dependabot-nuget 0.112.32 → 0.112.33
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/lib/dependabot/nuget/file_fetcher.rb +5 -0
- data/lib/dependabot/nuget/file_parser/project_file_parser.rb +9 -1
- data/lib/dependabot/nuget/file_parser/property_value_finder.rb +14 -0
- data/lib/dependabot/nuget/file_updater/project_file_declaration_finder.rb +13 -4
- data/lib/dependabot/nuget/file_updater.rb +2 -1
- metadata +4 -4
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: f037ef6001028c6e9f69bec4d3dd7cff65bb26ae13c6ae115ce16f9d0b187413
|
|
4
|
+
data.tar.gz: 7b813eb5a6782df9673c65161848b7bff28d54bc87e644679f11b9e47647ae35
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 3be5c7b988aa8d7dd38529c1cc0a5ccdae93c7e33552d7e3be9e83bc735939c95cd17052a71fe087281020053d050c3068b69cce6ababf70ae2b41a3fe2d431e
|
|
7
|
+
data.tar.gz: 1486b00f3f48b7a5ee1a9e3e1fcce48a1dfc9ca0e23124a5204467df04b0e58557c933d1d91a17a768e69381709b7d260d500c1443acd32a92709db9cfcf488c
|
|
@@ -32,6 +32,7 @@ module Dependabot
|
|
|
32
32
|
fetched_files += packages_config_files
|
|
33
33
|
fetched_files += nuget_config_files
|
|
34
34
|
fetched_files << global_json if global_json
|
|
35
|
+
fetched_files << packages_props if packages_props
|
|
35
36
|
|
|
36
37
|
fetched_files = fetched_files.uniq
|
|
37
38
|
|
|
@@ -216,6 +217,10 @@ module Dependabot
|
|
|
216
217
|
@global_json ||= fetch_file_if_present("global.json")
|
|
217
218
|
end
|
|
218
219
|
|
|
220
|
+
def packages_props
|
|
221
|
+
@packages_props ||= fetch_file_if_present("Packages.props")
|
|
222
|
+
end
|
|
223
|
+
|
|
219
224
|
def imported_property_files
|
|
220
225
|
imported_property_files = []
|
|
221
226
|
|
|
@@ -15,10 +15,12 @@ module Dependabot
|
|
|
15
15
|
require_relative "property_value_finder"
|
|
16
16
|
|
|
17
17
|
DEPENDENCY_SELECTOR = "ItemGroup > PackageReference, "\
|
|
18
|
+
"ItemGroup > GlobalPackageReference, "\
|
|
18
19
|
"ItemGroup > Dependency, "\
|
|
19
20
|
"ItemGroup > DevelopmentDependency"
|
|
20
21
|
|
|
21
22
|
PROPERTY_REGEX = /\$\((?<property>.*?)\)/.freeze
|
|
23
|
+
ITEM_REGEX = /\@\((?<property>.*?)\)/.freeze
|
|
22
24
|
|
|
23
25
|
def initialize(dependency_files:)
|
|
24
26
|
@dependency_files = dependency_files
|
|
@@ -79,9 +81,15 @@ module Dependabot
|
|
|
79
81
|
def dependency_name(dependency_node, project_file)
|
|
80
82
|
raw_name =
|
|
81
83
|
dependency_node.attribute("Include")&.value&.strip ||
|
|
82
|
-
dependency_node.at_xpath("./Include")&.content&.strip
|
|
84
|
+
dependency_node.at_xpath("./Include")&.content&.strip ||
|
|
85
|
+
dependency_node.attribute("Update")&.value&.strip ||
|
|
86
|
+
dependency_node.at_xpath("./Update")&.content&.strip
|
|
83
87
|
return unless raw_name
|
|
84
88
|
|
|
89
|
+
# If the item contains @(ItemGroup) then ignore as it
|
|
90
|
+
# updates a set of ItemGroup elements
|
|
91
|
+
return if raw_name.match?(ITEM_REGEX)
|
|
92
|
+
|
|
85
93
|
evaluated_value(raw_name, project_file)
|
|
86
94
|
end
|
|
87
95
|
|
|
@@ -37,6 +37,9 @@ module Dependabot
|
|
|
37
37
|
callsite_file: callsite_file
|
|
38
38
|
)
|
|
39
39
|
|
|
40
|
+
node_details ||=
|
|
41
|
+
find_property_in_packages_props(property: property_name)
|
|
42
|
+
|
|
40
43
|
return unless node_details
|
|
41
44
|
return node_details unless node_details[:value] =~ PROPERTY_REGEX
|
|
42
45
|
|
|
@@ -109,6 +112,13 @@ module Dependabot
|
|
|
109
112
|
deep_find_prop_node(property: property, file: file)
|
|
110
113
|
end
|
|
111
114
|
|
|
115
|
+
def find_property_in_packages_props(property:)
|
|
116
|
+
file = packages_props_file
|
|
117
|
+
return unless file
|
|
118
|
+
|
|
119
|
+
deep_find_prop_node(property: property, file: file)
|
|
120
|
+
end
|
|
121
|
+
|
|
112
122
|
def build_targets_file_for_project(project_file)
|
|
113
123
|
dir = File.dirname(project_file.name)
|
|
114
124
|
|
|
@@ -142,6 +152,10 @@ module Dependabot
|
|
|
142
152
|
dependency_files.find { |f| f.name == path }
|
|
143
153
|
end
|
|
144
154
|
|
|
155
|
+
def packages_props_file
|
|
156
|
+
dependency_files.find { |f| f.name.casecmp("Packages.props").zero? }
|
|
157
|
+
end
|
|
158
|
+
|
|
145
159
|
def property_xpath(property_name)
|
|
146
160
|
"/Project/PropertyGroup/#{property_name}"
|
|
147
161
|
end
|
|
@@ -11,6 +11,8 @@ module Dependabot
|
|
|
11
11
|
%r{
|
|
12
12
|
<PackageReference [^>]*?/>|
|
|
13
13
|
<PackageReference [^>]*?[^/]>.*?</PackageReference>|
|
|
14
|
+
<GlobalPackageReference [^>]*?/>|
|
|
15
|
+
<GlobalPackageReference [^>]*?[^/]>.*?</GlobalPackageReference>|
|
|
14
16
|
<Dependency [^>]*?/>|
|
|
15
17
|
<Dependency [^>]*?[^/]>.*?</Dependency>|
|
|
16
18
|
<DevelopmentDependency [^>]*?/>|
|
|
@@ -39,16 +41,23 @@ module Dependabot
|
|
|
39
41
|
|
|
40
42
|
private
|
|
41
43
|
|
|
44
|
+
def get_element_from_node(node)
|
|
45
|
+
node.at_xpath("/PackageReference") ||
|
|
46
|
+
node.at_xpath("/GlobalPackageReference") ||
|
|
47
|
+
node.at_xpath("/Dependency") ||
|
|
48
|
+
node.at_xpath("/DevelopmentDependency")
|
|
49
|
+
end
|
|
50
|
+
|
|
42
51
|
def fetch_declaration_strings
|
|
43
52
|
deep_find_declarations(declaring_file.content).select do |nd|
|
|
44
53
|
node = Nokogiri::XML(nd)
|
|
45
54
|
node.remove_namespaces!
|
|
46
|
-
node = node
|
|
47
|
-
node.at_xpath("/Dependency") ||
|
|
48
|
-
node.at_xpath("/DevelopmentDependency")
|
|
55
|
+
node = get_element_from_node(node)
|
|
49
56
|
|
|
50
57
|
node_name = node.attribute("Include")&.value&.strip ||
|
|
51
|
-
node.at_xpath("./Include")&.content&.strip
|
|
58
|
+
node.at_xpath("./Include")&.content&.strip ||
|
|
59
|
+
node.attribute("Update")&.value&.strip ||
|
|
60
|
+
node.at_xpath("./Update")&.content&.strip
|
|
52
61
|
next false unless node_name&.downcase == dependency_name&.downcase
|
|
53
62
|
|
|
54
63
|
node_requirement = get_node_version_value(node)
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: dependabot-nuget
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.112.
|
|
4
|
+
version: 0.112.33
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Dependabot
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2019-09-
|
|
11
|
+
date: 2019-09-07 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: dependabot-common
|
|
@@ -16,14 +16,14 @@ dependencies:
|
|
|
16
16
|
requirements:
|
|
17
17
|
- - '='
|
|
18
18
|
- !ruby/object:Gem::Version
|
|
19
|
-
version: 0.112.
|
|
19
|
+
version: 0.112.33
|
|
20
20
|
type: :runtime
|
|
21
21
|
prerelease: false
|
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
|
23
23
|
requirements:
|
|
24
24
|
- - '='
|
|
25
25
|
- !ruby/object:Gem::Version
|
|
26
|
-
version: 0.112.
|
|
26
|
+
version: 0.112.33
|
|
27
27
|
- !ruby/object:Gem::Dependency
|
|
28
28
|
name: byebug
|
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|