dependabot-nuget 0.253.0 → 0.254.0

Sign up to get free protection for your applications and to get access to all the features.
Files changed (8) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/PackagesConfigUpdater.cs +21 -5
  3. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/JsonHelper.cs +4 -3
  4. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.PackagesConfig.cs +56 -0
  5. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/JsonHelperTests.cs +57 -0
  6. data/lib/dependabot/nuget/discovery/discovery_json_reader.rb +0 -2
  7. data/lib/dependabot/nuget/file_parser.rb +14 -6
  8. metadata +15 -15
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 272069533f6bea5533fb423db28c745b469884c904e393d9708091398a93f9a3
4
- data.tar.gz: dd0c3fad1ab56f2bc32e509f89552068cc59b02cd21b1878ef1edcca84af45ba
3
+ metadata.gz: c86cede5ca7a7c4b299c2ec8562eedac9a80f12b3d3087be4270b37f21a41861
4
+ data.tar.gz: 8ea3c1c970f4606fed97261c70ebd493645037bdd635ab4368e38956ab1d17f9
5
5
  SHA512:
6
- metadata.gz: a66d28929da003117a1a5ef125be1acd2dd91a522f715fa1c263610a63e333e5b60ec3343836a1d19b6516527595b88425aed9f7df7a5c3f254579b1a12ec77c
7
- data.tar.gz: 4fa773a0ff8f2c5e423fd505d111eaf7f84439f99111b68a87e77700290ae0ae97d52318ec9ddabc4d5c80e953bdaef761da96730c82baa8f5c0e36034798e3b
6
+ metadata.gz: 26ee476b689434e34f322153afc7f825e15555bf7c7061014e4b58bdb5962699226942ac64797d436d38b5aed780d4e57d818bd7ef64f6ed6e1961984129139e
7
+ data.tar.gz: 28e0103dbcb88c4fabb9352a51891f0f69a0533959c7fe052c8b3396c00fcabfe33ae1d3cb28347ffc44f01464c8517397a11783c0c88a66e4bd04fd9f5b37e3
data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/PackagesConfigUpdater.cs CHANGED
@@ -174,11 +174,7 @@ internal static class PackagesConfigUpdater
174
174
  var hintPathSubString = $"{dependencyName}.{dependencyVersion}";
175
175
 
176
176
  string? partialPathMatch = null;
177
- var hintPathNodes = projectBuildFile.Contents.Descendants()
178
- .Where(e =>
179
- e.Name.Equals("HintPath", StringComparison.OrdinalIgnoreCase) &&
180
- e.Parent.Name.Equals("Reference", StringComparison.OrdinalIgnoreCase) &&
181
- e.Parent.GetAttributeValue("Include", StringComparison.OrdinalIgnoreCase)?.StartsWith($"{dependencyName},", StringComparison.OrdinalIgnoreCase) == true);
177
+ var hintPathNodes = projectBuildFile.Contents.Descendants().Where(e => e.IsHintPathNodeForDependency(dependencyName));
182
178
  foreach (var hintPathNode in hintPathNodes)
183
179
  {
184
180
  var hintPath = hintPathNode.GetContentValue();
@@ -210,6 +206,26 @@ internal static class PackagesConfigUpdater
210
206
  return partialPathMatch;
211
207
  }
212
208
 
209
+ private static bool IsHintPathNodeForDependency(this IXmlElementSyntax element, string dependencyName)
210
+ {
211
+ if (element.Name.Equals("HintPath", StringComparison.OrdinalIgnoreCase) &&
212
+ element.Parent.Name.Equals("Reference", StringComparison.OrdinalIgnoreCase))
213
+ {
214
+ // the include attribute will look like one of the following:
215
+ // <Reference Include="Some.Dependency, Version=1.0.0.0, Culture=neutral, PublicKeyToken=abcd">
216
+ // or
217
+ // <Reference Include="Some.Dependency">
218
+ string includeAttributeValue = element.Parent.GetAttributeValue("Include", StringComparison.OrdinalIgnoreCase);
219
+ if (includeAttributeValue.Equals(dependencyName, StringComparison.OrdinalIgnoreCase) ||
220
+ includeAttributeValue.StartsWith($"{dependencyName},", StringComparison.OrdinalIgnoreCase))
221
+ {
222
+ return true;
223
+ }
224
+ }
225
+
226
+ return false;
227
+ }
228
+
213
229
  private static string GetUpToIndexWithoutTrailingDirectorySeparator(string path, int index)
214
230
  {
215
231
  var subpath = path[..index];
data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/JsonHelper.cs CHANGED
@@ -145,13 +145,14 @@ namespace NuGetUpdater.Core.Utilities
145
145
 
146
146
  // single line comments might have had a trailing comma appended by the property writer that we can't
147
147
  // control, so we have to manually correct for it
148
- var originalJsonLines = json.Split('\n').Select(l => l.TrimEnd('\r')).ToArray();
148
+ var originalJsonLines = json.Split('\n').Select(l => l.TrimEnd('\r')).Where(l => !string.IsNullOrWhiteSpace(l)).ToArray();
149
149
  var updatedJsonLines = resultJson.Split('\n').Select(l => l.TrimEnd('\r')).ToArray();
150
150
  for (int i = 0; i < Math.Min(originalJsonLines.Length, updatedJsonLines.Length); i++)
151
151
  {
152
- if (updatedJsonLines[i].EndsWith(",") && !originalJsonLines[i].EndsWith(","))
152
+ var updatedLine = updatedJsonLines[i];
153
+ if (updatedLine.EndsWith(',') && updatedLine.Contains("//", StringComparison.Ordinal) && !originalJsonLines[i].EndsWith(','))
153
154
  {
154
- updatedJsonLines[i] = updatedJsonLines[i][..^1];
155
+ updatedJsonLines[i] = updatedLine[..^1];
155
156
  }
156
157
  }
157
158
 
data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTests.PackagesConfig.cs CHANGED
@@ -65,6 +65,62 @@ public partial class UpdateWorkerTests
65
65
  """);
66
66
  }
67
67
 
68
+ [Fact]
69
+ public async Task UpdateSingleDependencyInPackagesConfig_ReferenceHasNoAssemblyVersion()
70
+ {
71
+ // update Newtonsoft.Json from 7.0.1 to 13.0.1
72
+ await TestUpdateForProject("Newtonsoft.Json", "7.0.1", "13.0.1",
73
+ // existing
74
+ projectContents: """
75
+ <Project ToolsVersion="15.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
76
+ <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
77
+ <PropertyGroup>
78
+ <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
79
+ </PropertyGroup>
80
+ <ItemGroup>
81
+ <None Include="packages.config" />
82
+ </ItemGroup>
83
+ <ItemGroup>
84
+ <Reference Include="Newtonsoft.Json">
85
+ <HintPath>packages\Newtonsoft.Json.7.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
86
+ <Private>True</Private>
87
+ </Reference>
88
+ </ItemGroup>
89
+ <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
90
+ </Project>
91
+ """,
92
+ packagesConfigContents: """
93
+ <packages>
94
+ <package id="Newtonsoft.Json" version="7.0.1" targetFramework="net45" />
95
+ </packages>
96
+ """,
97
+ // expected
98
+ expectedProjectContents: """
99
+ <Project ToolsVersion="15.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
100
+ <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
101
+ <PropertyGroup>
102
+ <TargetFrameworkVersion>v4.5</TargetFrameworkVersion>
103
+ </PropertyGroup>
104
+ <ItemGroup>
105
+ <None Include="packages.config" />
106
+ </ItemGroup>
107
+ <ItemGroup>
108
+ <Reference Include="Newtonsoft.Json, Version=13.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed">
109
+ <HintPath>packages\Newtonsoft.Json.13.0.1\lib\net45\Newtonsoft.Json.dll</HintPath>
110
+ <Private>True</Private>
111
+ </Reference>
112
+ </ItemGroup>
113
+ <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
114
+ </Project>
115
+ """,
116
+ expectedPackagesConfigContents: """
117
+ <?xml version="1.0" encoding="utf-8"?>
118
+ <packages>
119
+ <package id="Newtonsoft.Json" version="13.0.1" targetFramework="net45" />
120
+ </packages>
121
+ """);
122
+ }
123
+
68
124
  [Fact]
69
125
  public async Task UpdateSingleDependencyInPackagesConfigButNotToLatest()
70
126
  {
data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/JsonHelperTests.cs CHANGED
@@ -1,5 +1,6 @@
1
1
  using System;
2
2
  using System.Collections.Generic;
3
+ using System.Text.Json;
3
4
 
4
5
  using NuGetUpdater.Core.Utilities;
5
6
 
@@ -9,6 +10,11 @@ namespace NuGetUpdater.Core.Test.Utilities;
9
10
 
10
11
  public class JsonHelperTests
11
12
  {
13
+ private static readonly JsonDocumentOptions DocumentOptions = new()
14
+ {
15
+ CommentHandling = JsonCommentHandling.Skip,
16
+ };
17
+
12
18
  [Theory]
13
19
  [MemberData(nameof(JsonUpdaterTestData))]
14
20
  public void UpdateJsonPreservingComments(string json, string[] propertyPath, string newValue, string expectedJson)
@@ -16,6 +22,8 @@ public class JsonHelperTests
16
22
  var updatedJson = JsonHelper.UpdateJsonProperty(json, propertyPath, newValue, StringComparison.OrdinalIgnoreCase).Replace("\r", string.Empty);
17
23
  expectedJson = expectedJson.Replace("\r", string.Empty);
18
24
  Assert.Equal(expectedJson, updatedJson);
25
+ using var document = JsonDocument.Parse(updatedJson, DocumentOptions);
26
+ Assert.Equal(JsonValueKind.Object, document.RootElement.ValueKind);
19
27
  }
20
28
 
21
29
  public static IEnumerable<object[]> JsonUpdaterTestData()
@@ -237,5 +245,54 @@ public class JsonHelperTests
237
245
  }
238
246
  """
239
247
  ];
248
+
249
+ // https://github.com/dependabot/dependabot-core/issues/9170
250
+ yield return
251
+ [
252
+ // original json
253
+ """
254
+ {
255
+ "sdk": {
256
+ "version": "8.0.201",
257
+ "allowPrerelease": true,
258
+ "rollForward": "major"
259
+ },
260
+
261
+ "tools": {
262
+ "dotnet": "8.0.201"
263
+ },
264
+
265
+ "msbuild-sdks": {
266
+ "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.23463.1",
267
+ "Microsoft.DotNet.Helix.Sdk": "8.0.0-beta.23463.1"
268
+ }
269
+ }
270
+ """,
271
+ // property path
272
+ new[]
273
+ {
274
+ "msbuild-sdks",
275
+ "Microsoft.DotNet.Helix.Sdk",
276
+ },
277
+ // new value
278
+ "8.0.0-beta.24123.1",
279
+ // expected json
280
+ """
281
+ {
282
+ "sdk": {
283
+ "version": "8.0.201",
284
+ "allowPrerelease": true,
285
+ "rollForward": "major"
286
+ },
287
+ "tools": {
288
+ "dotnet": "8.0.201"
289
+ },
290
+ "msbuild-sdks": {
291
+ "Microsoft.DotNet.Arcade.Sdk": "8.0.0-beta.23463.1",
292
+ "Microsoft.DotNet.Helix.Sdk": "8.0.0-beta.24123.1"
293
+ }
294
+ }
295
+ """
296
+ ];
240
297
  }
241
298
  }
data/lib/dependabot/nuget/discovery/discovery_json_reader.rb CHANGED
@@ -65,8 +65,6 @@ module Dependabot
65
65
  @workspace_discovery ||= T.let(begin
66
66
  return nil unless discovery_json.content
67
67
 
68
- Dependabot.logger.info("Discovery JSON content: #{discovery_json.content}")
69
-
70
68
  parsed_json = T.let(JSON.parse(T.must(discovery_json.content)), T::Hash[String, T.untyped])
71
69
  WorkspaceDiscovery.from_json(parsed_json)
72
70
  end, T.nilable(WorkspaceDiscovery))
data/lib/dependabot/nuget/file_parser.rb CHANGED
@@ -22,13 +22,19 @@ module Dependabot
22
22
  workspace_path = project_files.first&.directory
23
23
  return [] unless workspace_path
24
24
 
25
- # run discovery for the repo
26
- NativeHelpers.run_nuget_discover_tool(repo_root: T.must(repo_contents_path),
27
- workspace_path: workspace_path,
28
- output_path: DiscoveryJsonReader.discovery_file_path,
29
- credentials: credentials)
25
+ # `workspace_path` is the only unique value here so we use it as the cache key
26
+ cache = T.let(CacheManager.cache("file_parser.parse"), T::Hash[String, T::Array[Dependabot::Dependency]])
27
+ key = workspace_path
28
+ cache[key] ||= begin
29
+ # run discovery for the repo
30
+ NativeHelpers.run_nuget_discover_tool(repo_root: T.must(repo_contents_path),
31
+ workspace_path: workspace_path,
32
+ output_path: DiscoveryJsonReader.discovery_file_path,
33
+ credentials: credentials)
34
+ discovered_dependencies.dependencies
35
+ end
30
36
 
31
- discovered_dependencies.dependencies
37
+ T.must(cache[key])
32
38
  end
33
39
 
34
40
  private
@@ -38,6 +44,8 @@ module Dependabot
38
44
  discovery_json = DiscoveryJsonReader.discovery_json
39
45
  return DependencySet.new unless discovery_json
40
46
 
47
+ Dependabot.logger.info("Discovery JSON content: #{discovery_json.content}")
48
+
41
49
  DiscoveryJsonReader.new(
42
50
  discovery_json: discovery_json
43
51
  ).dependency_set
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: dependabot-nuget
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.253.0
4
+ version: 0.254.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Dependabot
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-04-18 00:00:00.000000000 Z
11
+ date: 2024-04-24 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
16
16
  requirements:
17
17
  - - '='
18
18
  - !ruby/object:Gem::Version
19
- version: 0.253.0
19
+ version: 0.254.0
20
20
  type: :runtime
21
21
  prerelease: false
22
22
  version_requirements: !ruby/object:Gem::Requirement
23
23
  requirements:
24
24
  - - '='
25
25
  - !ruby/object:Gem::Version
26
- version: 0.253.0
26
+ version: 0.254.0
27
27
  - !ruby/object:Gem::Dependency
28
28
  name: rubyzip
29
29
  requirement: !ruby/object:Gem::Requirement
@@ -50,14 +50,14 @@ dependencies:
50
50
  requirements:
51
51
  - - "~>"
52
52
  - !ruby/object:Gem::Version
53
- version: 1.8.0
53
+ version: 1.9.2
54
54
  type: :development
55
55
  prerelease: false
56
56
  version_requirements: !ruby/object:Gem::Requirement
57
57
  requirements:
58
58
  - - "~>"
59
59
  - !ruby/object:Gem::Version
60
- version: 1.8.0
60
+ version: 1.9.2
61
61
  - !ruby/object:Gem::Dependency
62
62
  name: gpgme
63
63
  requirement: !ruby/object:Gem::Requirement
@@ -134,56 +134,56 @@ dependencies:
134
134
  requirements:
135
135
  - - "~>"
136
136
  - !ruby/object:Gem::Version
137
- version: 1.58.0
137
+ version: 1.63.2
138
138
  type: :development
139
139
  prerelease: false
140
140
  version_requirements: !ruby/object:Gem::Requirement
141
141
  requirements:
142
142
  - - "~>"
143
143
  - !ruby/object:Gem::Version
144
- version: 1.58.0
144
+ version: 1.63.2
145
145
  - !ruby/object:Gem::Dependency
146
146
  name: rubocop-performance
147
147
  requirement: !ruby/object:Gem::Requirement
148
148
  requirements:
149
149
  - - "~>"
150
150
  - !ruby/object:Gem::Version
151
- version: 1.19.0
151
+ version: 1.21.0
152
152
  type: :development
153
153
  prerelease: false
154
154
  version_requirements: !ruby/object:Gem::Requirement
155
155
  requirements:
156
156
  - - "~>"
157
157
  - !ruby/object:Gem::Version
158
- version: 1.19.0
158
+ version: 1.21.0
159
159
  - !ruby/object:Gem::Dependency
160
160
  name: rubocop-rspec
161
161
  requirement: !ruby/object:Gem::Requirement
162
162
  requirements:
163
163
  - - "~>"
164
164
  - !ruby/object:Gem::Version
165
- version: 2.27.1
165
+ version: 2.29.1
166
166
  type: :development
167
167
  prerelease: false
168
168
  version_requirements: !ruby/object:Gem::Requirement
169
169
  requirements:
170
170
  - - "~>"
171
171
  - !ruby/object:Gem::Version
172
- version: 2.27.1
172
+ version: 2.29.1
173
173
  - !ruby/object:Gem::Dependency
174
174
  name: rubocop-sorbet
175
175
  requirement: !ruby/object:Gem::Requirement
176
176
  requirements:
177
177
  - - "~>"
178
178
  - !ruby/object:Gem::Version
179
- version: 0.7.3
179
+ version: 0.8.1
180
180
  type: :development
181
181
  prerelease: false
182
182
  version_requirements: !ruby/object:Gem::Requirement
183
183
  requirements:
184
184
  - - "~>"
185
185
  - !ruby/object:Gem::Version
186
- version: 0.7.3
186
+ version: 0.8.1
187
187
  - !ruby/object:Gem::Dependency
188
188
  name: turbo_tests
189
189
  requirement: !ruby/object:Gem::Requirement
@@ -404,7 +404,7 @@ licenses:
404
404
  - Nonstandard
405
405
  metadata:
406
406
  bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
407
- changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.253.0
407
+ changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.254.0
408
408
  post_install_message:
409
409
  rdoc_options: []
410
410
  require_paths: