RubyGems - dependabot-nuget - Versions diffs - 0.289.0 → 0.291.0 - Mend

dependabot-nuget 0.289.0 → 0.291.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (97) hide show

data/lib/dependabot/nuget/update_checker/nuspec_fetcher.rb DELETED Viewed

@@ -1,110 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-require "nokogiri"
-require "stringio"
-require "sorbet-runtime"
-require "zip"
-module Dependabot
-  module Nuget
-    class NuspecFetcher
-      extend T::Sig
-      require_relative "nupkg_fetcher"
-      require_relative "repository_finder"
-      sig do
-        params(
-          dependency_urls: T::Array[T::Hash[Symbol, String]],
-          package_id: String,
-          package_version: T.nilable(String)
-        )
-          .returns(T.nilable(Nokogiri::XML::Document))
-      end
-      def self.fetch_nuspec(dependency_urls, package_id, package_version)
-        # check all repositories for the first one that has the nuspec
-        dependency_urls.reduce(T.let(nil, T.nilable(Nokogiri::XML::Document))) do |nuspec_xml, repository_details|
-          nuspec_xml || fetch_nuspec_from_repository(repository_details, package_id, package_version)
-        end
-      end
-      sig do
-        params(
-          repository_details: T::Hash[Symbol, T.untyped],
-          package_id: T.nilable(String),
-          package_version: T.nilable(String)
-        )
-          .returns(T.nilable(Nokogiri::XML::Document))
-      end
-      def self.fetch_nuspec_from_repository(repository_details, package_id, package_version)
-        return unless package_id && package_version && !package_version.empty?
-        feed_url = repository_details[:repository_url]
-        auth_header = repository_details[:auth_header]
-        nuspec_xml = nil
-        if feed_supports_nuspec_download?(feed_url)
-          # we can use the normal nuget apis to get the nuspec and list out the dependencies
-          base_url = repository_details[:base_url].delete_suffix("/")
-          package_id_downcased = package_id.downcase
-          nuspec_url = "#{base_url}/#{package_id_downcased}/#{package_version}/#{package_id_downcased}.nuspec"
-          nuspec_response = Dependabot::RegistryClient.get(
-            url: nuspec_url,
-            headers: auth_header
-          )
-          return unless nuspec_response.status == 200
-          nuspec_response_body = remove_invalid_characters(nuspec_response.body)
-          nuspec_xml = Nokogiri::XML(nuspec_response_body)
-        else
-          # no guarantee we can directly query the .nuspec; fall back to extracting it from the .nupkg
-          package_data = NupkgFetcher.fetch_nupkg_buffer_from_repository(repository_details, package_id,
-                                                                         package_version)
-          return if package_data.nil?
-          nuspec_string = extract_nuspec(package_data, package_id)
-          nuspec_xml = Nokogiri::XML(nuspec_string)
-        end
-        nuspec_xml.remove_namespaces!
-        nuspec_xml
-      end
-      sig { params(feed_url: String).returns(T::Boolean) }
-      def self.feed_supports_nuspec_download?(feed_url)
-        feed_regexs = [
-          # nuget
-          %r{https://api\.nuget\.org/v3/index\.json},
-          # azure devops
-          %r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/(?<project>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json},
-          %r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)},
-          %r{https://(?<organization>[^\.\/]+)\.pkgs\.visualstudio\.com/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)}
-        ]
-        feed_regexs.any? { |reg| reg.match(feed_url) }
-      end
-      sig { params(zip_stream: String, package_id: String).returns(T.nilable(String)) }
-      def self.extract_nuspec(zip_stream, package_id)
-        Zip::File.open_buffer(zip_stream) do |zip|
-          nuspec_entry = zip.find { |entry| entry.name == "#{package_id}.nuspec" }
-          return nuspec_entry.get_input_stream.read if nuspec_entry
-        end
-        nil
-      end
-      sig { params(string: String).returns(String) }
-      def self.remove_invalid_characters(string)
-        string.dup
-              .force_encoding(Encoding::UTF_8)
-              .encode
-              .scrub("")
-              .gsub(/\A[\u200B-\u200D\uFEFF]/, "")
-              .gsub(/[\u200B-\u200D\uFEFF]\Z/, "")
-      end
-    end
-  end
-end

data/lib/dependabot/nuget/update_checker/property_updater.rb DELETED Viewed

@@ -1,196 +0,0 @@
-# typed: strict
-# frozen_string_literal: true
-require "sorbet-runtime"
-require "dependabot/update_checkers/base"
-require "dependabot/nuget/file_parser"
-module Dependabot
-  module Nuget
-    class UpdateChecker < Dependabot::UpdateCheckers::Base
-      class PropertyUpdater
-        extend T::Sig
-        require_relative "version_finder"
-        require_relative "requirements_updater"
-        require_relative "dependency_finder"
-        sig do
-          params(
-            dependency: Dependabot::Dependency,
-            dependency_files: T::Array[Dependabot::DependencyFile],
-            credentials: T::Array[Dependabot::Credential],
-            target_version_details: T.nilable(T::Hash[Symbol, String]),
-            ignored_versions: T::Array[String],
-            repo_contents_path: T.nilable(String),
-            raise_on_ignored: T::Boolean
-          ).void
-        end
-        def initialize(dependency:, dependency_files:, credentials:,
-                       target_version_details:, ignored_versions:,
-                       repo_contents_path:, raise_on_ignored: false)
-          @dependency       = dependency
-          @dependency_files = dependency_files
-          @credentials      = credentials
-          @ignored_versions = ignored_versions
-          @raise_on_ignored = raise_on_ignored
-          @target_version   = T.let(
-            target_version_details&.fetch(:version),
-            T.nilable(T.any(String, Dependabot::Nuget::Version))
-          )
-          @source_details = T.let(
-            target_version_details&.slice(:nuspec_url, :repo_url, :source_url),
-            T.nilable(T::Hash[Symbol, String])
-          )
-          @repo_contents_path = repo_contents_path
-        end
-        sig { returns(T::Boolean) }
-        def update_possible?
-          return false unless target_version
-          @update_possible ||= T.let(
-            dependencies_using_property.all? do |dep|
-              versions = VersionFinder.new(
-                dependency: dep,
-                dependency_files: dependency_files,
-                credentials: credentials,
-                ignored_versions: ignored_versions,
-                raise_on_ignored: @raise_on_ignored,
-                security_advisories: [],
-                repo_contents_path: repo_contents_path
-              ).versions.map { |v| v.fetch(:version) }
-              versions.include?(target_version) || versions.none?
-            end,
-            T.nilable(T::Boolean)
-          )
-        end
-        sig { returns(T::Array[Dependabot::Dependency]) }
-        def updated_dependencies
-          raise "Update not possible!" unless update_possible?
-          @updated_dependencies ||= T.let(
-            begin
-              dependencies = T.let({}, T::Hash[String, Dependabot::Dependency])
-              dependencies_using_property.each do |dep|
-                # Only keep one copy of each dependency, the one with the highest target version.
-                visited_dependency = dependencies[dep.name.downcase]
-                next unless visited_dependency.nil? || T.must(visited_dependency.numeric_version) < target_version
-                updated_dependency = Dependency.new(
-                  name: dep.name,
-                  version: target_version.to_s,
-                  requirements: updated_requirements(dep),
-                  previous_version: dep.version,
-                  previous_requirements: dep.requirements,
-                  package_manager: dep.package_manager
-                )
-                dependencies[updated_dependency.name.downcase] = updated_dependency
-                # Add peer dependencies to the list of updated dependencies.
-                process_updated_peer_dependencies(updated_dependency, dependencies)
-              end
-              dependencies.map { |_, dependency| dependency }
-            end,
-            T.nilable(T::Array[Dependabot::Dependency])
-          )
-        end
-        private
-        sig { returns(Dependabot::Dependency) }
-        attr_reader :dependency
-        sig { returns(T::Array[Dependabot::DependencyFile]) }
-        attr_reader :dependency_files
-        sig { returns(T.nilable(T.any(String, Dependabot::Nuget::Version))) }
-        attr_reader :target_version
-        sig { returns(T.nilable(T::Hash[Symbol, String])) }
-        attr_reader :source_details
-        sig { returns(T::Array[Dependabot::Credential]) }
-        attr_reader :credentials
-        sig { returns(T::Array[String]) }
-        attr_reader :ignored_versions
-        sig { returns(T.nilable(String)) }
-        attr_reader :repo_contents_path
-        sig do
-          params(
-            dependency: Dependabot::Dependency,
-            dependencies: T::Hash[String, Dependabot::Dependency]
-          )
-            .returns(T::Array[Dependabot::Dependency])
-        end
-        def process_updated_peer_dependencies(dependency, dependencies)
-          DependencyFinder.new(
-            dependency: dependency,
-            dependency_files: dependency_files,
-            ignored_versions: ignored_versions,
-            credentials: credentials,
-            repo_contents_path: repo_contents_path
-          ).updated_peer_dependencies.each do |peer_dependency|
-            # Only keep one copy of each dependency, the one with the highest target version.
-            visited_dependency = dependencies[peer_dependency.name.downcase]
-            unless visited_dependency.nil? ||
-                   T.must(visited_dependency.numeric_version) < peer_dependency.numeric_version
-              next
-            end
-            dependencies[peer_dependency.name.downcase] = peer_dependency
-          end
-        end
-        sig { returns(T::Array[Dependabot::Dependency]) }
-        def dependencies_using_property
-          @dependencies_using_property ||=
-            T.let(
-              Nuget::FileParser.new(
-                dependency_files: dependency_files,
-                repo_contents_path: repo_contents_path,
-                source: nil
-              ).parse.select do |dep|
-                dep.requirements.any? do |r|
-                  r.dig(:metadata, :property_name) == property_name
-                end
-              end,
-              T.nilable(T::Array[Dependabot::Dependency])
-            )
-        end
-        sig { returns(String) }
-        def property_name
-          @property_name ||= T.let(
-            dependency.requirements
-              .find { |r| r.dig(:metadata, :property_name) }
-              &.dig(:metadata, :property_name),
-            T.nilable(String)
-          )
-          raise "No requirement with a property name!" unless @property_name
-          @property_name
-        end
-        sig { params(dep: Dependabot::Dependency).returns(T::Array[T::Hash[Symbol, T.untyped]]) }
-        def updated_requirements(dep)
-          @updated_requirements ||= T.let({}, T.nilable(T::Hash[String, T::Array[T::Hash[Symbol, T.untyped]]]))
-          @updated_requirements[dep.name] ||=
-            RequirementsUpdater.new(
-              requirements: dep.requirements,
-              latest_version: target_version,
-              source_details: source_details
-            ).updated_requirements
-        end
-      end
-    end
-  end
-end