dependabot-nuget 0.290.0 → 0.291.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Cli.Test/EntryPointTests.Update.cs +1 -1
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/AnalyzeWorker.cs +3 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/DependencyFinder.cs +2 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/DiscoveryWorker.cs +44 -5
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/PackagesConfigDiscovery.cs +2 -2
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/ProjectDiscoveryResult.cs +2 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/SdkProjectDiscovery.cs +19 -11
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/ErrorType.cs +1 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/ExperimentsManager.cs +3 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/LockFileUpdater.cs +3 -2
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/PackageReferenceUpdater.cs +43 -18
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/UpdaterWorker.cs +1 -1
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs +40 -14
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/NuGetHelper.cs +2 -2
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/ProcessExtensions.cs +45 -7
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.cs +41 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/ExpectedDiscoveryResults.cs +1 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/SdkProjectDiscoveryTests.cs +1 -1
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/MockNuGetPackage.cs +2 -1
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs +246 -60
- data/lib/dependabot/nuget/file_fetcher.rb +1 -0
- data/lib/dependabot/nuget/file_parser.rb +90 -0
- data/lib/dependabot/nuget/language.rb +82 -0
- data/lib/dependabot/nuget/native_helpers.rb +23 -0
- data/lib/dependabot/nuget/package_manager.rb +51 -0
- metadata +7 -5
@@ -7,6 +7,8 @@ require "dependabot/file_parsers/base"
|
|
7
7
|
require "dependabot/nuget/discovery/discovery_json_reader"
|
8
8
|
require "dependabot/nuget/native_helpers"
|
9
9
|
require "sorbet-runtime"
|
10
|
+
require "dependabot/nuget/package_manager"
|
11
|
+
require "dependabot/nuget/language"
|
10
12
|
|
11
13
|
# For details on how dotnet handles version constraints, see:
|
12
14
|
# https://docs.microsoft.com/en-us/nuget/reference/package-versioning
|
@@ -22,11 +24,40 @@ module Dependabot
|
|
22
24
|
dependencies
|
23
25
|
end
|
24
26
|
|
27
|
+
sig { returns(Ecosystem) }
|
28
|
+
def ecosystem
|
29
|
+
@ecosystem ||= T.let(
|
30
|
+
Ecosystem.new(
|
31
|
+
name: ECOSYSTEM,
|
32
|
+
package_manager: package_manager,
|
33
|
+
language: language
|
34
|
+
),
|
35
|
+
T.nilable(Ecosystem)
|
36
|
+
)
|
37
|
+
end
|
38
|
+
|
25
39
|
private
|
26
40
|
|
41
|
+
sig { returns(T.nilable(T::Array[String])) }
|
42
|
+
def content_json
|
43
|
+
@content_json ||= T.let(begin
|
44
|
+
directory = source&.directory || "/"
|
45
|
+
discovery_json_reader = DiscoveryJsonReader.run_discovery_in_directory(
|
46
|
+
repo_contents_path: T.must(repo_contents_path),
|
47
|
+
directory: directory,
|
48
|
+
credentials: credentials
|
49
|
+
)
|
50
|
+
|
51
|
+
discovery_json_reader.workspace_discovery&.projects&.map do |framework|
|
52
|
+
T.let(framework.instance_variable_get(:@target_frameworks), T::Array[String]).compact.join(",")
|
53
|
+
end
|
54
|
+
end, T.nilable(T::Array[String]))
|
55
|
+
end
|
56
|
+
|
27
57
|
sig { returns(T::Array[Dependabot::Dependency]) }
|
28
58
|
def dependencies
|
29
59
|
@dependencies ||= T.let(begin
|
60
|
+
NativeHelpers.install_dotnet_sdks
|
30
61
|
directory = source&.directory || "/"
|
31
62
|
discovery_json_reader = DiscoveryJsonReader.run_discovery_in_directory(
|
32
63
|
repo_contents_path: T.must(repo_contents_path),
|
@@ -53,6 +84,65 @@ module Dependabot
|
|
53
84
|
"No project file."
|
54
85
|
)
|
55
86
|
end
|
87
|
+
|
88
|
+
sig { returns(T.nilable(Ecosystem::VersionManager)) }
|
89
|
+
def language
|
90
|
+
# Historically new version of language is released with incremental update of
|
91
|
+
# .Net version, so we tie the language with framework version for metric collection
|
92
|
+
|
93
|
+
nomenclature = "#{language_type} #{framework_version&.join(',')}".strip.tr(" ", "-")
|
94
|
+
|
95
|
+
Dependabot.logger.info("Detected language and framework #{nomenclature}")
|
96
|
+
|
97
|
+
case language_type
|
98
|
+
|
99
|
+
when CSharpLanguage::TYPE
|
100
|
+
CSharpLanguage.new(nomenclature)
|
101
|
+
|
102
|
+
when VBLanguage::TYPE
|
103
|
+
VBLanguage.new(nomenclature)
|
104
|
+
|
105
|
+
when FSharpLanguage::TYPE
|
106
|
+
FSharpLanguage.new(nomenclature)
|
107
|
+
|
108
|
+
when DotNet::TYPE
|
109
|
+
DotNet.new(nomenclature)
|
110
|
+
|
111
|
+
end
|
112
|
+
end
|
113
|
+
|
114
|
+
sig { returns(T.nilable(T::Array[String])) }
|
115
|
+
def framework_version
|
116
|
+
content_json
|
117
|
+
rescue StandardError
|
118
|
+
nil
|
119
|
+
end
|
120
|
+
|
121
|
+
sig { returns(T.nilable(String)) }
|
122
|
+
def language_type
|
123
|
+
requirement_files = dependencies.flat_map do |dep|
|
124
|
+
dep.requirements.map { |r| T.let(r.fetch(:file), String) }
|
125
|
+
end.uniq
|
126
|
+
|
127
|
+
return "cs" if requirement_files.any? { |f| File.basename(f).match?(/\.csproj$/) }
|
128
|
+
return "vb" if requirement_files.any? { |f| File.basename(f).match?(/\.vbproj$/) }
|
129
|
+
return "fs" if requirement_files.any? { |f| File.basename(f).match?(/\.fsproj$/) }
|
130
|
+
|
131
|
+
# return a fallback to avoid falling to exception
|
132
|
+
"dotnet"
|
133
|
+
end
|
134
|
+
|
135
|
+
sig { returns(Ecosystem::VersionManager) }
|
136
|
+
def package_manager
|
137
|
+
NugetPackageManager.new(T.must(nuget_version))
|
138
|
+
end
|
139
|
+
|
140
|
+
sig { returns(T.nilable(String)) }
|
141
|
+
def nuget_version
|
142
|
+
SharedHelpers.run_shell_command("dotnet nuget --version").split("Command Line").last&.strip
|
143
|
+
rescue StandardError
|
144
|
+
nil
|
145
|
+
end
|
56
146
|
end
|
57
147
|
end
|
58
148
|
end
|
@@ -0,0 +1,82 @@
|
|
1
|
+
# typed: strong
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require "sorbet-runtime"
|
5
|
+
require "dependabot/nuget/version"
|
6
|
+
require "dependabot/ecosystem"
|
7
|
+
|
8
|
+
module Dependabot
|
9
|
+
module Nuget
|
10
|
+
class Language < Dependabot::Ecosystem::VersionManager
|
11
|
+
extend T::Sig
|
12
|
+
|
13
|
+
sig { params(language: String, raw_version: String, requirement: T.nilable(Requirement)).void }
|
14
|
+
def initialize(language, raw_version, requirement = nil)
|
15
|
+
super(language, Version.new(raw_version), [], [], requirement)
|
16
|
+
end
|
17
|
+
end
|
18
|
+
|
19
|
+
class CSharpLanguage < Dependabot::Ecosystem::VersionManager
|
20
|
+
extend T::Sig
|
21
|
+
|
22
|
+
LANGUAGE = "CSharp"
|
23
|
+
TYPE = "cs"
|
24
|
+
|
25
|
+
SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
26
|
+
|
27
|
+
DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
28
|
+
|
29
|
+
sig { params(language: String, requirement: T.nilable(Requirement)).void }
|
30
|
+
def initialize(language, requirement = nil)
|
31
|
+
super(language, Version.new(nil), [], [], requirement)
|
32
|
+
end
|
33
|
+
end
|
34
|
+
|
35
|
+
class VBLanguage < Dependabot::Ecosystem::VersionManager
|
36
|
+
extend T::Sig
|
37
|
+
|
38
|
+
LANGUAGE = "VB"
|
39
|
+
TYPE = "vb"
|
40
|
+
|
41
|
+
SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
42
|
+
|
43
|
+
DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
44
|
+
|
45
|
+
sig { params(language: String, requirement: T.nilable(Requirement)).void }
|
46
|
+
def initialize(language, requirement = nil)
|
47
|
+
super(language, Version.new(nil), [], [], requirement)
|
48
|
+
end
|
49
|
+
end
|
50
|
+
|
51
|
+
class FSharpLanguage < Dependabot::Ecosystem::VersionManager
|
52
|
+
extend T::Sig
|
53
|
+
|
54
|
+
LANGUAGE = "FSharp"
|
55
|
+
TYPE = "fs"
|
56
|
+
|
57
|
+
SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
58
|
+
|
59
|
+
DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
60
|
+
|
61
|
+
sig { params(language: String, requirement: T.nilable(Requirement)).void }
|
62
|
+
def initialize(language, requirement = nil)
|
63
|
+
super(language, Version.new(nil), [], [], requirement)
|
64
|
+
end
|
65
|
+
end
|
66
|
+
|
67
|
+
class DotNet < Dependabot::Ecosystem::VersionManager
|
68
|
+
extend T::Sig
|
69
|
+
|
70
|
+
TYPE = "dotnet"
|
71
|
+
|
72
|
+
SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
73
|
+
|
74
|
+
DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
75
|
+
|
76
|
+
sig { params(language: String, requirement: T.nilable(Requirement)).void }
|
77
|
+
def initialize(language, requirement = nil)
|
78
|
+
super(language, Version.new(nil), [], [], requirement)
|
79
|
+
end
|
80
|
+
end
|
81
|
+
end
|
82
|
+
end
|
@@ -269,6 +269,27 @@ module Dependabot
|
|
269
269
|
end
|
270
270
|
end
|
271
271
|
|
272
|
+
sig { void }
|
273
|
+
def self.install_dotnet_sdks
|
274
|
+
return unless Dependabot::Experiments.enabled?(:nuget_install_dotnet_sdks)
|
275
|
+
|
276
|
+
# environment variables are required and the following will generate an actionable error message if they're not
|
277
|
+
_dependabot_job_path = ENV.fetch("DEPENDABOT_JOB_PATH")
|
278
|
+
_dependabot_repo_contents_path = ENV.fetch("DEPENDABOT_REPO_CONTENTS_PATH")
|
279
|
+
_dotnet_install_script_path = ENV.fetch("DOTNET_INSTALL_SCRIPT_PATH")
|
280
|
+
_dotnet_install_dir = ENV.fetch("DOTNET_INSTALL_DIR")
|
281
|
+
|
282
|
+
# this environment variable is directly used
|
283
|
+
dependabot_home = ENV.fetch("DEPENDABOT_HOME")
|
284
|
+
|
285
|
+
command = [
|
286
|
+
"pwsh",
|
287
|
+
"#{dependabot_home}/dependabot-updater/bin/install-sdks.ps1"
|
288
|
+
].join(" ")
|
289
|
+
output = SharedHelpers.run_shell_command(command)
|
290
|
+
puts output
|
291
|
+
end
|
292
|
+
|
272
293
|
sig { params(json: T::Hash[String, T.untyped]).void }
|
273
294
|
def self.ensure_no_errors(json)
|
274
295
|
error_type = T.let(json.fetch("ErrorType", nil), T.nilable(String))
|
@@ -276,6 +297,8 @@ module Dependabot
|
|
276
297
|
case error_type
|
277
298
|
when "None", nil
|
278
299
|
# no issue
|
300
|
+
when "DependencyFileNotParseable"
|
301
|
+
raise DependencyFileNotParseable, T.must(T.let(error_details, T.nilable(String)))
|
279
302
|
when "AuthenticationFailure"
|
280
303
|
raise PrivateSourceAuthenticationFailure, T.let(error_details, T.nilable(String))
|
281
304
|
when "MissingFile"
|
@@ -0,0 +1,51 @@
|
|
1
|
+
# typed: strong
|
2
|
+
# frozen_string_literal: true
|
3
|
+
|
4
|
+
require "sorbet-runtime"
|
5
|
+
require "dependabot/nuget/version"
|
6
|
+
require "dependabot/ecosystem"
|
7
|
+
require "dependabot/nuget/requirement"
|
8
|
+
|
9
|
+
module Dependabot
|
10
|
+
module Nuget
|
11
|
+
ECOSYSTEM = "dotnet"
|
12
|
+
|
13
|
+
SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
14
|
+
|
15
|
+
DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
16
|
+
|
17
|
+
class NugetPackageManager < Dependabot::Ecosystem::VersionManager
|
18
|
+
extend T::Sig
|
19
|
+
|
20
|
+
NAME = "nuget"
|
21
|
+
|
22
|
+
SUPPORTED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
23
|
+
|
24
|
+
DEPRECATED_VERSIONS = T.let([].freeze, T::Array[Dependabot::Version])
|
25
|
+
|
26
|
+
sig do
|
27
|
+
params(
|
28
|
+
raw_version: T.nilable(String)
|
29
|
+
).void
|
30
|
+
end
|
31
|
+
def initialize(raw_version)
|
32
|
+
super(
|
33
|
+
NAME,
|
34
|
+
Version.new(raw_version),
|
35
|
+
SUPPORTED_VERSIONS,
|
36
|
+
DEPRECATED_VERSIONS
|
37
|
+
)
|
38
|
+
end
|
39
|
+
|
40
|
+
sig { override.returns(T::Boolean) }
|
41
|
+
def deprecated?
|
42
|
+
false
|
43
|
+
end
|
44
|
+
|
45
|
+
sig { override.returns(T::Boolean) }
|
46
|
+
def unsupported?
|
47
|
+
false
|
48
|
+
end
|
49
|
+
end
|
50
|
+
end
|
51
|
+
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-nuget
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.291.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-12-
|
11
|
+
date: 2024-12-19 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.291.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.291.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rubyzip
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -491,9 +491,11 @@ files:
|
|
491
491
|
- lib/dependabot/nuget/file_fetcher.rb
|
492
492
|
- lib/dependabot/nuget/file_parser.rb
|
493
493
|
- lib/dependabot/nuget/file_updater.rb
|
494
|
+
- lib/dependabot/nuget/language.rb
|
494
495
|
- lib/dependabot/nuget/metadata_finder.rb
|
495
496
|
- lib/dependabot/nuget/native_helpers.rb
|
496
497
|
- lib/dependabot/nuget/nuget_config_credential_helpers.rb
|
498
|
+
- lib/dependabot/nuget/package_manager.rb
|
497
499
|
- lib/dependabot/nuget/requirement.rb
|
498
500
|
- lib/dependabot/nuget/update_checker.rb
|
499
501
|
- lib/dependabot/nuget/update_checker/requirements_updater.rb
|
@@ -503,7 +505,7 @@ licenses:
|
|
503
505
|
- MIT
|
504
506
|
metadata:
|
505
507
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
506
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
508
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.291.0
|
507
509
|
post_install_message:
|
508
510
|
rdoc_options: []
|
509
511
|
require_paths:
|