dependabot-nuget 0.253.0 → 0.254.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/PackagesConfigUpdater.cs +21 -5
  3. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/JsonHelper.cs +4 -3
  4. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.PackagesConfig.cs +56 -0
  5. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/JsonHelperTests.cs +57 -0
  6. data/lib/dependabot/nuget/discovery/discovery_json_reader.rb +0 -2
  7. data/lib/dependabot/nuget/file_parser.rb +14 -6
  8. metadata +15 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 272069533f6bea5533fb423db28c745b469884c904e393d9708091398a93f9a3
4
- data.tar.gz: dd0c3fad1ab56f2bc32e509f89552068cc59b02cd21b1878ef1edcca84af45ba
3
+ metadata.gz: c86cede5ca7a7c4b299c2ec8562eedac9a80f12b3d3087be4270b37f21a41861
4
+ data.tar.gz: 8ea3c1c970f4606fed97261c70ebd493645037bdd635ab4368e38956ab1d17f9
5
5
  SHA512:
6
- metadata.gz: a66d28929da003117a1a5ef125be1acd2dd91a522f715fa1c263610a63e333e5b60ec3343836a1d19b6516527595b88425aed9f7df7a5c3f254579b1a12ec77c
7
- data.tar.gz: 4fa773a0ff8f2c5e423fd505d111eaf7f84439f99111b68a87e77700290ae0ae97d52318ec9ddabc4d5c80e953bdaef761da96730c82baa8f5c0e36034798e3b
6
+ metadata.gz: 26ee476b689434e34f322153afc7f825e15555bf7c7061014e4b58bdb5962699226942ac64797d436d38b5aed780d4e57d818bd7ef64f6ed6e1961984129139e
7
+ data.tar.gz: 28e0103dbcb88c4fabb9352a51891f0f69a0533959c7fe052c8b3396c00fcabfe33ae1d3cb28347ffc44f01464c8517397a11783c0c88a66e4bd04fd9f5b37e3
data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/PackagesConfigUpdater.cs CHANGED
@@ -174,11 +174,7 @@ internal static class PackagesConfigUpdater
174
174
  var hintPathSubString = $"{dependencyName}.{dependencyVersion}";
175
175
 
176
176
  string? partialPathMatch = null;
177
- var hintPathNodes = projectBuildFile.Contents.Descendants()
178
- .Where(e =>
179
- e.Name.Equals("HintPath", StringComparison.OrdinalIgnoreCase) &&
180
- e.Parent.Name.Equals("Reference", StringComparison.OrdinalIgnoreCase) &&
181
- e.Parent.GetAttributeValue("Include", StringComparison.OrdinalIgnoreCase)?.StartsWith($"{dependencyName},", StringComparison.OrdinalIgnoreCase) == true);
177
+ var hintPathNodes = projectBuildFile.Contents.Descendants().Where(e => e.IsHintPathNodeForDependency(dependencyName));
182
178
  foreach (var hintPathNode in hintPathNodes)
183
179
  {
184
180
  var hintPath = hintPathNode.GetContentValue();
@@ -210,6 +206,26 @@ internal static class PackagesConfigUpdater
210
206
  return partialPathMatch;
211
207
  }
212
208
 
209
+ private static bool IsHintPathNodeForDependency(this IXmlElementSyntax element, string dependencyName)
210
+ {
211
+ if (element.Name.Equals("HintPath", StringComparison.OrdinalIgnoreCase) &&
212
+ element.Parent.Name.Equals("Reference", StringComparison.OrdinalIgnoreCase))
213
+ {
214
+ // the include attribute will look like one of the following:
215
+ // <Reference Include="Some.Dependency, Version=1.0.0.0, Culture=neutral, PublicKeyToken=abcd">
216
+ // or
217
+ // <Reference Include="Some.Dependency">
218
+ string includeAttributeValue = element.Parent.GetAttributeValue("Include", StringComparison.OrdinalIgnoreCase);
219
+ if (includeAttributeValue.Equals(dependencyName, StringComparison.OrdinalIgnoreCase) ||
220
+ includeAttributeValue.StartsWith($"{dependencyName},", StringComparison.OrdinalIgnoreCase))
221
+ {
222
+ return true;
223
+ }
224
+ }
225
+
226
+ return false;
227
+ }
228
+
213
229
  private static string GetUpToIndexWithoutTrailingDirectorySeparator(string path, int index)
214
230
  {
215
231
  var subpath = path[..index];
data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/JsonHelper.cs CHANGED
@@ -145,13 +145,14 @@ namespace NuGetUpdater.Core.Utilities
145
145
 
146
146
  // single line comments might have had a trailing comma appended by the property writer that we can't
147
147
  // control, so we have to manually correct for it
148
- var originalJsonLines = json.Split('\n').Select(l => l.TrimEnd('\r')).ToArray();
148
+ var originalJsonLines = json.Split('\n').Select(l => l.TrimEnd('\r')).Where(l => !string.IsNullOrWhiteSpace(l)).ToArray();
149
149
  var updatedJsonLines = resultJson.Split('\n').Select(l => l.TrimEnd('\r')).ToArray();
150
150
  for (int i = 0; i < Math.Min(originalJsonLines.Length, updatedJsonLines.Length); i++)
151
151
  {
152
- if (updatedJsonLines[i].EndsWith(",") && !originalJsonLines[i].EndsWith(","))
152
+ var updatedLine = updatedJsonLines[i];
153
+ if (updatedLine.EndsWith(',') && updatedLine.Contains("//", StringComparison.Ordinal) && !originalJsonLines[i].EndsWith(','))
153
154
  {
154
- updatedJsonLines[i] = updatedJsonLines[i][..^1];
155
+ updatedJsonLines[i] = updatedLine[..^1];
155
156
  }
156
157
  }
157
158
 
data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.PackagesConfig.cs CHANGED
@@ -65,6 +65,62 @@ public partial class UpdateWorkerTests
65
65
  """);
66
66
  }
67
67
 
68
+ [Fact]
69
+ public async Task UpdateSingleDependencyInPackagesConfig_ReferenceHasNoAssemblyVersion()
70
+ {
71
+ // update Newtonsoft.Json from 7.0.1 to 13.0.1
72
+ await TestUpdateForProject("Newtonsoft.Json", "7.0.1", "13.0.1",
73
+ // existing
74
+ projectContents: """
75
+ <Project ToolsVersion="15.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
76
+ <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
77
+ <PropertyGroup>
78
+ <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
79
+ </PropertyGroup>
80
+ <ItemGroup>
81
+ <None Include="packages.config" />
82
+ </ItemGroup>
83
+ <ItemGroup>
84
+ <Reference Include="Newtonsoft.Json">
85
+ <HintPath>packages\Newtonsoft.Json.7.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
86
+ <Private>True</Private>
87
+ </Reference>
88
+ </ItemGroup>
89
+ <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
90
+ </Project>
91
+ """,
92
+ packagesConfigContents: """
93
+ <packages>
94
+ <package id="Newtonsoft.Json" version="7.0.1" targetFramework="net45" />
95
+ </packages>
96
+ """,
97
+ // expected
98
+ expectedProjectContents: """
99
+ <Project ToolsVersion="15.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
100
+ <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
101
+ <PropertyGroup>
102
+ <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
103
+ </PropertyGroup>
104
+ <ItemGroup>
105
+ <None Include="packages.config" />
106
+ </ItemGroup>
107
+ <ItemGroup>
108
+ <Reference Include="Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed">
109
+ <HintPath>packages\Newtonsoft.Json.13.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
110
+ <Private>True</Private>
111
+ </Reference>
112
+ </ItemGroup>
113
+ <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
114
+ </Project>
115
+ """,
116
+ expectedPackagesConfigContents: """
117
+ <?xml version="1.0" encoding="utf-8"?>
118
+ <packages>
119
+ <package id="Newtonsoft.Json" version="13.0.1" targetFramework="net45" />
120
+ </packages>
121
+ """);
122
+ }
123
+
68
124
  [Fact]
69
125
  public async Task UpdateSingleDependencyInPackagesConfigButNotToLatest()
70
126
  {
data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/JsonHelperTests.cs CHANGED
@@ -1,5 +1,6 @@
1
1
  using System;
2
2
  using System.Collections.Generic;
3
+ using System.Text.Json;
3
4
 
4
5
  using NuGetUpdater.Core.Utilities;
5
6
 
@@ -9,6 +10,11 @@ namespace NuGetUpdater.Core.Test.Utilities;
9
10
 
10
11
  public class JsonHelperTests
11
12
  {
13
+ private static readonly JsonDocumentOptions DocumentOptions = new()
14
+ {
15
+ CommentHandling = JsonCommentHandling.Skip,
16
+ };
17
+
12
18
  [Theory]
13
19
  [MemberData(nameof(JsonUpdaterTestData))]
14
20
  public void UpdateJsonPreservingComments(string json, string[] propertyPath, string newValue, string expectedJson)
@@ -16,6 +22,8 @@ public class JsonHelperTests
16
22
  var updatedJson = JsonHelper.UpdateJsonProperty(json, propertyPath, newValue, StringComparison.OrdinalIgnoreCase).Replace("\r", string.Empty);
17
23
  expectedJson = expectedJson.Replace("\r", string.Empty);
18
24
  Assert.Equal(expectedJson, updatedJson);
25
+ using var document = JsonDocument.Parse(updatedJson, DocumentOptions);
26
+ Assert.Equal(JsonValueKind.Object, document.RootElement.ValueKind);
19
27
  }
20
28
 
21
29
  public static IEnumerable<object[]> JsonUpdaterTestData()
@@ -237,5 +245,54 @@ public class JsonHelperTests
237
245
  }
238
246
  """
239
247
  ];
248
+
249
+ // https://github.com/dependabot/dependabot-core/issues/9170
250
+ yield return
251
+ [
252
+ // original json
253
+ """
254
+ {
255
+ "sdk": {
256
+ "version": "8.0.201",
257
+ "allowPrerelease": true,
258
+ "rollForward": "major"
259
+ },
260
+
261
+ "tools": {
262
+ "dotnet": "8.0.201"
263
+ },
264
+
265
+ "msbuild-sdks": {
266
+ "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.23463.1",
267
+ "Microsoft.DotNet.Helix.Sdk": "8.0.0-beta.23463.1"
268
+ }
269
+ }
270
+ """,
271
+ // property path
272
+ new[]
273
+ {
274
+ "msbuild-sdks",
275
+ "Microsoft.DotNet.Helix.Sdk",
276
+ },
277
+ // new value
278
+ "8.0.0-beta.24123.1",
279
+ // expected json
280
+ """
281
+ {
282
+ "sdk": {
283
+ "version": "8.0.201",
284
+ "allowPrerelease": true,
285
+ "rollForward": "major"
286
+ },
287
+ "tools": {
288
+ "dotnet": "8.0.201"
289
+ },
290
+ "msbuild-sdks": {
291
+ "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.23463.1",
292
+ "Microsoft.DotNet.Helix.Sdk": "8.0.0-beta.24123.1"
293
+ }
294
+ }
295
+ """
296
+ ];
240
297
  }
241
298
  }
data/lib/dependabot/nuget/discovery/discovery_json_reader.rb CHANGED
@@ -65,8 +65,6 @@ module Dependabot
65
65
  @workspace_discovery ||= T.let(begin
66
66
  return nil unless discovery_json.content
67
67
 
68
- Dependabot.logger.info("Discovery JSON content: #{discovery_json.content}")
69
-
70
68
  parsed_json = T.let(JSON.parse(T.must(discovery_json.content)), T::Hash[String, T.untyped])
71
69
  WorkspaceDiscovery.from_json(parsed_json)
72
70
  end, T.nilable(WorkspaceDiscovery))
data/lib/dependabot/nuget/file_parser.rb CHANGED
@@ -22,13 +22,19 @@ module Dependabot
22
22
  workspace_path = project_files.first&.directory
23
23
  return [] unless workspace_path
24
24
 
25
- # run discovery for the repo
26
- NativeHelpers.run_nuget_discover_tool(repo_root: T.must(repo_contents_path),
27
- workspace_path: workspace_path,
28
- output_path: DiscoveryJsonReader.discovery_file_path,
29
- credentials: credentials)
25
+ # `workspace_path` is the only unique value here so we use it as the cache key
26
+ cache = T.let(CacheManager.cache("file_parser.parse"), T::Hash[String, T::Array[Dependabot::Dependency]])
27
+ key = workspace_path
28
+ cache[key] ||= begin
29
+ # run discovery for the repo
30
+ NativeHelpers.run_nuget_discover_tool(repo_root: T.must(repo_contents_path),
31
+ workspace_path: workspace_path,
32
+ output_path: DiscoveryJsonReader.discovery_file_path,
33
+ credentials: credentials)
34
+ discovered_dependencies.dependencies
35
+ end
30
36
 
31
- discovered_dependencies.dependencies
37
+ T.must(cache[key])
32
38
  end
33
39
 
34
40
  private
@@ -38,6 +44,8 @@ module Dependabot
38
44
  discovery_json = DiscoveryJsonReader.discovery_json
39
45
  return DependencySet.new unless discovery_json
40
46
 
47
+ Dependabot.logger.info("Discovery JSON content: #{discovery_json.content}")
48
+
41
49
  DiscoveryJsonReader.new(
42
50
  discovery_json: discovery_json
43
51
  ).dependency_set
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-nuget
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.253.0
4
+ version: 0.254.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-04-18 00:00:00.000000000 Z
11
+ date: 2024-04-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.253.0
19
+ version: 0.254.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.253.0
26
+ version: 0.254.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rubyzip
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -50,14 +50,14 @@ dependencies:
50
50
  requirements:
51
51
  - - "~>"
52
52
  - !ruby/object:Gem::Version
53
- version: 1.8.0
53
+ version: 1.9.2
54
54
  type: :development
55
55
  prerelease: false
56
56
  version_requirements: !ruby/object:Gem::Requirement
57
57
  requirements:
58
58
  - - "~>"
59
59
  - !ruby/object:Gem::Version
60
- version: 1.8.0
60
+ version: 1.9.2
61
61
  - !ruby/object:Gem::Dependency
62
62
  name: gpgme
63
63
  requirement: !ruby/object:Gem::Requirement
@@ -134,56 +134,56 @@ dependencies:
134
134
  requirements:
135
135
  - - "~>"
136
136
  - !ruby/object:Gem::Version
137
- version: 1.58.0
137
+ version: 1.63.2
138
138
  type: :development
139
139
  prerelease: false
140
140
  version_requirements: !ruby/object:Gem::Requirement
141
141
  requirements:
142
142
  - - "~>"
143
143
  - !ruby/object:Gem::Version
144
- version: 1.58.0
144
+ version: 1.63.2
145
145
  - !ruby/object:Gem::Dependency
146
146
  name: rubocop-performance
147
147
  requirement: !ruby/object:Gem::Requirement
148
148
  requirements:
149
149
  - - "~>"
150
150
  - !ruby/object:Gem::Version
151
- version: 1.19.0
151
+ version: 1.21.0
152
152
  type: :development
153
153
  prerelease: false
154
154
  version_requirements: !ruby/object:Gem::Requirement
155
155
  requirements:
156
156
  - - "~>"
157
157
  - !ruby/object:Gem::Version
158
- version: 1.19.0
158
+ version: 1.21.0
159
159
  - !ruby/object:Gem::Dependency
160
160
  name: rubocop-rspec
161
161
  requirement: !ruby/object:Gem::Requirement
162
162
  requirements:
163
163
  - - "~>"
164
164
  - !ruby/object:Gem::Version
165
- version: 2.27.1
165
+ version: 2.29.1
166
166
  type: :development
167
167
  prerelease: false
168
168
  version_requirements: !ruby/object:Gem::Requirement
169
169
  requirements:
170
170
  - - "~>"
171
171
  - !ruby/object:Gem::Version
172
- version: 2.27.1
172
+ version: 2.29.1
173
173
  - !ruby/object:Gem::Dependency
174
174
  name: rubocop-sorbet
175
175
  requirement: !ruby/object:Gem::Requirement
176
176
  requirements:
177
177
  - - "~>"
178
178
  - !ruby/object:Gem::Version
179
- version: 0.7.3
179
+ version: 0.8.1
180
180
  type: :development
181
181
  prerelease: false
182
182
  version_requirements: !ruby/object:Gem::Requirement
183
183
  requirements:
184
184
  - - "~>"
185
185
  - !ruby/object:Gem::Version
186
- version: 0.7.3
186
+ version: 0.8.1
187
187
  - !ruby/object:Gem::Dependency
188
188
  name: turbo_tests
189
189
  requirement: !ruby/object:Gem::Requirement
@@ -404,7 +404,7 @@ licenses:
404
404
  - Nonstandard
405
405
  metadata:
406
406
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
407
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.253.0
407
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.254.0
408
408
  post_install_message:
409
409
  rdoc_options: []
410
410
  require_paths: