dependabot-nuget 0.180.5 → 0.181.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/nuget/metadata_finder.rb +56 -1
  3. metadata +34 -6
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 61b27d5d875584d04aaa2ca331041d3098476e77b6b0d9e8d7af63202cb4d723
4
- data.tar.gz: 7b0663ef7dc545f61e300f48d60a8a2b5716edd01a6a4eba85016ca7b3d8cab3
3
+ metadata.gz: 00d509aec39eb1ed4536e8338f908e36ffcecc44c8a6dd1ccfa81259b2cb2407
4
+ data.tar.gz: 29b633cea66136163bbf267dd275419e626ebc53e0031b1d2a2c091afbc912f0
5
5
  SHA512:
6
- metadata.gz: aaa0aa35b9dc44ba56e4022f7a0ce28bb2e197d28a334937ddd212ed85069b8254cf6fff67252f06adc25cc1dc27ed09f28b7b054b3ee24724571a40d94c2a0c
7
- data.tar.gz: 4ee7083532a4f7b3ae074db7a0499e9422cec1334d62f184cbca886e5ebc25483f637b37051d2f673d060067402aee1539245d15a753d731096c0c9f82755274
6
+ metadata.gz: d286c00d9ed1c703c971db213ad0feec6530508f69f73ca9c7bdd39589ced2eea7d8f0d9ac22ca2a5e5b722382f736b295d4b70d99c83a2a9c3a7db198a5d2cc
7
+ data.tar.gz: 9e68f5838a99fba274c7576b4b72676d6afc28200defafb265df25324304ca34daa2c1d83c7cfafe1aa70db00eeadabbeb02a18893ead7ab078e4d2948ad8a8c
data/lib/dependabot/nuget/metadata_finder.rb CHANGED
@@ -12,7 +12,62 @@ module Dependabot
12
12
  def look_up_source
13
13
  return Source.from_url(dependency_source_url) if dependency_source_url
14
14
 
15
- look_up_source_in_nuspec(dependency_nuspec_file)
15
+ src_repo = look_up_source_in_nuspec(dependency_nuspec_file)
16
+ return src_repo if src_repo
17
+
18
+ # Fallback to getting source from the search result's projectUrl or licenseUrl.
19
+ # GitHub Packages doesn't support getting the `.nuspec`, switch to getting
20
+ # that instead once it is supported.
21
+ src_repo_from_project
22
+ end
23
+
24
+ def src_repo_from_project
25
+ source = dependency.requirements.find { |r| r&.fetch(:source) }&.fetch(:source)
26
+ return unless source
27
+
28
+ # Query the service index e.g. https://nuget.pkg.github.com/ORG/index.json
29
+ response = Excon.get(
30
+ source.fetch(:url),
31
+ idempotent: true,
32
+ **SharedHelpers.excon_defaults(headers: auth_header)
33
+ )
34
+ return unless response.status == 200
35
+
36
+ # Extract the query url e.g. https://nuget.pkg.github.com/ORG/query
37
+ search_base = extract_search_url(response.body)
38
+ return unless search_base
39
+
40
+ response = Excon.get(
41
+ search_base + "?q=#{dependency.name.downcase}&prerelease=true&semVerLevel=2.0.0",
42
+ idempotent: true,
43
+ **SharedHelpers.excon_defaults(headers: auth_header)
44
+ )
45
+ return unless response.status == 200
46
+
47
+ # Find a projectUrl or licenseUrl that look like a source URL
48
+ extract_source_repo(response.body)
49
+ end
50
+
51
+ def extract_search_url(body)
52
+ JSON.parse(body).
53
+ fetch("resources", []).
54
+ find { |r| r.fetch("@type") == "SearchQueryService" }&.
55
+ fetch("@id")
56
+ end
57
+
58
+ def extract_source_repo(body)
59
+ JSON.parse(body).fetch("data", []).each do |search_result|
60
+ next unless search_result["id"].downcase == dependency.name.downcase
61
+
62
+ if search_result.fetch("projectUrl")
63
+ source = Source.from_url(search_result.fetch("projectUrl"))
64
+ return source unless source.repo.nil?
65
+ end
66
+ if search_result.fetch("licenseUrl")
67
+ source = Source.from_url(search_result.fetch("licenseUrl"))
68
+ return source unless source.repo.nil?
69
+ end
70
+ end
16
71
  end
17
72
 
18
73
  def look_up_source_in_nuspec(nuspec)
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-nuget
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.180.5
4
+ version: 0.181.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2022-04-07 00:00:00.000000000 Z
11
+ date: 2022-04-19 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,28 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.180.5
19
+ version: 0.181.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.180.5
26
+ version: 0.181.0
27
+ - !ruby/object:Gem::Dependency
28
+ name: debase
29
+ requirement: !ruby/object:Gem::Requirement
30
+ requirements:
31
+ - - "~>"
32
+ - !ruby/object:Gem::Version
33
+ version: 0.2.4.1
34
+ type: :development
35
+ prerelease: false
36
+ version_requirements: !ruby/object:Gem::Requirement
37
+ requirements:
38
+ - - "~>"
39
+ - !ruby/object:Gem::Version
40
+ version: 0.2.4.1
27
41
  - !ruby/object:Gem::Dependency
28
42
  name: debug
29
43
  requirement: !ruby/object:Gem::Requirement
@@ -100,14 +114,28 @@ dependencies:
100
114
  requirements:
101
115
  - - "~>"
102
116
  - !ruby/object:Gem::Version
103
- version: 1.26.0
117
+ version: 1.27.0
118
+ type: :development
119
+ prerelease: false
120
+ version_requirements: !ruby/object:Gem::Requirement
121
+ requirements:
122
+ - - "~>"
123
+ - !ruby/object:Gem::Version
124
+ version: 1.27.0
125
+ - !ruby/object:Gem::Dependency
126
+ name: ruby-debug-ide
127
+ requirement: !ruby/object:Gem::Requirement
128
+ requirements:
129
+ - - "~>"
130
+ - !ruby/object:Gem::Version
131
+ version: 0.7.3
104
132
  type: :development
105
133
  prerelease: false
106
134
  version_requirements: !ruby/object:Gem::Requirement
107
135
  requirements:
108
136
  - - "~>"
109
137
  - !ruby/object:Gem::Version
110
- version: 1.26.0
138
+ version: 0.7.3
111
139
  - !ruby/object:Gem::Dependency
112
140
  name: simplecov
113
141
  requirement: !ruby/object:Gem::Requirement