dependabot-nuget 0.267.0 → 0.270.0

data/lib/dependabot/nuget/file_updater.rb

@@ -16,19 +16,49 @@ module Dependabot
     class FileUpdater < Dependabot::FileUpdaters::Base
       extend T::Sig
 
-      sig { override.returns(T::Array[Regexp]) }
-      def self.updated_files_regex
-        [
-          %r{^[^/]*\.([a-z]{2})?proj$},
-          /^packages\.config$/i,
-          /^app\.config$/i,
-          /^web\.config$/i,
-          /^global\.json$/i,
-          /^dotnet-tools\.json$/i,
-          /^Directory\.Build\.props$/i,
-          /^Directory\.Build\.targets$/i,
-          /^Packages\.props$/i
-        ]
+      sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) }
+      def self.updated_files_regex(allowlist_enabled = false)
+        if allowlist_enabled
+          [
+            /^.*\.([a-z]{2})?proj$/,
+            /^packages\.config$/i,
+            /^app\.config$/i,
+            /^web\.config$/i,
+            /^global\.json$/i,
+            /^dotnet-tools\.json$/i,
+            /^Directory\.Build\.props$/i,
+            /^Directory\.Build\.targets$/i,
+            /^Packages\.props$/i
+          ]
+        else
+          # Old regex. After 100% rollout of the allowlist, this will be removed.
+          [
+            %r{^[^/]*\.([a-z]{2})?proj$},
+            /^.*\.([a-z]{2})?proj$/,
+            /^packages\.config$/i,
+            /^app\.config$/i,
+            /^web\.config$/i,
+            /^global\.json$/i,
+            /^dotnet-tools\.json$/i,
+            /^Directory\.Build\.props$/i,
+            /^Directory\.Build\.targets$/i,
+            /^Packages\.props$/i
+          ]
+        end
+      end
+
+      sig { params(original_content: T.nilable(String), updated_content: String).returns(T::Boolean) }
+      def self.differs_in_more_than_blank_lines?(original_content, updated_content)
+        # Compare the line counts of the original and updated content, but ignore lines only containing white-space.
+        # This prevents false positives when there are trailing empty lines in the original content, for example.
+        original_lines = (original_content&.lines || []).map(&:strip).reject(&:empty?)
+        updated_lines = updated_content.lines.map(&:strip).reject(&:empty?)
+
+        # if the line count differs, then something changed
+        return true unless original_lines.count == updated_lines.count
+
+        # check each line pair, ignoring blanks (filtered above)
+        original_lines.zip(updated_lines).any? { |pair| pair[0] != pair[1] }
       end
 
       sig { override.returns(T::Array[Dependabot::DependencyFile]) }
@@ -45,7 +75,7 @@ module Dependabot
             normalized_content = normalize_content(f, updated_content)
             next if normalized_content == f.content
 
-            next if only_deleted_lines?(f.content, normalized_content)
+            next unless FileUpdater.differs_in_more_than_blank_lines?(f.content, normalized_content)
 
             puts "The contents of file [#{f.name}] were updated."
 
@@ -217,14 +247,6 @@ module Dependabot
 
         raise "No project file or packages.config!"
       end
-
-      sig { params(original_content: T.nilable(String), updated_content: String).returns(T::Boolean) }
-      def only_deleted_lines?(original_content, updated_content)
-        original_lines = original_content&.lines || []
-        updated_lines = updated_content.lines
-
-        original_lines.count > updated_lines.count
-      end
     end
   end
 end

data/lib/dependabot/nuget/native_helpers.rb

@@ -242,7 +242,12 @@ module Dependabot
         puts "running NuGet updater:\n" + command
 
         NuGetConfigCredentialHelpers.patch_nuget_config_for_action(credentials) do
-          output = SharedHelpers.run_shell_command(command, allow_unsafe_shell_command: true, fingerprint: fingerprint)
+          env = {}
+          env["UseNewNugetPackageResolver"] = "true" if Dependabot::Experiments.enabled?(:nuget_dependency_solver)
+          output = SharedHelpers.run_shell_command(command,
+                                                   allow_unsafe_shell_command: true,
+                                                   fingerprint: fingerprint,
+                                                   env: env)
           puts output
 
           result_contents = File.read(update_result_file_path)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-nuget
 version: !ruby/object:Gem::Version
-  version: 0.267.0
+  version: 0.270.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-07-25 00:00:00.000000000 Z
+date: 2024-08-15 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.267.0
+        version: 0.270.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.267.0
+        version: 0.270.0
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
@@ -326,6 +326,7 @@ files:
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/MockNuGetPackage.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/NuGetUpdater.Core.Test.csproj
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TemporaryDirectory.cs
+- helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TemporaryEnvironment.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TestBase.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TestExtensions.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TestHttpServer.cs
@@ -399,6 +400,7 @@ files:
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/UpdaterWorker.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/WebApplicationTargetsConditionPatcher.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/XmlFilePreAndPostProcessor.cs
+- helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/DependencyConflictResolver.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/HashSetExtensions.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/ImmutableArrayExtensions.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/JsonHelper.cs
@@ -461,7 +463,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.267.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.270.0
 post_install_message: 
 rdoc_options: []
 require_paths: