RubyGems - dependabot-nuget - Versions diffs - 0.289.0 → 0.291.0 - Mend

dependabot-nuget 0.289.0 → 0.291.0

Files changed (97) hide show

data/lib/dependabot/nuget/update_checker/nuspec_fetcher.rb DELETED Viewed

@@ -1,110 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-require "nokogiri"
-require "stringio"
-require "sorbet-runtime"
-require "zip"
-module Dependabot
-  module Nuget
-    class NuspecFetcher
-      extend T::Sig
-      require_relative "nupkg_fetcher"
-      require_relative "repository_finder"
-      sig do
-        params(
-          dependency_urls: T::Array[T::Hash[Symbol, String]],
-          package_id: String,
-          package_version: T.nilable(String)
-        )
-          .returns(T.nilable(Nokogiri::XML::Document))
-      end
-      def self.fetch_nuspec(dependency_urls, package_id, package_version)
-        # check all repositories for the first one that has the nuspec
-        dependency_urls.reduce(T.let(nil, T.nilable(Nokogiri::XML::Document))) do |nuspec_xml, repository_details|
-          nuspec_xml || fetch_nuspec_from_repository(repository_details, package_id, package_version)
-        end
-      end
-      sig do
-        params(
-          repository_details: T::Hash[Symbol, T.untyped],
-          package_id: T.nilable(String),
-          package_version: T.nilable(String)
-        )
-          .returns(T.nilable(Nokogiri::XML::Document))
-      end
-      def self.fetch_nuspec_from_repository(repository_details, package_id, package_version)
-        return unless package_id && package_version && !package_version.empty?
-        feed_url = repository_details[:repository_url]
-        auth_header = repository_details[:auth_header]
-        nuspec_xml = nil
-        if feed_supports_nuspec_download?(feed_url)
-          # we can use the normal nuget apis to get the nuspec and list out the dependencies
-          base_url = repository_details[:base_url].delete_suffix("/")
-          package_id_downcased = package_id.downcase
-          nuspec_url = "#{base_url}/#{package_id_downcased}/#{package_version}/#{package_id_downcased}.nuspec"
-          nuspec_response = Dependabot::RegistryClient.get(
-            url: nuspec_url,
-            headers: auth_header
-          )
-          return unless nuspec_response.status == 200
-          nuspec_response_body = remove_invalid_characters(nuspec_response.body)
-          nuspec_xml = Nokogiri::XML(nuspec_response_body)
-        else
-          # no guarantee we can directly query the .nuspec; fall back to extracting it from the .nupkg
-          package_data = NupkgFetcher.fetch_nupkg_buffer_from_repository(repository_details, package_id,
-                                                                         package_version)
-          return if package_data.nil?
-          nuspec_string = extract_nuspec(package_data, package_id)
-          nuspec_xml = Nokogiri::XML(nuspec_string)
-        end
-        nuspec_xml.remove_namespaces!
-        nuspec_xml
-      end
-      sig { params(feed_url: String).returns(T::Boolean) }
-      def self.feed_supports_nuspec_download?(feed_url)
-        feed_regexs = [
-          # nuget
-          %r{https://api\.nuget\.org/v3/index\.json},
-          # azure devops
-          %r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/(?<project>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json},
-          %r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)},
-          %r{https://(?<organization>[^\.\/]+)\.pkgs\.visualstudio\.com/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)}
-        ]
-        feed_regexs.any? { |reg| reg.match(feed_url) }
-      end
-      sig { params(zip_stream: String, package_id: String).returns(T.nilable(String)) }
-      def self.extract_nuspec(zip_stream, package_id)
-        Zip::File.open_buffer(zip_stream) do |zip|
-          nuspec_entry = zip.find { |entry| entry.name == "#{package_id}.nuspec" }
-          return nuspec_entry.get_input_stream.read if nuspec_entry
-        end
-        nil
-      end
-      sig { params(string: String).returns(String) }
-      def self.remove_invalid_characters(string)
-        string.dup
-              .force_encoding(Encoding::UTF_8)
-              .encode
-              .scrub("")
-              .gsub(/\A[\u200B-\u200D\uFEFF]/, "")
-              .gsub(/[\u200B-\u200D\uFEFF]\Z/, "")
-      end
-    end
-  end
-end

data/lib/dependabot/nuget/update_checker/property_updater.rb DELETED Viewed

@@ -1,196 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-require "sorbet-runtime"
-require "dependabot/update_checkers/base"
-require "dependabot/nuget/file_parser"
-module Dependabot
-  module Nuget
-    class UpdateChecker < Dependabot::UpdateCheckers::Base
-      class PropertyUpdater
-        extend T::Sig
-        require_relative "version_finder"
-        require_relative "requirements_updater"
-        require_relative "dependency_finder"
-        sig do
-          params(
-            dependency: Dependabot::Dependency,
-            dependency_files: T::Array[Dependabot::DependencyFile],
-            credentials: T::Array[Dependabot::Credential],
-            target_version_details: T.nilable(T::Hash[Symbol, String]),
-            ignored_versions: T::Array[String],
-            repo_contents_path: T.nilable(String),
-            raise_on_ignored: T::Boolean
-          ).void
-        end
-        def initialize(dependency:, dependency_files:, credentials:,
-                       target_version_details:, ignored_versions:,
-                       repo_contents_path:, raise_on_ignored: false)
-          @dependency       = dependency
-          @dependency_files = dependency_files
-          @credentials      = credentials
-          @ignored_versions = ignored_versions
-          @raise_on_ignored = raise_on_ignored
-          @target_version   = T.let(
-            target_version_details&.fetch(:version),
-            T.nilable(T.any(String, Dependabot::Nuget::Version))
-          )
-          @source_details = T.let(
-            target_version_details&.slice(:nuspec_url, :repo_url, :source_url),
-            T.nilable(T::Hash[Symbol, String])
-          )
-          @repo_contents_path = repo_contents_path
-        end
-        sig { returns(T::Boolean) }
-        def update_possible?
-          return false unless target_version
-          @update_possible ||= T.let(
-            dependencies_using_property.all? do |dep|
-              versions = VersionFinder.new(
-                dependency: dep,
-                dependency_files: dependency_files,
-                credentials: credentials,
-                ignored_versions: ignored_versions,
-                raise_on_ignored: @raise_on_ignored,
-                security_advisories: [],
-                repo_contents_path: repo_contents_path
-              ).versions.map { |v| v.fetch(:version) }
-              versions.include?(target_version) || versions.none?
-            end,
-            T.nilable(T::Boolean)
-          )
-        end
-        sig { returns(T::Array[Dependabot::Dependency]) }
-        def updated_dependencies
-          raise "Update not possible!" unless update_possible?
-          @updated_dependencies ||= T.let(
-            begin
-              dependencies = T.let({}, T::Hash[String, Dependabot::Dependency])
-              dependencies_using_property.each do |dep|
-                # Only keep one copy of each dependency, the one with the highest target version.
-                visited_dependency = dependencies[dep.name.downcase]
-                next unless visited_dependency.nil? || T.must(visited_dependency.numeric_version) < target_version
-                updated_dependency = Dependency.new(
-                  name: dep.name,
-                  version: target_version.to_s,
-                  requirements: updated_requirements(dep),
-                  previous_version: dep.version,
-                  previous_requirements: dep.requirements,
-                  package_manager: dep.package_manager
-                )
-                dependencies[updated_dependency.name.downcase] = updated_dependency
-                # Add peer dependencies to the list of updated dependencies.
-                process_updated_peer_dependencies(updated_dependency, dependencies)
-              end
-              dependencies.map { |_, dependency| dependency }
-            end,
-            T.nilable(T::Array[Dependabot::Dependency])
-          )
-        end
-        private
-        sig { returns(Dependabot::Dependency) }
-        attr_reader :dependency
-        sig { returns(T::Array[Dependabot::DependencyFile]) }
-        attr_reader :dependency_files
-        sig { returns(T.nilable(T.any(String, Dependabot::Nuget::Version))) }
-        attr_reader :target_version
-        sig { returns(T.nilable(T::Hash[Symbol, String])) }
-        attr_reader :source_details
-        sig { returns(T::Array[Dependabot::Credential]) }
-        attr_reader :credentials
-        sig { returns(T::Array[String]) }
-        attr_reader :ignored_versions
-        sig { returns(T.nilable(String)) }
-        attr_reader :repo_contents_path
-        sig do
-          params(
-            dependency: Dependabot::Dependency,
-            dependencies: T::Hash[String, Dependabot::Dependency]
-          )
-            .returns(T::Array[Dependabot::Dependency])
-        end
-        def process_updated_peer_dependencies(dependency, dependencies)
-          DependencyFinder.new(
-            dependency: dependency,
-            dependency_files: dependency_files,
-            ignored_versions: ignored_versions,
-            credentials: credentials,
-            repo_contents_path: repo_contents_path
-          ).updated_peer_dependencies.each do |peer_dependency|
-            # Only keep one copy of each dependency, the one with the highest target version.
-            visited_dependency = dependencies[peer_dependency.name.downcase]
-            unless visited_dependency.nil? ||
-                   T.must(visited_dependency.numeric_version) < peer_dependency.numeric_version
-              next
-            end
-            dependencies[peer_dependency.name.downcase] = peer_dependency
-          end
-        end
-        sig { returns(T::Array[Dependabot::Dependency]) }
-        def dependencies_using_property
-          @dependencies_using_property ||=
-            T.let(
-              Nuget::FileParser.new(
-                dependency_files: dependency_files,
-                repo_contents_path: repo_contents_path,
-                source: nil
-              ).parse.select do |dep|
-                dep.requirements.any? do |r|
-                  r.dig(:metadata, :property_name) == property_name
-                end
-              end,
-              T.nilable(T::Array[Dependabot::Dependency])
-            )
-        end
-        sig { returns(String) }
-        def property_name
-          @property_name ||= T.let(
-            dependency.requirements
-              .find { |r| r.dig(:metadata, :property_name) }
-              &.dig(:metadata, :property_name),
-            T.nilable(String)
-          )
-          raise "No requirement with a property name!" unless @property_name
-          @property_name
-        end
-        sig { params(dep: Dependabot::Dependency).returns(T::Array[T::Hash[Symbol, T.untyped]]) }
-        def updated_requirements(dep)
-          @updated_requirements ||= T.let({}, T.nilable(T::Hash[String, T::Array[T::Hash[Symbol, T.untyped]]]))
-          @updated_requirements[dep.name] ||=
-            RequirementsUpdater.new(
-              requirements: dep.requirements,
-              latest_version: target_version,
-              source_details: source_details
-            ).updated_requirements
-        end
-      end
-    end
-  end
-end