dependabot-nuget 0.268.0 → 0.271.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Cli.Test/EntryPointTests.Update.cs +1 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/AnalyzeWorker.cs +6 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/CompatabilityChecker.cs +16 -13
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/Requirement.cs +8 -1
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/SdkPackageUpdater.cs +17 -2
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/DependencyConflictResolver.cs +689 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs +187 -9
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Analyze/AnalyzeWorkerTests.cs +84 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Analyze/RequirementTests.cs +14 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TemporaryEnvironment.cs +23 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.PackagesConfig.cs +164 -55
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.Sdk.cs +65 -10
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs +785 -1
- data/lib/dependabot/nuget/file_updater.rb +29 -13
- data/lib/dependabot/nuget/native_helpers.rb +6 -1
- metadata +7 -5
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 0f17779ebeb91c554c3642c6e83a28f9f2ee7eb6c1677d35b089688bfc6fa637
|
4
|
+
data.tar.gz: d6e33cbab0d4429218df7e0184c9c18bceab5021fc532de0753a216c8ebc80d7
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 8c07ed738181748492e32a54dc8181256956174e23fdf645e121cb4f451bb20840c336a116d48f3c5db78b6de192efc991ff3c4ab19f097e1634f9e70fb001f6
|
7
|
+
data.tar.gz: 885a7af5bd7bcdbbd34931a735b28f2fb929cfb63bd1bfb09ab048dfd6d25ba3f6d905303f824693834cc1172ca23996675ef079a2e3d84bb1ce941719025b44
|
@@ -255,6 +255,12 @@ public partial class AnalyzeWorker
|
|
255
255
|
CancellationToken cancellationToken)
|
256
256
|
{
|
257
257
|
var versions = versionResult.GetVersions();
|
258
|
+
if (versions.Length == 0)
|
259
|
+
{
|
260
|
+
// if absolutely nothing was found, then we can't update
|
261
|
+
return null;
|
262
|
+
}
|
263
|
+
|
258
264
|
var orderedVersions = findLowestVersion
|
259
265
|
? versions.OrderBy(v => v) // If we are fixing a vulnerability, then we want the lowest version that is safe.
|
260
266
|
: versions.OrderByDescending(v => v); // If we are just updating versions, then we want the highest version possible.
|
@@ -84,24 +84,27 @@ internal static class CompatibilityChecker
|
|
84
84
|
var reader = new NuspecReader(nuspecStream);
|
85
85
|
|
86
86
|
var isDevDependency = reader.GetDevelopmentDependency();
|
87
|
+
var tfms = new HashSet<NuGetFramework>();
|
88
|
+
var dependencyGroups = reader.GetDependencyGroups().ToArray();
|
87
89
|
|
88
|
-
var
|
89
|
-
.Select(d => d.TargetFramework)
|
90
|
-
.ToImmutableArray();
|
91
|
-
if (tfms.Length == 0)
|
90
|
+
foreach (var d in dependencyGroups)
|
92
91
|
{
|
93
|
-
// If the nuspec doesn't have any dependency groups,
|
94
|
-
// try to get the TargetFramework from files in the lib folder.
|
95
92
|
var libItems = (await readers.ContentReader.GetLibItemsAsync(cancellationToken)).ToList();
|
96
|
-
|
93
|
+
|
94
|
+
foreach (var item in libItems)
|
97
95
|
{
|
98
|
-
|
99
|
-
isDevDependency = true;
|
96
|
+
tfms.Add(item.TargetFramework);
|
100
97
|
}
|
101
98
|
|
102
|
-
|
103
|
-
|
104
|
-
.
|
99
|
+
if (!d.TargetFramework.IsAny)
|
100
|
+
{
|
101
|
+
tfms.Add(d.TargetFramework);
|
102
|
+
}
|
103
|
+
}
|
104
|
+
|
105
|
+
if (!tfms.Any())
|
106
|
+
{
|
107
|
+
tfms.Add(NuGetFramework.AnyFramework);
|
105
108
|
}
|
106
109
|
|
107
110
|
// The interfaces we given are not disposable but the underlying type can be.
|
@@ -109,7 +112,7 @@ internal static class CompatibilityChecker
|
|
109
112
|
(readers.CoreReader as IDisposable)?.Dispose();
|
110
113
|
(readers.ContentReader as IDisposable)?.Dispose();
|
111
114
|
|
112
|
-
return (isDevDependency, tfms);
|
115
|
+
return (isDevDependency, tfms.ToImmutableArray());
|
113
116
|
}
|
114
117
|
|
115
118
|
internal static PackageReaders ReadPackage(string tempPackagePath)
|
@@ -116,7 +116,14 @@ public class IndividualRequirement : Requirement
|
|
116
116
|
: [requirement[..(splitIndex + 1)].Trim(), requirement[(splitIndex + 1)..].Trim()];
|
117
117
|
|
118
118
|
var op = parts.Length == 1 ? "=" : parts[0];
|
119
|
-
var
|
119
|
+
var versionString = parts[^1];
|
120
|
+
|
121
|
+
// allow for single character wildcards; may be asterisk (NuGet-style: 1.*) or a single letter (alternate style: 1.x)
|
122
|
+
var versionParts = versionString.Split('.');
|
123
|
+
var recreatedVersionParts = versionParts.Select(vp => vp.Length == 1 && (vp == "*" || char.IsAsciiLetter(vp[0])) ? "0" : vp).ToArray();
|
124
|
+
|
125
|
+
var rebuiltVersionString = string.Join(".", recreatedVersionParts);
|
126
|
+
var version = NuGetVersion.Parse(rebuiltVersionString);
|
120
127
|
|
121
128
|
return new IndividualRequirement(op, version);
|
122
129
|
}
|
@@ -24,6 +24,7 @@ internal static class SdkPackageUpdater
|
|
24
24
|
|
25
25
|
// Get the set of all top-level dependencies in the current project
|
26
26
|
var topLevelDependencies = MSBuildHelper.GetTopLevelPackageDependencyInfos(buildFiles).ToArray();
|
27
|
+
|
27
28
|
if (!await DoesDependencyRequireUpdateAsync(repoRootPath, projectPath, tfms, topLevelDependencies, dependencyName, newDependencyVersion, logger))
|
28
29
|
{
|
29
30
|
return;
|
@@ -306,6 +307,7 @@ internal static class SdkPackageUpdater
|
|
306
307
|
IDictionary<string, string> peerDependencies,
|
307
308
|
Logger logger)
|
308
309
|
{
|
310
|
+
|
309
311
|
var result = TryUpdateDependencyVersion(buildFiles, dependencyName, previousDependencyVersion, newDependencyVersion, logger);
|
310
312
|
if (result == UpdateResult.NotFound)
|
311
313
|
{
|
@@ -324,7 +326,20 @@ internal static class SdkPackageUpdater
|
|
324
326
|
{
|
325
327
|
foreach (string tfm in targetFrameworks)
|
326
328
|
{
|
327
|
-
|
329
|
+
if (MSBuildHelper.UseNewDependencySolver())
|
330
|
+
{
|
331
|
+
// Find the index of the dependency we are updating and revert it to the previous version
|
332
|
+
int dependencyIndex = Array.FindIndex(updatedTopLevelDependencies, d => string.Equals(d.Name, dependencyName, StringComparison.OrdinalIgnoreCase));
|
333
|
+
if (dependencyIndex != -1)
|
334
|
+
{
|
335
|
+
var originalDependency = updatedTopLevelDependencies[dependencyIndex];
|
336
|
+
updatedTopLevelDependencies[dependencyIndex] = originalDependency with { Version = previousDependencyVersion };
|
337
|
+
}
|
338
|
+
|
339
|
+
}
|
340
|
+
Dependency[] update = [new Dependency(dependencyName, newDependencyVersion, DependencyType.PackageReference)];
|
341
|
+
Dependency[]? resolvedDependencies = await MSBuildHelper.ResolveDependencyConflicts(repoRootPath, projectFile.Path, tfm, updatedTopLevelDependencies, update, logger);
|
342
|
+
|
328
343
|
if (resolvedDependencies is null)
|
329
344
|
{
|
330
345
|
logger.Log($" Unable to resolve dependency conflicts for {projectFile.Path}.");
|
@@ -345,7 +360,7 @@ internal static class SdkPackageUpdater
|
|
345
360
|
continue;
|
346
361
|
}
|
347
362
|
|
348
|
-
// update all
|
363
|
+
// update all dependencies
|
349
364
|
foreach (Dependency resolvedDependency in resolvedDependencies
|
350
365
|
.Where(d => !d.Name.Equals(dependencyName, StringComparison.OrdinalIgnoreCase))
|
351
366
|
.Where(d => d.Version is not null))
|