dependabot-nuget 0.246.0 → 0.247.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs +40 -6
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/PathHelper.cs +27 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.Sdk.cs +18 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs +110 -0
- data/lib/dependabot/nuget/cache_manager.rb +9 -3
- data/lib/dependabot/nuget/file_fetcher/import_paths_finder.rb +15 -12
- data/lib/dependabot/nuget/file_fetcher/sln_project_paths_finder.rb +13 -3
- data/lib/dependabot/nuget/file_fetcher.rb +79 -31
- data/lib/dependabot/nuget/file_parser/dotnet_tools_json_parser.rb +10 -2
- data/lib/dependabot/nuget/file_parser/global_json_parser.rb +10 -2
- data/lib/dependabot/nuget/file_parser/packages_config_parser.rb +11 -2
- data/lib/dependabot/nuget/file_parser/project_file_parser.rb +140 -41
- data/lib/dependabot/nuget/file_parser/property_value_finder.rb +57 -5
- data/lib/dependabot/nuget/file_parser.rb +3 -3
- data/lib/dependabot/nuget/file_updater/property_value_updater.rb +25 -8
- data/lib/dependabot/nuget/file_updater.rb +74 -38
- data/lib/dependabot/nuget/http_response_helpers.rb +6 -1
- data/lib/dependabot/nuget/metadata_finder.rb +27 -3
- data/lib/dependabot/nuget/nuget_client.rb +23 -0
- data/lib/dependabot/nuget/requirement.rb +4 -1
- data/lib/dependabot/nuget/update_checker/compatibility_checker.rb +26 -15
- data/lib/dependabot/nuget/update_checker/nupkg_fetcher.rb +11 -13
- data/lib/dependabot/nuget/update_checker/repository_finder.rb +25 -3
- data/lib/dependabot/nuget/update_checker/tfm_finder.rb +2 -2
- data/lib/dependabot/nuget/update_checker/version_finder.rb +15 -6
- data/lib/dependabot/nuget/update_checker.rb +4 -4
- data/lib/dependabot/nuget/version.rb +7 -2
- metadata +19 -5
@@ -72,6 +72,21 @@ module Dependabot
|
|
72
72
|
end
|
73
73
|
|
74
74
|
def build_url_for_details(repo_details)
|
75
|
+
url = repo_details.fetch(:url)
|
76
|
+
url_obj = URI.parse(url)
|
77
|
+
if url_obj.is_a?(URI::HTTP)
|
78
|
+
details = build_url_for_details_remote(repo_details)
|
79
|
+
elsif url_obj.is_a?(URI::File)
|
80
|
+
details = {
|
81
|
+
base_url: url,
|
82
|
+
repository_type: "local"
|
83
|
+
}
|
84
|
+
end
|
85
|
+
|
86
|
+
details
|
87
|
+
end
|
88
|
+
|
89
|
+
def build_url_for_details_remote(repo_details)
|
75
90
|
response = get_repo_metadata(repo_details)
|
76
91
|
check_repo_response(response, repo_details)
|
77
92
|
return unless response.status == 200
|
@@ -205,6 +220,7 @@ module Dependabot
|
|
205
220
|
|
206
221
|
# rubocop:disable Metrics/CyclomaticComplexity
|
207
222
|
# rubocop:disable Metrics/PerceivedComplexity
|
223
|
+
# rubocop:disable Metrics/MethodLength
|
208
224
|
# rubocop:disable Metrics/AbcSize
|
209
225
|
def repos_from_config_file(config_file)
|
210
226
|
doc = Nokogiri::XML(config_file.content)
|
@@ -223,7 +239,14 @@ module Dependabot
|
|
223
239
|
key = node.attribute("key")&.value&.strip || node.at_xpath("./key")&.content&.strip
|
224
240
|
url = node.attribute("value")&.value&.strip || node.at_xpath("./value")&.content&.strip
|
225
241
|
url = expand_windows_style_environment_variables(url) if url
|
226
|
-
|
242
|
+
|
243
|
+
# if the path isn't absolute it's relative to the nuget.config file
|
244
|
+
if url
|
245
|
+
unless url.include?("://") || Pathname.new(url).absolute?
|
246
|
+
url = Pathname(config_file.directory).join(url).to_path
|
247
|
+
end
|
248
|
+
sources << { url: url, key: key }
|
249
|
+
end
|
227
250
|
end
|
228
251
|
end
|
229
252
|
|
@@ -246,14 +269,13 @@ module Dependabot
|
|
246
269
|
known_urls.include?(s.fetch(:url))
|
247
270
|
end
|
248
271
|
|
249
|
-
sources.select! { |s| s.fetch(:url)&.include?("://") }
|
250
|
-
|
251
272
|
add_config_file_credentials(sources: sources, doc: doc)
|
252
273
|
sources.each { |details| details.delete(:key) }
|
253
274
|
|
254
275
|
sources
|
255
276
|
end
|
256
277
|
# rubocop:enable Metrics/AbcSize
|
278
|
+
# rubocop:enable Metrics/MethodLength
|
257
279
|
# rubocop:enable Metrics/PerceivedComplexity
|
258
280
|
# rubocop:enable Metrics/CyclomaticComplexity
|
259
281
|
|
@@ -52,13 +52,13 @@ module Dependabot
|
|
52
52
|
|
53
53
|
config_parser = FileParser::PackagesConfigParser.new(packages_config: config_file)
|
54
54
|
config_parser.dependency_set.dependencies.any? do |d|
|
55
|
-
d.name.casecmp(dependency.name)
|
55
|
+
d.name.casecmp(dependency.name)&.zero?
|
56
56
|
end
|
57
57
|
end
|
58
58
|
|
59
59
|
def project_file_contains_dependency?(file, dependency)
|
60
60
|
project_file_parser.dependency_set(project_file: file).dependencies.any? do |d|
|
61
|
-
d.name.casecmp(dependency.name)
|
61
|
+
d.name.casecmp(dependency.name)&.zero?
|
62
62
|
end
|
63
63
|
end
|
64
64
|
|
@@ -1,4 +1,4 @@
|
|
1
|
-
# typed:
|
1
|
+
# typed: true
|
2
2
|
# frozen_string_literal: true
|
3
3
|
|
4
4
|
require "dependabot/nuget/version"
|
@@ -6,11 +6,14 @@ require "dependabot/nuget/requirement"
|
|
6
6
|
require "dependabot/update_checkers/base"
|
7
7
|
require "dependabot/update_checkers/version_filters"
|
8
8
|
require "dependabot/nuget/nuget_client"
|
9
|
+
require "sorbet-runtime"
|
9
10
|
|
10
11
|
module Dependabot
|
11
12
|
module Nuget
|
12
13
|
class UpdateChecker < Dependabot::UpdateCheckers::Base
|
13
14
|
class VersionFinder
|
15
|
+
extend T::Sig
|
16
|
+
|
14
17
|
require_relative "compatibility_checker"
|
15
18
|
require_relative "repository_finder"
|
16
19
|
|
@@ -109,13 +112,19 @@ module Dependabot
|
|
109
112
|
)
|
110
113
|
end
|
111
114
|
|
115
|
+
sig { params(possible_versions: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
|
112
116
|
def filter_prereleases(possible_versions)
|
113
|
-
possible_versions.reject do |d|
|
117
|
+
filtered = possible_versions.reject do |d|
|
114
118
|
version = d.fetch(:version)
|
115
119
|
version.prerelease? && !related_to_current_pre?(version)
|
116
120
|
end
|
121
|
+
if possible_versions.count > filtered.count
|
122
|
+
Dependabot.logger.info("Filtered out #{possible_versions.count - filtered.count} pre-release versions")
|
123
|
+
end
|
124
|
+
filtered
|
117
125
|
end
|
118
126
|
|
127
|
+
sig { params(possible_versions: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
|
119
128
|
def filter_ignored_versions(possible_versions)
|
120
129
|
filtered = possible_versions
|
121
130
|
|
@@ -131,6 +140,10 @@ module Dependabot
|
|
131
140
|
raise AllVersionsIgnored
|
132
141
|
end
|
133
142
|
|
143
|
+
if possible_versions.count > filtered.count
|
144
|
+
Dependabot.logger.info("Filtered out #{possible_versions.count - filtered.count} ignored versions")
|
145
|
+
end
|
146
|
+
|
134
147
|
filtered
|
135
148
|
end
|
136
149
|
|
@@ -233,8 +246,6 @@ module Dependabot
|
|
233
246
|
# rubocop:enable Metrics/PerceivedComplexity
|
234
247
|
|
235
248
|
def v3_nuget_listings
|
236
|
-
return @v3_nuget_listings unless @v3_nuget_listings.nil?
|
237
|
-
|
238
249
|
@v3_nuget_listings ||=
|
239
250
|
dependency_urls
|
240
251
|
.select { |details| details.fetch(:repository_type) == "v3" }
|
@@ -247,8 +258,6 @@ module Dependabot
|
|
247
258
|
end
|
248
259
|
|
249
260
|
def v2_nuget_listings
|
250
|
-
return @v2_nuget_listings unless @v2_nuget_listings.nil?
|
251
|
-
|
252
261
|
@v2_nuget_listings ||=
|
253
262
|
dependency_urls
|
254
263
|
.select { |details| details.fetch(:repository_type) == "v2" }
|
@@ -17,7 +17,8 @@ module Dependabot
|
|
17
17
|
# No need to find latest version for transitive dependencies unless they have a vulnerability.
|
18
18
|
return dependency.version if !dependency.top_level? && !vulnerable?
|
19
19
|
|
20
|
-
|
20
|
+
# if no update sources have the requisite package, then we can only assume that the current version is correct
|
21
|
+
@latest_version = latest_version_details&.fetch(:version) || dependency.version
|
21
22
|
end
|
22
23
|
|
23
24
|
def latest_resolvable_version
|
@@ -44,9 +45,8 @@ module Dependabot
|
|
44
45
|
def updated_requirements
|
45
46
|
RequirementsUpdater.new(
|
46
47
|
requirements: dependency.requirements,
|
47
|
-
latest_version: preferred_resolvable_version_details
|
48
|
-
source_details: preferred_resolvable_version_details
|
49
|
-
&.slice(:nuspec_url, :repo_url, :source_url)
|
48
|
+
latest_version: preferred_resolvable_version_details&.fetch(:version, nil)&.to_s,
|
49
|
+
source_details: preferred_resolvable_version_details&.slice(:nuspec_url, :repo_url, :source_url)
|
50
50
|
).updated_requirements
|
51
51
|
end
|
52
52
|
|
@@ -17,14 +17,14 @@ module Dependabot
|
|
17
17
|
VERSION_PATTERN = T.let(Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?', String)
|
18
18
|
ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
|
19
19
|
|
20
|
-
sig { override.params(version:
|
20
|
+
sig { override.params(version: VersionParameter).returns(T::Boolean) }
|
21
21
|
def self.correct?(version)
|
22
22
|
return false if version.nil?
|
23
23
|
|
24
24
|
version.to_s.match?(ANCHORED_VERSION_PATTERN)
|
25
25
|
end
|
26
26
|
|
27
|
-
sig { override.params(version:
|
27
|
+
sig { override.params(version: VersionParameter).void }
|
28
28
|
def initialize(version)
|
29
29
|
version = version.to_s.split("+").first || ""
|
30
30
|
@version_string = T.let(version, String)
|
@@ -32,6 +32,11 @@ module Dependabot
|
|
32
32
|
super
|
33
33
|
end
|
34
34
|
|
35
|
+
sig { override.params(version: VersionParameter).returns(Dependabot::Nuget::Version) }
|
36
|
+
def self.new(version)
|
37
|
+
T.cast(super, Dependabot::Nuget::Version)
|
38
|
+
end
|
39
|
+
|
35
40
|
sig { returns(String) }
|
36
41
|
def to_s
|
37
42
|
@version_string
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-nuget
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.247.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-03-
|
11
|
+
date: 2024-03-14 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.247.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.247.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rubyzip
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -156,6 +156,20 @@ dependencies:
|
|
156
156
|
- - "~>"
|
157
157
|
- !ruby/object:Gem::Version
|
158
158
|
version: 1.19.0
|
159
|
+
- !ruby/object:Gem::Dependency
|
160
|
+
name: rubocop-rspec
|
161
|
+
requirement: !ruby/object:Gem::Requirement
|
162
|
+
requirements:
|
163
|
+
- - "~>"
|
164
|
+
- !ruby/object:Gem::Version
|
165
|
+
version: 2.27.1
|
166
|
+
type: :development
|
167
|
+
prerelease: false
|
168
|
+
version_requirements: !ruby/object:Gem::Requirement
|
169
|
+
requirements:
|
170
|
+
- - "~>"
|
171
|
+
- !ruby/object:Gem::Version
|
172
|
+
version: 2.27.1
|
159
173
|
- !ruby/object:Gem::Dependency
|
160
174
|
name: rubocop-sorbet
|
161
175
|
requirement: !ruby/object:Gem::Requirement
|
@@ -371,7 +385,7 @@ licenses:
|
|
371
385
|
- Nonstandard
|
372
386
|
metadata:
|
373
387
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
374
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
388
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
|
375
389
|
post_install_message:
|
376
390
|
rdoc_options: []
|
377
391
|
require_paths:
|