dependabot-nuget 0.267.0 → 0.270.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
@@ -16,19 +16,49 @@ module Dependabot
16
16
  class FileUpdater < Dependabot::FileUpdaters::Base
17
17
  extend T::Sig
18
18
 
19
- sig { override.returns(T::Array[Regexp]) }
20
- def self.updated_files_regex
21
- [
22
- %r{^[^/]*\.([a-z]{2})?proj$},
23
- /^packages\.config$/i,
24
- /^app\.config$/i,
25
- /^web\.config$/i,
26
- /^global\.json$/i,
27
- /^dotnet-tools\.json$/i,
28
- /^Directory\.Build\.props$/i,
29
- /^Directory\.Build\.targets$/i,
30
- /^Packages\.props$/i
31
- ]
19
+ sig { override.params(allowlist_enabled: T::Boolean).returns(T::Array[Regexp]) }
20
+ def self.updated_files_regex(allowlist_enabled = false)
21
+ if allowlist_enabled
22
+ [
23
+ /^.*\.([a-z]{2})?proj$/,
24
+ /^packages\.config$/i,
25
+ /^app\.config$/i,
26
+ /^web\.config$/i,
27
+ /^global\.json$/i,
28
+ /^dotnet-tools\.json$/i,
29
+ /^Directory\.Build\.props$/i,
30
+ /^Directory\.Build\.targets$/i,
31
+ /^Packages\.props$/i
32
+ ]
33
+ else
34
+ # Old regex. After 100% rollout of the allowlist, this will be removed.
35
+ [
36
+ %r{^[^/]*\.([a-z]{2})?proj$},
37
+ /^.*\.([a-z]{2})?proj$/,
38
+ /^packages\.config$/i,
39
+ /^app\.config$/i,
40
+ /^web\.config$/i,
41
+ /^global\.json$/i,
42
+ /^dotnet-tools\.json$/i,
43
+ /^Directory\.Build\.props$/i,
44
+ /^Directory\.Build\.targets$/i,
45
+ /^Packages\.props$/i
46
+ ]
47
+ end
48
+ end
49
+
50
+ sig { params(original_content: T.nilable(String), updated_content: String).returns(T::Boolean) }
51
+ def self.differs_in_more_than_blank_lines?(original_content, updated_content)
52
+ # Compare the line counts of the original and updated content, but ignore lines only containing white-space.
53
+ # This prevents false positives when there are trailing empty lines in the original content, for example.
54
+ original_lines = (original_content&.lines || []).map(&:strip).reject(&:empty?)
55
+ updated_lines = updated_content.lines.map(&:strip).reject(&:empty?)
56
+
57
+ # if the line count differs, then something changed
58
+ return true unless original_lines.count == updated_lines.count
59
+
60
+ # check each line pair, ignoring blanks (filtered above)
61
+ original_lines.zip(updated_lines).any? { |pair| pair[0] != pair[1] }
32
62
  end
33
63
 
34
64
  sig { override.returns(T::Array[Dependabot::DependencyFile]) }
@@ -45,7 +75,7 @@ module Dependabot
45
75
  normalized_content = normalize_content(f, updated_content)
46
76
  next if normalized_content == f.content
47
77
 
48
- next if only_deleted_lines?(f.content, normalized_content)
78
+ next unless FileUpdater.differs_in_more_than_blank_lines?(f.content, normalized_content)
49
79
 
50
80
  puts "The contents of file [#{f.name}] were updated."
51
81
 
@@ -217,14 +247,6 @@ module Dependabot
217
247
 
218
248
  raise "No project file or packages.config!"
219
249
  end
220
-
221
- sig { params(original_content: T.nilable(String), updated_content: String).returns(T::Boolean) }
222
- def only_deleted_lines?(original_content, updated_content)
223
- original_lines = original_content&.lines || []
224
- updated_lines = updated_content.lines
225
-
226
- original_lines.count > updated_lines.count
227
- end
228
250
  end
229
251
  end
230
252
  end
@@ -242,7 +242,12 @@ module Dependabot
242
242
  puts "running NuGet updater:\n" + command
243
243
 
244
244
  NuGetConfigCredentialHelpers.patch_nuget_config_for_action(credentials) do
245
- output = SharedHelpers.run_shell_command(command, allow_unsafe_shell_command: true, fingerprint: fingerprint)
245
+ env = {}
246
+ env["UseNewNugetPackageResolver"] = "true" if Dependabot::Experiments.enabled?(:nuget_dependency_solver)
247
+ output = SharedHelpers.run_shell_command(command,
248
+ allow_unsafe_shell_command: true,
249
+ fingerprint: fingerprint,
250
+ env: env)
246
251
  puts output
247
252
 
248
253
  result_contents = File.read(update_result_file_path)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-nuget
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.267.0
4
+ version: 0.270.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-07-25 00:00:00.000000000 Z
11
+ date: 2024-08-15 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.267.0
19
+ version: 0.270.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.267.0
26
+ version: 0.270.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rubyzip
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -326,6 +326,7 @@ files:
326
326
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/MockNuGetPackage.cs
327
327
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/NuGetUpdater.Core.Test.csproj
328
328
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TemporaryDirectory.cs
329
+ - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TemporaryEnvironment.cs
329
330
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TestBase.cs
330
331
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TestExtensions.cs
331
332
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TestHttpServer.cs
@@ -399,6 +400,7 @@ files:
399
400
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/UpdaterWorker.cs
400
401
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/WebApplicationTargetsConditionPatcher.cs
401
402
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/XmlFilePreAndPostProcessor.cs
403
+ - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/DependencyConflictResolver.cs
402
404
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/HashSetExtensions.cs
403
405
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/ImmutableArrayExtensions.cs
404
406
  - helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/JsonHelper.cs
@@ -461,7 +463,7 @@ licenses:
461
463
  - MIT
462
464
  metadata:
463
465
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
464
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.267.0
466
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.270.0
465
467
  post_install_message:
466
468
  rdoc_options: []
467
469
  require_paths: