dependabot-nuget 0.334.0 → 0.336.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/SdkProjectDiscovery.cs +15 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTestBase.cs +4 -2
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.cs +49 -0
- metadata +12 -12
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: ae7e221b443446fad04c540ccf1c387e23140d8f15713009f3c6cdca041ad3c8
|
|
4
|
+
data.tar.gz: 5bf10dd5fe3cece122ff6036c1bd3edec248bd3d7577cbb755f0a66b7bba1cf1
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 78e85cc21c5104c4437c43b3b8a2c5d365a3e57a84e88959daf909e3b76dc98cacdd4da2c0558f28609f05ebd5b7c97975e78546f6a2974056545fef47620411
|
|
7
|
+
data.tar.gz: a53e743e86f5b4830a19d58c610f40a3686bdf5d80b05a2d2eab062710a677ec09a8f9eaa2683667370b7d2e6f510983bfb89806adf5c79a3c3c0ae450e1fb58
|
|
@@ -635,6 +635,14 @@ internal static class SdkProjectDiscovery
|
|
|
635
635
|
|
|
636
636
|
if (doAddOperation)
|
|
637
637
|
{
|
|
638
|
+
var isImplicitlyDefined = GetChildMetadataBooleanValue(child, "IsImplicitlyDefined");
|
|
639
|
+
if (isImplicitlyDefined)
|
|
640
|
+
{
|
|
641
|
+
// packages with `IsImplicitlyDefined="true"` aren't to be treated as top-level packages and shouldn't be candidates for regular update operations
|
|
642
|
+
// they should still appear in the discovery list, though, so security jobs can update them as necessary
|
|
643
|
+
continue;
|
|
644
|
+
}
|
|
645
|
+
|
|
638
646
|
topLevelPackagesPerTfm.Add(packageName);
|
|
639
647
|
var packageVersion = GetChildMetadataValue(child, "Version");
|
|
640
648
|
if (packageVersion is not null)
|
|
@@ -727,6 +735,13 @@ internal static class SdkProjectDiscovery
|
|
|
727
735
|
return metadataValue;
|
|
728
736
|
}
|
|
729
737
|
|
|
738
|
+
private static bool GetChildMetadataBooleanValue(TreeNode node, string metadataItemName)
|
|
739
|
+
{
|
|
740
|
+
var metadataString = GetChildMetadataValue(node, metadataItemName);
|
|
741
|
+
var metadataBooleanValue = bool.TryParse(metadataString, out var parsedMetadataValue) && parsedMetadataValue;
|
|
742
|
+
return metadataBooleanValue;
|
|
743
|
+
}
|
|
744
|
+
|
|
730
745
|
private static ProjectEvaluation? GetNearestProjectEvaluation(BaseNode node)
|
|
731
746
|
{
|
|
732
747
|
// we need to find the containing project evaluation
|
|
@@ -20,15 +20,17 @@ public class DiscoveryWorkerTestBase : TestBase
|
|
|
20
20
|
ExpectedWorkspaceDiscoveryResult expectedResult,
|
|
21
21
|
MockNuGetPackage[]? packages = null,
|
|
22
22
|
bool includeCommonPackages = true,
|
|
23
|
-
ExperimentsManager? experimentsManager = null
|
|
23
|
+
ExperimentsManager? experimentsManager = null,
|
|
24
|
+
string? repoContentsPath = null)
|
|
24
25
|
{
|
|
25
26
|
experimentsManager ??= new ExperimentsManager();
|
|
26
27
|
var actualResult = await RunDiscoveryAsync(files, async directoryPath =>
|
|
27
28
|
{
|
|
28
29
|
await UpdateWorkerTestBase.MockNuGetPackagesInDirectory(packages, directoryPath, includeCommonPackages: includeCommonPackages);
|
|
29
30
|
|
|
31
|
+
repoContentsPath ??= directoryPath;
|
|
30
32
|
var worker = new DiscoveryWorker("TEST-JOB-ID", experimentsManager, new TestLogger());
|
|
31
|
-
var result = await worker.RunWithErrorHandlingAsync(
|
|
33
|
+
var result = await worker.RunWithErrorHandlingAsync(repoContentsPath, workspacePath);
|
|
32
34
|
return result;
|
|
33
35
|
});
|
|
34
36
|
|
|
@@ -1462,4 +1462,53 @@ public partial class DiscoveryWorkerTests : DiscoveryWorkerTestBase
|
|
|
1462
1462
|
}
|
|
1463
1463
|
);
|
|
1464
1464
|
}
|
|
1465
|
+
|
|
1466
|
+
[Fact]
|
|
1467
|
+
public async Task ImplicitlyDefinedPackagesAreMarkedAsIndirect()
|
|
1468
|
+
{
|
|
1469
|
+
// packages auto-added by the SDK have extra metadata IsImplicitlyDefined=true, but for the sake of a unit test we can fake it
|
|
1470
|
+
await TestDiscoveryAsync(
|
|
1471
|
+
packages: [
|
|
1472
|
+
MockNuGetPackage.CreateSimplePackage("Package.A", "1.0.0", "net9.0"),
|
|
1473
|
+
MockNuGetPackage.CreateSimplePackage("Package.B", "2.0.0", "net9.0"),
|
|
1474
|
+
],
|
|
1475
|
+
workspacePath: "src",
|
|
1476
|
+
files: [
|
|
1477
|
+
("src/project.csproj", """
|
|
1478
|
+
<Project Sdk="Microsoft.NET.Sdk">
|
|
1479
|
+
<PropertyGroup>
|
|
1480
|
+
<TargetFramework>net9.0</TargetFramework>
|
|
1481
|
+
</PropertyGroup>
|
|
1482
|
+
<ItemGroup>
|
|
1483
|
+
<PackageReference Include="Package.A" Version="1.0.0" />
|
|
1484
|
+
|
|
1485
|
+
<!-- this package fakes the IsImplicitlyDefined metadata to appear like it came from the SDK -->
|
|
1486
|
+
<PackageReference Include="Package.B" Version="2.0.0" IsImplicitlyDefined="true" />
|
|
1487
|
+
</ItemGroup>
|
|
1488
|
+
</Project>
|
|
1489
|
+
""")
|
|
1490
|
+
],
|
|
1491
|
+
expectedResult: new()
|
|
1492
|
+
{
|
|
1493
|
+
Path = "src",
|
|
1494
|
+
Projects = [
|
|
1495
|
+
new()
|
|
1496
|
+
{
|
|
1497
|
+
FilePath = "project.csproj",
|
|
1498
|
+
TargetFrameworks = ["net9.0"],
|
|
1499
|
+
Dependencies = [
|
|
1500
|
+
new("Package.A", "1.0.0", DependencyType.PackageReference, TargetFrameworks: ["net9.0"], IsDirect: true),
|
|
1501
|
+
new("Package.B", "2.0.0", DependencyType.Unknown, TargetFrameworks: ["net9.0"], IsDirect: false, IsTransitive: true),
|
|
1502
|
+
],
|
|
1503
|
+
Properties = [
|
|
1504
|
+
new("TargetFramework", "net9.0", "src/project.csproj"),
|
|
1505
|
+
],
|
|
1506
|
+
ReferencedProjectPaths = [],
|
|
1507
|
+
ImportedFiles = [],
|
|
1508
|
+
AdditionalFiles = [],
|
|
1509
|
+
}
|
|
1510
|
+
]
|
|
1511
|
+
}
|
|
1512
|
+
);
|
|
1513
|
+
}
|
|
1465
1514
|
}
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-nuget
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.336.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
@@ -15,14 +15,14 @@ dependencies:
|
|
|
15
15
|
requirements:
|
|
16
16
|
- - '='
|
|
17
17
|
- !ruby/object:Gem::Version
|
|
18
|
-
version: 0.
|
|
18
|
+
version: 0.336.0
|
|
19
19
|
type: :runtime
|
|
20
20
|
prerelease: false
|
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
|
22
22
|
requirements:
|
|
23
23
|
- - '='
|
|
24
24
|
- !ruby/object:Gem::Version
|
|
25
|
-
version: 0.
|
|
25
|
+
version: 0.336.0
|
|
26
26
|
- !ruby/object:Gem::Dependency
|
|
27
27
|
name: debug
|
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -113,56 +113,56 @@ dependencies:
|
|
|
113
113
|
requirements:
|
|
114
114
|
- - "~>"
|
|
115
115
|
- !ruby/object:Gem::Version
|
|
116
|
-
version: '1.
|
|
116
|
+
version: '1.80'
|
|
117
117
|
type: :development
|
|
118
118
|
prerelease: false
|
|
119
119
|
version_requirements: !ruby/object:Gem::Requirement
|
|
120
120
|
requirements:
|
|
121
121
|
- - "~>"
|
|
122
122
|
- !ruby/object:Gem::Version
|
|
123
|
-
version: '1.
|
|
123
|
+
version: '1.80'
|
|
124
124
|
- !ruby/object:Gem::Dependency
|
|
125
125
|
name: rubocop-performance
|
|
126
126
|
requirement: !ruby/object:Gem::Requirement
|
|
127
127
|
requirements:
|
|
128
128
|
- - "~>"
|
|
129
129
|
- !ruby/object:Gem::Version
|
|
130
|
-
version: '1.
|
|
130
|
+
version: '1.26'
|
|
131
131
|
type: :development
|
|
132
132
|
prerelease: false
|
|
133
133
|
version_requirements: !ruby/object:Gem::Requirement
|
|
134
134
|
requirements:
|
|
135
135
|
- - "~>"
|
|
136
136
|
- !ruby/object:Gem::Version
|
|
137
|
-
version: '1.
|
|
137
|
+
version: '1.26'
|
|
138
138
|
- !ruby/object:Gem::Dependency
|
|
139
139
|
name: rubocop-rspec
|
|
140
140
|
requirement: !ruby/object:Gem::Requirement
|
|
141
141
|
requirements:
|
|
142
142
|
- - "~>"
|
|
143
143
|
- !ruby/object:Gem::Version
|
|
144
|
-
version: '
|
|
144
|
+
version: '3.7'
|
|
145
145
|
type: :development
|
|
146
146
|
prerelease: false
|
|
147
147
|
version_requirements: !ruby/object:Gem::Requirement
|
|
148
148
|
requirements:
|
|
149
149
|
- - "~>"
|
|
150
150
|
- !ruby/object:Gem::Version
|
|
151
|
-
version: '
|
|
151
|
+
version: '3.7'
|
|
152
152
|
- !ruby/object:Gem::Dependency
|
|
153
153
|
name: rubocop-sorbet
|
|
154
154
|
requirement: !ruby/object:Gem::Requirement
|
|
155
155
|
requirements:
|
|
156
156
|
- - "~>"
|
|
157
157
|
- !ruby/object:Gem::Version
|
|
158
|
-
version: '0.
|
|
158
|
+
version: '0.10'
|
|
159
159
|
type: :development
|
|
160
160
|
prerelease: false
|
|
161
161
|
version_requirements: !ruby/object:Gem::Requirement
|
|
162
162
|
requirements:
|
|
163
163
|
- - "~>"
|
|
164
164
|
- !ruby/object:Gem::Version
|
|
165
|
-
version: '0.
|
|
165
|
+
version: '0.10'
|
|
166
166
|
- !ruby/object:Gem::Dependency
|
|
167
167
|
name: simplecov
|
|
168
168
|
requirement: !ruby/object:Gem::Requirement
|
|
@@ -551,7 +551,7 @@ licenses:
|
|
|
551
551
|
- MIT
|
|
552
552
|
metadata:
|
|
553
553
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
|
554
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
|
554
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.336.0
|
|
555
555
|
rdoc_options: []
|
|
556
556
|
require_paths:
|
|
557
557
|
- lib
|