dependabot-nuget 0.258.0 → 0.259.0

data/helpers/lib/NuGetUpdater/global.json

@@ -0,0 +1,6 @@
+{
+  "sdk": {
+    "version": "8.0.300",
+    "rollForward": "latestMinor"
+  }
+}

data/lib/dependabot/nuget/file_parser.rb

@@ -16,20 +16,19 @@ module Dependabot
       extend T::Sig
 
       require "dependabot/file_parsers/base/dependency_set"
+      require_relative "cache_manager"
 
       sig { override.returns(T::Array[Dependabot::Dependency]) }
       def parse
-        workspace_path = project_files.first&.directory
-        return [] unless workspace_path
         return [] unless repo_contents_path
 
-        # `workspace_path` is the only unique value here so we use it as the cache key
         cache = T.let(CacheManager.cache("file_parser.parse"), T::Hash[String, T::Array[Dependabot::Dependency]])
-        key = workspace_path
+        # key the cache on the dependency files, excluding the content
+        key = dependency_files.map { |d| d.to_h.except("content") }.to_s
         cache[key] ||= begin
           # run discovery for the repo
           NativeHelpers.run_nuget_discover_tool(repo_root: T.must(repo_contents_path),
-                                                workspace_path: workspace_path,
+                                                workspace_path: source&.directory || "/",
                                                 output_path: DiscoveryJsonReader.discovery_file_path,
                                                 credentials: credentials)
           discovered_dependencies.dependencies

data/lib/dependabot/nuget/file_updater.rb

@@ -202,7 +202,7 @@ module Dependabot
 
       sig { returns(T::Array[Dependabot::DependencyFile]) }
       def project_files
-        dependency_files.select { |df| df.name.match?(/\.([a-z]{2})?proj$/) }
+        dependency_files.select { |df| df.name.match?(/\.(cs|vb|fs)proj$/) }
       end
 
       sig { returns(T::Array[Dependabot::DependencyFile]) }

data/lib/dependabot/nuget/update_checker/dependency_finder.rb

@@ -37,13 +37,15 @@ module Dependabot
           params(
             dependency: Dependabot::Dependency,
             dependency_files: T::Array[Dependabot::DependencyFile],
+            ignored_versions: T::Array[String],
             credentials: T::Array[Dependabot::Credential],
             repo_contents_path: T.nilable(String)
           ).void
         end
-        def initialize(dependency:, dependency_files:, credentials:, repo_contents_path:)
+        def initialize(dependency:, dependency_files:, ignored_versions:, credentials:, repo_contents_path:)
           @dependency             = dependency
           @dependency_files       = dependency_files
+          @ignored_versions       = ignored_versions
           @credentials            = credentials
           @repo_contents_path     = repo_contents_path
         end
@@ -127,6 +129,9 @@ module Dependabot
         sig { returns(T::Array[Dependabot::DependencyFile]) }
         attr_reader :dependency_files
 
+        sig { returns(T::Array[String]) }
+        attr_reader :ignored_versions
+
         sig { returns(T::Array[Dependabot::Credential]) }
         attr_reader :credentials
 
@@ -280,7 +285,7 @@ module Dependabot
             dependency: dep,
             dependency_files: dependency_files,
             credentials: credentials,
-            ignored_versions: [],
+            ignored_versions: ignored_versions,
             raise_on_ignored: false,
             security_advisories: [],
             repo_contents_path: repo_contents_path

data/lib/dependabot/nuget/update_checker/property_updater.rb

@@ -134,6 +134,7 @@ module Dependabot
           DependencyFinder.new(
             dependency: dependency,
             dependency_files: dependency_files,
+            ignored_versions: ignored_versions,
             credentials: credentials,
             repo_contents_path: repo_contents_path
           ).updated_peer_dependencies.each do |peer_dependency|

data/lib/dependabot/nuget/update_checker/version_finder.rb

@@ -187,12 +187,11 @@ module Dependabot
         end
         def filter_ignored_versions(possible_versions)
           filtered = possible_versions
-
           ignored_versions.each do |req|
-            ignore_req = requirement_class.new(parse_requirement_string(req))
+            ignore_reqs = parse_requirement_string(req).map { |r| requirement_class.new(r) }
             filtered =
               filtered
-              .reject { |v| ignore_req.satisfied_by?(v.fetch(:version)) }
+              .reject { |v| ignore_reqs.any? { |r| r.satisfied_by?(v.fetch(:version)) } }
           end
 
           if @raise_on_ignored && filter_lower_versions(filtered).empty? &&

data/lib/dependabot/nuget/update_checker.rb

@@ -125,6 +125,7 @@ module Dependabot
         updated_dependencies += DependencyFinder.new(
           dependency: updated_dependency,
           dependency_files: dependency_files,
+          ignored_versions: ignored_versions,
           credentials: credentials,
           repo_contents_path: @repo_contents_path
         ).updated_peer_dependencies

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-nuget
 version: !ruby/object:Gem::Version
-  version: 0.258.0
+  version: 0.259.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-05-16 00:00:00.000000000 Z
+date: 2024-05-30 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.258.0
+        version: 0.259.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.258.0
+        version: 0.259.0
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
@@ -303,6 +303,7 @@ files:
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.DotNetToolsJson.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.GlobalJson.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.PackagesConfig.cs
+- helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.Proj.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.Project.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/ExpectedDiscoveryResults.cs
@@ -313,6 +314,7 @@ files:
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/FrameworkChecker/CompatibilityCheckerFacts.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/FrameworkChecker/FrameworkCompatibilityServiceFacts.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/FrameworkChecker/SupportedFrameworkFacts.cs
+- helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/MockNuGetPackage.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/NuGetUpdater.Core.Test.csproj
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TemporaryDirectory.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TestBase.cs
@@ -380,6 +382,7 @@ files:
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/ProcessExtensions.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/XmlExtensions.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.sln
+- helpers/lib/NuGetUpdater/global.json
 - helpers/lib/NuGetUpdater/xunit.runner.json
 - lib/dependabot/nuget.rb
 - lib/dependabot/nuget/cache_manager.rb
@@ -419,7 +422,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.258.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.259.0
 post_install_message: 
 rdoc_options: []
 require_paths: