dependabot-nuget 0.268.0 → 0.271.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 3dbd572d869f156e22c4020848387b9b54611ad236c08be6b3ca4cce3e5e7ebc
4
- data.tar.gz: f9578fc6352ff07629255fdd1bb2032cda9b0109090507fc39eed9e1b369a68d
3
+ metadata.gz: 0f17779ebeb91c554c3642c6e83a28f9f2ee7eb6c1677d35b089688bfc6fa637
4
+ data.tar.gz: d6e33cbab0d4429218df7e0184c9c18bceab5021fc532de0753a216c8ebc80d7
5
5
  SHA512:
6
- metadata.gz: 8c91cd7ef8d66d4aa48de704d70d41087ad8b6f867946f1cf59038a22f22d06febb5227e637d339fe93ec8fa5c086f8d410e16d00c3f70a4c8c348993de01c28
7
- data.tar.gz: 161deea8269b8c3fe00013ef83da37e96ddedf9518e9463bdf952034a03ef00be0fac713495b4706ccbcb3d08d072aec700b7921dcbf01506e8e4d432c4fc634
6
+ metadata.gz: 8c07ed738181748492e32a54dc8181256956174e23fdf645e121cb4f451bb20840c336a116d48f3c5db78b6de192efc991ff3c4ab19f097e1634f9e70fb001f6
7
+ data.tar.gz: 885a7af5bd7bcdbbd34931a735b28f2fb929cfb63bd1bfb09ab048dfd6d25ba3f6d905303f824693834cc1172ca23996675ef079a2e3d84bb1ce941719025b44
@@ -407,6 +407,7 @@ public partial class EntryPointTests
407
407
  try
408
408
  {
409
409
  await MockNuGetPackagesInDirectory(packages, path);
410
+
410
411
  var args = getArgs(path);
411
412
  var result = await Program.Main(args);
412
413
  if (result != 0)
@@ -255,6 +255,12 @@ public partial class AnalyzeWorker
255
255
  CancellationToken cancellationToken)
256
256
  {
257
257
  var versions = versionResult.GetVersions();
258
+ if (versions.Length == 0)
259
+ {
260
+ // if absolutely nothing was found, then we can't update
261
+ return null;
262
+ }
263
+
258
264
  var orderedVersions = findLowestVersion
259
265
  ? versions.OrderBy(v => v) // If we are fixing a vulnerability, then we want the lowest version that is safe.
260
266
  : versions.OrderByDescending(v => v); // If we are just updating versions, then we want the highest version possible.
@@ -84,24 +84,27 @@ internal static class CompatibilityChecker
84
84
  var reader = new NuspecReader(nuspecStream);
85
85
 
86
86
  var isDevDependency = reader.GetDevelopmentDependency();
87
+ var tfms = new HashSet<NuGetFramework>();
88
+ var dependencyGroups = reader.GetDependencyGroups().ToArray();
87
89
 
88
- var tfms = reader.GetDependencyGroups()
89
- .Select(d => d.TargetFramework)
90
- .ToImmutableArray();
91
- if (tfms.Length == 0)
90
+ foreach (var d in dependencyGroups)
92
91
  {
93
- // If the nuspec doesn't have any dependency groups,
94
- // try to get the TargetFramework from files in the lib folder.
95
92
  var libItems = (await readers.ContentReader.GetLibItemsAsync(cancellationToken)).ToList();
96
- if (libItems.Count == 0)
93
+
94
+ foreach (var item in libItems)
97
95
  {
98
- // If there is no lib folder in this package, then assume it is a dev dependency.
99
- isDevDependency = true;
96
+ tfms.Add(item.TargetFramework);
100
97
  }
101
98
 
102
- tfms = libItems.Select(item => item.TargetFramework)
103
- .Distinct()
104
- .ToImmutableArray();
99
+ if (!d.TargetFramework.IsAny)
100
+ {
101
+ tfms.Add(d.TargetFramework);
102
+ }
103
+ }
104
+
105
+ if (!tfms.Any())
106
+ {
107
+ tfms.Add(NuGetFramework.AnyFramework);
105
108
  }
106
109
 
107
110
  // The interfaces we given are not disposable but the underlying type can be.
@@ -109,7 +112,7 @@ internal static class CompatibilityChecker
109
112
  (readers.CoreReader as IDisposable)?.Dispose();
110
113
  (readers.ContentReader as IDisposable)?.Dispose();
111
114
 
112
- return (isDevDependency, tfms);
115
+ return (isDevDependency, tfms.ToImmutableArray());
113
116
  }
114
117
 
115
118
  internal static PackageReaders ReadPackage(string tempPackagePath)
@@ -116,7 +116,14 @@ public class IndividualRequirement : Requirement
116
116
  : [requirement[..(splitIndex + 1)].Trim(), requirement[(splitIndex + 1)..].Trim()];
117
117
 
118
118
  var op = parts.Length == 1 ? "=" : parts[0];
119
- var version = NuGetVersion.Parse(parts[^1]);
119
+ var versionString = parts[^1];
120
+
121
+ // allow for single character wildcards; may be asterisk (NuGet-style: 1.*) or a single letter (alternate style: 1.x)
122
+ var versionParts = versionString.Split('.');
123
+ var recreatedVersionParts = versionParts.Select(vp => vp.Length == 1 && (vp == "*" || char.IsAsciiLetter(vp[0])) ? "0" : vp).ToArray();
124
+
125
+ var rebuiltVersionString = string.Join(".", recreatedVersionParts);
126
+ var version = NuGetVersion.Parse(rebuiltVersionString);
120
127
 
121
128
  return new IndividualRequirement(op, version);
122
129
  }
@@ -24,6 +24,7 @@ internal static class SdkPackageUpdater
24
24
 
25
25
  // Get the set of all top-level dependencies in the current project
26
26
  var topLevelDependencies = MSBuildHelper.GetTopLevelPackageDependencyInfos(buildFiles).ToArray();
27
+
27
28
  if (!await DoesDependencyRequireUpdateAsync(repoRootPath, projectPath, tfms, topLevelDependencies, dependencyName, newDependencyVersion, logger))
28
29
  {
29
30
  return;
@@ -306,6 +307,7 @@ internal static class SdkPackageUpdater
306
307
  IDictionary<string, string> peerDependencies,
307
308
  Logger logger)
308
309
  {
310
+
309
311
  var result = TryUpdateDependencyVersion(buildFiles, dependencyName, previousDependencyVersion, newDependencyVersion, logger);
310
312
  if (result == UpdateResult.NotFound)
311
313
  {
@@ -324,7 +326,20 @@ internal static class SdkPackageUpdater
324
326
  {
325
327
  foreach (string tfm in targetFrameworks)
326
328
  {
327
- Dependency[]? resolvedDependencies = await MSBuildHelper.ResolveDependencyConflicts(repoRootPath, projectFile.Path, tfm, updatedTopLevelDependencies, logger);
329
+ if (MSBuildHelper.UseNewDependencySolver())
330
+ {
331
+ // Find the index of the dependency we are updating and revert it to the previous version
332
+ int dependencyIndex = Array.FindIndex(updatedTopLevelDependencies, d => string.Equals(d.Name, dependencyName, StringComparison.OrdinalIgnoreCase));
333
+ if (dependencyIndex != -1)
334
+ {
335
+ var originalDependency = updatedTopLevelDependencies[dependencyIndex];
336
+ updatedTopLevelDependencies[dependencyIndex] = originalDependency with { Version = previousDependencyVersion };
337
+ }
338
+
339
+ }
340
+ Dependency[] update = [new Dependency(dependencyName, newDependencyVersion, DependencyType.PackageReference)];
341
+ Dependency[]? resolvedDependencies = await MSBuildHelper.ResolveDependencyConflicts(repoRootPath, projectFile.Path, tfm, updatedTopLevelDependencies, update, logger);
342
+
328
343
  if (resolvedDependencies is null)
329
344
  {
330
345
  logger.Log($" Unable to resolve dependency conflicts for {projectFile.Path}.");
@@ -345,7 +360,7 @@ internal static class SdkPackageUpdater
345
360
  continue;
346
361
  }
347
362
 
348
- // update all other dependencies
363
+ // update all dependencies
349
364
  foreach (Dependency resolvedDependency in resolvedDependencies
350
365
  .Where(d => !d.Name.Equals(dependencyName, StringComparison.OrdinalIgnoreCase))
351
366
  .Where(d => d.Version is not null))