dependabot-nuget 0.180.5 → 0.181.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/nuget/metadata_finder.rb +56 -1
  3. metadata +34 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 61b27d5d875584d04aaa2ca331041d3098476e77b6b0d9e8d7af63202cb4d723
4
- data.tar.gz: 7b0663ef7dc545f61e300f48d60a8a2b5716edd01a6a4eba85016ca7b3d8cab3
3
+ metadata.gz: 00d509aec39eb1ed4536e8338f908e36ffcecc44c8a6dd1ccfa81259b2cb2407
4
+ data.tar.gz: 29b633cea66136163bbf267dd275419e626ebc53e0031b1d2a2c091afbc912f0
5
5
  SHA512:
6
- metadata.gz: aaa0aa35b9dc44ba56e4022f7a0ce28bb2e197d28a334937ddd212ed85069b8254cf6fff67252f06adc25cc1dc27ed09f28b7b054b3ee24724571a40d94c2a0c
7
- data.tar.gz: 4ee7083532a4f7b3ae074db7a0499e9422cec1334d62f184cbca886e5ebc25483f637b37051d2f673d060067402aee1539245d15a753d731096c0c9f82755274
6
+ metadata.gz: d286c00d9ed1c703c971db213ad0feec6530508f69f73ca9c7bdd39589ced2eea7d8f0d9ac22ca2a5e5b722382f736b295d4b70d99c83a2a9c3a7db198a5d2cc
7
+ data.tar.gz: 9e68f5838a99fba274c7576b4b72676d6afc28200defafb265df25324304ca34daa2c1d83c7cfafe1aa70db00eeadabbeb02a18893ead7ab078e4d2948ad8a8c
data/lib/dependabot/nuget/metadata_finder.rb CHANGED
@@ -12,7 +12,62 @@ module Dependabot
12
12
  def look_up_source
13
13
  return Source.from_url(dependency_source_url) if dependency_source_url
14
14
 
15
- look_up_source_in_nuspec(dependency_nuspec_file)
15
+ src_repo = look_up_source_in_nuspec(dependency_nuspec_file)
16
+ return src_repo if src_repo
17
+
18
+ # Fallback to getting source from the search result's projectUrl or licenseUrl.
19
+ # GitHub Packages doesn't support getting the `.nuspec`, switch to getting
20
+ # that instead once it is supported.
21
+ src_repo_from_project
22
+ end
23
+
24
+ def src_repo_from_project
25
+ source = dependency.requirements.find { |r| r&.fetch(:source) }&.fetch(:source)
26
+ return unless source
27
+
28
+ # Query the service index e.g. https://nuget.pkg.github.com/ORG/index.json
29
+ response = Excon.get(
30
+ source.fetch(:url),
31
+ idempotent: true,
32
+ **SharedHelpers.excon_defaults(headers: auth_header)
33
+ )
34
+ return unless response.status == 200
35
+
36
+ # Extract the query url e.g. https://nuget.pkg.github.com/ORG/query
37
+ search_base = extract_search_url(response.body)
38
+ return unless search_base
39
+
40
+ response = Excon.get(
41
+ search_base + "?q=#{dependency.name.downcase}&prerelease=true&semVerLevel=2.0.0",
42
+ idempotent: true,
43
+ **SharedHelpers.excon_defaults(headers: auth_header)
44
+ )
45
+ return unless response.status == 200
46
+
47
+ # Find a projectUrl or licenseUrl that look like a source URL
48
+ extract_source_repo(response.body)
49
+ end
50
+
51
+ def extract_search_url(body)
52
+ JSON.parse(body).
53
+ fetch("resources", []).
54
+ find { |r| r.fetch("@type") == "SearchQueryService" }&.
55
+ fetch("@id")
56
+ end
57
+
58
+ def extract_source_repo(body)
59
+ JSON.parse(body).fetch("data", []).each do |search_result|
60
+ next unless search_result["id"].downcase == dependency.name.downcase
61
+
62
+ if search_result.fetch("projectUrl")
63
+ source = Source.from_url(search_result.fetch("projectUrl"))
64
+ return source unless source.repo.nil?
65
+ end
66
+ if search_result.fetch("licenseUrl")
67
+ source = Source.from_url(search_result.fetch("licenseUrl"))
68
+ return source unless source.repo.nil?
69
+ end
70
+ end
16
71
  end
17
72
 
18
73
  def look_up_source_in_nuspec(nuspec)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-nuget
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.180.5
4
+ version: 0.181.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-04-07 00:00:00.000000000 Z
11
+ date: 2022-04-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.180.5
19
+ version: 0.181.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.180.5
26
+ version: 0.181.0
27
+ - !ruby/object:Gem::Dependency
28
+ name: debase
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: 0.2.4.1
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: 0.2.4.1
27
41
  - !ruby/object:Gem::Dependency
28
42
  name: debug
29
43
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +114,28 @@ dependencies:
100
114
  requirements:
101
115
  - - "~>"
102
116
  - !ruby/object:Gem::Version
103
- version: 1.26.0
117
+ version: 1.27.0
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: 1.27.0
125
+ - !ruby/object:Gem::Dependency
126
+ name: ruby-debug-ide
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - "~>"
130
+ - !ruby/object:Gem::Version
131
+ version: 0.7.3
104
132
  type: :development
105
133
  prerelease: false
106
134
  version_requirements: !ruby/object:Gem::Requirement
107
135
  requirements:
108
136
  - - "~>"
109
137
  - !ruby/object:Gem::Version
110
- version: 1.26.0
138
+ version: 0.7.3
111
139
  - !ruby/object:Gem::Dependency
112
140
  name: simplecov
113
141
  requirement: !ruby/object:Gem::Requirement