RubyGems - dependabot-nuget - Versions diffs - 0.246.0 → 0.248.0 - Mend

dependabot-nuget 0.246.0 → 0.248.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (32) hide show

data/lib/dependabot/nuget/file_fetcher.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: false
+# typed: strict
 # frozen_string_literal: true
 require "dependabot/file_fetchers"
@@ -18,19 +18,40 @@ module Dependabot
       BUILD_FILE_NAMES = /^Directory\.Build\.(props|targets)$/i # Directory.Build.props, Directory.Build.targets
+      sig { override.params(filenames: T::Array[String]).returns(T::Boolean) }
       def self.required_files_in?(filenames)
         return true if filenames.any? { |f| f.match?(/^packages\.config$/i) }
         return true if filenames.any? { |f| f.end_with?(".sln") }
         return true if filenames.any? { |f| f.match?("^src$") }
         return true if filenames.any? { |f| f.end_with?(".proj") }
-        filenames.any? { |name| name.match?(/\.[a-z]{2}proj$/) }
+        filenames.any? { |name| name.match?(/\.(cs|vb|fs)proj$/) }
       end
+      sig { override.returns(String) }
       def self.required_files_message
         "Repo must contain a .proj file, .(cs|vb|fs)proj file, or a packages.config."
       end
+      sig do
+        params(
+          source: Dependabot::Source,
+          credentials: T::Array[Credential],
+          repo_contents_path: T.nilable(String),
+          options: T::Hash[String, String]
+        ).void
+      end
+      def initialize(source:, credentials:, repo_contents_path: nil, options: {})
+        super(source: source, credentials: credentials, repo_contents_path: repo_contents_path, options: options)
+        @sln_files = T.let(nil, T.nilable(T::Array[Dependabot::DependencyFile]))
+        @sln_project_files = T.let(nil, T.nilable(T::Array[Dependabot::DependencyFile]))
+        @project_files = T.let([], T::Array[Dependabot::DependencyFile])
+        @fetched_files = T.let({}, T::Hash[String, T::Array[Dependabot::DependencyFile]])
+        @nuget_config_files = T.let(nil, T.nilable(T::Array[Dependabot::DependencyFile]))
+        @packages_config_files = T.let(nil, T.nilable(T::Array[Dependabot::DependencyFile]))
+      end
       sig { override.returns(T::Array[DependencyFile]) }
       def fetch_files
         fetched_files = []
@@ -50,12 +71,9 @@ module Dependabot
         end
         if project_files.none? && packages_config_files.none?
-          raise @missing_sln_project_file_errors.first if @missing_sln_project_file_errors&.any?
+          raise T.must(@missing_sln_project_file_errors.first) if @missing_sln_project_file_errors&.any?
-          raise(
-            Dependabot::DependencyFileNotFound,
-            File.join(directory, "<anything>.(cs|vb|fs)proj")
-          )
+          raise_dependency_file_not_found
         end
         fetched_files
@@ -63,8 +81,11 @@ module Dependabot
       private
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def project_files
-        @project_files ||=
+        return @project_files if @project_files.any?
+        @project_files =
           begin
             project_files = []
             project_files += csproj_file
@@ -78,19 +99,27 @@ module Dependabot
             project_files
           end
       rescue Octokit::NotFound, Gitlab::Error::NotFound
+        raise_dependency_file_not_found
+      end
+      sig { returns(T.noreturn) }
+      def raise_dependency_file_not_found
         raise(
-          Dependabot::DependencyFileNotFound,
-          File.join(directory, "<anything>.(cs|vb|fs)proj")
+          Dependabot::DependencyFileNotFound.new(
+            File.join(directory, "*.(sln|csproj|vbproj|fsproj|proj)"),
+            "Unable to find `*.sln`, `*.(cs|vb|fs)proj`, or `*.proj` in directory `#{directory}`"
+          )
         )
       end
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def packages_config_files
         return @packages_config_files if @packages_config_files
         candidate_paths =
           [*project_files.map { |f| File.dirname(f.name) }, "."].uniq
-        @packages_config_files ||=
+        @packages_config_files =
           candidate_paths.filter_map do |dir|
             file = repo_contents(dir: dir)
                    .find { |f| f.name.casecmp("packages.config").zero? }
@@ -99,6 +128,7 @@ module Dependabot
       end
       # rubocop:disable Metrics/PerceivedComplexity
+      sig { returns(T.nilable(T::Array[T.untyped])) }
       def sln_file_names
         sln_files = repo_contents.select { |f| f.name.end_with?(".sln") }
         src_dir = repo_contents.any? { |f| f.name == "src" && f.type == "dir" }
@@ -117,13 +147,15 @@ module Dependabot
       end
       # rubocop:enable Metrics/PerceivedComplexity
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def directory_build_files
-        @directory_build_files ||= fetch_directory_build_files
+        @directory_build_files ||= T.let(fetch_directory_build_files, T.nilable(T::Array[Dependabot::DependencyFile]))
       end
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def fetch_directory_build_files
-        attempted_dirs = []
-        directory_build_files = []
+        attempted_dirs = T.let([], T::Array[Pathname])
+        directory_build_files = T.let([], T::Array[Dependabot::DependencyFile])
         directory_path = Pathname.new(directory)
         # find all build files (Directory.Build.props/.targets) relative to the given project file
@@ -145,12 +177,13 @@ module Dependabot
         directory_build_files
       end
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def sln_project_files
         return [] unless sln_files
         @sln_project_files ||=
           begin
-            paths = sln_files.flat_map do |sln_file|
+            paths = T.must(sln_files).flat_map do |sln_file|
               SlnProjectPathsFinder
                 .new(sln_file: sln_file)
                 .project_paths
@@ -159,7 +192,7 @@ module Dependabot
             paths.filter_map do |path|
               fetch_file_from_host(path)
             rescue Dependabot::DependencyFileNotFound => e
-              @missing_sln_project_file_errors ||= []
+              @missing_sln_project_file_errors ||= T.let([], T.nilable(T::Array[Dependabot::DependencyFileNotFound]))
               @missing_sln_project_file_errors << e
               # Don't worry about missing files too much for now (at least
               # until we start resolving properties)
@@ -168,35 +201,42 @@ module Dependabot
           end
       end
+      sig { returns(T.nilable(T::Array[Dependabot::DependencyFile])) }
       def sln_files
         return unless sln_file_names
         @sln_files ||=
           sln_file_names
-          .map { |sln_file_name| fetch_file_from_host(sln_file_name) }
-          .select { |file| file.content.valid_encoding? }
+          &.map { |sln_file_name| fetch_file_from_host(sln_file_name) }
+          &.select { |file| file.content&.valid_encoding? }
       end
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def csproj_file
-        @csproj_file ||= find_and_fetch_with_suffix(".csproj")
+        @csproj_file ||= T.let(find_and_fetch_with_suffix(".csproj"), T.nilable(T::Array[Dependabot::DependencyFile]))
       end
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def vbproj_file
-        @vbproj_file ||= find_and_fetch_with_suffix(".vbproj")
+        @vbproj_file ||= T.let(find_and_fetch_with_suffix(".vbproj"), T.nilable(T::Array[Dependabot::DependencyFile]))
       end
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def fsproj_file
-        @fsproj_file ||= find_and_fetch_with_suffix(".fsproj")
+        @fsproj_file ||= T.let(find_and_fetch_with_suffix(".fsproj"), T.nilable(T::Array[Dependabot::DependencyFile]))
       end
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def proj_files
-        @proj_files ||= find_and_fetch_with_suffix(".proj")
+        @proj_files ||= T.let(find_and_fetch_with_suffix(".proj"), T.nilable(T::Array[Dependabot::DependencyFile]))
       end
+      sig { params(suffix: String).returns(T::Array[Dependabot::DependencyFile]) }
       def find_and_fetch_with_suffix(suffix)
         repo_contents.select { |f| f.name.end_with?(suffix) }.map { |f| fetch_file_from_host(f.name) }
       end
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def nuget_config_files
         return @nuget_config_files if @nuget_config_files
@@ -206,8 +246,15 @@ module Dependabot
         @nuget_config_files
       end
+      sig do
+        params(
+          project_file: Dependabot::DependencyFile,
+          expected_file_name: String
+        )
+          .returns(T.nilable(Dependabot::DependencyFile))
+      end
       def named_file_up_tree_from_project_file(project_file, expected_file_name)
-        found_expected_file = nil
+        found_expected_file = T.let(nil, T.nilable(Dependabot::DependencyFile))
         directory_path = Pathname.new(directory)
         full_project_dir = Pathname.new(project_file.directory).join(project_file.name).dirname
         full_project_dir.ascend.each do |base|
@@ -228,26 +275,25 @@ module Dependabot
         found_expected_file
       end
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def global_json
-        return @global_json if defined?(@global_json)
-        @global_json = fetch_file_if_present("global.json")
+        @global_json ||= T.let(fetch_file_if_present("global.json"), T.nilable(Dependabot::DependencyFile))
       end
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def dotnet_tools_json
-        return @dotnet_tools_json if defined?(@dotnet_tools_json)
-        @dotnet_tools_json = fetch_file_if_present(".config/dotnet-tools.json")
+        @dotnet_tools_json ||= T.let(fetch_file_if_present(".config/dotnet-tools.json"),
+                                     T.nilable(Dependabot::DependencyFile))
       end
+      sig { returns(T.nilable(Dependabot::DependencyFile)) }
       def packages_props
-        return @packages_props if defined?(@packages_props)
-        @packages_props = fetch_file_if_present("Packages.props")
+        @packages_props ||= T.let(fetch_file_if_present("Packages.props"), T.nilable(Dependabot::DependencyFile))
       end
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
       def imported_property_files
-        imported_property_files = []
+        imported_property_files = T.let([], T::Array[Dependabot::DependencyFile])
         files = [*project_files, *directory_build_files]
@@ -263,18 +309,24 @@ module Dependabot
         imported_property_files
       end
+      sig do
+        params(
+          file: Dependabot::DependencyFile,
+          previously_fetched_files: T::Array[Dependabot::DependencyFile]
+        )
+          .returns(T::Array[Dependabot::DependencyFile])
+      end
       def fetch_imported_property_files(file:, previously_fetched_files:)
         file_id = file.directory + "/" + file.name
-        @fetched_files ||= {}
         if @fetched_files[file_id]
-          @fetched_files[file_id]
+          T.must(@fetched_files[file_id])
         else
           paths =
             ImportPathsFinder.new(project_file: file).import_paths +
             ImportPathsFinder.new(project_file: file).project_reference_paths +
             ImportPathsFinder.new(project_file: file).project_file_paths
-          paths.flat_map do |path|
+          paths.filter_map do |path|
             next if previously_fetched_files.map(&:name).include?(path)
             next if file.name == path
             next if path.include?("$(")
@@ -290,7 +342,7 @@ module Dependabot
             # Don't worry about missing files too much for now (at least
             # until we start resolving properties)
             nil
-          end.compact
+          end.flatten
         end
       end
     end

data/lib/dependabot/nuget/file_parser/dotnet_tools_json_parser.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 require "json"
@@ -12,12 +12,17 @@ module Dependabot
   module Nuget
     class FileParser
       class DotNetToolsJsonParser
+        extend T::Sig
         require "dependabot/file_parsers/base/dependency_set"
+        sig { params(dotnet_tools_json: Dependabot::DependencyFile).void }
         def initialize(dotnet_tools_json:)
           @dotnet_tools_json = dotnet_tools_json
+          @parsed_dotnet_tools_json = T.let(nil, T.nilable(T::Hash[String, T.untyped]))
         end
+        sig { returns(Dependabot::FileParsers::Base::DependencySet) }
         def dependency_set
           dependency_set = Dependabot::FileParsers::Base::DependencySet.new
@@ -48,11 +53,14 @@ module Dependabot
         private
+        sig { returns(Dependabot::DependencyFile) }
         attr_reader :dotnet_tools_json
+        sig { returns(T::Hash[String, T.untyped]) }
         def parsed_dotnet_tools_json
           # Remove BOM if present as JSON should be UTF-8
-          @parsed_dotnet_tools_json ||= JSON.parse(dotnet_tools_json.content.delete_prefix("\uFEFF"))
+          content = T.must(dotnet_tools_json.content)
+          @parsed_dotnet_tools_json ||= JSON.parse(content.delete_prefix("\uFEFF"))
         rescue JSON::ParserError
           raise Dependabot::DependencyFileNotParseable, dotnet_tools_json.path
         end

data/lib/dependabot/nuget/file_parser/global_json_parser.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 require "json"
@@ -12,12 +12,17 @@ module Dependabot
   module Nuget
     class FileParser
       class GlobalJsonParser
+        extend T::Sig
         require "dependabot/file_parsers/base/dependency_set"
+        sig { params(global_json: Dependabot::DependencyFile).void }
         def initialize(global_json:)
           @global_json = global_json
+          @parsed_global_json = T.let(nil, T.nilable(T::Hash[String, T.untyped]))
         end
+        sig { returns(Dependabot::FileParsers::Base::DependencySet) }
         def dependency_set
           dependency_set = Dependabot::FileParsers::Base::DependencySet.new
@@ -45,11 +50,14 @@ module Dependabot
         private
+        sig { returns(Dependabot::DependencyFile) }
         attr_reader :global_json
+        sig { returns(T::Hash[String, T.untyped]) }
         def parsed_global_json
           # Remove BOM if present as JSON should be UTF-8
-          @parsed_global_json ||= JSON.parse(global_json.content.delete_prefix("\uFEFF"))
+          content = T.must(global_json.content)
+          @parsed_global_json ||= JSON.parse(content.delete_prefix("\uFEFF"))
         rescue JSON::ParserError
           raise Dependabot::DependencyFileNotParseable, global_json.path
         end

data/lib/dependabot/nuget/file_parser/packages_config_parser.rb CHANGED Viewed

@@ -1,4 +1,4 @@
-# typed: true
+# typed: strict
 # frozen_string_literal: true
 require "nokogiri"
@@ -13,18 +13,22 @@ module Dependabot
   module Nuget
     class FileParser
       class PackagesConfigParser
+        extend T::Sig
         require "dependabot/file_parsers/base/dependency_set"
         DEPENDENCY_SELECTOR = "packages > package"
+        sig { returns(T::Hash[String, Dependabot::FileParsers::Base::DependencySet]) }
         def self.dependency_set_cache
           CacheManager.cache("packages_config_dependency_set")
         end
+        sig { params(packages_config: Dependabot::DependencyFile).void }
         def initialize(packages_config:)
           @packages_config = packages_config
         end
+        sig { returns(Dependabot::FileParsers::Base::DependencySet) }
         def dependency_set
           key = "#{packages_config.name.downcase}::#{packages_config.content.hash}"
           cache = PackagesConfigParser.dependency_set_cache
@@ -34,8 +38,10 @@ module Dependabot
         private
+        sig { returns(Dependabot::DependencyFile) }
         attr_reader :packages_config
+        sig { returns(Dependabot::FileParsers::Base::DependencySet) }
         def parse_dependencies
           dependency_set = Dependabot::FileParsers::Base::DependencySet.new
@@ -44,7 +50,7 @@ module Dependabot
           doc.css(DEPENDENCY_SELECTOR).each do |dependency_node|
             dependency_set <<
               Dependency.new(
-                name: dependency_name(dependency_node),
+                name: T.must(dependency_name(dependency_node)),
                 version: dependency_version(dependency_node),
                 package_manager: "nuget",
                 requirements: [{
@@ -59,11 +65,13 @@ module Dependabot
           dependency_set
         end
+        sig { params(dependency_node: Nokogiri::XML::Node).returns(T.nilable(String)) }
         def dependency_name(dependency_node)
           dependency_node.attribute("id")&.value&.strip ||
             dependency_node.at_xpath("./id")&.content&.strip
         end
+        sig { params(dependency_node: Nokogiri::XML::Node).returns(T.nilable(String)) }
         def dependency_version(dependency_node)
           # Ranges and wildcards aren't allowed in a packages.config - the
           # specified requirement is always an exact version.
@@ -71,6 +79,7 @@ module Dependabot
             dependency_node.at_xpath("./version")&.content&.strip
         end
+        sig { params(dependency_node: Nokogiri::XML::Node).returns(String) }
         def dependency_type(dependency_node)
           val = dependency_node.attribute("developmentDependency")&.value&.strip ||
                 dependency_node.at_xpath("./developmentDependency")&.content&.strip