RubyGems - dependabot-nuget - Versions diffs - 0.246.0 → 0.247.0 - Mend

dependabot-nuget 0.246.0 → 0.247.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

data/lib/dependabot/nuget/update_checker/repository_finder.rb CHANGED Viewed

@@ -72,6 +72,21 @@ module Dependabot
       end
       def build_url_for_details(repo_details)
+        url = repo_details.fetch(:url)
+        url_obj = URI.parse(url)
+        if url_obj.is_a?(URI::HTTP)
+          details = build_url_for_details_remote(repo_details)
+        elsif url_obj.is_a?(URI::File)
+          details = {
+            base_url: url,
+            repository_type: "local"
+          }
+        end
+        details
+      end
+      def build_url_for_details_remote(repo_details)
         response = get_repo_metadata(repo_details)
         check_repo_response(response, repo_details)
         return unless response.status == 200
@@ -205,6 +220,7 @@ module Dependabot
       # rubocop:disable Metrics/CyclomaticComplexity
       # rubocop:disable Metrics/PerceivedComplexity
+      # rubocop:disable Metrics/MethodLength
       # rubocop:disable Metrics/AbcSize
       def repos_from_config_file(config_file)
         doc = Nokogiri::XML(config_file.content)
@@ -223,7 +239,14 @@ module Dependabot
             key = node.attribute("key")&.value&.strip || node.at_xpath("./key")&.content&.strip
             url = node.attribute("value")&.value&.strip || node.at_xpath("./value")&.content&.strip
             url = expand_windows_style_environment_variables(url) if url
-            sources << { url: url, key: key }
+            # if the path isn't absolute it's relative to the nuget.config file
+            if url
+              unless url.include?("://") || Pathname.new(url).absolute?
+                url = Pathname(config_file.directory).join(url).to_path
+              end
+              sources << { url: url, key: key }
+            end
           end
         end
@@ -246,14 +269,13 @@ module Dependabot
           known_urls.include?(s.fetch(:url))
         end
-        sources.select! { |s| s.fetch(:url)&.include?("://") }
         add_config_file_credentials(sources: sources, doc: doc)
         sources.each { |details| details.delete(:key) }
         sources
       end
       # rubocop:enable Metrics/AbcSize
+      # rubocop:enable Metrics/MethodLength
       # rubocop:enable Metrics/PerceivedComplexity
       # rubocop:enable Metrics/CyclomaticComplexity

data/lib/dependabot/nuget/update_checker/tfm_finder.rb CHANGED Viewed

@@ -52,13 +52,13 @@ module Dependabot
         config_parser = FileParser::PackagesConfigParser.new(packages_config: config_file)
         config_parser.dependency_set.dependencies.any? do |d|
-          d.name.casecmp(dependency.name).zero?
+          d.name.casecmp(dependency.name)&.zero?
         end
       end
       def project_file_contains_dependency?(file, dependency)
         project_file_parser.dependency_set(project_file: file).dependencies.any? do |d|
-          d.name.casecmp(dependency.name).zero?
+          d.name.casecmp(dependency.name)&.zero?
         end
       end

data/lib/dependabot/nuget/update_checker/version_finder.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: true
 # frozen_string_literal: true
 require "dependabot/nuget/version"
@@ -6,11 +6,14 @@ require "dependabot/nuget/requirement"
 require "dependabot/update_checkers/base"
 require "dependabot/update_checkers/version_filters"
 require "dependabot/nuget/nuget_client"
+require "sorbet-runtime"
 module Dependabot
   module Nuget
     class UpdateChecker < Dependabot::UpdateCheckers::Base
       class VersionFinder
+        extend T::Sig
         require_relative "compatibility_checker"
         require_relative "repository_finder"
@@ -109,13 +112,19 @@ module Dependabot
           )
         end
+        sig { params(possible_versions: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
         def filter_prereleases(possible_versions)
-          possible_versions.reject do |d|
+          filtered = possible_versions.reject do |d|
             version = d.fetch(:version)
             version.prerelease? && !related_to_current_pre?(version)
           end
+          if possible_versions.count > filtered.count
+            Dependabot.logger.info("Filtered out #{possible_versions.count - filtered.count} pre-release versions")
+          end
+          filtered
         end
+        sig { params(possible_versions: T::Array[T.untyped]).returns(T::Array[T.untyped]) }
         def filter_ignored_versions(possible_versions)
           filtered = possible_versions
@@ -131,6 +140,10 @@ module Dependabot
             raise AllVersionsIgnored
           end
+          if possible_versions.count > filtered.count
+            Dependabot.logger.info("Filtered out #{possible_versions.count - filtered.count} ignored versions")
+          end
           filtered
         end
@@ -233,8 +246,6 @@ module Dependabot
         # rubocop:enable Metrics/PerceivedComplexity
         def v3_nuget_listings
-          return @v3_nuget_listings unless @v3_nuget_listings.nil?
           @v3_nuget_listings ||=
             dependency_urls
             .select { |details| details.fetch(:repository_type) == "v3" }
@@ -247,8 +258,6 @@ module Dependabot
         end
         def v2_nuget_listings
-          return @v2_nuget_listings unless @v2_nuget_listings.nil?
           @v2_nuget_listings ||=
             dependency_urls
             .select { |details| details.fetch(:repository_type) == "v2" }

data/lib/dependabot/nuget/update_checker.rb CHANGED Viewed

@@ -17,7 +17,8 @@ module Dependabot
         # No need to find latest version for transitive dependencies unless they have a vulnerability.
         return dependency.version if !dependency.top_level? && !vulnerable?
-        @latest_version = latest_version_details&.fetch(:version)
+        # if no update sources have the requisite package, then we can only assume that the current version is correct
+        @latest_version = latest_version_details&.fetch(:version) || dependency.version
       end
       def latest_resolvable_version
@@ -44,9 +45,8 @@ module Dependabot
       def updated_requirements
         RequirementsUpdater.new(
           requirements: dependency.requirements,
-          latest_version: preferred_resolvable_version_details.fetch(:version)&.to_s,
-          source_details: preferred_resolvable_version_details
-                          &.slice(:nuspec_url, :repo_url, :source_url)
+          latest_version: preferred_resolvable_version_details&.fetch(:version, nil)&.to_s,
+          source_details: preferred_resolvable_version_details&.slice(:nuspec_url, :repo_url, :source_url)
         ).updated_requirements
       end

data/lib/dependabot/nuget/version.rb CHANGED Viewed

@@ -17,14 +17,14 @@ module Dependabot
       VERSION_PATTERN = T.let(Gem::Version::VERSION_PATTERN + '(\+[0-9a-zA-Z\-.]+)?', String)
       ANCHORED_VERSION_PATTERN = /\A\s*(#{VERSION_PATTERN})?\s*\z/
-      sig { override.params(version: T.nilable(T.any(String, Integer, Float, Gem::Version))).returns(T::Boolean) }
+      sig { override.params(version: VersionParameter).returns(T::Boolean) }
       def self.correct?(version)
         return false if version.nil?
         version.to_s.match?(ANCHORED_VERSION_PATTERN)
       end
-      sig { override.params(version: T.nilable(T.any(String, Integer, Float, Gem::Version))).void }
+      sig { override.params(version: VersionParameter).void }
       def initialize(version)
         version = version.to_s.split("+").first || ""
         @version_string = T.let(version, String)
@@ -32,6 +32,11 @@ module Dependabot
         super
       end
+      sig { override.params(version: VersionParameter).returns(Dependabot::Nuget::Version) }
+      def self.new(version)
+        T.cast(super, Dependabot::Nuget::Version)
+      end
       sig { returns(String) }
       def to_s
         @version_string

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-nuget
 version: !ruby/object:Gem::Version
-  version: 0.246.0
+  version: 0.247.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-03-01 00:00:00.000000000 Z
+date: 2024-03-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.246.0
+        version: 0.247.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.246.0
+        version: 0.247.0
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
@@ -156,6 +156,20 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: 1.19.0
+- !ruby/object:Gem::Dependency
+  name: rubocop-rspec
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.27.1
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 2.27.1
 - !ruby/object:Gem::Dependency
   name: rubocop-sorbet
   requirement: !ruby/object:Gem::Requirement
@@ -371,7 +385,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.246.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.247.0
 post_install_message:
 rdoc_options: []
 require_paths: