on documentation here:
|
123
|
+
# https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections
|
124
|
+
case response.status
|
125
|
+
when 200
|
126
|
+
return response.body
|
127
|
+
when 301, 302, 303, 307, 308
|
77
128
|
current_redirects += 1
|
78
129
|
return nil if current_redirects > max_redirects
|
79
130
|
|
80
131
|
current_url = response.headers["Location"]
|
81
|
-
elsif response.status == 200
|
82
|
-
package_data.rewind
|
83
|
-
return package_data
|
84
132
|
else
|
85
133
|
return nil
|
86
134
|
end
|
87
135
|
end
|
88
136
|
end
|
137
|
+
|
138
|
+
def self.fetch_url(url, repository_details)
|
139
|
+
fetch_url_with_auth(url, repository_details.fetch(:auth_header))
|
140
|
+
end
|
141
|
+
|
142
|
+
def self.fetch_url_with_auth(url, auth_header)
|
143
|
+
cache = CacheManager.cache("nupkg_fetcher_cache")
|
144
|
+
cache[url] ||= Dependabot::RegistryClient.get(
|
145
|
+
url: url,
|
146
|
+
headers: auth_header
|
147
|
+
)
|
148
|
+
|
149
|
+
cache[url]
|
150
|
+
end
|
89
151
|
end
|
90
152
|
end
|
91
153
|
end
|
@@ -7,6 +7,7 @@ require "dependabot/errors"
|
|
7
7
|
require "dependabot/update_checkers/base"
|
8
8
|
require "dependabot/registry_client"
|
9
9
|
require "dependabot/nuget/cache_manager"
|
10
|
+
require "dependabot/nuget/http_response_helpers"
|
10
11
|
|
11
12
|
module Dependabot
|
12
13
|
module Nuget
|
@@ -71,19 +72,33 @@ module Dependabot
|
|
71
72
|
end
|
72
73
|
|
73
74
|
def build_url_for_details(repo_details)
|
75
|
+
url = repo_details.fetch(:url)
|
76
|
+
url_obj = URI.parse(url)
|
77
|
+
if url_obj.is_a?(URI::HTTP)
|
78
|
+
details = build_url_for_details_remote(repo_details)
|
79
|
+
elsif url_obj.is_a?(URI::File)
|
80
|
+
details = {
|
81
|
+
base_url: url,
|
82
|
+
repository_type: "local"
|
83
|
+
}
|
84
|
+
end
|
85
|
+
|
86
|
+
details
|
87
|
+
end
|
88
|
+
|
89
|
+
def build_url_for_details_remote(repo_details)
|
74
90
|
response = get_repo_metadata(repo_details)
|
75
91
|
check_repo_response(response, repo_details)
|
76
92
|
return unless response.status == 200
|
77
93
|
|
78
|
-
body = remove_wrapping_zero_width_chars(response.body)
|
94
|
+
body = HttpResponseHelpers.remove_wrapping_zero_width_chars(response.body)
|
79
95
|
parsed_json = JSON.parse(body)
|
80
96
|
base_url = base_url_from_v3_metadata(parsed_json)
|
81
|
-
resolved_base_url = base_url || repo_details.fetch(:url).gsub("/index.json", "-flatcontainer")
|
82
97
|
search_url = search_url_from_v3_metadata(parsed_json)
|
83
98
|
registration_url = registration_url_from_v3_metadata(parsed_json)
|
84
99
|
|
85
100
|
details = {
|
86
|
-
base_url:
|
101
|
+
base_url: base_url,
|
87
102
|
repository_url: repo_details.fetch(:url),
|
88
103
|
auth_header: auth_header_for_token(repo_details.fetch(:token)),
|
89
104
|
repository_type: "v3"
|
@@ -171,7 +186,7 @@ module Dependabot
|
|
171
186
|
base_url: base_url,
|
172
187
|
repository_url: base_url,
|
173
188
|
versions_url: File.join(
|
174
|
-
base_url,
|
189
|
+
base_url.delete_suffix("/"),
|
175
190
|
"FindPackagesById()?id='#{dependency.name}'"
|
176
191
|
),
|
177
192
|
auth_header: auth_header_for_token(repo_details.fetch(:token)),
|
@@ -205,6 +220,7 @@ module Dependabot
|
|
205
220
|
|
206
221
|
# rubocop:disable Metrics/CyclomaticComplexity
|
207
222
|
# rubocop:disable Metrics/PerceivedComplexity
|
223
|
+
# rubocop:disable Metrics/MethodLength
|
208
224
|
# rubocop:disable Metrics/AbcSize
|
209
225
|
def repos_from_config_file(config_file)
|
210
226
|
doc = Nokogiri::XML(config_file.content)
|
@@ -223,7 +239,14 @@ module Dependabot
|
|
223
239
|
key = node.attribute("key")&.value&.strip || node.at_xpath("./key")&.content&.strip
|
224
240
|
url = node.attribute("value")&.value&.strip || node.at_xpath("./value")&.content&.strip
|
225
241
|
url = expand_windows_style_environment_variables(url) if url
|
226
|
-
|
242
|
+
|
243
|
+
# if the path isn't absolute it's relative to the nuget.config file
|
244
|
+
if url
|
245
|
+
unless url.include?("://") || Pathname.new(url).absolute?
|
246
|
+
url = Pathname(config_file.directory).join(url).to_path
|
247
|
+
end
|
248
|
+
sources << { url: url, key: key }
|
249
|
+
end
|
227
250
|
end
|
228
251
|
end
|
229
252
|
|
@@ -246,14 +269,13 @@ module Dependabot
|
|
246
269
|
known_urls.include?(s.fetch(:url))
|
247
270
|
end
|
248
271
|
|
249
|
-
sources.select! { |s| s.fetch(:url)&.include?("://") }
|
250
|
-
|
251
272
|
add_config_file_credentials(sources: sources, doc: doc)
|
252
273
|
sources.each { |details| details.delete(:key) }
|
253
274
|
|
254
275
|
sources
|
255
276
|
end
|
256
277
|
# rubocop:enable Metrics/AbcSize
|
278
|
+
# rubocop:enable Metrics/MethodLength
|
257
279
|
# rubocop:enable Metrics/PerceivedComplexity
|
258
280
|
# rubocop:enable Metrics/CyclomaticComplexity
|
259
281
|
|
@@ -330,12 +352,6 @@ module Dependabot
|
|
330
352
|
end
|
331
353
|
end
|
332
354
|
|
333
|
-
def remove_wrapping_zero_width_chars(string)
|
334
|
-
string.force_encoding("UTF-8").encode
|
335
|
-
.gsub(/\A[\u200B-\u200D\uFEFF]/, "")
|
336
|
-
.gsub(/[\u200B-\u200D\uFEFF]\Z/, "")
|
337
|
-
end
|
338
|
-
|
339
355
|
def auth_header_for_token(token)
|
340
356
|
return {} unless token
|
341
357
|
|
@@ -52,13 +52,13 @@ module Dependabot
|
|
52
52
|
|
53
53
|
config_parser = FileParser::PackagesConfigParser.new(packages_config: config_file)
|
54
54
|
config_parser.dependency_set.dependencies.any? do |d|
|
55
|
-
d.name.casecmp(dependency.name)
|
55
|
+
d.name.casecmp(dependency.name)&.zero?
|
56
56
|
end
|
57
57
|
end
|
58
58
|
|
59
59
|
def project_file_contains_dependency?(file, dependency)
|
60
60
|
project_file_parser.dependency_set(project_file: file).dependencies.any? do |d|
|
61
|
-
d.name.casecmp(dependency.name)
|
61
|
+
d.name.casecmp(dependency.name)&.zero?
|
62
62
|
end
|
63
63
|
end
|
64
64
|
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "dependabot/nuget/version"
|
@@ -6,11 +6,14 @@ require "dependabot/nuget/requirement"
|
|
6
6
|
require "dependabot/update_checkers/base"
|
7
7
|
require "dependabot/update_checkers/version_filters"
|
8
8
|
require "dependabot/nuget/nuget_client"
|
9
|
+
require "sorbet-runtime"
|
9
10
|
|
10
11
|
module Dependabot
|
11
12
|
module Nuget
|
12
13
|
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
13
14
|
class VersionFinder
|
15
|
+
extend T::Sig
|
16
|
+
|
14
17
|
require_relative "compatibility_checker"
|
15
18
|
require_relative "repository_finder"
|
16
19
|
|
@@ -109,13 +112,19 @@ module Dependabot
|
|
109
112
|
)
|
110
113
|
end
|
111
114
|
|
115
|
+
sig { params(possible_versions: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
|
112
116
|
def filter_prereleases(possible_versions)
|
113
|
-
possible_versions.reject do |d|
|
117
|
+
filtered = possible_versions.reject do |d|
|
114
118
|
version = d.fetch(:version)
|
115
119
|
version.prerelease? && !related_to_current_pre?(version)
|
116
120
|
end
|
121
|
+
if possible_versions.count > filtered.count
|
122
|
+
Dependabot.logger.info("Filtered out #{possible_versions.count - filtered.count} pre-release versions")
|
123
|
+
end
|
124
|
+
filtered
|
117
125
|
end
|
118
126
|
|
127
|
+
sig { params(possible_versions: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
|
119
128
|
def filter_ignored_versions(possible_versions)
|
120
129
|
filtered = possible_versions
|
121
130
|
|
@@ -131,6 +140,10 @@ module Dependabot
|
|
131
140
|
raise AllVersionsIgnored
|
132
141
|
end
|
133
142
|
|
143
|
+
if possible_versions.count > filtered.count
|
144
|
+
Dependabot.logger.info("Filtered out #{possible_versions.count - filtered.count} ignored versions")
|
145
|
+
end
|
146
|
+
|
134
147
|
filtered
|
135
148
|
end
|
136
149
|
|
@@ -233,8 +246,6 @@ module Dependabot
|
|
233
246
|
# rubocop:enable Metrics/PerceivedComplexity
|
234
247
|
|
235
248
|
def v3_nuget_listings
|
236
|
-
return @v3_nuget_listings unless @v3_nuget_listings.nil?
|
237
|
-
|
238
249
|
@v3_nuget_listings ||=
|
239
250
|
dependency_urls
|
240
251
|
.select { |details| details.fetch(:repository_type) == "v3" }
|
@@ -247,8 +258,6 @@ module Dependabot
|
|
247
258
|
end
|
248
259
|
|
249
260
|
def v2_nuget_listings
|
250
|
-
return @v2_nuget_listings unless @v2_nuget_listings.nil?
|
251
|
-
|
252
261
|
@v2_nuget_listings ||=
|
253
262
|
dependency_urls
|
254
263
|
.select { |details| details.fetch(:repository_type) == "v2" }
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "dependabot/nuget/file_parser"
|
@@ -17,7 +17,8 @@ module Dependabot
|
|
17
17
|
# No need to find latest version for transitive dependencies unless they have a vulnerability.
|
18
18
|
return dependency.version if !dependency.top_level? && !vulnerable?
|
19
19
|
|
20
|
-
|
20
|
+
# if no update sources have the requisite package, then we can only assume that the current version is correct
|
21
|
+
@latest_version = latest_version_details&.fetch(:version) || dependency.version
|
21
22
|
end
|
22
23
|
|
23
24
|
def latest_resolvable_version
|
@@ -44,9 +45,8 @@ module Dependabot
|
|
44
45
|
def updated_requirements
|
45
46
|
RequirementsUpdater.new(
|
46
47
|
requirements: dependency.requirements,
|
47
|
-
latest_version: preferred_resolvable_version_details
|
48
|
-
source_details: preferred_resolvable_version_details
|
49
|
-
&.slice(:nuspec_url, :repo_url, :source_url)
|
48
|
+
latest_version: preferred_resolvable_version_details&.fetch(:version, nil)&.to_s,
|
49
|
+
source_details: preferred_resolvable_version_details&.slice(:nuspec_url, :repo_url, :source_url)
|
50
50
|
).updated_requirements
|
51
51
|
end
|
52
52
|
|
@@ -66,9 +66,8 @@ module Dependabot
|
|
66
66
|
# If any requirements have an uninterpolated property in them then
|
67
67
|
# that property couldn't be found, and the requirement therefore
|
68
68
|
# cannot be unlocked (since we can't update that property)
|
69
|
-
namespace = Nuget::FileParser::PropertyValueFinder
|
70
69
|
dependency.requirements.none? do |req|
|
71
|
-
req.fetch(:requirement)&.match?(
|
70
|
+
req.fetch(:requirement)&.match?(Nuget::FileParser::PropertyValueFinder::PROPERTY_REGEX)
|
72
71
|
end
|
73
72
|
end
|
74
73
|
|
@@ -17,14 +17,14 @@ module Dependabot
|
|
17
17
|
VERSION_PATTERN = T.let(Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?', String)
|
18
18
|
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
|
19
19
|
|
20
|
-
sig { override.params(version:
|
20
|
+
sig { override.params(version: VersionParameter).returns(T::Boolean) }
|
21
21
|
def self.correct?(version)
|
22
22
|
return false if version.nil?
|
23
23
|
|
24
24
|
version.to_s.match?(ANCHORED_VERSION_PATTERN)
|
25
25
|
end
|
26
26
|
|
27
|
-
sig { override.params(version:
|
27
|
+
sig { override.params(version: VersionParameter).void }
|
28
28
|
def initialize(version)
|
29
29
|
version = version.to_s.split("+").first || ""
|
30
30
|
@version_string = T.let(version, String)
|
@@ -32,6 +32,11 @@ module Dependabot
|
|
32
32
|
super
|
33
33
|
end
|
34
34
|
|
35
|
+
sig { override.params(version: VersionParameter).returns(Dependabot::Nuget::Version) }
|
36
|
+
def self.new(version)
|
37
|
+
T.cast(super, Dependabot::Nuget::Version)
|
38
|
+
end
|
39
|
+
|
35
40
|
sig { returns(String) }
|
36
41
|
def to_s
|
37
42
|
@version_string
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-nuget
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.247.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-
|
11
|
+
date: 2024-03-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.247.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.247.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rubyzip
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -156,6 +156,20 @@ dependencies:
|
|
156
156
|
- - "~>"
|
157
157
|
- !ruby/object:Gem::Version
|
158
158
|
version: 1.19.0
|
159
|
+
- !ruby/object:Gem::Dependency
|
160
|
+
name: rubocop-rspec
|
161
|
+
requirement: !ruby/object:Gem::Requirement
|
162
|
+
requirements:
|
163
|
+
- - "~>"
|
164
|
+
- !ruby/object:Gem::Version
|
165
|
+
version: 2.27.1
|
166
|
+
type: :development
|
167
|
+
prerelease: false
|
168
|
+
version_requirements: !ruby/object:Gem::Requirement
|
169
|
+
requirements:
|
170
|
+
- - "~>"
|
171
|
+
- !ruby/object:Gem::Version
|
172
|
+
version: 2.27.1
|
159
173
|
- !ruby/object:Gem::Dependency
|
160
174
|
name: rubocop-sorbet
|
161
175
|
requirement: !ruby/object:Gem::Requirement
|
@@ -292,8 +306,8 @@ files:
|
|
292
306
|
- helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TemporaryDirectory.cs
|
293
307
|
- helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TestExtensions.cs
|
294
308
|
- helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/PackagesConfigUpdaterTests.cs
|
295
|
-
- helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorker.DirsProj.cs
|
296
309
|
- helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTestBase.cs
|
310
|
+
- helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.DirsProj.cs
|
297
311
|
- helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.DotNetTools.cs
|
298
312
|
- helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.GlobalJson.cs
|
299
313
|
- helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.Mixed.cs
|
@@ -302,7 +316,6 @@ files:
|
|
302
316
|
- helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/JsonHelperTests.cs
|
303
317
|
- helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs
|
304
318
|
- helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/SdkPackageUpdaterHelperTests.cs
|
305
|
-
- helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/SdkPackageUpdaterTests.cs
|
306
319
|
- helpers/lib/NuGetUpdater/NuGetUpdater.Core/Dependency.cs
|
307
320
|
- helpers/lib/NuGetUpdater/NuGetUpdater.Core/DependencyType.cs
|
308
321
|
- helpers/lib/NuGetUpdater/NuGetUpdater.Core/Files/BuildFile.cs
|
@@ -349,6 +362,7 @@ files:
|
|
349
362
|
- lib/dependabot/nuget/file_parser/property_value_finder.rb
|
350
363
|
- lib/dependabot/nuget/file_updater.rb
|
351
364
|
- lib/dependabot/nuget/file_updater/property_value_updater.rb
|
365
|
+
- lib/dependabot/nuget/http_response_helpers.rb
|
352
366
|
- lib/dependabot/nuget/metadata_finder.rb
|
353
367
|
- lib/dependabot/nuget/native_helpers.rb
|
354
368
|
- lib/dependabot/nuget/nuget_client.rb
|
@@ -371,7 +385,7 @@ licenses:
|
|
371
385
|
- Nonstandard
|
372
386
|
metadata:
|
373
387
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
374
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
388
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
|
375
389
|
post_install_message:
|
376
390
|
rdoc_options: []
|
377
391
|
require_paths:
|