dependabot-nuget 0.166.1 → 0.167.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: dd50661c29ea424e1badac29db1bd3604155c95b604f683242d7b9123ec485db
|
4
|
+
data.tar.gz: a0a78364ec7de0244e02321f64c59fdb12f14e415becf20c332c4e0ce333f198
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 2af5e06c5f76730ac8e04acc79ca42238746b15f788567cf9f22dd20541caa58f86a3a83c797143e2bdb27821e914eea44ee7b5a36fc40f9ed40f1a8db1de51b
|
7
|
+
data.tar.gz: 952c5056834c0d52c515d71b355f16e84f0689ad29538279083e73274381fbce18899d3ed9af0e3ed252a29fc24a6f21a55788ab07211eef6d495665609ee000
|
@@ -20,6 +20,7 @@ module Dependabot
|
|
20
20
|
"ItemGroup > Dependency, "\
|
21
21
|
"ItemGroup > DevelopmentDependency"
|
22
22
|
|
23
|
+
PROJECT_SDK_REGEX = %r{^([^/]+)/(\d+(?:[.]\d+(?:[.]\d+)?)?(?:[+-].*)?)$}.freeze
|
23
24
|
PROPERTY_REGEX = /\$\((?<property>.*?)\)/.freeze
|
24
25
|
ITEM_REGEX = /\@\((?<property>.*?)\)/.freeze
|
25
26
|
|
@@ -32,16 +33,19 @@ module Dependabot
|
|
32
33
|
|
33
34
|
doc = Nokogiri::XML(project_file.content)
|
34
35
|
doc.remove_namespaces!
|
36
|
+
# Look for regular package references
|
35
37
|
doc.css(DEPENDENCY_SELECTOR).each do |dependency_node|
|
36
38
|
name = dependency_name(dependency_node, project_file)
|
37
39
|
req = dependency_requirement(dependency_node, project_file)
|
38
40
|
version = dependency_version(dependency_node, project_file)
|
39
41
|
prop_name = req_property_name(dependency_node)
|
40
42
|
|
41
|
-
dependency =
|
42
|
-
build_dependency(name, req, version, prop_name, project_file)
|
43
|
+
dependency = build_dependency(name, req, version, prop_name, project_file)
|
43
44
|
dependency_set << dependency if dependency
|
44
45
|
end
|
46
|
+
# Look for SDK references; see:
|
47
|
+
# https://docs.microsoft.com/en-us/visualstudio/msbuild/how-to-use-project-sdk
|
48
|
+
add_sdk_references(doc, dependency_set, project_file)
|
45
49
|
|
46
50
|
dependency_set
|
47
51
|
end
|
@@ -50,6 +54,61 @@ module Dependabot
|
|
50
54
|
|
51
55
|
attr_reader :dependency_files
|
52
56
|
|
57
|
+
def add_sdk_references(doc, dependency_set, project_file)
|
58
|
+
# These come in 3 flavours:
|
59
|
+
# - <Project Sdk="Name/Version">
|
60
|
+
# - <Sdk Name="Name" Version="Version" />
|
61
|
+
# - <Import Project="..." Sdk="Name" Version="Version" />
|
62
|
+
# None of these support the use of properties, nor do they allow child
|
63
|
+
# elements instead of attributes.
|
64
|
+
add_sdk_refs_from_project(doc, dependency_set, project_file)
|
65
|
+
add_sdk_refs_from_sdk_tags(doc, dependency_set, project_file)
|
66
|
+
add_sdk_refs_from_import_tags(doc, dependency_set, project_file)
|
67
|
+
end
|
68
|
+
|
69
|
+
def add_sdk_ref_from_project(sdk_references, dependency_set, project_file)
|
70
|
+
sdk_references.split(";")&.each do |sdk_reference|
|
71
|
+
m = sdk_reference.match(PROJECT_SDK_REGEX)
|
72
|
+
if m
|
73
|
+
dependency = build_dependency(m[1], m[2], m[2], nil, project_file)
|
74
|
+
dependency_set << dependency if dependency
|
75
|
+
end
|
76
|
+
end
|
77
|
+
end
|
78
|
+
|
79
|
+
def add_sdk_refs_from_import_tags(doc, dependency_set, project_file)
|
80
|
+
doc.xpath("/Project/Import").each do |import_node|
|
81
|
+
next unless import_node.attribute("Sdk") && import_node.attribute("Version")
|
82
|
+
|
83
|
+
name = import_node.attribute("Sdk")&.value&.strip
|
84
|
+
version = import_node.attribute("Version")&.value&.strip
|
85
|
+
|
86
|
+
dependency = build_dependency(name, version, version, nil, project_file)
|
87
|
+
dependency_set << dependency if dependency
|
88
|
+
end
|
89
|
+
end
|
90
|
+
|
91
|
+
def add_sdk_refs_from_project(doc, dependency_set, project_file)
|
92
|
+
doc.xpath("/Project").each do |project_node|
|
93
|
+
sdk_references = project_node.attribute("Sdk")&.value&.strip
|
94
|
+
next unless sdk_references
|
95
|
+
|
96
|
+
add_sdk_ref_from_project(sdk_references, dependency_set, project_file)
|
97
|
+
end
|
98
|
+
end
|
99
|
+
|
100
|
+
def add_sdk_refs_from_sdk_tags(doc, dependency_set, project_file)
|
101
|
+
doc.xpath("/Project/Sdk").each do |sdk_node|
|
102
|
+
next unless sdk_node.attribute("Version")
|
103
|
+
|
104
|
+
name = sdk_node.attribute("Name")&.value&.strip
|
105
|
+
version = sdk_node.attribute("Version")&.value&.strip
|
106
|
+
|
107
|
+
dependency = build_dependency(name, version, version, nil, project_file)
|
108
|
+
dependency_set << dependency if dependency
|
109
|
+
end
|
110
|
+
end
|
111
|
+
|
53
112
|
def build_dependency(name, req, version, prop_name, project_file)
|
54
113
|
return unless name
|
55
114
|
|
@@ -20,6 +20,17 @@ module Dependabot
|
|
20
20
|
<DevelopmentDependency [^>]*?/>|
|
21
21
|
<DevelopmentDependency [^>]*?[^/]>.*?</DevelopmentDependency>
|
22
22
|
}mx.freeze
|
23
|
+
SDK_IMPORT_REGEX =
|
24
|
+
/ <Import [^>]*?Sdk="[^"]*?"[^>]*?Version="[^"]*?"[^>]*?>
|
25
|
+
| <Import [^>]*?Version="[^"]*?"[^>]*?Sdk="[^"]*?"[^>]*?>
|
26
|
+
/mx.freeze
|
27
|
+
SDK_PROJECT_REGEX =
|
28
|
+
/ <Project [^>]*?Sdk="[^"]*?"[^>]*?>
|
29
|
+
/mx.freeze
|
30
|
+
SDK_SDK_REGEX =
|
31
|
+
/ <Sdk [^>]*?Name="[^"]*?"[^>]*?Version="[^"]*?"[^>]*?>
|
32
|
+
| <Sdk [^>]*?Version="[^"]*?"[^>]*?Name="[^"]*?"[^>]*?>
|
33
|
+
/mx.freeze
|
23
34
|
|
24
35
|
attr_reader :dependency_name, :declaring_requirement,
|
25
36
|
:dependency_files
|
@@ -33,6 +44,7 @@ module Dependabot
|
|
33
44
|
|
34
45
|
def declaration_strings
|
35
46
|
@declaration_strings ||= fetch_declaration_strings
|
47
|
+
@declaration_strings += fetch_sdk_strings
|
36
48
|
end
|
37
49
|
|
38
50
|
def declaration_nodes
|
@@ -72,6 +84,10 @@ module Dependabot
|
|
72
84
|
# rubocop:enable Metrics/PerceivedComplexity
|
73
85
|
# rubocop:enable Metrics/CyclomaticComplexity
|
74
86
|
|
87
|
+
def fetch_sdk_strings
|
88
|
+
sdk_project_strings + sdk_sdk_strings + sdk_import_strings
|
89
|
+
end
|
90
|
+
|
75
91
|
# rubocop:disable Metrics/PerceivedComplexity
|
76
92
|
def get_node_version_value(node)
|
77
93
|
attribute = "Version"
|
@@ -95,6 +111,71 @@ module Dependabot
|
|
95
111
|
|
96
112
|
raise "No file found with name #{filename}!"
|
97
113
|
end
|
114
|
+
|
115
|
+
def sdk_import_strings
|
116
|
+
sdk_strings(SDK_IMPORT_REGEX, "Import", "Sdk", "Version")
|
117
|
+
end
|
118
|
+
|
119
|
+
def parse_element(string, name)
|
120
|
+
xml = string
|
121
|
+
xml += "</#{name}>" unless string.end_with?("/>")
|
122
|
+
node = Nokogiri::XML(xml)
|
123
|
+
node.remove_namespaces!
|
124
|
+
node.at_xpath("/#{name}")
|
125
|
+
end
|
126
|
+
|
127
|
+
def get_attribute_value_nocase(element, name)
|
128
|
+
value = element.attribute(name)&.value ||
|
129
|
+
element.attribute(name.downcase)&.value ||
|
130
|
+
element.attribute(name.upcase)&.value
|
131
|
+
value&.strip
|
132
|
+
end
|
133
|
+
|
134
|
+
def desired_sdk_reference?(sdk_reference, dep_name, dep_version)
|
135
|
+
parts = sdk_reference.split("/")
|
136
|
+
parts.length == 2 && parts[0]&.downcase == dep_name && parts[1] == dep_version
|
137
|
+
end
|
138
|
+
|
139
|
+
def sdk_project_strings
|
140
|
+
dep_name = dependency_name&.downcase
|
141
|
+
dep_version = declaring_requirement.fetch(:requirement)
|
142
|
+
strings = []
|
143
|
+
declaring_file.content.scan(SDK_PROJECT_REGEX).each do |string|
|
144
|
+
element = parse_element(string, "Project")
|
145
|
+
next unless element
|
146
|
+
|
147
|
+
sdk_references = get_attribute_value_nocase(element, "Sdk")
|
148
|
+
next unless sdk_references&.include?("/")
|
149
|
+
|
150
|
+
sdk_references.split(";").each do |sdk_reference|
|
151
|
+
strings << sdk_reference if desired_sdk_reference?(sdk_reference, dep_name, dep_version)
|
152
|
+
end
|
153
|
+
end
|
154
|
+
strings.uniq
|
155
|
+
end
|
156
|
+
|
157
|
+
def sdk_sdk_strings
|
158
|
+
sdk_strings(SDK_SDK_REGEX, "Sdk", "Name", "Version")
|
159
|
+
end
|
160
|
+
|
161
|
+
def sdk_strings(regex, element_name, name_attribute, version_attribute)
|
162
|
+
dep_name = dependency_name&.downcase
|
163
|
+
dep_version = declaring_requirement.fetch(:requirement)
|
164
|
+
strings = []
|
165
|
+
declaring_file.content.scan(regex).each do |string|
|
166
|
+
element = parse_element(string, element_name)
|
167
|
+
next unless element
|
168
|
+
|
169
|
+
node_name = get_attribute_value_nocase(element, name_attribute)&.downcase
|
170
|
+
next unless node_name == dep_name
|
171
|
+
|
172
|
+
node_version = get_attribute_value_nocase(element, version_attribute)
|
173
|
+
next unless node_version == dep_version
|
174
|
+
|
175
|
+
strings << string
|
176
|
+
end
|
177
|
+
strings
|
178
|
+
end
|
98
179
|
end
|
99
180
|
end
|
100
181
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-nuget
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.167.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-11-
|
11
|
+
date: 2021-11-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.167.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.167.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: byebug
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|