dependabot-nuget 0.335.0 → 0.337.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/SdkProjectDiscovery.cs +15 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTestBase.cs +4 -2
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.cs +49 -0
- metadata +4 -4
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: b3834da603ac2d16ff1fc26047883d8847ffc755e78d0b1f6ee59eec0dfec2b4
|
4
|
+
data.tar.gz: 5bf10dd5fe3cece122ff6036c1bd3edec248bd3d7577cbb755f0a66b7bba1cf1
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 763c6cf7fc5c16c74141d9192b1e0efb20d4998b3572a16126ca07d7cadd870f1319c7baa6c4c15f7201b39f7bf9005277e0c5f606d3c8459b027e047a77fea4
|
7
|
+
data.tar.gz: a53e743e86f5b4830a19d58c610f40a3686bdf5d80b05a2d2eab062710a677ec09a8f9eaa2683667370b7d2e6f510983bfb89806adf5c79a3c3c0ae450e1fb58
|
@@ -635,6 +635,14 @@ internal static class SdkProjectDiscovery
|
|
635
635
|
|
636
636
|
if (doAddOperation)
|
637
637
|
{
|
638
|
+
var isImplicitlyDefined = GetChildMetadataBooleanValue(child, "IsImplicitlyDefined");
|
639
|
+
if (isImplicitlyDefined)
|
640
|
+
{
|
641
|
+
// packages with `IsImplicitlyDefined="true"` aren't to be treated as top-level packages and shouldn't be candidates for regular update operations
|
642
|
+
// they should still appear in the discovery list, though, so security jobs can update them as necessary
|
643
|
+
continue;
|
644
|
+
}
|
645
|
+
|
638
646
|
topLevelPackagesPerTfm.Add(packageName);
|
639
647
|
var packageVersion = GetChildMetadataValue(child, "Version");
|
640
648
|
if (packageVersion is not null)
|
@@ -727,6 +735,13 @@ internal static class SdkProjectDiscovery
|
|
727
735
|
return metadataValue;
|
728
736
|
}
|
729
737
|
|
738
|
+
private static bool GetChildMetadataBooleanValue(TreeNode node, string metadataItemName)
|
739
|
+
{
|
740
|
+
var metadataString = GetChildMetadataValue(node, metadataItemName);
|
741
|
+
var metadataBooleanValue = bool.TryParse(metadataString, out var parsedMetadataValue) && parsedMetadataValue;
|
742
|
+
return metadataBooleanValue;
|
743
|
+
}
|
744
|
+
|
730
745
|
private static ProjectEvaluation? GetNearestProjectEvaluation(BaseNode node)
|
731
746
|
{
|
732
747
|
// we need to find the containing project evaluation
|
@@ -20,15 +20,17 @@ public class DiscoveryWorkerTestBase : TestBase
|
|
20
20
|
ExpectedWorkspaceDiscoveryResult expectedResult,
|
21
21
|
MockNuGetPackage[]? packages = null,
|
22
22
|
bool includeCommonPackages = true,
|
23
|
-
ExperimentsManager? experimentsManager = null
|
23
|
+
ExperimentsManager? experimentsManager = null,
|
24
|
+
string? repoContentsPath = null)
|
24
25
|
{
|
25
26
|
experimentsManager ??= new ExperimentsManager();
|
26
27
|
var actualResult = await RunDiscoveryAsync(files, async directoryPath =>
|
27
28
|
{
|
28
29
|
await UpdateWorkerTestBase.MockNuGetPackagesInDirectory(packages, directoryPath, includeCommonPackages: includeCommonPackages);
|
29
30
|
|
31
|
+
repoContentsPath ??= directoryPath;
|
30
32
|
var worker = new DiscoveryWorker("TEST-JOB-ID", experimentsManager, new TestLogger());
|
31
|
-
var result = await worker.RunWithErrorHandlingAsync(
|
33
|
+
var result = await worker.RunWithErrorHandlingAsync(repoContentsPath, workspacePath);
|
32
34
|
return result;
|
33
35
|
});
|
34
36
|
|
@@ -1462,4 +1462,53 @@ public partial class DiscoveryWorkerTests : DiscoveryWorkerTestBase
|
|
1462
1462
|
}
|
1463
1463
|
);
|
1464
1464
|
}
|
1465
|
+
|
1466
|
+
[Fact]
|
1467
|
+
public async Task ImplicitlyDefinedPackagesAreMarkedAsIndirect()
|
1468
|
+
{
|
1469
|
+
// packages auto-added by the SDK have extra metadata IsImplicitlyDefined=true, but for the sake of a unit test we can fake it
|
1470
|
+
await TestDiscoveryAsync(
|
1471
|
+
packages: [
|
1472
|
+
MockNuGetPackage.CreateSimplePackage("Package.A", "1.0.0", "net9.0"),
|
1473
|
+
MockNuGetPackage.CreateSimplePackage("Package.B", "2.0.0", "net9.0"),
|
1474
|
+
],
|
1475
|
+
workspacePath: "src",
|
1476
|
+
files: [
|
1477
|
+
("src/project.csproj", """
|
1478
|
+
<Project Sdk="Microsoft.NET.Sdk">
|
1479
|
+
<PropertyGroup>
|
1480
|
+
<TargetFramework>net9.0</TargetFramework>
|
1481
|
+
</PropertyGroup>
|
1482
|
+
<ItemGroup>
|
1483
|
+
<PackageReference Include="Package.A" Version="1.0.0" />
|
1484
|
+
|
1485
|
+
<!-- this package fakes the IsImplicitlyDefined metadata to appear like it came from the SDK -->
|
1486
|
+
<PackageReference Include="Package.B" Version="2.0.0" IsImplicitlyDefined="true" />
|
1487
|
+
</ItemGroup>
|
1488
|
+
</Project>
|
1489
|
+
""")
|
1490
|
+
],
|
1491
|
+
expectedResult: new()
|
1492
|
+
{
|
1493
|
+
Path = "src",
|
1494
|
+
Projects = [
|
1495
|
+
new()
|
1496
|
+
{
|
1497
|
+
FilePath = "project.csproj",
|
1498
|
+
TargetFrameworks = ["net9.0"],
|
1499
|
+
Dependencies = [
|
1500
|
+
new("Package.A", "1.0.0", DependencyType.PackageReference, TargetFrameworks: ["net9.0"], IsDirect: true),
|
1501
|
+
new("Package.B", "2.0.0", DependencyType.Unknown, TargetFrameworks: ["net9.0"], IsDirect: false, IsTransitive: true),
|
1502
|
+
],
|
1503
|
+
Properties = [
|
1504
|
+
new("TargetFramework", "net9.0", "src/project.csproj"),
|
1505
|
+
],
|
1506
|
+
ReferencedProjectPaths = [],
|
1507
|
+
ImportedFiles = [],
|
1508
|
+
AdditionalFiles = [],
|
1509
|
+
}
|
1510
|
+
]
|
1511
|
+
}
|
1512
|
+
);
|
1513
|
+
}
|
1465
1514
|
}
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-nuget
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.337.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
@@ -15,14 +15,14 @@ dependencies:
|
|
15
15
|
requirements:
|
16
16
|
- - '='
|
17
17
|
- !ruby/object:Gem::Version
|
18
|
-
version: 0.
|
18
|
+
version: 0.337.0
|
19
19
|
type: :runtime
|
20
20
|
prerelease: false
|
21
21
|
version_requirements: !ruby/object:Gem::Requirement
|
22
22
|
requirements:
|
23
23
|
- - '='
|
24
24
|
- !ruby/object:Gem::Version
|
25
|
-
version: 0.
|
25
|
+
version: 0.337.0
|
26
26
|
- !ruby/object:Gem::Dependency
|
27
27
|
name: debug
|
28
28
|
requirement: !ruby/object:Gem::Requirement
|
@@ -551,7 +551,7 @@ licenses:
|
|
551
551
|
- MIT
|
552
552
|
metadata:
|
553
553
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
554
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
554
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.337.0
|
555
555
|
rdoc_options: []
|
556
556
|
require_paths:
|
557
557
|
- lib
|