RubyGems - dependabot-nuget - Versions diffs - 0.262.0 → 0.264.0 - Mend

dependabot-nuget 0.262.0 → 0.264.0

Files changed (77) hide show

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTestBase.cs CHANGED Viewed

@@ -246,12 +246,13 @@ public abstract class UpdateWorkerTestBase : TestBase
             }
             // ensure only the test feed is used
+            string relativeLocalFeedPath = Path.GetRelativePath(temporaryDirectory, localFeedPath);
             await File.WriteAllTextAsync(Path.Join(temporaryDirectory, "NuGet.Config"), $"""
                 <?xml version="1.0" encoding="utf-8"?>
                 <configuration>
                   <packageSources>
                     <clear />
-                    <add key="local-feed" value="{localFeedPath}" />
+                    <add key="local-feed" value="{relativeLocalFeedPath}" />
                   </packageSources>
                 </configuration>
                 """

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs CHANGED Viewed

@@ -383,7 +383,7 @@ public class MSBuildHelperTests : TestBase
     }
     [Fact]
-    public async Task AllPackageDependenciesCanBeFoundWithNuGetConfig()
+    public async Task LocalPackageSourcesAreHonored()
     {
         var nugetPackagesDirectory = Environment.GetEnvironmentVariable("NUGET_PACKAGES");
         var nugetHttpCacheDirectory = Environment.GetEnvironmentVariable("NUGET_HTTP_CACHE_PATH");
@@ -399,20 +399,21 @@ public class MSBuildHelperTests : TestBase
             Environment.SetEnvironmentVariable("NUGET_HTTP_CACHE_PATH", tempNuGetHttpCacheDirectory);
             // create two local package sources with different packages available in each
-            string localSource1 = Path.Combine(temp.DirectoryPath, "localSource1");
+            string localSource1 = Path.Combine(temp.DirectoryPath, "local", "source1");
             Directory.CreateDirectory(localSource1);
-            string localSource2 = Path.Combine(temp.DirectoryPath, "localSource2");
+            string localSource2 = Path.Combine(temp.DirectoryPath, "local", "source2");
             Directory.CreateDirectory(localSource2);
-            // `Package.A` will only live in `localSource1` and will have a dependency on `Package.B` which is only
-            // available in `localSource2`
+            // `Package.A` will only live in `local\source1` and uses Windows-style directory separators and will have
+            // a dependency on `Package.B` which is only available in `local/source2` and uses Unix-style directory
+            // separators.
             MockNuGetPackage.CreateSimplePackage("Package.A", "1.0.0", "net8.0", [(null, [("Package.B", "2.0.0")])]).WriteToDirectory(localSource1);
             MockNuGetPackage.CreateSimplePackage("Package.B", "2.0.0", "net8.0").WriteToDirectory(localSource2);
             await File.WriteAllTextAsync(Path.Join(temp.DirectoryPath, "NuGet.Config"), """
                 <configuration>
                   <packageSources>
-                    <add key="localSource1" value="./localSource1" />
-                    <add key="localSource2" value="./localSource2" />
+                    <add key="localSource1" value="local\source1" />
+                    <add key="localSource2" value="local/source2" />
                   </packageSources>
                 </configuration>
                 """);

data/lib/dependabot/nuget/analysis/analysis_json_reader.rb ADDED Viewed

@@ -0,0 +1,63 @@
+# typed: strong
+# frozen_string_literal: true
+require "dependabot/dependency"
+require "dependabot/nuget/analysis/dependency_analysis"
+require "dependabot/nuget/native_discovery/native_discovery_json_reader"
+require "json"
+require "sorbet-runtime"
+module Dependabot
+  module Nuget
+    class AnalysisJsonReader
+      extend T::Sig
+      sig { returns(String) }
+      def self.temp_directory
+        File.join(NativeDiscoveryJsonReader.temp_directory, "analysis")
+      end
+      sig { params(dependency_name: String).returns(String) }
+      def self.analysis_file_path(dependency_name:)
+        File.join(temp_directory, "#{dependency_name}.json")
+      end
+      sig { params(dependency_name: String).returns(T.nilable(DependencyFile)) }
+      def self.analysis_json(dependency_name:)
+        file_path = analysis_file_path(dependency_name: dependency_name)
+        return unless File.exist?(file_path)
+        DependencyFile.new(
+          name: Pathname.new(file_path).cleanpath.to_path,
+          directory: temp_directory,
+          type: "file",
+          content: File.read(file_path)
+        )
+      end
+      sig { params(analysis_json: DependencyFile).void }
+      def initialize(analysis_json:)
+        @analysis_json = analysis_json
+      end
+      sig { returns(DependencyAnalysis) }
+      def dependency_analysis
+        @dependency_analysis ||= T.let(begin
+          raise Dependabot::DependencyFileNotParseable, analysis_json.path unless analysis_json.content
+          Dependabot.logger.info("#{File.basename(analysis_json.path)} analysis content: #{analysis_json.content}")
+          parsed_json = T.let(JSON.parse(T.must(analysis_json.content)), T::Hash[String, T.untyped])
+          DependencyAnalysis.from_json(parsed_json)
+        end, T.nilable(DependencyAnalysis))
+      rescue JSON::ParserError
+        raise Dependabot::DependencyFileNotParseable, analysis_json.path
+      end
+      private
+      sig { returns(DependencyFile) }
+      attr_reader :analysis_json
+    end
+  end
+end

data/lib/dependabot/nuget/analysis/dependency_analysis.rb ADDED Viewed

@@ -0,0 +1,63 @@
+# typed: strong
+# frozen_string_literal: true
+require "dependabot/nuget/version"
+require "sorbet-runtime"
+module Dependabot
+  module Nuget
+    class DependencyAnalysis
+      extend T::Sig
+      sig { params(json: T::Hash[String, T.untyped]).returns(DependencyAnalysis) }
+      def self.from_json(json)
+        updated_version = T.let(json.fetch("UpdatedVersion"), String)
+        can_update = T.let(json.fetch("CanUpdate"), T::Boolean)
+        version_comes_from_multi_dependency_property = T.let(json.fetch("VersionComesFromMultiDependencyProperty"),
+                                                             T::Boolean)
+        updated_dependencies = T.let(json.fetch("UpdatedDependencies"),
+                                     T::Array[T::Hash[String, T.untyped]]).map do |dep|
+          NativeDependencyDetails.from_json(dep)
+        end
+        DependencyAnalysis.new(
+          updated_version: updated_version,
+          can_update: can_update,
+          version_comes_from_multi_dependency_property: version_comes_from_multi_dependency_property,
+          updated_dependencies: updated_dependencies
+        )
+      end
+      sig do
+        params(updated_version: String,
+               can_update: T::Boolean,
+               version_comes_from_multi_dependency_property: T::Boolean,
+               updated_dependencies: T::Array[NativeDependencyDetails]).void
+      end
+      def initialize(updated_version:, can_update:, version_comes_from_multi_dependency_property:,
+                     updated_dependencies:)
+        @updated_version = updated_version
+        @can_update = can_update
+        @version_comes_from_multi_dependency_property = version_comes_from_multi_dependency_property
+        @updated_dependencies = updated_dependencies
+      end
+      sig { returns(String) }
+      attr_reader :updated_version
+      sig { returns(T::Boolean) }
+      attr_reader :can_update
+      sig { returns(T::Boolean) }
+      attr_reader :version_comes_from_multi_dependency_property
+      sig { returns(T::Array[NativeDependencyDetails]) }
+      attr_reader :updated_dependencies
+      sig { returns(Dependabot::Nuget::Version) }
+      def numeric_updated_version
+        @numeric_updated_version ||= T.let(Version.new(updated_version), T.nilable(Dependabot::Nuget::Version))
+      end
+    end
+  end
+end

data/lib/dependabot/nuget/file_fetcher.rb CHANGED Viewed

@@ -34,12 +34,13 @@ module Dependabot
       end
       sig do
-        params(
-          source: Dependabot::Source,
-          credentials: T::Array[Credential],
-          repo_contents_path: T.nilable(String),
-          options: T::Hash[String, String]
-        ).void
+        override
+          .params(
+            source: Dependabot::Source,
+            credentials: T::Array[Credential],
+            repo_contents_path: T.nilable(String),
+            options: T::Hash[String, String]
+          ).void
       end
       def initialize(source:, credentials:, repo_contents_path: nil, options: {})
         super(source: source, credentials: credentials, repo_contents_path: repo_contents_path, options: options)

data/lib/dependabot/nuget/file_parser.rb CHANGED Viewed

@@ -4,7 +4,7 @@
 require "dependabot/dependency"
 require "dependabot/file_parsers"
 require "dependabot/file_parsers/base"
-require "dependabot/nuget/discovery/discovery_json_reader"
+require "dependabot/nuget/native_discovery/native_discovery_json_reader"
 require "dependabot/nuget/native_helpers"
 require "sorbet-runtime"
@@ -18,39 +18,46 @@ module Dependabot
       require "dependabot/file_parsers/base/dependency_set"
       require_relative "cache_manager"
+      sig { returns(T::Hash[String, T::Array[Dependabot::Dependency]]) }
+      def self.file_dependency_cache
+        T.let(CacheManager.cache("file_parser.parse"), T::Hash[String, T::Array[Dependabot::Dependency]])
+      end
       sig { override.returns(T::Array[Dependabot::Dependency]) }
       def parse
         return [] unless repo_contents_path
-        cache = T.let(CacheManager.cache("file_parser.parse"), T::Hash[String, T::Array[Dependabot::Dependency]])
-        # key the cache on the dependency files, excluding the content
-        key = dependency_files.map { |d| d.to_h.except("content") }.to_s
-        cache[key] ||= begin
+        key = NativeDiscoveryJsonReader.create_cache_key(dependency_files)
+        workspace_path = source&.directory || "/"
+        self.class.file_dependency_cache[key] ||= begin
           # run discovery for the repo
+          discovery_json_path = NativeDiscoveryJsonReader.create_discovery_file_path_from_dependency_files(
+            dependency_files
+          )
           NativeHelpers.run_nuget_discover_tool(repo_root: T.must(repo_contents_path),
-                                                workspace_path: source&.directory || "/",
-                                                output_path: DiscoveryJsonReader.discovery_file_path,
+                                                workspace_path: workspace_path,
+                                                output_path: discovery_json_path,
                                                 credentials: credentials)
-          discovered_dependencies.dependencies
-        end
-        T.must(cache[key])
-      end
+          discovery_json = NativeDiscoveryJsonReader.discovery_json_from_path(discovery_json_path)
+          return [] unless discovery_json
-      private
+          Dependabot.logger.info("Discovery JSON content: #{discovery_json.content}")
+          discovery_json_reader = NativeDiscoveryJsonReader.new(
+            discovery_json: discovery_json
+          )
-      sig { returns(Dependabot::FileParsers::Base::DependencySet) }
-      def discovered_dependencies
-        discovery_json = DiscoveryJsonReader.discovery_json
-        return DependencySet.new unless discovery_json
-        Dependabot.logger.info("Discovery JSON content: #{discovery_json.content}")
+          # cache discovery results
+          NativeDiscoveryJsonReader.set_discovery_from_dependency_files(dependency_files: dependency_files,
+                                                                        discovery: discovery_json_reader)
+          discovery_json_reader.dependency_set.dependencies
+        end
-        DiscoveryJsonReader.new(
-          discovery_json: discovery_json
-        ).dependency_set
+        T.must(self.class.file_dependency_cache[key])
       end
+      private
       sig { returns(T::Array[Dependabot::DependencyFile]) }
       def proj_files
         projfile = /\.proj$/

data/lib/dependabot/nuget/file_updater.rb CHANGED Viewed

@@ -4,9 +4,9 @@
 require "dependabot/dependency_file"
 require "dependabot/file_updaters"
 require "dependabot/file_updaters/base"
-require "dependabot/nuget/discovery/dependency_details"
-require "dependabot/nuget/discovery/discovery_json_reader"
-require "dependabot/nuget/discovery/workspace_discovery"
+require "dependabot/nuget/native_discovery/native_dependency_details"
+require "dependabot/nuget/native_discovery/native_discovery_json_reader"
+require "dependabot/nuget/native_discovery/native_workspace_discovery"
 require "dependabot/nuget/native_helpers"
 require "dependabot/shared_helpers"
 require "sorbet-runtime"
@@ -31,7 +31,7 @@ module Dependabot
       sig { override.returns(T::Array[Dependabot::DependencyFile]) }
       def updated_dependency_files
-        base_dir = T.must(dependency_files.first).directory
+        base_dir = "/"
         SharedHelpers.in_a_temporary_repo_directory(base_dir, repo_contents_path) do
           dependencies.each do |dependency|
             try_update_projects(dependency) || try_update_json(dependency)
@@ -111,7 +111,7 @@ module Dependabot
         # Ideally we should find a way to not run this code in prod
         # (or a better way to track calls made to NativeHelpers)
         @update_tooling_calls ||= T.let({}, T.nilable(T::Hash[String, Integer]))
-        key = proj_path + dependency.name
+        key = "#{proj_path.delete_prefix(T.must(repo_contents_path))}+#{dependency.name}"
         @update_tooling_calls[key] =
           if @update_tooling_calls[key]
             T.must(@update_tooling_calls[key]) + 1
@@ -126,18 +126,10 @@ module Dependabot
         @update_tooling_calls
       end
-      sig { returns(T.nilable(WorkspaceDiscovery)) }
+      sig { returns(T.nilable(NativeWorkspaceDiscovery)) }
       def workspace
-        @workspace ||= T.let(begin
-          discovery_json = DiscoveryJsonReader.discovery_json
-          if discovery_json
-            workspace = DiscoveryJsonReader.new(
-              discovery_json: discovery_json
-            ).workspace_discovery
-          end
-          workspace
-        end, T.nilable(WorkspaceDiscovery))
+        discovery_json_reader = NativeDiscoveryJsonReader.get_discovery_from_dependency_files(dependency_files)
+        discovery_json_reader.workspace_discovery
       end
       sig { params(project_file: Dependabot::DependencyFile).returns(T::Array[String]) }
@@ -145,17 +137,20 @@ module Dependabot
         workspace&.projects&.find { |p| p.file_path == project_file.name }&.referenced_project_paths || []
       end
-      sig { params(project_file: Dependabot::DependencyFile).returns(T::Array[DependencyDetails]) }
+      sig { params(project_file: Dependabot::DependencyFile).returns(T::Array[NativeDependencyDetails]) }
       def project_dependencies(project_file)
-        workspace&.projects&.find { |p| p.file_path == project_file.name }&.dependencies || []
+        workspace&.projects&.find do |p|
+          full_project_file_path = File.join(project_file.directory, project_file.name)
+          p.file_path == full_project_file_path
+        end&.dependencies || []
       end
-      sig { returns(T::Array[DependencyDetails]) }
+      sig { returns(T::Array[NativeDependencyDetails]) }
       def global_json_dependencies
         workspace&.global_json&.dependencies || []
       end
-      sig { returns(T::Array[DependencyDetails]) }
+      sig { returns(T::Array[NativeDependencyDetails]) }
       def dotnet_tools_json_dependencies
         workspace&.dotnet_tools_json&.dependencies || []
       end
@@ -164,13 +159,15 @@ module Dependabot
       sig { params(dependency_file: Dependabot::DependencyFile, updated_content: String).returns(String) }
       def normalize_content(dependency_file, updated_content)
         # Fix up line endings
-        if dependency_file.content&.include?("\r\n") && updated_content.match?(/(?<!\r)\n/)
+        if dependency_file.content&.include?("\r\n")
           # The original content contain windows style newlines.
-          # Ensure the updated content also uses windows style newlines.
-          updated_content = updated_content.gsub(/(?<!\r)\n/, "\r\n")
-          puts "Fixing mismatched Windows line endings for [#{dependency_file.name}]."
+          if updated_content.match?(/(?<!\r)\n/)
+            # Ensure the updated content also uses windows style newlines.
+            updated_content = updated_content.gsub(/(?<!\r)\n/, "\r\n")
+            puts "Fixing mismatched Windows line endings for [#{dependency_file.name}]."
+          end
         elsif updated_content.include?("\r\n")
-          # The original content does not contain windows style newlines.
+          # The original content does not contain windows style newlines, but the updated content does.
           # Ensure the updated content uses unix style newlines.
           updated_content = updated_content.gsub("\r\n", "\n")
           puts "Fixing mismatched Unix line endings for [#{dependency_file.name}]."

data/lib/dependabot/nuget/metadata_finder.rb CHANGED Viewed

@@ -12,148 +12,16 @@ module Dependabot
     class MetadataFinder < Dependabot::MetadataFinders::Base
       extend T::Sig
-      sig do
-        override
-          .params(
-            dependency: Dependabot::Dependency,
-            credentials: T::Array[Dependabot::Credential]
-          )
-          .void
-      end
-      def initialize(dependency:, credentials:)
-        @dependency_nuspec_file = T.let(nil, T.nilable(Nokogiri::XML::Document))
-        super
-      end
       private
       sig { override.returns(T.nilable(Dependabot::Source)) }
       def look_up_source
-        return Source.from_url(dependency_source_url) if dependency_source_url
-        if dependency_nuspec_file
-          src_repo = look_up_source_in_nuspec(T.must(dependency_nuspec_file))
-          return src_repo if src_repo
-        end
-        # Fallback to getting source from the search result's projectUrl or licenseUrl.
-        # GitHub Packages doesn't support getting the `.nuspec`, switch to getting
-        # that instead once it is supported.
-        src_repo_from_project
-      rescue StandardError
-        # At this point in the process the PR is ready to be posted, we tried to gather commit
-        # and release notes, but have encountered an exception. So let's eat it since it's
-        # better to have a PR with no info than error out.
-        nil
-      end
-      sig { returns(T.nilable(Dependabot::Source)) }
-      def src_repo_from_project
-        source = dependency.requirements.find { |r| r.fetch(:source) }&.fetch(:source)
-        return unless source
-        # Query the service index e.g. https://nuget.pkg.github.com/ORG/index.json
-        response = Dependabot::RegistryClient.get(
-          url: source.fetch(:url),
-          headers: { **auth_header, "Accept" => "application/json" }
-        )
-        return unless response.status == 200
+        source_url = dependency_source_url
+        return Source.from_url(source_url) if source_url
-        # Extract the query url e.g. https://nuget.pkg.github.com/ORG/query
-        search_base = extract_search_url(response.body)
-        return unless search_base
-        response = Dependabot::RegistryClient.get(
-          url: search_base + "?q=#{dependency.name.downcase}&prerelease=true&semVerLevel=2.0.0",
-          headers: { **auth_header, "Accept" => "application/json" }
-        )
-        return unless response.status == 200
-        # Find a projectUrl or licenseUrl that look like a source URL
-        extract_source_repo(response.body)
-      rescue JSON::ParserError
-        # Ignored, this is expected for some registries that don't handle these request.
-      end
-      sig { params(body: String).returns(T.nilable(String)) }
-      def extract_search_url(body)
-        JSON.parse(body)
-            .fetch("resources", [])
-            .find { |r| r.fetch("@type") == "SearchQueryService" }
-            &.fetch("@id")
-      end
-      sig { params(body: String).returns(T.nilable(Dependabot::Source)) }
-      def extract_source_repo(body)
-        JSON.parse(body).fetch("data", []).each do |search_result|
-          next unless search_result["id"].casecmp(dependency.name).zero?
-          if search_result.key?("projectUrl")
-            source = Source.from_url(search_result.fetch("projectUrl"))
-            return source if source
-          end
-          if search_result.key?("licenseUrl")
-            source = Source.from_url(search_result.fetch("licenseUrl"))
-            return source if source
-          end
-        end
-        # failed to find a source URL
         nil
       end
-      sig { params(nuspec: Nokogiri::XML::Document).returns(T.nilable(Dependabot::Source)) }
-      def look_up_source_in_nuspec(nuspec)
-        potential_source_urls = [
-          nuspec.at_css("package > metadata > repository")
-                &.attribute("url")&.value,
-          nuspec.at_css("package > metadata > repository > url")&.content,
-          nuspec.at_css("package > metadata > projectUrl")&.content,
-          nuspec.at_css("package > metadata > licenseUrl")&.content
-        ].compact
-        source_url = potential_source_urls.find { |url| Source.from_url(url) }
-        source_url ||= source_from_anywhere_in_nuspec(nuspec)
-        Source.from_url(source_url)
-      end
-      sig { params(nuspec: Nokogiri::XML::Document).returns(T.nilable(String)) }
-      def source_from_anywhere_in_nuspec(nuspec)
-        github_urls = []
-        nuspec.to_s.force_encoding(Encoding::UTF_8)
-              .scan(Source::SOURCE_REGEX) do
-          github_urls << Regexp.last_match.to_s
-        end
-        github_urls.find do |url|
-          repo = T.must(Source.from_url(url)).repo
-          repo.downcase.end_with?(dependency.name.downcase)
-        end
-      end
-      sig { returns(T.nilable(Nokogiri::XML::Document)) }
-      def dependency_nuspec_file
-        return @dependency_nuspec_file unless @dependency_nuspec_file.nil?
-        return if dependency_nuspec_url.nil?
-        response = Dependabot::RegistryClient.get(
-          url: T.must(dependency_nuspec_url),
-          headers: auth_header
-        )
-        @dependency_nuspec_file = Nokogiri::XML(response.body)
-      end
-      sig { returns(T.nilable(String)) }
-      def dependency_nuspec_url
-        source = dependency.requirements
-                           .find { |r| r.fetch(:source) }&.fetch(:source)
-        source.fetch(:nuspec_url) if source&.key?(:nuspec_url)
-      end
       sig { returns(T.nilable(String)) }
       def dependency_source_url
         source = dependency.requirements
@@ -164,32 +32,6 @@ module Dependabot
         source.fetch("source_url")
       end
-      # rubocop:disable Metrics/PerceivedComplexity
-      sig { returns(T::Hash[String, String]) }
-      def auth_header
-        source = dependency.requirements
-                           .find { |r| r.fetch(:source) }&.fetch(:source)
-        url = source&.fetch(:url, nil) || source&.fetch("url")
-        token = credentials
-                .select { |cred| cred["type"] == "nuget_feed" }
-                .find { |cred| cred["url"] == url }
-                &.fetch("token", nil)
-        return {} unless token
-        if token.include?(":")
-          encoded_token = Base64.encode64(token).delete("\n")
-          { "Authorization" => "Basic #{encoded_token}" }
-        elsif Base64.decode64(token).ascii_only? &&
-              Base64.decode64(token).include?(":")
-          { "Authorization" => "Basic #{token.delete("\n")}" }
-        else
-          { "Authorization" => "Bearer #{token}" }
-        end
-      end
-      # rubocop:enable Metrics/PerceivedComplexity
     end
   end
 end

data/lib/dependabot/nuget/native_discovery/native_dependency_details.rb ADDED Viewed

@@ -0,0 +1,102 @@
+# typed: strong
+# frozen_string_literal: true
+require "dependabot/nuget/native_discovery/native_evaluation_details"
+require "sorbet-runtime"
+module Dependabot
+  module Nuget
+    class NativeDependencyDetails
+      extend T::Sig
+      sig { params(json: T::Hash[String, T.untyped]).returns(NativeDependencyDetails) }
+      def self.from_json(json)
+        name = T.let(json.fetch("Name"), String)
+        version = T.let(json.fetch("Version"), T.nilable(String))
+        type = T.let(json.fetch("Type"), String)
+        evaluation = NativeEvaluationDetails
+                     .from_json(T.let(json.fetch("EvaluationResult"), T.nilable(T::Hash[String, T.untyped])))
+        target_frameworks = T.let(json.fetch("TargetFrameworks"), T.nilable(T::Array[String]))
+        is_dev_dependency = T.let(json.fetch("IsDevDependency"), T::Boolean)
+        is_direct = T.let(json.fetch("IsDirect"), T::Boolean)
+        is_transitive = T.let(json.fetch("IsTransitive"), T::Boolean)
+        is_override = T.let(json.fetch("IsOverride"), T::Boolean)
+        is_update = T.let(json.fetch("IsUpdate"), T::Boolean)
+        info_url = T.let(json.fetch("InfoUrl"), T.nilable(String))
+        NativeDependencyDetails.new(name: name,
+                                    version: version,
+                                    type: type,
+                                    evaluation: evaluation,
+                                    target_frameworks: target_frameworks,
+                                    is_dev_dependency: is_dev_dependency,
+                                    is_direct: is_direct,
+                                    is_transitive: is_transitive,
+                                    is_override: is_override,
+                                    is_update: is_update,
+                                    info_url: info_url)
+      end
+      sig do
+        params(name: String,
+               version: T.nilable(String),
+               type: String,
+               evaluation: T.nilable(NativeEvaluationDetails),
+               target_frameworks: T.nilable(T::Array[String]),
+               is_dev_dependency: T::Boolean,
+               is_direct: T::Boolean,
+               is_transitive: T::Boolean,
+               is_override: T::Boolean,
+               is_update: T::Boolean,
+               info_url: T.nilable(String)).void
+      end
+      def initialize(name:, version:, type:, evaluation:, target_frameworks:, is_dev_dependency:, is_direct:,
+                     is_transitive:, is_override:, is_update:, info_url:)
+        @name = name
+        @version = version
+        @type = type
+        @evaluation = evaluation
+        @target_frameworks = target_frameworks
+        @is_dev_dependency = is_dev_dependency
+        @is_direct = is_direct
+        @is_transitive = is_transitive
+        @is_override = is_override
+        @is_update = is_update
+        @info_url = info_url
+      end
+      sig { returns(String) }
+      attr_reader :name
+      sig { returns(T.nilable(String)) }
+      attr_reader :version
+      sig { returns(String) }
+      attr_reader :type
+      sig { returns(T.nilable(NativeEvaluationDetails)) }
+      attr_reader :evaluation
+      sig { returns(T.nilable(T::Array[String])) }
+      attr_reader :target_frameworks
+      sig { returns(T::Boolean) }
+      attr_reader :is_dev_dependency
+      sig { returns(T::Boolean) }
+      attr_reader :is_direct
+      sig { returns(T::Boolean) }
+      attr_reader :is_transitive
+      sig { returns(T::Boolean) }
+      attr_reader :is_override
+      sig { returns(T::Boolean) }
+      attr_reader :is_update
+      sig { returns(T.nilable(String)) }
+      attr_reader :info_url
+    end
+  end
+end