dependabot-nuget 0.246.0 → 0.247.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (29) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs +40 -6
  3. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/PathHelper.cs +27 -0
  4. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.Sdk.cs +18 -0
  5. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs +110 -0
  6. data/lib/dependabot/nuget/cache_manager.rb +9 -3
  7. data/lib/dependabot/nuget/file_fetcher/import_paths_finder.rb +15 -12
  8. data/lib/dependabot/nuget/file_fetcher/sln_project_paths_finder.rb +13 -3
  9. data/lib/dependabot/nuget/file_fetcher.rb +79 -31
  10. data/lib/dependabot/nuget/file_parser/dotnet_tools_json_parser.rb +10 -2
  11. data/lib/dependabot/nuget/file_parser/global_json_parser.rb +10 -2
  12. data/lib/dependabot/nuget/file_parser/packages_config_parser.rb +11 -2
  13. data/lib/dependabot/nuget/file_parser/project_file_parser.rb +140 -41
  14. data/lib/dependabot/nuget/file_parser/property_value_finder.rb +57 -5
  15. data/lib/dependabot/nuget/file_parser.rb +3 -3
  16. data/lib/dependabot/nuget/file_updater/property_value_updater.rb +25 -8
  17. data/lib/dependabot/nuget/file_updater.rb +74 -38
  18. data/lib/dependabot/nuget/http_response_helpers.rb +6 -1
  19. data/lib/dependabot/nuget/metadata_finder.rb +27 -3
  20. data/lib/dependabot/nuget/nuget_client.rb +23 -0
  21. data/lib/dependabot/nuget/requirement.rb +4 -1
  22. data/lib/dependabot/nuget/update_checker/compatibility_checker.rb +26 -15
  23. data/lib/dependabot/nuget/update_checker/nupkg_fetcher.rb +11 -13
  24. data/lib/dependabot/nuget/update_checker/repository_finder.rb +25 -3
  25. data/lib/dependabot/nuget/update_checker/tfm_finder.rb +2 -2
  26. data/lib/dependabot/nuget/update_checker/version_finder.rb +15 -6
  27. data/lib/dependabot/nuget/update_checker.rb +4 -4
  28. data/lib/dependabot/nuget/version.rb +7 -2
  29. metadata +19 -5
@@ -72,6 +72,21 @@ module Dependabot
72
72
  end
73
73
 
74
74
  def build_url_for_details(repo_details)
75
+ url = repo_details.fetch(:url)
76
+ url_obj = URI.parse(url)
77
+ if url_obj.is_a?(URI::HTTP)
78
+ details = build_url_for_details_remote(repo_details)
79
+ elsif url_obj.is_a?(URI::File)
80
+ details = {
81
+ base_url: url,
82
+ repository_type: "local"
83
+ }
84
+ end
85
+
86
+ details
87
+ end
88
+
89
+ def build_url_for_details_remote(repo_details)
75
90
  response = get_repo_metadata(repo_details)
76
91
  check_repo_response(response, repo_details)
77
92
  return unless response.status == 200
@@ -205,6 +220,7 @@ module Dependabot
205
220
 
206
221
  # rubocop:disable Metrics/CyclomaticComplexity
207
222
  # rubocop:disable Metrics/PerceivedComplexity
223
+ # rubocop:disable Metrics/MethodLength
208
224
  # rubocop:disable Metrics/AbcSize
209
225
  def repos_from_config_file(config_file)
210
226
  doc = Nokogiri::XML(config_file.content)
@@ -223,7 +239,14 @@ module Dependabot
223
239
  key = node.attribute("key")&.value&.strip || node.at_xpath("./key")&.content&.strip
224
240
  url = node.attribute("value")&.value&.strip || node.at_xpath("./value")&.content&.strip
225
241
  url = expand_windows_style_environment_variables(url) if url
226
- sources << { url: url, key: key }
242
+
243
+ # if the path isn't absolute it's relative to the nuget.config file
244
+ if url
245
+ unless url.include?("://") || Pathname.new(url).absolute?
246
+ url = Pathname(config_file.directory).join(url).to_path
247
+ end
248
+ sources << { url: url, key: key }
249
+ end
227
250
  end
228
251
  end
229
252
 
@@ -246,14 +269,13 @@ module Dependabot
246
269
  known_urls.include?(s.fetch(:url))
247
270
  end
248
271
 
249
- sources.select! { |s| s.fetch(:url)&.include?("://") }
250
-
251
272
  add_config_file_credentials(sources: sources, doc: doc)
252
273
  sources.each { |details| details.delete(:key) }
253
274
 
254
275
  sources
255
276
  end
256
277
  # rubocop:enable Metrics/AbcSize
278
+ # rubocop:enable Metrics/MethodLength
257
279
  # rubocop:enable Metrics/PerceivedComplexity
258
280
  # rubocop:enable Metrics/CyclomaticComplexity
259
281
 
@@ -52,13 +52,13 @@ module Dependabot
52
52
 
53
53
  config_parser = FileParser::PackagesConfigParser.new(packages_config: config_file)
54
54
  config_parser.dependency_set.dependencies.any? do |d|
55
- d.name.casecmp(dependency.name).zero?
55
+ d.name.casecmp(dependency.name)&.zero?
56
56
  end
57
57
  end
58
58
 
59
59
  def project_file_contains_dependency?(file, dependency)
60
60
  project_file_parser.dependency_set(project_file: file).dependencies.any? do |d|
61
- d.name.casecmp(dependency.name).zero?
61
+ d.name.casecmp(dependency.name)&.zero?
62
62
  end
63
63
  end
64
64
 
@@ -1,4 +1,4 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "dependabot/nuget/version"
@@ -6,11 +6,14 @@ require "dependabot/nuget/requirement"
6
6
  require "dependabot/update_checkers/base"
7
7
  require "dependabot/update_checkers/version_filters"
8
8
  require "dependabot/nuget/nuget_client"
9
+ require "sorbet-runtime"
9
10
 
10
11
  module Dependabot
11
12
  module Nuget
12
13
  class UpdateChecker < Dependabot::UpdateCheckers::Base
13
14
  class VersionFinder
15
+ extend T::Sig
16
+
14
17
  require_relative "compatibility_checker"
15
18
  require_relative "repository_finder"
16
19
 
@@ -109,13 +112,19 @@ module Dependabot
109
112
  )
110
113
  end
111
114
 
115
+ sig { params(possible_versions: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
112
116
  def filter_prereleases(possible_versions)
113
- possible_versions.reject do |d|
117
+ filtered = possible_versions.reject do |d|
114
118
  version = d.fetch(:version)
115
119
  version.prerelease? && !related_to_current_pre?(version)
116
120
  end
121
+ if possible_versions.count > filtered.count
122
+ Dependabot.logger.info("Filtered out #{possible_versions.count - filtered.count} pre-release versions")
123
+ end
124
+ filtered
117
125
  end
118
126
 
127
+ sig { params(possible_versions: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
119
128
  def filter_ignored_versions(possible_versions)
120
129
  filtered = possible_versions
121
130
 
@@ -131,6 +140,10 @@ module Dependabot
131
140
  raise AllVersionsIgnored
132
141
  end
133
142
 
143
+ if possible_versions.count > filtered.count
144
+ Dependabot.logger.info("Filtered out #{possible_versions.count - filtered.count} ignored versions")
145
+ end
146
+
134
147
  filtered
135
148
  end
136
149
 
@@ -233,8 +246,6 @@ module Dependabot
233
246
  # rubocop:enable Metrics/PerceivedComplexity
234
247
 
235
248
  def v3_nuget_listings
236
- return @v3_nuget_listings unless @v3_nuget_listings.nil?
237
-
238
249
  @v3_nuget_listings ||=
239
250
  dependency_urls
240
251
  .select { |details| details.fetch(:repository_type) == "v3" }
@@ -247,8 +258,6 @@ module Dependabot
247
258
  end
248
259
 
249
260
  def v2_nuget_listings
250
- return @v2_nuget_listings unless @v2_nuget_listings.nil?
251
-
252
261
  @v2_nuget_listings ||=
253
262
  dependency_urls
254
263
  .select { |details| details.fetch(:repository_type) == "v2" }
@@ -17,7 +17,8 @@ module Dependabot
17
17
  # No need to find latest version for transitive dependencies unless they have a vulnerability.
18
18
  return dependency.version if !dependency.top_level? && !vulnerable?
19
19
 
20
- @latest_version = latest_version_details&.fetch(:version)
20
+ # if no update sources have the requisite package, then we can only assume that the current version is correct
21
+ @latest_version = latest_version_details&.fetch(:version) || dependency.version
21
22
  end
22
23
 
23
24
  def latest_resolvable_version
@@ -44,9 +45,8 @@ module Dependabot
44
45
  def updated_requirements
45
46
  RequirementsUpdater.new(
46
47
  requirements: dependency.requirements,
47
- latest_version: preferred_resolvable_version_details.fetch(:version)&.to_s,
48
- source_details: preferred_resolvable_version_details
49
- &.slice(:nuspec_url, :repo_url, :source_url)
48
+ latest_version: preferred_resolvable_version_details&.fetch(:version, nil)&.to_s,
49
+ source_details: preferred_resolvable_version_details&.slice(:nuspec_url, :repo_url, :source_url)
50
50
  ).updated_requirements
51
51
  end
52
52
 
@@ -17,14 +17,14 @@ module Dependabot
17
17
  VERSION_PATTERN = T.let(Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?', String)
18
18
  ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
19
19
 
20
- sig { override.params(version: T.nilable(T.any(String, Integer, Float, Gem::Version))).returns(T::Boolean) }
20
+ sig { override.params(version: VersionParameter).returns(T::Boolean) }
21
21
  def self.correct?(version)
22
22
  return false if version.nil?
23
23
 
24
24
  version.to_s.match?(ANCHORED_VERSION_PATTERN)
25
25
  end
26
26
 
27
- sig { override.params(version: T.nilable(T.any(String, Integer, Float, Gem::Version))).void }
27
+ sig { override.params(version: VersionParameter).void }
28
28
  def initialize(version)
29
29
  version = version.to_s.split("+").first || ""
30
30
  @version_string = T.let(version, String)
@@ -32,6 +32,11 @@ module Dependabot
32
32
  super
33
33
  end
34
34
 
35
+ sig { override.params(version: VersionParameter).returns(Dependabot::Nuget::Version) }
36
+ def self.new(version)
37
+ T.cast(super, Dependabot::Nuget::Version)
38
+ end
39
+
35
40
  sig { returns(String) }
36
41
  def to_s
37
42
  @version_string
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-nuget
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.246.0
4
+ version: 0.247.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-03-01 00:00:00.000000000 Z
11
+ date: 2024-03-14 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.246.0
19
+ version: 0.247.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.246.0
26
+ version: 0.247.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rubyzip
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -156,6 +156,20 @@ dependencies:
156
156
  - - "~>"
157
157
  - !ruby/object:Gem::Version
158
158
  version: 1.19.0
159
+ - !ruby/object:Gem::Dependency
160
+ name: rubocop-rspec
161
+ requirement: !ruby/object:Gem::Requirement
162
+ requirements:
163
+ - - "~>"
164
+ - !ruby/object:Gem::Version
165
+ version: 2.27.1
166
+ type: :development
167
+ prerelease: false
168
+ version_requirements: !ruby/object:Gem::Requirement
169
+ requirements:
170
+ - - "~>"
171
+ - !ruby/object:Gem::Version
172
+ version: 2.27.1
159
173
  - !ruby/object:Gem::Dependency
160
174
  name: rubocop-sorbet
161
175
  requirement: !ruby/object:Gem::Requirement
@@ -371,7 +385,7 @@ licenses:
371
385
  - Nonstandard
372
386
  metadata:
373
387
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
374
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.246.0
388
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
375
389
  post_install_message:
376
390
  rdoc_options: []
377
391
  require_paths: