dependabot-nuget 0.288.0 → 0.290.0

data/lib/dependabot/nuget/native_discovery/native_discovery_json_reader.rb

@@ -1,171 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-
-require "dependabot/dependency"
-require "dependabot/nuget/native_discovery/native_workspace_discovery"
-require "json"
-require "sorbet-runtime"
-
-module Dependabot
-  module Nuget
-    class NativeDiscoveryJsonReader
-      extend T::Sig
-
-      sig { returns(T::Hash[String, NativeDiscoveryJsonReader]) }
-      def self.discovery_result_cache
-        T.let(CacheManager.cache("discovery_json_cache"), T::Hash[String, NativeDiscoveryJsonReader])
-      end
-
-      sig { returns(T::Hash[String, String]) }
-      def self.discovery_path_cache
-        T.let(CacheManager.cache("discovery_path_cache"), T::Hash[String, String])
-      end
-
-      sig do
-        params(
-          dependency_files: T::Array[Dependabot::DependencyFile]
-        ).returns(NativeDiscoveryJsonReader)
-      end
-      def self.get_discovery_from_dependency_files(dependency_files)
-        key = create_cache_key(dependency_files)
-        discovery_json = discovery_result_cache[key]
-        raise "No discovery result for specified dependency files: #{key}" unless discovery_json
-
-        discovery_json
-      end
-
-      sig do
-        params(
-          dependency_files: T::Array[Dependabot::DependencyFile],
-          discovery: NativeDiscoveryJsonReader
-        ).void
-      end
-      def self.set_discovery_from_dependency_files(dependency_files:, discovery:)
-        key = create_cache_key(dependency_files)
-        discovery_result_cache[key] = discovery
-      end
-
-      sig do
-        params(
-          dependency_files: T::Array[Dependabot::DependencyFile]
-        ).returns(String)
-      end
-      def self.get_discovery_file_path_from_dependency_files(dependency_files)
-        key = create_cache_key(dependency_files)
-        discovery_path = discovery_path_cache[key]
-        raise "No discovery path found for specified dependency files: #{key}" unless discovery_path
-
-        discovery_path
-      end
-
-      sig do
-        params(
-          dependency_files: T::Array[Dependabot::DependencyFile]
-        ).returns(String)
-      end
-      def self.create_discovery_file_path_from_dependency_files(dependency_files)
-        discovery_key = create_cache_key(dependency_files)
-        if discovery_path_cache[discovery_key]
-          raise "Discovery file path already exists for the given dependency files: #{discovery_key}"
-        end
-
-        discovery_counter_cache = T.let(CacheManager.cache("discovery_counter_cache"), T::Hash[String, Integer])
-        counter_key = "counter"
-        current_counter = discovery_counter_cache[counter_key] || 0
-        current_counter += 1
-        discovery_counter_cache[counter_key] = current_counter
-        incremeted_discovery_file_path = File.join(temp_directory, "discovery.#{current_counter}.json")
-        discovery_path_cache[discovery_key] = incremeted_discovery_file_path
-        incremeted_discovery_file_path
-      end
-
-      # this is a test-only method
-      sig do
-        params(
-          dependency_files: T::Array[Dependabot::DependencyFile]
-        ).void
-      end
-      def self.clear_discovery_file_path_from_cache(dependency_files)
-        key = create_cache_key(dependency_files)
-        discovery_file_path = discovery_path_cache[key]
-        File.delete(discovery_file_path) if discovery_file_path && File.exist?(discovery_file_path)
-        discovery_path_cache.delete(key)
-      end
-
-      sig do
-        params(
-          dependency_files: T::Array[Dependabot::DependencyFile]
-        ).returns(String)
-      end
-      def self.create_cache_key(dependency_files)
-        dependency_files.map { |d| d.to_h.except("content") }.to_s
-      end
-
-      sig { returns(String) }
-      def self.temp_directory
-        File.join(Dir.tmpdir, ".dependabot")
-      end
-
-      sig do
-        params(
-          discovery_json_path: String
-        ).returns(T.nilable(DependencyFile))
-      end
-      def self.discovery_json_from_path(discovery_json_path)
-        return unless File.exist?(discovery_json_path)
-
-        DependencyFile.new(
-          name: Pathname.new(discovery_json_path).cleanpath.to_path,
-          directory: temp_directory,
-          type: "file",
-          content: File.read(discovery_json_path)
-        )
-      end
-
-      sig { returns(T.nilable(NativeWorkspaceDiscovery)) }
-      attr_reader :workspace_discovery
-
-      sig { returns(Dependabot::FileParsers::Base::DependencySet) }
-      attr_reader :dependency_set
-
-      sig { params(discovery_json: DependencyFile).void }
-      def initialize(discovery_json:)
-        @discovery_json = discovery_json
-        @workspace_discovery = T.let(read_workspace_discovery, T.nilable(Dependabot::Nuget::NativeWorkspaceDiscovery))
-        @dependency_set = T.let(read_dependency_set, Dependabot::FileParsers::Base::DependencySet)
-      end
-
-      private
-
-      sig { returns(DependencyFile) }
-      attr_reader :discovery_json
-
-      sig { returns(T.nilable(NativeWorkspaceDiscovery)) }
-      def read_workspace_discovery
-        return nil unless discovery_json.content
-
-        parsed_json = T.let(JSON.parse(T.must(discovery_json.content)), T::Hash[String, T.untyped])
-        NativeWorkspaceDiscovery.from_json(parsed_json)
-      rescue JSON::ParserError
-        raise Dependabot::DependencyFileNotParseable, discovery_json.path
-      end
-
-      sig { returns(Dependabot::FileParsers::Base::DependencySet) }
-      def read_dependency_set
-        dependency_set = Dependabot::FileParsers::Base::DependencySet.new
-        return dependency_set unless workspace_discovery
-
-        workspace_result = T.must(workspace_discovery)
-        workspace_result.projects.each do |project|
-          dependency_set += project.dependency_set
-        end
-        if workspace_result.dotnet_tools_json
-          dependency_set += T.must(workspace_result.dotnet_tools_json).dependency_set
-        end
-        dependency_set += T.must(workspace_result.global_json).dependency_set if workspace_result.global_json
-
-        dependency_set
-      end
-    end
-  end
-end

data/lib/dependabot/nuget/native_discovery/native_evaluation_details.rb

@@ -1,63 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-
-require "sorbet-runtime"
-
-module Dependabot
-  module Nuget
-    class NativeEvaluationDetails
-      extend T::Sig
-
-      sig { params(json: T.nilable(T::Hash[String, T.untyped])).returns(T.nilable(NativeEvaluationDetails)) }
-      def self.from_json(json)
-        return nil if json.nil?
-
-        result_type = T.let(json.fetch("ResultType"), String)
-        original_value = T.let(json.fetch("OriginalValue"), String)
-        evaluated_value = T.let(json.fetch("EvaluatedValue"), String)
-        root_property_name = T.let(json.fetch("RootPropertyName", nil), T.nilable(String))
-        error_message = T.let(json.fetch("ErrorMessage", nil), T.nilable(String))
-
-        NativeEvaluationDetails.new(result_type: result_type,
-                                    original_value: original_value,
-                                    evaluated_value: evaluated_value,
-                                    root_property_name: root_property_name,
-                                    error_message: error_message)
-      end
-
-      sig do
-        params(result_type: String,
-               original_value: String,
-               evaluated_value: String,
-               root_property_name: T.nilable(String),
-               error_message: T.nilable(String)).void
-      end
-      def initialize(result_type:,
-                     original_value:,
-                     evaluated_value:,
-                     root_property_name:,
-                     error_message:)
-        @result_type = result_type
-        @original_value = original_value
-        @evaluated_value = evaluated_value
-        @root_property_name = root_property_name
-        @error_message = error_message
-      end
-
-      sig { returns(String) }
-      attr_reader :result_type
-
-      sig { returns(String) }
-      attr_reader :original_value
-
-      sig { returns(String) }
-      attr_reader :evaluated_value
-
-      sig { returns(T.nilable(String)) }
-      attr_reader :root_property_name
-
-      sig { returns(T.nilable(String)) }
-      attr_reader :error_message
-    end
-  end
-end

data/lib/dependabot/nuget/native_discovery/native_project_discovery.rb

@@ -1,82 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-
-require "dependabot/nuget/native_discovery/native_dependency_details"
-require "dependabot/nuget/native_discovery/native_property_details"
-require "sorbet-runtime"
-
-module Dependabot
-  module Nuget
-    class NativeProjectDiscovery < NativeDependencyFileDiscovery
-      extend T::Sig
-
-      sig do
-        override.params(json: T.nilable(T::Hash[String, T.untyped]),
-                        directory: String).returns(T.nilable(NativeProjectDiscovery))
-      end
-      def self.from_json(json, directory)
-        return nil if json.nil?
-
-        file_path = File.join(directory, T.let(json.fetch("FilePath"), String))
-        properties = T.let(json.fetch("Properties"), T::Array[T::Hash[String, T.untyped]]).map do |prop|
-          NativePropertyDetails.from_json(prop)
-        end
-        target_frameworks = T.let(json.fetch("TargetFrameworks"), T::Array[String])
-        referenced_project_paths = T.let(json.fetch("ReferencedProjectPaths"), T::Array[String])
-        dependencies = T.let(json.fetch("Dependencies"), T::Array[T::Hash[String, T.untyped]]).filter_map do |dep|
-          details = NativeDependencyDetails.from_json(dep)
-          next unless details.version # can't do anything without a version
-
-          version = T.must(details.version)
-          next unless version.length.positive? # can't do anything with an empty version
-
-          next if version.include? "," # can't do anything with a range
-
-          next if version.include? "*" # can't do anything with a wildcard
-
-          details
-        end
-
-        NativeProjectDiscovery.new(file_path: file_path,
-                                   properties: properties,
-                                   target_frameworks: target_frameworks,
-                                   referenced_project_paths: referenced_project_paths,
-                                   dependencies: dependencies)
-      end
-
-      sig do
-        params(file_path: String,
-               properties: T::Array[NativePropertyDetails],
-               target_frameworks: T::Array[String],
-               referenced_project_paths: T::Array[String],
-               dependencies: T::Array[NativeDependencyDetails]).void
-      end
-      def initialize(file_path:, properties:, target_frameworks:, referenced_project_paths:, dependencies:)
-        super(file_path: file_path, dependencies: dependencies)
-        @properties = properties
-        @target_frameworks = target_frameworks
-        @referenced_project_paths = referenced_project_paths
-      end
-
-      sig { returns(T::Array[NativePropertyDetails]) }
-      attr_reader :properties
-
-      sig { returns(T::Array[String]) }
-      attr_reader :target_frameworks
-
-      sig { returns(T::Array[String]) }
-      attr_reader :referenced_project_paths
-
-      sig { override.returns(Dependabot::FileParsers::Base::DependencySet) }
-      def dependency_set
-        if target_frameworks.empty? && file_path.end_with?("proj")
-          Dependabot.logger.warn("Excluding project file '#{file_path}' due to unresolvable target framework")
-          dependency_set = Dependabot::FileParsers::Base::DependencySet.new
-          return dependency_set
-        end
-
-        super
-      end
-    end
-  end
-end

data/lib/dependabot/nuget/native_discovery/native_property_details.rb

@@ -1,43 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-
-require "sorbet-runtime"
-
-module Dependabot
-  module Nuget
-    class NativePropertyDetails
-      extend T::Sig
-
-      sig { params(json: T::Hash[String, T.untyped]).returns(NativePropertyDetails) }
-      def self.from_json(json)
-        name = T.let(json.fetch("Name"), String)
-        value = T.let(json.fetch("Value"), String)
-        source_file_path = T.let(json.fetch("SourceFilePath"), String)
-
-        NativePropertyDetails.new(name: name,
-                                  value: value,
-                                  source_file_path: source_file_path)
-      end
-
-      sig do
-        params(name: String,
-               value: String,
-               source_file_path: String).void
-      end
-      def initialize(name:, value:, source_file_path:)
-        @name = name
-        @value = value
-        @source_file_path = source_file_path
-      end
-
-      sig { returns(String) }
-      attr_reader :name
-
-      sig { returns(String) }
-      attr_reader :value
-
-      sig { returns(String) }
-      attr_reader :source_file_path
-    end
-  end
-end

data/lib/dependabot/nuget/native_discovery/native_workspace_discovery.rb

@@ -1,68 +0,0 @@
-# typed: strong
-# frozen_string_literal: true
-
-require "dependabot/nuget/native_discovery/native_dependency_file_discovery"
-require "dependabot/nuget/native_discovery/native_project_discovery"
-require "dependabot/nuget/native_helpers"
-require "sorbet-runtime"
-
-module Dependabot
-  module Nuget
-    class NativeWorkspaceDiscovery
-      extend T::Sig
-
-      sig { params(json: T::Hash[String, T.untyped]).returns(NativeWorkspaceDiscovery) }
-      def self.from_json(json)
-        Dependabot::Nuget::NativeHelpers.ensure_no_errors(json)
-
-        path = T.let(json.fetch("Path"), String)
-        path = "/" + path unless path.start_with?("/")
-        projects = T.let(json.fetch("Projects"), T::Array[T::Hash[String, T.untyped]]).filter_map do |project|
-          NativeProjectDiscovery.from_json(project, path)
-        end
-        imported_files = T.let(json.fetch("ImportedFiles"), T::Array[String])
-        global_json = NativeDependencyFileDiscovery
-                      .from_json(T.let(json.fetch("GlobalJson"), T.nilable(T::Hash[String, T.untyped])), path)
-        dotnet_tools_json = NativeDependencyFileDiscovery
-                            .from_json(T.let(json.fetch("DotNetToolsJson"),
-                                             T.nilable(T::Hash[String, T.untyped])), path)
-
-        NativeWorkspaceDiscovery.new(path: path,
-                                     projects: projects,
-                                     imported_files: imported_files,
-                                     global_json: global_json,
-                                     dotnet_tools_json: dotnet_tools_json)
-      end
-
-      sig do
-        params(path: String,
-               projects: T::Array[NativeProjectDiscovery],
-               imported_files: T::Array[String],
-               global_json: T.nilable(NativeDependencyFileDiscovery),
-               dotnet_tools_json: T.nilable(NativeDependencyFileDiscovery)).void
-      end
-      def initialize(path:, projects:, imported_files:, global_json:, dotnet_tools_json:)
-        @path = path
-        @projects = projects
-        @imported_files = imported_files
-        @global_json = global_json
-        @dotnet_tools_json = dotnet_tools_json
-      end
-
-      sig { returns(String) }
-      attr_reader :path
-
-      sig { returns(T::Array[NativeProjectDiscovery]) }
-      attr_reader :projects
-
-      sig { returns(T::Array[String]) }
-      attr_reader :imported_files
-
-      sig { returns(T.nilable(NativeDependencyFileDiscovery)) }
-      attr_reader :global_json
-
-      sig { returns(T.nilable(NativeDependencyFileDiscovery)) }
-      attr_reader :dotnet_tools_json
-    end
-  end
-end

data/lib/dependabot/nuget/native_update_checker/native_requirements_updater.rb

@@ -1,105 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-
-#######################################################################
-# For more details on Dotnet version constraints, see:                #
-# https://docs.microsoft.com/en-us/nuget/reference/package-versioning #
-#######################################################################
-
-require "sorbet-runtime"
-
-require "dependabot/update_checkers/base"
-require "dependabot/nuget/native_discovery/native_dependency_details"
-require "dependabot/nuget/version"
-
-module Dependabot
-  module Nuget
-    class NativeUpdateChecker < Dependabot::UpdateCheckers::Base
-      class NativeRequirementsUpdater
-        extend T::Sig
-
-        sig do
-          params(
-            requirements: T::Array[T::Hash[Symbol, T.untyped]],
-            dependency_details: T.nilable(Dependabot::Nuget::NativeDependencyDetails)
-          )
-            .void
-        end
-        def initialize(requirements:, dependency_details:)
-          @requirements = requirements
-          @dependency_details = dependency_details
-        end
-
-        sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
-        def updated_requirements
-          return requirements unless clean_version
-
-          # NOTE: Order is important here. The FileUpdater needs the updated
-          # requirement at index `i` to correspond to the previous requirement
-          # at the same index.
-          requirements.map do |req|
-            next req if req.fetch(:requirement).nil?
-            next req if req.fetch(:requirement).include?(",")
-
-            new_req =
-              if req.fetch(:requirement).include?("*")
-                update_wildcard_requirement(req.fetch(:requirement))
-              else
-                # Since range requirements are excluded by the line above we can
-                # replace anything that looks like a version with the new
-                # version
-                req[:requirement].sub(
-                  /#{Nuget::Version::VERSION_PATTERN}/o,
-                  clean_version.to_s
-                )
-              end
-
-            next req if new_req == req.fetch(:requirement)
-
-            new_source = req[:source]&.dup
-            unless @dependency_details.nil?
-              new_source = {
-                type: "nuget_repo",
-                source_url: @dependency_details.info_url
-              }
-            end
-
-            req.merge({ requirement: new_req, source: new_source })
-          end
-        end
-
-        private
-
-        sig { returns(T::Array[T::Hash[Symbol, T.untyped]]) }
-        attr_reader :requirements
-
-        sig { returns(T.class_of(Dependabot::Nuget::Version)) }
-        def version_class
-          Dependabot::Nuget::Version
-        end
-
-        sig { returns(T.nilable(Dependabot::Nuget::Version)) }
-        def clean_version
-          return unless @dependency_details&.version
-
-          version_class.new(@dependency_details.version)
-        end
-
-        sig { params(req_string: String).returns(String) }
-        def update_wildcard_requirement(req_string)
-          return req_string if req_string == "*-*"
-
-          return req_string if req_string == "*"
-
-          precision = T.must(req_string.split("*").first).split(/\.|\-/).count
-          wildcard_section = req_string.partition(/(?=[.\-]\*)/).last
-
-          version_parts = T.must(clean_version).segments.first(precision)
-          version = version_parts.join(".")
-
-          version + wildcard_section
-        end
-      end
-    end
-  end
-end