dependabot-nuget 0.244.0 → 0.245.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: be3a65448fe495f267cc054563bd29fd5a2142bb07613e2ed70a1cd21490bae5
-  data.tar.gz: 1fa876f1715e1ab11ccd5e0c323e58cd60b68d08560efe63a4c563755d36b1ca
+  metadata.gz: 4e67c27ae4f1d9736ba0db82edf309551b56c5337213f72a71d5dc7502e2a91d
+  data.tar.gz: f04858bb986a722dbe26aae525f26885dbd7cc0dc514ee099ab5fed628dfbc43
 SHA512:
-  metadata.gz: b22d903bfd1bab554a9513aac135e7f4ea8e055ce8e6a5f163c9d8331e87c258805d333043953c5b7beeaeba6404792694150e7e9c035de29cd1568a09b2fc22
-  data.tar.gz: 00abcf17c29b5f98242b8ca97ab28c79f88e7c2425430f08d549364b16b160d640841ccd2e2b4c01978e96d7b0b4d51826795247f8087d1af6a4962abfba7809
+  metadata.gz: 9fc5b619a387d372e8b91007cb3a1983e93b891874e87e475286d177e3075a911c98cda226746f7e8bb792ba83da409ba9abaa29402857d3b01e82850bffbbc9
+  data.tar.gz: '0919b3eb28f2d1c1aa5e3d137eb0ef4d443458f92aaddfca0628353d9b49d2ad6b2ccc6698102f55ada4c04517017c143d5115c1ff0d6ba701c422b6547923f2'

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs

@@ -360,7 +360,17 @@ internal static partial class MSBuildHelper
         await File.WriteAllTextAsync(tempProjectPath, projectContents);
 
         // prevent directory crawling
-        await File.WriteAllTextAsync(Path.Combine(tempDir.FullName, "Directory.Build.props"), "<Project />");
+        await File.WriteAllTextAsync(
+            Path.Combine(tempDir.FullName, "Directory.Build.props"),
+            """
+            <Project>
+              <PropertyGroup>
+                <!-- For Windows-specific apps -->
+                <EnableWindowsTargeting>true</EnableWindowsTargeting>
+              </PropertyGroup>
+            </Project>
+            """);
+
         await File.WriteAllTextAsync(Path.Combine(tempDir.FullName, "Directory.Build.targets"), "<Project />");
         await File.WriteAllTextAsync(Path.Combine(tempDir.FullName, "Directory.Packages.props"), "<Project />");
 

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.Sdk.cs

@@ -50,6 +50,38 @@ public partial class UpdateWorkerTests
                 """);
         }
 
+        [Fact]
+        public async Task UpdateVersionAttribute_InProjectFile_ForPackageReferenceInclude_Windows()
+        {
+            // update Newtonsoft.Json from 9.0.1 to 13.0.1
+            await TestUpdateForProject("Newtonsoft.Json", "9.0.1", "13.0.1",
+                // initial
+                projectContents: $"""
+                <Project Sdk="Microsoft.NET.Sdk">
+                  <PropertyGroup>
+                    <TargetFramework>net8.0-windows10.0.19041.0</TargetFramework>
+                    <RuntimeIdentifier>win-x64</RuntimeIdentifier>
+                  </PropertyGroup>
+                
+                  <ItemGroup>
+                    <PackageReference Include="Newtonsoft.Json" Version="9.0.1" />
+                  </ItemGroup>
+                </Project>
+                """,
+                // expected
+                expectedProjectContents: $"""
+                <Project Sdk="Microsoft.NET.Sdk">
+                  <PropertyGroup>
+                    <TargetFramework>net8.0-windows10.0.19041.0</TargetFramework>
+                    <RuntimeIdentifier>win-x64</RuntimeIdentifier>
+                  </PropertyGroup>
+                
+                  <ItemGroup>
+                    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
+                  </ItemGroup>
+                </Project>
+                """);
+        }
 
         [Theory]
         [InlineData("$(NewtonsoftJsonVersion")]

data/lib/dependabot/nuget/native_helpers.rb

@@ -45,7 +45,7 @@ module Dependabot
 
         puts "running NuGet updater:\n" + command
 
-        output = SharedHelpers.run_shell_command(command, fingerprint: fingerprint)
+        output = SharedHelpers.run_shell_command(command, allow_unsafe_shell_command: true, fingerprint: fingerprint)
         puts output
 
         # Exit code == 0 means that all project frameworks are compatible
@@ -55,17 +55,11 @@ module Dependabot
         false
       end
 
-      # rubocop:disable Metrics/MethodLength
       sig do
-        params(
-          repo_root: String,
-          proj_path: String,
-          dependency: Dependency,
-          is_transitive: T::Boolean,
-          credentials: T::Array[T.untyped]
-        ).void
+        params(repo_root: String, proj_path: String, dependency: Dependency,
+               is_transitive: T::Boolean).returns([String, String])
       end
-      def self.run_nuget_updater_tool(repo_root:, proj_path:, dependency:, is_transitive:, credentials:)
+      def self.get_nuget_updater_tool_command(repo_root:, proj_path:, dependency:, is_transitive:)
         exe_path = File.join(native_helpers_root, "NuGetUpdater", "NuGetUpdater.Cli")
         command_parts = [
           exe_path,
@@ -103,14 +97,29 @@ module Dependabot
           "--verbose"
         ].compact.join(" ")
 
+        [command, fingerprint]
+      end
+
+      sig do
+        params(
+          repo_root: String,
+          proj_path: String,
+          dependency: Dependency,
+          is_transitive: T::Boolean,
+          credentials: T::Array[Dependabot::Credential]
+        ).void
+      end
+      def self.run_nuget_updater_tool(repo_root:, proj_path:, dependency:, is_transitive:, credentials:)
+        (command, fingerprint) = get_nuget_updater_tool_command(repo_root: repo_root, proj_path: proj_path,
+                                                                dependency: dependency, is_transitive: is_transitive)
+
         puts "running NuGet updater:\n" + command
 
         NuGetConfigCredentialHelpers.patch_nuget_config_for_action(credentials) do
-          output = SharedHelpers.run_shell_command(command, fingerprint: fingerprint)
+          output = SharedHelpers.run_shell_command(command, allow_unsafe_shell_command: true, fingerprint: fingerprint)
           puts output
         end
       end
-      # rubocop:enable Metrics/MethodLength
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-nuget
 version: !ruby/object:Gem::Version
-  version: 0.244.0
+  version: 0.245.0
 platform: ruby
 authors:
 - Dependabot
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2024-02-15 00:00:00.000000000 Z
+date: 2024-02-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.244.0
+        version: 0.245.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.244.0
+        version: 0.245.0
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
@@ -371,7 +371,7 @@ licenses:
 - Nonstandard
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.244.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.245.0
 post_install_message: 
 rdoc_options: []
 require_paths: