dependabot-nuget 0.245.0 → 0.247.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (38) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/PackagesConfigUpdater.cs +42 -7
  3. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/SdkPackageUpdater.cs +164 -90
  4. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/UpdaterWorker.cs +38 -2
  5. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs +92 -18
  6. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/NuGetHelper.cs +1 -1
  7. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/PathHelper.cs +27 -0
  8. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTestBase.cs +115 -14
  9. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/{UpdateWorker.DirsProj.cs → UpdateWorkerTests.DirsProj.cs} +22 -24
  10. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.PackagesConfig.cs +66 -0
  11. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.Sdk.cs +373 -83
  12. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs +117 -4
  13. data/lib/dependabot/nuget/cache_manager.rb +9 -3
  14. data/lib/dependabot/nuget/file_fetcher/import_paths_finder.rb +15 -12
  15. data/lib/dependabot/nuget/file_fetcher/sln_project_paths_finder.rb +13 -3
  16. data/lib/dependabot/nuget/file_fetcher.rb +79 -31
  17. data/lib/dependabot/nuget/file_parser/dotnet_tools_json_parser.rb +10 -2
  18. data/lib/dependabot/nuget/file_parser/global_json_parser.rb +10 -2
  19. data/lib/dependabot/nuget/file_parser/packages_config_parser.rb +11 -2
  20. data/lib/dependabot/nuget/file_parser/project_file_parser.rb +140 -45
  21. data/lib/dependabot/nuget/file_parser/property_value_finder.rb +57 -5
  22. data/lib/dependabot/nuget/file_parser.rb +18 -4
  23. data/lib/dependabot/nuget/file_updater/property_value_updater.rb +25 -8
  24. data/lib/dependabot/nuget/file_updater.rb +74 -38
  25. data/lib/dependabot/nuget/http_response_helpers.rb +19 -0
  26. data/lib/dependabot/nuget/metadata_finder.rb +32 -4
  27. data/lib/dependabot/nuget/nuget_client.rb +31 -13
  28. data/lib/dependabot/nuget/requirement.rb +4 -1
  29. data/lib/dependabot/nuget/update_checker/compatibility_checker.rb +26 -15
  30. data/lib/dependabot/nuget/update_checker/dependency_finder.rb +23 -13
  31. data/lib/dependabot/nuget/update_checker/nupkg_fetcher.rb +83 -21
  32. data/lib/dependabot/nuget/update_checker/repository_finder.rb +29 -13
  33. data/lib/dependabot/nuget/update_checker/tfm_finder.rb +2 -2
  34. data/lib/dependabot/nuget/update_checker/version_finder.rb +15 -6
  35. data/lib/dependabot/nuget/update_checker.rb +6 -7
  36. data/lib/dependabot/nuget/version.rb +7 -2
  37. metadata +21 -7
  38. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/SdkPackageUpdaterTests.cs +0 -317
@@ -66,23 +66,34 @@ module Dependabot
66
66
  end
67
67
 
68
68
  def fetch_package_tfms(dependency_version)
69
- nupkg_buffer = NupkgFetcher.fetch_nupkg_buffer(dependency_urls, dependency.name, dependency_version)
70
- return [] unless nupkg_buffer
71
-
72
- # Parse tfms from the folders beneath the lib folder
73
- folder_name = "lib/"
74
- tfms = Set.new
75
- Zip::File.open_buffer(nupkg_buffer) do |zip|
76
- lib_file_entries = zip.select { |entry| entry.name.start_with?(folder_name) }
77
- # If there is no lib folder in this package, assume it is a development dependency
78
- return nil if lib_file_entries.empty?
79
-
80
- lib_file_entries.each do |entry|
81
- _, tfm = entry.name.split("/").first(2)
82
- tfms << tfm
69
+ cache = CacheManager.cache("compatibility_checker_tfms_cache")
70
+ key = "#{dependency.name}::#{dependency_version}"
71
+
72
+ cache[key] ||= begin
73
+ nupkg_buffer = NupkgFetcher.fetch_nupkg_buffer(dependency_urls, dependency.name, dependency_version)
74
+ return [] unless nupkg_buffer
75
+
76
+ # Parse tfms from the folders beneath the lib folder
77
+ folder_name = "lib/"
78
+ tfms = Set.new
79
+ Zip::File.open_buffer(nupkg_buffer) do |zip|
80
+ lib_file_entries = zip.select { |entry| entry.name.start_with?(folder_name) }
81
+ # If there is no lib folder in this package, assume it is a development dependency
82
+ return nil if lib_file_entries.empty?
83
+
84
+ lib_file_entries.each do |entry|
85
+ _, tfm = entry.name.split("/").first(2)
86
+
87
+ # some zip compressors create empty directory entries (in this case `lib/`) which can cause the string
88
+ # split to return `nil`, so we have to explicitly guard against that
89
+ tfms << tfm if tfm
90
+ end
83
91
  end
92
+
93
+ tfms.to_a
84
94
  end
85
- tfms.to_a
95
+
96
+ cache[key]
86
97
  end
87
98
  end
88
99
  end
@@ -37,19 +37,29 @@ module Dependabot
37
37
  key = "#{dependency.name.downcase}::#{dependency.version}"
38
38
  cache = DependencyFinder.transitive_dependencies_cache
39
39
 
40
- cache[key] ||= fetch_transitive_dependencies(
41
- @dependency.name,
42
- @dependency.version
43
- ).map do |dependency_info|
44
- package_name = dependency_info["packageName"]
45
- target_version = dependency_info["version"]
46
-
47
- Dependency.new(
48
- name: package_name,
49
- version: target_version.to_s,
50
- requirements: [], # Empty requirements for transitive dependencies
51
- package_manager: @dependency.package_manager
52
- )
40
+ unless cache[key]
41
+ begin
42
+ # first do a quick sanity check on the version string; if it can't be parsed, an exception will be raised
43
+ _ = Version.new(dependency.version)
44
+
45
+ cache[key] = fetch_transitive_dependencies(
46
+ @dependency.name,
47
+ @dependency.version
48
+ ).map do |dependency_info|
49
+ package_name = dependency_info["packageName"]
50
+ target_version = dependency_info["version"]
51
+
52
+ Dependency.new(
53
+ name: package_name,
54
+ version: target_version.to_s,
55
+ requirements: [], # Empty requirements for transitive dependencies
56
+ package_manager: @dependency.package_manager
57
+ )
58
+ end
59
+ rescue StandardError
60
+ # if anything happened above, there are no meaningful dependencies that can be derived
61
+ cache[key] = []
62
+ end
53
63
  end
54
64
 
55
65
  cache[key]
@@ -4,6 +4,7 @@
4
4
  require "nokogiri"
5
5
  require "zip"
6
6
  require "stringio"
7
+ require "dependabot/nuget/http_response_helpers"
7
8
 
8
9
  module Dependabot
9
10
  module Nuget
@@ -24,7 +25,7 @@ module Dependabot
24
25
  repository_type = repository_details[:repository_type]
25
26
 
26
27
  package_url = if repository_type == "v2"
27
- get_nuget_v2_package_url(feed_url, package_id, package_version)
28
+ get_nuget_v2_package_url(repository_details, package_id, package_version)
28
29
  elsif repository_type == "v3"
29
30
  get_nuget_v3_package_url(repository_details, package_id, package_version)
30
31
  else
@@ -43,16 +44,66 @@ module Dependabot
43
44
  end
44
45
 
45
46
  def self.get_nuget_v3_package_url(repository_details, package_id, package_version)
46
- base_url = repository_details[:base_url].delete_suffix("/")
47
+ base_url = repository_details[:base_url]
48
+ unless base_url
49
+ return get_nuget_v3_package_url_from_search(repository_details, package_id,
50
+ package_version)
51
+ end
52
+
53
+ base_url = base_url.delete_suffix("/")
47
54
  package_id_downcased = package_id.downcase
48
55
  "#{base_url}/#{package_id_downcased}/#{package_version}/#{package_id_downcased}.#{package_version}.nupkg"
49
56
  end
50
57
 
51
- def self.get_nuget_v2_package_url(feed_url, package_id, package_version)
52
- base_url = feed_url
53
- base_url += "/" unless base_url.end_with?("/")
54
- package_id_downcased = package_id.downcase
55
- "#{base_url}/package/#{package_id_downcased}/#{package_version}"
58
+ # rubocop:disable Metrics/CyclomaticComplexity
59
+ # rubocop:disable Metrics/PerceivedComplexity
60
+ def self.get_nuget_v3_package_url_from_search(repository_details, package_id, package_version)
61
+ search_url = repository_details[:search_url]
62
+ return nil unless search_url
63
+
64
+ # get search result
65
+ search_result_response = fetch_url(search_url, repository_details)
66
+ return nil unless search_result_response.status == 200
67
+
68
+ search_response_body = HttpResponseHelpers.remove_wrapping_zero_width_chars(search_result_response.body)
69
+ search_results = JSON.parse(search_response_body)
70
+
71
+ # find matching package and version
72
+ package_search_result = search_results&.[]("data")&.find { |d| package_id.casecmp?(d&.[]("id")) }
73
+ version_search_result = package_search_result&.[]("versions")&.find do |v|
74
+ package_version.casecmp?(v&.[]("version"))
75
+ end
76
+ registration_leaf_url = version_search_result&.[]("@id")
77
+ return nil unless registration_leaf_url
78
+
79
+ registration_leaf_response = fetch_url(registration_leaf_url, repository_details)
80
+ return nil unless registration_leaf_response
81
+ return nil unless registration_leaf_response.status == 200
82
+
83
+ registration_leaf_response_body =
84
+ HttpResponseHelpers.remove_wrapping_zero_width_chars(registration_leaf_response.body)
85
+ registration_leaf = JSON.parse(registration_leaf_response_body)
86
+
87
+ # finally, get the .nupkg url
88
+ registration_leaf&.[]("packageContent")
89
+ end
90
+ # rubocop:enable Metrics/PerceivedComplexity
91
+ # rubocop:enable Metrics/CyclomaticComplexity
92
+
93
+ def self.get_nuget_v2_package_url(repository_details, package_id, package_version)
94
+ # get package XML
95
+ base_url = repository_details[:base_url].delete_suffix("/")
96
+ package_url = "#{base_url}/Packages(Id='#{package_id}',Version='#{package_version}')"
97
+ response = fetch_url(package_url, repository_details)
98
+ return nil unless response.status == 200
99
+
100
+ # find relevant element
101
+ doc = Nokogiri::XML(response.body)
102
+ doc.remove_namespaces!
103
+
104
+ content_element = doc.xpath("/entry/content")
105
+ nupkg_url = content_element&.attribute("src")&.value
106
+ nupkg_url
56
107
  end
57
108
 
58
109
  def self.fetch_stream(stream_url, auth_header, max_redirects = 5)
@@ -60,32 +111,43 @@ module Dependabot
60
111
  current_redirects = 0
61
112
 
62
113
  loop do
63
- connection = Excon.new(current_url, persistent: true)
64
-
65
- package_data = StringIO.new
66
- response_block = lambda do |chunk, _remaining_bytes, _total_bytes|
67
- package_data.write(chunk)
68
- end
69
-
70
- response = connection.request(
71
- method: :get,
114
+ # Directly download the stream without any additional settings _except_ for `omit_default_port: true` which
115
+ # is necessary to not break the URL signing that some NuGet feeds use.
116
+ response = Excon.get(
117
+ current_url,
72
118
  headers: auth_header,
73
- response_block: response_block
119
+ omit_default_port: true
74
120
  )
75
121
 
76
- if response.status == 303 || response.status == 307
122
+ # redirect the HTTP response as appropriate based on documentation here:
123
+ # https://developer.mozilla.org/en-US/docs/Web/HTTP/Redirections
124
+ case response.status
125
+ when 200
126
+ return response.body
127
+ when 301, 302, 303, 307, 308
77
128
  current_redirects += 1
78
129
  return nil if current_redirects > max_redirects
79
130
 
80
131
  current_url = response.headers["Location"]
81
- elsif response.status == 200
82
- package_data.rewind
83
- return package_data
84
132
  else
85
133
  return nil
86
134
  end
87
135
  end
88
136
  end
137
+
138
+ def self.fetch_url(url, repository_details)
139
+ fetch_url_with_auth(url, repository_details.fetch(:auth_header))
140
+ end
141
+
142
+ def self.fetch_url_with_auth(url, auth_header)
143
+ cache = CacheManager.cache("nupkg_fetcher_cache")
144
+ cache[url] ||= Dependabot::RegistryClient.get(
145
+ url: url,
146
+ headers: auth_header
147
+ )
148
+
149
+ cache[url]
150
+ end
89
151
  end
90
152
  end
91
153
  end
@@ -7,6 +7,7 @@ require "dependabot/errors"
7
7
  require "dependabot/update_checkers/base"
8
8
  require "dependabot/registry_client"
9
9
  require "dependabot/nuget/cache_manager"
10
+ require "dependabot/nuget/http_response_helpers"
10
11
 
11
12
  module Dependabot
12
13
  module Nuget
@@ -71,19 +72,33 @@ module Dependabot
71
72
  end
72
73
 
73
74
  def build_url_for_details(repo_details)
75
+ url = repo_details.fetch(:url)
76
+ url_obj = URI.parse(url)
77
+ if url_obj.is_a?(URI::HTTP)
78
+ details = build_url_for_details_remote(repo_details)
79
+ elsif url_obj.is_a?(URI::File)
80
+ details = {
81
+ base_url: url,
82
+ repository_type: "local"
83
+ }
84
+ end
85
+
86
+ details
87
+ end
88
+
89
+ def build_url_for_details_remote(repo_details)
74
90
  response = get_repo_metadata(repo_details)
75
91
  check_repo_response(response, repo_details)
76
92
  return unless response.status == 200
77
93
 
78
- body = remove_wrapping_zero_width_chars(response.body)
94
+ body = HttpResponseHelpers.remove_wrapping_zero_width_chars(response.body)
79
95
  parsed_json = JSON.parse(body)
80
96
  base_url = base_url_from_v3_metadata(parsed_json)
81
- resolved_base_url = base_url || repo_details.fetch(:url).gsub("/index.json", "-flatcontainer")
82
97
  search_url = search_url_from_v3_metadata(parsed_json)
83
98
  registration_url = registration_url_from_v3_metadata(parsed_json)
84
99
 
85
100
  details = {
86
- base_url: resolved_base_url,
101
+ base_url: base_url,
87
102
  repository_url: repo_details.fetch(:url),
88
103
  auth_header: auth_header_for_token(repo_details.fetch(:token)),
89
104
  repository_type: "v3"
@@ -171,7 +186,7 @@ module Dependabot
171
186
  base_url: base_url,
172
187
  repository_url: base_url,
173
188
  versions_url: File.join(
174
- base_url,
189
+ base_url.delete_suffix("/"),
175
190
  "FindPackagesById()?id='#{dependency.name}'"
176
191
  ),
177
192
  auth_header: auth_header_for_token(repo_details.fetch(:token)),
@@ -205,6 +220,7 @@ module Dependabot
205
220
 
206
221
  # rubocop:disable Metrics/CyclomaticComplexity
207
222
  # rubocop:disable Metrics/PerceivedComplexity
223
+ # rubocop:disable Metrics/MethodLength
208
224
  # rubocop:disable Metrics/AbcSize
209
225
  def repos_from_config_file(config_file)
210
226
  doc = Nokogiri::XML(config_file.content)
@@ -223,7 +239,14 @@ module Dependabot
223
239
  key = node.attribute("key")&.value&.strip || node.at_xpath("./key")&.content&.strip
224
240
  url = node.attribute("value")&.value&.strip || node.at_xpath("./value")&.content&.strip
225
241
  url = expand_windows_style_environment_variables(url) if url
226
- sources << { url: url, key: key }
242
+
243
+ # if the path isn't absolute it's relative to the nuget.config file
244
+ if url
245
+ unless url.include?("://") || Pathname.new(url).absolute?
246
+ url = Pathname(config_file.directory).join(url).to_path
247
+ end
248
+ sources << { url: url, key: key }
249
+ end
227
250
  end
228
251
  end
229
252
 
@@ -246,14 +269,13 @@ module Dependabot
246
269
  known_urls.include?(s.fetch(:url))
247
270
  end
248
271
 
249
- sources.select! { |s| s.fetch(:url)&.include?("://") }
250
-
251
272
  add_config_file_credentials(sources: sources, doc: doc)
252
273
  sources.each { |details| details.delete(:key) }
253
274
 
254
275
  sources
255
276
  end
256
277
  # rubocop:enable Metrics/AbcSize
278
+ # rubocop:enable Metrics/MethodLength
257
279
  # rubocop:enable Metrics/PerceivedComplexity
258
280
  # rubocop:enable Metrics/CyclomaticComplexity
259
281
 
@@ -330,12 +352,6 @@ module Dependabot
330
352
  end
331
353
  end
332
354
 
333
- def remove_wrapping_zero_width_chars(string)
334
- string.force_encoding("UTF-8").encode
335
- .gsub(/\A[\u200B-\u200D\uFEFF]/, "")
336
- .gsub(/[\u200B-\u200D\uFEFF]\Z/, "")
337
- end
338
-
339
355
  def auth_header_for_token(token)
340
356
  return {} unless token
341
357
 
@@ -52,13 +52,13 @@ module Dependabot
52
52
 
53
53
  config_parser = FileParser::PackagesConfigParser.new(packages_config: config_file)
54
54
  config_parser.dependency_set.dependencies.any? do |d|
55
- d.name.casecmp(dependency.name).zero?
55
+ d.name.casecmp(dependency.name)&.zero?
56
56
  end
57
57
  end
58
58
 
59
59
  def project_file_contains_dependency?(file, dependency)
60
60
  project_file_parser.dependency_set(project_file: file).dependencies.any? do |d|
61
- d.name.casecmp(dependency.name).zero?
61
+ d.name.casecmp(dependency.name)&.zero?
62
62
  end
63
63
  end
64
64
 
@@ -1,4 +1,4 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "dependabot/nuget/version"
@@ -6,11 +6,14 @@ require "dependabot/nuget/requirement"
6
6
  require "dependabot/update_checkers/base"
7
7
  require "dependabot/update_checkers/version_filters"
8
8
  require "dependabot/nuget/nuget_client"
9
+ require "sorbet-runtime"
9
10
 
10
11
  module Dependabot
11
12
  module Nuget
12
13
  class UpdateChecker < Dependabot::UpdateCheckers::Base
13
14
  class VersionFinder
15
+ extend T::Sig
16
+
14
17
  require_relative "compatibility_checker"
15
18
  require_relative "repository_finder"
16
19
 
@@ -109,13 +112,19 @@ module Dependabot
109
112
  )
110
113
  end
111
114
 
115
+ sig { params(possible_versions: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
112
116
  def filter_prereleases(possible_versions)
113
- possible_versions.reject do |d|
117
+ filtered = possible_versions.reject do |d|
114
118
  version = d.fetch(:version)
115
119
  version.prerelease? && !related_to_current_pre?(version)
116
120
  end
121
+ if possible_versions.count > filtered.count
122
+ Dependabot.logger.info("Filtered out #{possible_versions.count - filtered.count} pre-release versions")
123
+ end
124
+ filtered
117
125
  end
118
126
 
127
+ sig { params(possible_versions: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
119
128
  def filter_ignored_versions(possible_versions)
120
129
  filtered = possible_versions
121
130
 
@@ -131,6 +140,10 @@ module Dependabot
131
140
  raise AllVersionsIgnored
132
141
  end
133
142
 
143
+ if possible_versions.count > filtered.count
144
+ Dependabot.logger.info("Filtered out #{possible_versions.count - filtered.count} ignored versions")
145
+ end
146
+
134
147
  filtered
135
148
  end
136
149
 
@@ -233,8 +246,6 @@ module Dependabot
233
246
  # rubocop:enable Metrics/PerceivedComplexity
234
247
 
235
248
  def v3_nuget_listings
236
- return @v3_nuget_listings unless @v3_nuget_listings.nil?
237
-
238
249
  @v3_nuget_listings ||=
239
250
  dependency_urls
240
251
  .select { |details| details.fetch(:repository_type) == "v3" }
@@ -247,8 +258,6 @@ module Dependabot
247
258
  end
248
259
 
249
260
  def v2_nuget_listings
250
- return @v2_nuget_listings unless @v2_nuget_listings.nil?
251
-
252
261
  @v2_nuget_listings ||=
253
262
  dependency_urls
254
263
  .select { |details| details.fetch(:repository_type) == "v2" }
@@ -1,4 +1,4 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "dependabot/nuget/file_parser"
@@ -17,7 +17,8 @@ module Dependabot
17
17
  # No need to find latest version for transitive dependencies unless they have a vulnerability.
18
18
  return dependency.version if !dependency.top_level? && !vulnerable?
19
19
 
20
- @latest_version = latest_version_details&.fetch(:version)
20
+ # if no update sources have the requisite package, then we can only assume that the current version is correct
21
+ @latest_version = latest_version_details&.fetch(:version) || dependency.version
21
22
  end
22
23
 
23
24
  def latest_resolvable_version
@@ -44,9 +45,8 @@ module Dependabot
44
45
  def updated_requirements
45
46
  RequirementsUpdater.new(
46
47
  requirements: dependency.requirements,
47
- latest_version: preferred_resolvable_version_details.fetch(:version)&.to_s,
48
- source_details: preferred_resolvable_version_details
49
- &.slice(:nuspec_url, :repo_url, :source_url)
48
+ latest_version: preferred_resolvable_version_details&.fetch(:version, nil)&.to_s,
49
+ source_details: preferred_resolvable_version_details&.slice(:nuspec_url, :repo_url, :source_url)
50
50
  ).updated_requirements
51
51
  end
52
52
 
@@ -66,9 +66,8 @@ module Dependabot
66
66
  # If any requirements have an uninterpolated property in them then
67
67
  # that property couldn't be found, and the requirement therefore
68
68
  # cannot be unlocked (since we can't update that property)
69
- namespace = Nuget::FileParser::PropertyValueFinder
70
69
  dependency.requirements.none? do |req|
71
- req.fetch(:requirement)&.match?(namespace::PROPERTY_REGEX)
70
+ req.fetch(:requirement)&.match?(Nuget::FileParser::PropertyValueFinder::PROPERTY_REGEX)
72
71
  end
73
72
  end
74
73
 
@@ -17,14 +17,14 @@ module Dependabot
17
17
  VERSION_PATTERN = T.let(Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?', String)
18
18
  ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
19
19
 
20
- sig { override.params(version: T.nilable(T.any(String, Integer, Float, Gem::Version))).returns(T::Boolean) }
20
+ sig { override.params(version: VersionParameter).returns(T::Boolean) }
21
21
  def self.correct?(version)
22
22
  return false if version.nil?
23
23
 
24
24
  version.to_s.match?(ANCHORED_VERSION_PATTERN)
25
25
  end
26
26
 
27
- sig { override.params(version: T.nilable(T.any(String, Integer, Float, Gem::Version))).void }
27
+ sig { override.params(version: VersionParameter).void }
28
28
  def initialize(version)
29
29
  version = version.to_s.split("+").first || ""
30
30
  @version_string = T.let(version, String)
@@ -32,6 +32,11 @@ module Dependabot
32
32
  super
33
33
  end
34
34
 
35
+ sig { override.params(version: VersionParameter).returns(Dependabot::Nuget::Version) }
36
+ def self.new(version)
37
+ T.cast(super, Dependabot::Nuget::Version)
38
+ end
39
+
35
40
  sig { returns(String) }
36
41
  def to_s
37
42
  @version_string
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-nuget
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.245.0
4
+ version: 0.247.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-02-22 00:00:00.000000000 Z
11
+ date: 2024-03-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.245.0
19
+ version: 0.247.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.245.0
26
+ version: 0.247.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rubyzip
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -156,6 +156,20 @@ dependencies:
156
156
  - - "~>"
157
157
  - !ruby/object:Gem::Version
158
158
  version: 1.19.0
159
+ - !ruby/object:Gem::Dependency
160
+ name: rubocop-rspec
161
+ requirement: !ruby/object:Gem::Requirement
162
+ requirements:
163
+ - - "~>"
164
+ - !ruby/object:Gem::Version
165
+ version: 2.27.1
166
+ type: :development
167
+ prerelease: false
168
+ version_requirements: !ruby/object:Gem::Requirement
169
+ requirements:
170
+ - - "~>"
171
+ - !ruby/object:Gem::Version
172
+ version: 2.27.1
159
173
  - !ruby/object:Gem::Dependency
160
174
  name: rubocop-sorbet
161
175
  requirement: !ruby/object:Gem::Requirement
@@ -292,8 +306,8 @@ files:
292
306
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TemporaryDirectory.cs
293
307
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TestExtensions.cs
294
308
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/PackagesConfigUpdaterTests.cs
295
- - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorker.DirsProj.cs
296
309
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTestBase.cs
310
+ - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.DirsProj.cs
297
311
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.DotNetTools.cs
298
312
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.GlobalJson.cs
299
313
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.Mixed.cs
@@ -302,7 +316,6 @@ files:
302
316
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/JsonHelperTests.cs
303
317
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs
304
318
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/SdkPackageUpdaterHelperTests.cs
305
- - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/SdkPackageUpdaterTests.cs
306
319
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Dependency.cs
307
320
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core/DependencyType.cs
308
321
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Files/BuildFile.cs
@@ -349,6 +362,7 @@ files:
349
362
  - lib/dependabot/nuget/file_parser/property_value_finder.rb
350
363
  - lib/dependabot/nuget/file_updater.rb
351
364
  - lib/dependabot/nuget/file_updater/property_value_updater.rb
365
+ - lib/dependabot/nuget/http_response_helpers.rb
352
366
  - lib/dependabot/nuget/metadata_finder.rb
353
367
  - lib/dependabot/nuget/native_helpers.rb
354
368
  - lib/dependabot/nuget/nuget_client.rb
@@ -371,7 +385,7 @@ licenses:
371
385
  - Nonstandard
372
386
  metadata:
373
387
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
374
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.245.0
388
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
375
389
  post_install_message:
376
390
  rdoc_options: []
377
391
  require_paths: