dependabot-nuget 0.238.0 → 0.239.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (7) hide show
  1. checksums.yaml +4 -4
  2. data/lib/dependabot/nuget/file_fetcher.rb +12 -19
  3. data/lib/dependabot/nuget/requirement.rb +5 -1
  4. data/lib/dependabot/nuget/update_checker/nupkg_fetcher.rb +92 -87
  5. data/lib/dependabot/nuget/update_checker/nuspec_fetcher.rb +56 -59
  6. data/lib/dependabot/nuget/update_checker/repository_finder.rb +4 -0
  7. metadata +7 -7
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 4d913e6e79cd35b4a00551789e2d9fbea3a71476b76a12f64adfc3427cf419b1
4
- data.tar.gz: 103b3ed625f8a89133b2c53b6a49941826cf3663de6897e9baad943a78fa37c7
3
+ metadata.gz: 2bf5bdfc4f365f5d04c30193e1b44e7a82ddb5816461148e4172cabc1a86bea3
4
+ data.tar.gz: 0ca7483d0fdc3d3a7dc2af7c8f475e7b02a121d4a8a5c58f495ff857d32c3dad
5
5
  SHA512:
6
- metadata.gz: c820263ed7825b8f7270693513d8ebab3ee73169318ca5113c75cad689887b5b42c1731fd6496e12033ba7a3ff0d3a59752b7bc512e64ae93baf4a520d485a83
7
- data.tar.gz: 7ce94d621ef880f809124364816e19aa8cb1fe1975967d8eb907cf40b1573ff2c3fe4c8fad91631f5f545433813252736c3c1db17228366dea8950f0ab50ac9a
6
+ metadata.gz: a0bd5448386d99ac0fa6a27ea6f5ec137885cd8a208762602d69284c1cdea6bb9e521a885b9a50cb42eb45b2de9ec760def87940c15023a910f7f9455a612fc9
7
+ data.tar.gz: 4096cfc58f861ec2f4f5d7a4022fd06f001d0f4421130bf0708e877a93ce2e12e722259d60b29f8303375d2e3cdc5f595e396cb4273d5c1e03a34e23a3a154ec
data/lib/dependabot/nuget/file_fetcher.rb CHANGED
@@ -30,12 +30,10 @@ module Dependabot
30
30
  "Repo must contain a .proj file, .(cs|vb|fs)proj file, or a packages.config."
31
31
  end
32
32
 
33
- # rubocop:disable Metrics/AbcSize
34
33
  sig { override.returns(T::Array[DependencyFile]) }
35
34
  def fetch_files
36
35
  fetched_files = []
37
36
  fetched_files += project_files
38
- fetched_files += project_files.filter_map { |f| directory_packages_props_file_from_project_file(f) }
39
37
  fetched_files += directory_build_files
40
38
  fetched_files += imported_property_files
41
39
 
@@ -47,7 +45,7 @@ module Dependabot
47
45
 
48
46
  # dedup files based on their absolute path
49
47
  fetched_files = fetched_files.uniq do |fetched_file|
50
- Pathname.new(File.join(fetched_file.directory, fetched_file.name)).cleanpath.to_path
48
+ Pathname.new(fetched_file.directory).join(fetched_file.name).cleanpath.to_path
51
49
  end
52
50
 
53
51
  if project_files.none? && packages_config_files.none?
@@ -61,7 +59,6 @@ module Dependabot
61
59
 
62
60
  fetched_files
63
61
  end
64
- # rubocop:enable Metrics/AbcSize
65
62
 
66
63
  private
67
64
 
@@ -72,8 +69,9 @@ module Dependabot
72
69
  project_files += csproj_file
73
70
  project_files += vbproj_file
74
71
  project_files += fsproj_file
75
-
76
72
  project_files += sln_project_files
73
+ project_files += proj_files
74
+ project_files += project_files.filter_map { |f| directory_packages_props_file_from_project_file(f) }
77
75
  project_files
78
76
  end
79
77
  rescue Octokit::NotFound, Gitlab::Error::NotFound
@@ -120,22 +118,15 @@ module Dependabot
120
118
  @directory_build_files ||= fetch_directory_build_files
121
119
  end
122
120
 
123
- # rubocop:disable Metrics/AbcSize
124
121
  def fetch_directory_build_files
125
122
  attempted_dirs = []
126
123
  directory_build_files = []
127
124
  directory_path = Pathname.new(directory)
128
125
 
129
126
  # find all build files (Directory.Build.props/.targets) relative to the given project file
130
- project_files.map { |f| File.dirname(File.join(f.directory, f.name)) }.uniq.each do |dir|
127
+ project_files.map { |f| Pathname.new(f.directory).join(f.name).dirname }.uniq.each do |dir|
131
128
  # Simulate MSBuild walking up the directory structure looking for a file
132
- possible_dirs = dir.split("/").map.with_index do |_, i|
133
- candidate_dir = dir.split("/").first(i + 1).join("/")
134
- candidate_dir = "/#{candidate_dir}" unless candidate_dir.start_with?("/")
135
- candidate_dir
136
- end.reverse
137
-
138
- possible_dirs.each do |possible_dir|
129
+ dir.descend.each do |possible_dir|
139
130
  break if attempted_dirs.include?(possible_dir)
140
131
 
141
132
  attempted_dirs << possible_dir
@@ -150,7 +141,6 @@ module Dependabot
150
141
 
151
142
  directory_build_files
152
143
  end
153
- # rubocop:enable Metrics/AbcSize
154
144
 
155
145
  def sln_project_files
156
146
  return [] unless sln_files
@@ -196,18 +186,21 @@ module Dependabot
196
186
  @fsproj_file ||= find_and_fetch_with_suffix(".fsproj")
197
187
  end
198
188
 
189
+ def proj_files
190
+ @proj_files ||= find_and_fetch_with_suffix(".proj")
191
+ end
192
+
199
193
  def directory_packages_props_file_from_project_file(project_file)
200
194
  # walk up the tree from each project file stopping at the first `Directory.Packages.props` file found
201
195
  # https://learn.microsoft.com/en-us/nuget/consume-packages/central-package-management#central-package-management-rules
202
196
 
203
197
  found_directory_packages_props_file = nil
204
198
  directory_path = Pathname.new(directory)
205
- full_project_dir = File.dirname(File.join(project_file.directory, project_file.name))
206
- full_project_dir.split("/").each.with_index do |_, i|
199
+ full_project_dir = Pathname.new(project_file.directory).join(project_file.name).dirname
200
+ full_project_dir.ascend.each do |base|
207
201
  break if found_directory_packages_props_file
208
202
 
209
- base = full_project_dir.split("/").first(i + 1).join("/")
210
- candidate_file_path = Pathname.new(base + "/Directory.Packages.props").cleanpath.to_path
203
+ candidate_file_path = Pathname.new(base).join("Directory.Packages.props").cleanpath.to_path
211
204
  candidate_directory = Pathname.new(File.dirname(candidate_file_path))
212
205
  relative_candidate_directory = candidate_directory.relative_path_from(directory_path)
213
206
  candidate_file = repo_contents(dir: relative_candidate_directory).find do |f|
data/lib/dependabot/nuget/requirement.rb CHANGED
@@ -1,6 +1,9 @@
1
1
  # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
+ require "sorbet-runtime"
5
+
6
+ require "dependabot/requirement"
4
7
  require "dependabot/utils"
5
8
  require "dependabot/nuget/version"
6
9
 
@@ -8,7 +11,7 @@ require "dependabot/nuget/version"
8
11
  # https://docs.microsoft.com/en-us/nuget/reference/package-versioning
9
12
  module Dependabot
10
13
  module Nuget
11
- class Requirement < Gem::Requirement
14
+ class Requirement < Dependabot::Requirement
12
15
  def self.parse(obj)
13
16
  return ["=", Nuget::Version.new(obj.to_s)] if obj.is_a?(Gem::Version)
14
17
 
@@ -25,6 +28,7 @@ module Dependabot
25
28
  # For consistency with other languages, we define a requirements array.
26
29
  # Dotnet doesn't have an `OR` separator for requirements, so it always
27
30
  # contains a single element.
31
+ sig { override.params(requirement_string: T.nilable(String)).returns(T::Array[Requirement]) }
28
32
  def self.requirements_array(requirement_string)
29
33
  [new(requirement_string)]
30
34
  end
data/lib/dependabot/nuget/update_checker/nupkg_fetcher.rb CHANGED
@@ -1,111 +1,116 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "nokogiri"
5
5
  require "zip"
6
6
  require "stringio"
7
- require "dependabot/nuget/update_checker"
8
7
 
9
8
  module Dependabot
10
9
  module Nuget
11
- class UpdateChecker
12
- class NupkgFetcher
13
- require_relative "repository_finder"
14
-
15
- def self.fetch_nupkg_buffer(dependency_urls, package_id, package_version)
16
- # check all repositories for the first one that has the nupkg
17
- dependency_urls.reduce(nil) do |nupkg_buffer, repository_details|
18
- nupkg_buffer || fetch_nupkg_buffer_from_repository(repository_details, package_id, package_version)
19
- end
10
+ class NupkgFetcher
11
+ require_relative "repository_finder"
12
+
13
+ def self.fetch_nupkg_buffer(dependency_urls, package_id, package_version)
14
+ # check all repositories for the first one that has the nupkg
15
+ dependency_urls.reduce(nil) do |nupkg_buffer, repository_details|
16
+ nupkg_buffer || fetch_nupkg_buffer_from_repository(repository_details, package_id, package_version)
20
17
  end
18
+ end
21
19
 
22
- def self.fetch_nupkg_buffer_from_repository(repository_details, package_id, package_version)
23
- return unless package_id && package_version && !package_version.empty?
20
+ def self.fetch_nupkg_url_from_repository(repository_details, package_id, package_version)
21
+ return unless package_id && package_version && !package_version.empty?
24
22
 
25
- feed_url = repository_details[:repository_url]
26
- auth_header = repository_details[:auth_header]
23
+ feed_url = repository_details[:repository_url]
24
+ repository_type = repository_details[:repository_type]
27
25
 
28
- azure_devops_match = try_match_azure_url(feed_url)
29
- package_url = if azure_devops_match
30
- get_azure_package_url(azure_devops_match, package_id, package_version)
31
- elsif feed_url.include?("/v2")
32
- get_nuget_v2_package_url(feed_url, package_id, package_version)
33
- elsif feed_url.include?("/v3")
34
- get_nuget_v3_package_url(feed_url, package_id, package_version)
35
- else
36
- raise Dependabot::DependencyFileNotResolvable, "Unexpected NuGet feed format: #{feed_url}"
37
- end
26
+ azure_devops_match = try_match_azure_url(feed_url)
27
+ package_url = if azure_devops_match
28
+ get_azure_package_url(azure_devops_match, package_id, package_version)
29
+ elsif repository_type == "v2"
30
+ get_nuget_v2_package_url(feed_url, package_id, package_version)
31
+ elsif repository_type == "v3"
32
+ get_nuget_v3_package_url(repository_details, package_id, package_version)
33
+ else
34
+ raise Dependabot::DependencyFileNotResolvable, "Unexpected NuGet feed format: #{feed_url}"
35
+ end
38
36
 
39
- fetch_stream(package_url, auth_header)
40
- end
37
+ package_url
38
+ end
39
+
40
+ def self.fetch_nupkg_buffer_from_repository(repository_details, package_id, package_version)
41
+ package_url = fetch_nupkg_url_from_repository(repository_details, package_id, package_version)
42
+ return unless package_url
43
+
44
+ auth_header = repository_details[:auth_header]
45
+ fetch_stream(package_url, auth_header)
46
+ end
47
+
48
+ def self.try_match_azure_url(feed_url)
49
+ # if url is azure devops
50
+ azure_devops_regexs = [
51
+ %r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/(?<project>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json},
52
+ %r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)},
53
+ %r{https://(?<organization>[^\.\/]+)\.pkgs\.visualstudio\.com/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)}
54
+ ]
55
+ regex = azure_devops_regexs.find { |reg| reg.match(feed_url) }
56
+ return unless regex
57
+
58
+ regex.match(feed_url)
59
+ end
60
+
61
+ def self.get_azure_package_url(azure_devops_match, package_id, package_version)
62
+ organization = azure_devops_match[:organization]
63
+ project = azure_devops_match[:project]
64
+ feed_id = azure_devops_match[:feedId]
41
65
 
42
- def self.try_match_azure_url(feed_url)
43
- # if url is azure devops
44
- azure_devops_regexs = [
45
- %r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/(?<project>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json},
46
- %r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)},
47
- %r{https://(?<organization>[^\.\/]+)\.pkgs\.visualstudio\.com/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)}
48
- ]
49
- regex = azure_devops_regexs.find { |reg| reg.match(feed_url) }
50
- return unless regex
51
-
52
- regex.match(feed_url)
66
+ if project.empty?
67
+ "https://pkgs.dev.azure.com/#{organization}/_apis/packaging/feeds/#{feed_id}/nuget/packages/#{package_id}/versions/#{package_version}/content?sourceProtocolVersion=nuget&api-version=7.0-preview"
68
+ else
69
+ "https://pkgs.dev.azure.com/#{organization}/#{project}/_apis/packaging/feeds/#{feed_id}/nuget/packages/#{package_id}/versions/#{package_version}/content?sourceProtocolVersion=nuget&api-version=7.0-preview"
53
70
  end
71
+ end
54
72
 
55
- def self.get_azure_package_url(azure_devops_match, package_id, package_version)
56
- organization = azure_devops_match[:organization]
57
- project = azure_devops_match[:project]
58
- feed_id = azure_devops_match[:feedId]
73
+ def self.get_nuget_v3_package_url(repository_details, package_id, package_version)
74
+ base_url = repository_details[:base_url].delete_suffix("/")
75
+ package_id_downcased = package_id.downcase
76
+ "#{base_url}/#{package_id_downcased}/#{package_version}/#{package_id_downcased}.#{package_version}.nupkg"
77
+ end
59
78
 
60
- if project.empty?
61
- "https://pkgs.dev.azure.com/#{organization}/_apis/packaging/feeds/#{feed_id}/nuget/packages/#{package_id}/versions/#{package_version}/content?sourceProtocolVersion=nuget&api-version=7.0-preview"
62
- else
63
- "https://pkgs.dev.azure.com/#{organization}/#{project}/_apis/packaging/feeds/#{feed_id}/nuget/packages/#{package_id}/versions/#{package_version}/content?sourceProtocolVersion=nuget&api-version=7.0-preview"
79
+ def self.get_nuget_v2_package_url(feed_url, package_id, package_version)
80
+ base_url = feed_url
81
+ base_url += "/" unless base_url.end_with?("/")
82
+ package_id_downcased = package_id.downcase
83
+ "#{base_url}/package/#{package_id_downcased}/#{package_version}"
84
+ end
85
+
86
+ def self.fetch_stream(stream_url, auth_header, max_redirects = 5)
87
+ current_url = stream_url
88
+ current_redirects = 0
89
+
90
+ loop do
91
+ connection = Excon.new(current_url, persistent: true)
92
+
93
+ package_data = StringIO.new
94
+ response_block = lambda do |chunk, _remaining_bytes, _total_bytes|
95
+ package_data.write(chunk)
64
96
  end
65
- end
66
97
 
67
- def self.get_nuget_v3_package_url(feed_url, package_id, package_version)
68
- base_url = feed_url.gsub("/index.json", "-flatcontainer")
69
- package_id_downcased = package_id.downcase
70
- "#{base_url}/#{package_id_downcased}/#{package_version}/#{package_id_downcased}.#{package_version}.nupkg"
71
- end
98
+ response = connection.request(
99
+ method: :get,
100
+ headers: auth_header,
101
+ response_block: response_block
102
+ )
72
103
 
73
- def self.get_nuget_v2_package_url(feed_url, package_id, package_version)
74
- base_url = feed_url
75
- base_url += "/" unless base_url.end_with?("/")
76
- package_id_downcased = package_id.downcase
77
- "#{base_url}/package/#{package_id_downcased}/#{package_version}"
78
- end
104
+ if response.status == 303
105
+ current_redirects += 1
106
+ return nil if current_redirects > max_redirects
79
107
 
80
- def self.fetch_stream(stream_url, auth_header, max_redirects = 5)
81
- current_url = stream_url
82
- current_redirects = 0
83
-
84
- loop do
85
- connection = Excon.new(current_url, persistent: true)
86
-
87
- package_data = StringIO.new
88
- response_block = lambda do |chunk, _remaining_bytes, _total_bytes|
89
- package_data.write(chunk)
90
- end
91
-
92
- response = connection.request(
93
- method: :get,
94
- headers: auth_header,
95
- response_block: response_block
96
- )
97
-
98
- if response.status == 303
99
- current_redirects += 1
100
- return nil if current_redirects > max_redirects
101
-
102
- current_url = response.headers["Location"]
103
- elsif response.status == 200
104
- package_data.rewind
105
- return package_data
106
- else
107
- return nil
108
- end
108
+ current_url = response.headers["Location"]
109
+ elsif response.status == 200
110
+ package_data.rewind
111
+ return package_data
112
+ else
113
+ return nil
109
114
  end
110
115
  end
111
116
  end
data/lib/dependabot/nuget/update_checker/nuspec_fetcher.rb CHANGED
@@ -1,85 +1,82 @@
1
- # typed: false
1
+ # typed: true
2
2
  # frozen_string_literal: true
3
3
 
4
4
  require "nokogiri"
5
5
  require "zip"
6
6
  require "stringio"
7
- require "dependabot/nuget/update_checker"
8
7
 
9
8
  module Dependabot
10
9
  module Nuget
11
- class UpdateChecker
12
- class NuspecFetcher
13
- require_relative "nupkg_fetcher"
14
- require_relative "repository_finder"
10
+ class NuspecFetcher
11
+ require_relative "nupkg_fetcher"
12
+ require_relative "repository_finder"
15
13
 
16
- def self.fetch_nuspec(dependency_urls, package_id, package_version)
17
- # check all repositories for the first one that has the nuspec
18
- dependency_urls.reduce(nil) do |nuspec_xml, repository_details|
19
- nuspec_xml || fetch_nuspec_from_repository(repository_details, package_id, package_version)
20
- end
14
+ def self.fetch_nuspec(dependency_urls, package_id, package_version)
15
+ # check all repositories for the first one that has the nuspec
16
+ dependency_urls.reduce(nil) do |nuspec_xml, repository_details|
17
+ nuspec_xml || fetch_nuspec_from_repository(repository_details, package_id, package_version)
21
18
  end
19
+ end
22
20
 
23
- def self.fetch_nuspec_from_repository(repository_details, package_id, package_version)
24
- return unless package_id && package_version && !package_version.empty?
25
-
26
- feed_url = repository_details[:repository_url]
27
- auth_header = repository_details[:auth_header]
21
+ def self.fetch_nuspec_from_repository(repository_details, package_id, package_version)
22
+ return unless package_id && package_version && !package_version.empty?
28
23
 
29
- nuspec_xml = nil
24
+ feed_url = repository_details[:repository_url]
25
+ auth_header = repository_details[:auth_header]
30
26
 
31
- if azure_package_feed?(feed_url)
32
- # this is an azure devops url we can extract the nuspec from the nupkg
33
- package_data = NupkgFetcher.fetch_nupkg_buffer_from_repository(repository_details, package_id,
34
- package_version)
35
- return if package_data.nil?
27
+ nuspec_xml = nil
36
28
 
37
- nuspec_string = extract_nuspec(package_data, package_id)
38
- nuspec_xml = Nokogiri::XML(nuspec_string)
39
- else
40
- # we can use the normal nuget apis to get the nuspec and list out the dependencies
41
- base_url = feed_url.gsub("/index.json", "-flatcontainer")
42
- package_id_downcased = package_id.downcase
43
- nuspec_url = "#{base_url}/#{package_id_downcased}/#{package_version}/#{package_id_downcased}.nuspec"
29
+ if azure_package_feed?(feed_url)
30
+ # this is an azure devops url we can extract the nuspec from the nupkg
31
+ package_data = NupkgFetcher.fetch_nupkg_buffer_from_repository(repository_details, package_id,
32
+ package_version)
33
+ return if package_data.nil?
44
34
 
45
- nuspec_response = Dependabot::RegistryClient.get(
46
- url: nuspec_url,
47
- headers: auth_header
48
- )
35
+ nuspec_string = extract_nuspec(package_data, package_id)
36
+ nuspec_xml = Nokogiri::XML(nuspec_string)
37
+ else
38
+ # we can use the normal nuget apis to get the nuspec and list out the dependencies
39
+ base_url = feed_url.gsub("/index.json", "-flatcontainer")
40
+ package_id_downcased = package_id.downcase
41
+ nuspec_url = "#{base_url}/#{package_id_downcased}/#{package_version}/#{package_id_downcased}.nuspec"
49
42
 
50
- return unless nuspec_response.status == 200
43
+ nuspec_response = Dependabot::RegistryClient.get(
44
+ url: nuspec_url,
45
+ headers: auth_header
46
+ )
51
47
 
52
- nuspec_response_body = remove_wrapping_zero_width_chars(nuspec_response.body)
53
- nuspec_xml = Nokogiri::XML(nuspec_response_body)
54
- end
48
+ return unless nuspec_response.status == 200
55
49
 
56
- nuspec_xml.remove_namespaces!
57
- nuspec_xml
50
+ nuspec_response_body = remove_wrapping_zero_width_chars(nuspec_response.body)
51
+ nuspec_xml = Nokogiri::XML(nuspec_response_body)
58
52
  end
59
53
 
60
- def self.azure_package_feed?(feed_url)
61
- # if url is azure devops
62
- azure_devops_regexs = [
63
- %r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/(?<project>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json},
64
- %r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)},
65
- %r{https://(?<organization>[^\.\/]+)\.pkgs\.visualstudio\.com/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)}
66
- ]
67
- azure_devops_regexs.any? { |reg| reg.match(feed_url) }
68
- end
54
+ nuspec_xml.remove_namespaces!
55
+ nuspec_xml
56
+ end
69
57
 
70
- def self.extract_nuspec(zip_stream, package_id)
71
- Zip::File.open_buffer(zip_stream) do |zip|
72
- nuspec_entry = zip.find { |entry| entry.name == "#{package_id}.nuspec" }
73
- return nuspec_entry.get_input_stream.read if nuspec_entry
74
- end
75
- nil
76
- end
58
+ def self.azure_package_feed?(feed_url)
59
+ # if url is azure devops
60
+ azure_devops_regexs = [
61
+ %r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/(?<project>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json},
62
+ %r{https://pkgs\.dev\.azure\.com/(?<organization>[^/]+)/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)},
63
+ %r{https://(?<organization>[^\.\/]+)\.pkgs\.visualstudio\.com/_packaging/(?<feedId>[^/]+)/nuget/v3/index\.json(?<project>)}
64
+ ]
65
+ azure_devops_regexs.any? { |reg| reg.match(feed_url) }
66
+ end
77
67
 
78
- def self.remove_wrapping_zero_width_chars(string)
79
- string.force_encoding("UTF-8").encode
80
- .gsub(/\A[\u200B-\u200D\uFEFF]/, "")
81
- .gsub(/[\u200B-\u200D\uFEFF]\Z/, "")
68
+ def self.extract_nuspec(zip_stream, package_id)
69
+ Zip::File.open_buffer(zip_stream) do |zip|
70
+ nuspec_entry = zip.find { |entry| entry.name == "#{package_id}.nuspec" }
71
+ return nuspec_entry.get_input_stream.read if nuspec_entry
82
72
  end
73
+ nil
74
+ end
75
+
76
+ def self.remove_wrapping_zero_width_chars(string)
77
+ string.force_encoding("UTF-8").encode
78
+ .gsub(/\A[\u200B-\u200D\uFEFF]/, "")
79
+ .gsub(/[\u200B-\u200D\uFEFF]\Z/, "")
83
80
  end
84
81
  end
85
82
  end
data/lib/dependabot/nuget/update_checker/repository_finder.rb CHANGED
@@ -26,6 +26,7 @@ module Dependabot
26
26
 
27
27
  def self.get_default_repository_details(dependency_name)
28
28
  {
29
+ base_url: "https://api.nuget.org/v3-flatcontainer/",
29
30
  repository_url: DEFAULT_REPOSITORY_URL,
30
31
  versions_url: "https://api.nuget.org/v3-flatcontainer/" \
31
32
  "#{dependency_name.downcase}/index.json",
@@ -60,9 +61,11 @@ module Dependabot
60
61
 
61
62
  body = remove_wrapping_zero_width_chars(response.body)
62
63
  base_url = base_url_from_v3_metadata(JSON.parse(body))
64
+ resolved_base_url = base_url || repo_details.fetch(:url).gsub("/index.json", "-flatcontainer")
63
65
  search_url = search_url_from_v3_metadata(JSON.parse(body))
64
66
 
65
67
  details = {
68
+ base_url: resolved_base_url,
66
69
  repository_url: repo_details.fetch(:url),
67
70
  auth_header: auth_header_for_token(repo_details.fetch(:token)),
68
71
  repository_type: "v3"
@@ -120,6 +123,7 @@ module Dependabot
120
123
  base_url ||= repo_details.fetch(:url)
121
124
 
122
125
  {
126
+ base_url: base_url,
123
127
  repository_url: base_url,
124
128
  versions_url: File.join(
125
129
  base_url,
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-nuget
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.238.0
4
+ version: 0.239.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2023-12-07 00:00:00.000000000 Z
11
+ date: 2023-12-28 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.238.0
19
+ version: 0.239.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.238.0
26
+ version: 0.239.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rubyzip
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -134,14 +134,14 @@ dependencies:
134
134
  requirements:
135
135
  - - "~>"
136
136
  - !ruby/object:Gem::Version
137
- version: 1.57.2
137
+ version: 1.58.0
138
138
  type: :development
139
139
  prerelease: false
140
140
  version_requirements: !ruby/object:Gem::Requirement
141
141
  requirements:
142
142
  - - "~>"
143
143
  - !ruby/object:Gem::Version
144
- version: 1.57.2
144
+ version: 1.58.0
145
145
  - !ruby/object:Gem::Dependency
146
146
  name: rubocop-performance
147
147
  requirement: !ruby/object:Gem::Requirement
@@ -267,7 +267,7 @@ licenses:
267
267
  - Nonstandard
268
268
  metadata:
269
269
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
270
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.238.0
270
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.239.0
271
271
  post_install_message:
272
272
  rdoc_options: []
273
273
  require_paths: