Fileparser crash when parsing microsoft.netcore.platforms/1.1.1/microsoft.netcore.platforms.nuspec

[VHamar]

Is there an existing issue for this?

• [X] I have searched the existing issues

Package ecosystem

nuget

Package manager version

No response

Language version

No response

Manifest location and content before the Dependabot update

No response

dependabot.yml content

• package-ecosystem: "nuget" directory: "/" schedule: interval: "daily" target-branch: "main" open-pull-requests-limit: 5 commit-message: prefix: "deps:" batch: true

Updated dependency

No response

What you expected to see, versus what you actually saw

🌍 <-- 200 https://api.nuget.org/v3-flatcontainer/microsoft.netcore.platforms/1.1.1/microsoft.netcore.platforms.nuspec /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/_types.rb:222:in must': Passednilinto T.must (TypeError) from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-nuget-0.253.0/lib/dependabot/nuget/file_parser.rb:26:inparse' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation_2_7.rb:919:in bind_call' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation_2_7.rb:919:inblock in create_validator_method_medium0' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-nuget-0.253.0/lib/dependabot/nuget/update_checker/dependency_finder.rb:161:in top_level_dependencies' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:270:inbind_call' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:270:in validate_call' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/_methods.rb:277:inblock in _on_method_added' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-nuget-0.253.0/lib/dependabot/nuget/update_checker/dependency_finder.rb:98:in block in updated_peer_dependencies' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-nuget-0.253.0/lib/dependabot/nuget/update_checker/dependency_finder.rb:92:ineach' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-nuget-0.253.0/lib/dependabot/nuget/update_checker/dependency_finder.rb:92:in filter_map' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-nuget-0.253.0/lib/dependabot/nuget/update_checker/dependency_finder.rb:92:inupdated_peer_dependencies' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:270:in bind_call' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:270:invalidate_call' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/_methods.rb:277:in block in _on_method_added' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-nuget-0.253.0/lib/dependabot/nuget/update_checker.rb:130:inupdated_dependencies_after_full_unlock' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:270:in bind_call' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:270:invalidate_call' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/_methods.rb:277:in block in _on_method_added' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/dependabot-common-0.253.0/lib/dependabot/update_checkers/base.rb:110:inupdated_dependencies' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:270:in bind_call' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/call_validation.rb:270:invalidate_call' from /home/dependabot/dependabot-updater/vendor/ruby/3.1.0/gems/sorbet-runtime-0.5.11352/lib/types/private/methods/_methods.rb:277:in block in _on_method_added' from bin/update_script.rb:622:inblock in

' from bin/update_script.rb:545:in each' from bin/update_script.rb:545:in

'

Native package manager behavior

No response

Images of the diff or a link to the PR, issue, or logs

No response

Smallest manifest that reproduces the issue

No response

[VHamar]

Looks to me like the parser requires a dependencies section in the nuspec, but looking at the nuspec definition, dependencies are optional (0..1)