dependabot-nuget 0.253.0 → 0.254.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/PackagesConfigUpdater.cs +21 -5
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/JsonHelper.cs +4 -3
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.PackagesConfig.cs +56 -0
- data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/JsonHelperTests.cs +57 -0
- data/lib/dependabot/nuget/discovery/discovery_json_reader.rb +0 -2
- data/lib/dependabot/nuget/file_parser.rb +14 -6
- metadata +15 -15
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: c86cede5ca7a7c4b299c2ec8562eedac9a80f12b3d3087be4270b37f21a41861
|
4
|
+
data.tar.gz: 8ea3c1c970f4606fed97261c70ebd493645037bdd635ab4368e38956ab1d17f9
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 26ee476b689434e34f322153afc7f825e15555bf7c7061014e4b58bdb5962699226942ac64797d436d38b5aed780d4e57d818bd7ef64f6ed6e1961984129139e
|
7
|
+
data.tar.gz: 28e0103dbcb88c4fabb9352a51891f0f69a0533959c7fe052c8b3396c00fcabfe33ae1d3cb28347ffc44f01464c8517397a11783c0c88a66e4bd04fd9f5b37e3
|
@@ -174,11 +174,7 @@ internal static class PackagesConfigUpdater
|
|
174
174
|
var hintPathSubString = $"{dependencyName}.{dependencyVersion}";
|
175
175
|
|
176
176
|
string? partialPathMatch = null;
|
177
|
-
var hintPathNodes = projectBuildFile.Contents.Descendants()
|
178
|
-
.Where(e =>
|
179
|
-
e.Name.Equals("HintPath", StringComparison.OrdinalIgnoreCase) &&
|
180
|
-
e.Parent.Name.Equals("Reference", StringComparison.OrdinalIgnoreCase) &&
|
181
|
-
e.Parent.GetAttributeValue("Include", StringComparison.OrdinalIgnoreCase)?.StartsWith($"{dependencyName},", StringComparison.OrdinalIgnoreCase) == true);
|
177
|
+
var hintPathNodes = projectBuildFile.Contents.Descendants().Where(e => e.IsHintPathNodeForDependency(dependencyName));
|
182
178
|
foreach (var hintPathNode in hintPathNodes)
|
183
179
|
{
|
184
180
|
var hintPath = hintPathNode.GetContentValue();
|
@@ -210,6 +206,26 @@ internal static class PackagesConfigUpdater
|
|
210
206
|
return partialPathMatch;
|
211
207
|
}
|
212
208
|
|
209
|
+
private static bool IsHintPathNodeForDependency(this IXmlElementSyntax element, string dependencyName)
|
210
|
+
{
|
211
|
+
if (element.Name.Equals("HintPath", StringComparison.OrdinalIgnoreCase) &&
|
212
|
+
element.Parent.Name.Equals("Reference", StringComparison.OrdinalIgnoreCase))
|
213
|
+
{
|
214
|
+
// the include attribute will look like one of the following:
|
215
|
+
// <Reference Include="Some.Dependency, Version=1.0.0.0, Culture=neutral, PublicKeyToken=abcd">
|
216
|
+
// or
|
217
|
+
// <Reference Include="Some.Dependency">
|
218
|
+
string includeAttributeValue = element.Parent.GetAttributeValue("Include", StringComparison.OrdinalIgnoreCase);
|
219
|
+
if (includeAttributeValue.Equals(dependencyName, StringComparison.OrdinalIgnoreCase) ||
|
220
|
+
includeAttributeValue.StartsWith($"{dependencyName},", StringComparison.OrdinalIgnoreCase))
|
221
|
+
{
|
222
|
+
return true;
|
223
|
+
}
|
224
|
+
}
|
225
|
+
|
226
|
+
return false;
|
227
|
+
}
|
228
|
+
|
213
229
|
private static string GetUpToIndexWithoutTrailingDirectorySeparator(string path, int index)
|
214
230
|
{
|
215
231
|
var subpath = path[..index];
|
@@ -145,13 +145,14 @@ namespace NuGetUpdater.Core.Utilities
|
|
145
145
|
|
146
146
|
// single line comments might have had a trailing comma appended by the property writer that we can't
|
147
147
|
// control, so we have to manually correct for it
|
148
|
-
var originalJsonLines = json.Split('\n').Select(l => l.TrimEnd('\r')).ToArray();
|
148
|
+
var originalJsonLines = json.Split('\n').Select(l => l.TrimEnd('\r')).Where(l => !string.IsNullOrWhiteSpace(l)).ToArray();
|
149
149
|
var updatedJsonLines = resultJson.Split('\n').Select(l => l.TrimEnd('\r')).ToArray();
|
150
150
|
for (int i = 0; i < Math.Min(originalJsonLines.Length, updatedJsonLines.Length); i++)
|
151
151
|
{
|
152
|
-
|
152
|
+
var updatedLine = updatedJsonLines[i];
|
153
|
+
if (updatedLine.EndsWith(',') && updatedLine.Contains("//", StringComparison.Ordinal) && !originalJsonLines[i].EndsWith(','))
|
153
154
|
{
|
154
|
-
updatedJsonLines[i] =
|
155
|
+
updatedJsonLines[i] = updatedLine[..^1];
|
155
156
|
}
|
156
157
|
}
|
157
158
|
|
data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.PackagesConfig.cs
CHANGED
@@ -65,6 +65,62 @@ public partial class UpdateWorkerTests
|
|
65
65
|
""");
|
66
66
|
}
|
67
67
|
|
68
|
+
[Fact]
|
69
|
+
public async Task UpdateSingleDependencyInPackagesConfig_ReferenceHasNoAssemblyVersion()
|
70
|
+
{
|
71
|
+
// update Newtonsoft.Json from 7.0.1 to 13.0.1
|
72
|
+
await TestUpdateForProject("Newtonsoft.Json", "7.0.1", "13.0.1",
|
73
|
+
// existing
|
74
|
+
projectContents: """
|
75
|
+
<Project ToolsVersion="15.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
76
|
+
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
|
77
|
+
<PropertyGroup>
|
78
|
+
<TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
|
79
|
+
</PropertyGroup>
|
80
|
+
<ItemGroup>
|
81
|
+
<None Include="packages.config" />
|
82
|
+
</ItemGroup>
|
83
|
+
<ItemGroup>
|
84
|
+
<Reference Include="Newtonsoft.Json">
|
85
|
+
<HintPath>packages\Newtonsoft.Json.7.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
|
86
|
+
<Private>True</Private>
|
87
|
+
</Reference>
|
88
|
+
</ItemGroup>
|
89
|
+
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
|
90
|
+
</Project>
|
91
|
+
""",
|
92
|
+
packagesConfigContents: """
|
93
|
+
<packages>
|
94
|
+
<package id="Newtonsoft.Json" version="7.0.1" targetFramework="net45" />
|
95
|
+
</packages>
|
96
|
+
""",
|
97
|
+
// expected
|
98
|
+
expectedProjectContents: """
|
99
|
+
<Project ToolsVersion="15.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
|
100
|
+
<Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
|
101
|
+
<PropertyGroup>
|
102
|
+
<TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
|
103
|
+
</PropertyGroup>
|
104
|
+
<ItemGroup>
|
105
|
+
<None Include="packages.config" />
|
106
|
+
</ItemGroup>
|
107
|
+
<ItemGroup>
|
108
|
+
<Reference Include="Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed">
|
109
|
+
<HintPath>packages\Newtonsoft.Json.13.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
|
110
|
+
<Private>True</Private>
|
111
|
+
</Reference>
|
112
|
+
</ItemGroup>
|
113
|
+
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
|
114
|
+
</Project>
|
115
|
+
""",
|
116
|
+
expectedPackagesConfigContents: """
|
117
|
+
<?xml version="1.0" encoding="utf-8"?>
|
118
|
+
<packages>
|
119
|
+
<package id="Newtonsoft.Json" version="13.0.1" targetFramework="net45" />
|
120
|
+
</packages>
|
121
|
+
""");
|
122
|
+
}
|
123
|
+
|
68
124
|
[Fact]
|
69
125
|
public async Task UpdateSingleDependencyInPackagesConfigButNotToLatest()
|
70
126
|
{
|
@@ -1,5 +1,6 @@
|
|
1
1
|
using System;
|
2
2
|
using System.Collections.Generic;
|
3
|
+
using System.Text.Json;
|
3
4
|
|
4
5
|
using NuGetUpdater.Core.Utilities;
|
5
6
|
|
@@ -9,6 +10,11 @@ namespace NuGetUpdater.Core.Test.Utilities;
|
|
9
10
|
|
10
11
|
public class JsonHelperTests
|
11
12
|
{
|
13
|
+
private static readonly JsonDocumentOptions DocumentOptions = new()
|
14
|
+
{
|
15
|
+
CommentHandling = JsonCommentHandling.Skip,
|
16
|
+
};
|
17
|
+
|
12
18
|
[Theory]
|
13
19
|
[MemberData(nameof(JsonUpdaterTestData))]
|
14
20
|
public void UpdateJsonPreservingComments(string json, string[] propertyPath, string newValue, string expectedJson)
|
@@ -16,6 +22,8 @@ public class JsonHelperTests
|
|
16
22
|
var updatedJson = JsonHelper.UpdateJsonProperty(json, propertyPath, newValue, StringComparison.OrdinalIgnoreCase).Replace("\r", string.Empty);
|
17
23
|
expectedJson = expectedJson.Replace("\r", string.Empty);
|
18
24
|
Assert.Equal(expectedJson, updatedJson);
|
25
|
+
using var document = JsonDocument.Parse(updatedJson, DocumentOptions);
|
26
|
+
Assert.Equal(JsonValueKind.Object, document.RootElement.ValueKind);
|
19
27
|
}
|
20
28
|
|
21
29
|
public static IEnumerable<object[]> JsonUpdaterTestData()
|
@@ -237,5 +245,54 @@ public class JsonHelperTests
|
|
237
245
|
}
|
238
246
|
"""
|
239
247
|
];
|
248
|
+
|
249
|
+
// https://github.com/dependabot/dependabot-core/issues/9170
|
250
|
+
yield return
|
251
|
+
[
|
252
|
+
// original json
|
253
|
+
"""
|
254
|
+
{
|
255
|
+
"sdk": {
|
256
|
+
"version": "8.0.201",
|
257
|
+
"allowPrerelease": true,
|
258
|
+
"rollForward": "major"
|
259
|
+
},
|
260
|
+
|
261
|
+
"tools": {
|
262
|
+
"dotnet": "8.0.201"
|
263
|
+
},
|
264
|
+
|
265
|
+
"msbuild-sdks": {
|
266
|
+
"Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.23463.1",
|
267
|
+
"Microsoft.DotNet.Helix.Sdk": "8.0.0-beta.23463.1"
|
268
|
+
}
|
269
|
+
}
|
270
|
+
""",
|
271
|
+
// property path
|
272
|
+
new[]
|
273
|
+
{
|
274
|
+
"msbuild-sdks",
|
275
|
+
"Microsoft.DotNet.Helix.Sdk",
|
276
|
+
},
|
277
|
+
// new value
|
278
|
+
"8.0.0-beta.24123.1",
|
279
|
+
// expected json
|
280
|
+
"""
|
281
|
+
{
|
282
|
+
"sdk": {
|
283
|
+
"version": "8.0.201",
|
284
|
+
"allowPrerelease": true,
|
285
|
+
"rollForward": "major"
|
286
|
+
},
|
287
|
+
"tools": {
|
288
|
+
"dotnet": "8.0.201"
|
289
|
+
},
|
290
|
+
"msbuild-sdks": {
|
291
|
+
"Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.23463.1",
|
292
|
+
"Microsoft.DotNet.Helix.Sdk": "8.0.0-beta.24123.1"
|
293
|
+
}
|
294
|
+
}
|
295
|
+
"""
|
296
|
+
];
|
240
297
|
}
|
241
298
|
}
|
@@ -65,8 +65,6 @@ module Dependabot
|
|
65
65
|
@workspace_discovery ||= T.let(begin
|
66
66
|
return nil unless discovery_json.content
|
67
67
|
|
68
|
-
Dependabot.logger.info("Discovery JSON content: #{discovery_json.content}")
|
69
|
-
|
70
68
|
parsed_json = T.let(JSON.parse(T.must(discovery_json.content)), T::Hash[String, T.untyped])
|
71
69
|
WorkspaceDiscovery.from_json(parsed_json)
|
72
70
|
end, T.nilable(WorkspaceDiscovery))
|
@@ -22,13 +22,19 @@ module Dependabot
|
|
22
22
|
workspace_path = project_files.first&.directory
|
23
23
|
return [] unless workspace_path
|
24
24
|
|
25
|
-
#
|
26
|
-
|
27
|
-
|
28
|
-
|
29
|
-
|
25
|
+
# `workspace_path` is the only unique value here so we use it as the cache key
|
26
|
+
cache = T.let(CacheManager.cache("file_parser.parse"), T::Hash[String, T::Array[Dependabot::Dependency]])
|
27
|
+
key = workspace_path
|
28
|
+
cache[key] ||= begin
|
29
|
+
# run discovery for the repo
|
30
|
+
NativeHelpers.run_nuget_discover_tool(repo_root: T.must(repo_contents_path),
|
31
|
+
workspace_path: workspace_path,
|
32
|
+
output_path: DiscoveryJsonReader.discovery_file_path,
|
33
|
+
credentials: credentials)
|
34
|
+
discovered_dependencies.dependencies
|
35
|
+
end
|
30
36
|
|
31
|
-
|
37
|
+
T.must(cache[key])
|
32
38
|
end
|
33
39
|
|
34
40
|
private
|
@@ -38,6 +44,8 @@ module Dependabot
|
|
38
44
|
discovery_json = DiscoveryJsonReader.discovery_json
|
39
45
|
return DependencySet.new unless discovery_json
|
40
46
|
|
47
|
+
Dependabot.logger.info("Discovery JSON content: #{discovery_json.content}")
|
48
|
+
|
41
49
|
DiscoveryJsonReader.new(
|
42
50
|
discovery_json: discovery_json
|
43
51
|
).dependency_set
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: dependabot-nuget
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.254.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Dependabot
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2024-04-
|
11
|
+
date: 2024-04-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: dependabot-common
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - '='
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version: 0.
|
19
|
+
version: 0.254.0
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - '='
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version: 0.
|
26
|
+
version: 0.254.0
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rubyzip
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -50,14 +50,14 @@ dependencies:
|
|
50
50
|
requirements:
|
51
51
|
- - "~>"
|
52
52
|
- !ruby/object:Gem::Version
|
53
|
-
version: 1.
|
53
|
+
version: 1.9.2
|
54
54
|
type: :development
|
55
55
|
prerelease: false
|
56
56
|
version_requirements: !ruby/object:Gem::Requirement
|
57
57
|
requirements:
|
58
58
|
- - "~>"
|
59
59
|
- !ruby/object:Gem::Version
|
60
|
-
version: 1.
|
60
|
+
version: 1.9.2
|
61
61
|
- !ruby/object:Gem::Dependency
|
62
62
|
name: gpgme
|
63
63
|
requirement: !ruby/object:Gem::Requirement
|
@@ -134,56 +134,56 @@ dependencies:
|
|
134
134
|
requirements:
|
135
135
|
- - "~>"
|
136
136
|
- !ruby/object:Gem::Version
|
137
|
-
version: 1.
|
137
|
+
version: 1.63.2
|
138
138
|
type: :development
|
139
139
|
prerelease: false
|
140
140
|
version_requirements: !ruby/object:Gem::Requirement
|
141
141
|
requirements:
|
142
142
|
- - "~>"
|
143
143
|
- !ruby/object:Gem::Version
|
144
|
-
version: 1.
|
144
|
+
version: 1.63.2
|
145
145
|
- !ruby/object:Gem::Dependency
|
146
146
|
name: rubocop-performance
|
147
147
|
requirement: !ruby/object:Gem::Requirement
|
148
148
|
requirements:
|
149
149
|
- - "~>"
|
150
150
|
- !ruby/object:Gem::Version
|
151
|
-
version: 1.
|
151
|
+
version: 1.21.0
|
152
152
|
type: :development
|
153
153
|
prerelease: false
|
154
154
|
version_requirements: !ruby/object:Gem::Requirement
|
155
155
|
requirements:
|
156
156
|
- - "~>"
|
157
157
|
- !ruby/object:Gem::Version
|
158
|
-
version: 1.
|
158
|
+
version: 1.21.0
|
159
159
|
- !ruby/object:Gem::Dependency
|
160
160
|
name: rubocop-rspec
|
161
161
|
requirement: !ruby/object:Gem::Requirement
|
162
162
|
requirements:
|
163
163
|
- - "~>"
|
164
164
|
- !ruby/object:Gem::Version
|
165
|
-
version: 2.
|
165
|
+
version: 2.29.1
|
166
166
|
type: :development
|
167
167
|
prerelease: false
|
168
168
|
version_requirements: !ruby/object:Gem::Requirement
|
169
169
|
requirements:
|
170
170
|
- - "~>"
|
171
171
|
- !ruby/object:Gem::Version
|
172
|
-
version: 2.
|
172
|
+
version: 2.29.1
|
173
173
|
- !ruby/object:Gem::Dependency
|
174
174
|
name: rubocop-sorbet
|
175
175
|
requirement: !ruby/object:Gem::Requirement
|
176
176
|
requirements:
|
177
177
|
- - "~>"
|
178
178
|
- !ruby/object:Gem::Version
|
179
|
-
version: 0.
|
179
|
+
version: 0.8.1
|
180
180
|
type: :development
|
181
181
|
prerelease: false
|
182
182
|
version_requirements: !ruby/object:Gem::Requirement
|
183
183
|
requirements:
|
184
184
|
- - "~>"
|
185
185
|
- !ruby/object:Gem::Version
|
186
|
-
version: 0.
|
186
|
+
version: 0.8.1
|
187
187
|
- !ruby/object:Gem::Dependency
|
188
188
|
name: turbo_tests
|
189
189
|
requirement: !ruby/object:Gem::Requirement
|
@@ -404,7 +404,7 @@ licenses:
|
|
404
404
|
- Nonstandard
|
405
405
|
metadata:
|
406
406
|
bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
|
407
|
-
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.
|
407
|
+
changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.254.0
|
408
408
|
post_install_message:
|
409
409
|
rdoc_options: []
|
410
410
|
require_paths:
|