RubyGems - dependabot-nuget - Versions diffs - 0.263.0 → 0.264.0 - Mend

dependabot-nuget 0.263.0 → 0.264.0

Files changed (77) hide show

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Analyze/ExpectedAnalysisResult.cs ADDED Viewed

@@ -0,0 +1,8 @@
+using NuGetUpdater.Core.Analyze;
+namespace NuGetUpdater.Core.Test.Analyze;
+public record ExpectedAnalysisResult : AnalysisResult
+{
+    public int? ExpectedUpdatedDependenciesCount { get; init; }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Analyze/RequirementTests.cs ADDED Viewed

@@ -0,0 +1,69 @@
+using NuGet.Versioning;
+using NuGetUpdater.Core.Analyze;
+using Xunit;
+namespace NuGetUpdater.Core.Test.Analyze;
+public class RequirementTests
+{
+    // Supported OPs (=, !=, >, <, >=, <=, ~>)
+    [Theory]
+    [InlineData("1.0.0", "1.0.0", true)]
+    [InlineData("1.0.0-alpha", "1.0.0", false)]
+    [InlineData("1.0.0", "= 1.0.0", true)]
+    [InlineData("1.0.0-alpha", "= 1.0.0", false)]
+    [InlineData("1.0.0", "!=1.0.1", true)]
+    [InlineData("1.0.0", "!= 1.0.0", false)]
+    [InlineData("1.0.1", "> 1.0.0", true)]
+    [InlineData("1.0.0-alpha", "> 1.0.0", false)]
+    [InlineData("1.0.0", "< 1.0.1", true)]
+    [InlineData("1.0.0", "<1.0.0-alpha", false)]
+    [InlineData("1.0.0", ">= 1.0.0", true)]
+    [InlineData("1.0.1", ">= 1.0.0", true)]
+    [InlineData("1.0.0-alpha", ">= 1.0.0", false)]
+    [InlineData("1.0.0", "<= 1.0.0", true)]
+    [InlineData("1.0.0-alpha", "<= 1.0.0", true)]
+    [InlineData("1.0.1", "<= 1.0.0", false)]
+    [InlineData("1.0.1", "~>1.0.0", true)]
+    [InlineData("1.1.0", "~> 1.0.0", false)]
+    [InlineData("1.1", "~> 1.0", true)]
+    [InlineData("2.0", "~> 1.0", false)]
+    [InlineData("1", "~> 1", true)]
+    [InlineData("2", "~> 1", false)]
+    public void IsSatisfiedBy(string versionString, string requirementString, bool expected)
+    {
+        var version = NuGetVersion.Parse(versionString);
+        var requirement = Requirement.Parse(requirementString);
+        var actual = requirement.IsSatisfiedBy(version);
+        Assert.Equal(expected, actual);
+    }
+    [Theory]
+    [InlineData("> = 1.0.0")] // Invalid format
+    [InlineData("<>= 1.0.0")] // Invalid Operator
+    [InlineData(">")] // Missing version
+    public void Parse_ThrowsForInvalid(string requirementString)
+    {
+        Assert.Throws<ArgumentException>(() => Requirement.Parse(requirementString));
+    }
+    [Theory]
+    [InlineData("1.0.0-alpha", "1.1.0.0")]
+    [InlineData("1.0.0.0", "1.0.1.0")]
+    [InlineData("1.0.0", "1.1.0.0")]
+    [InlineData("1.0", "2.0.0.0")]
+    [InlineData("1", "2.0.0.0")]
+    public void Bump(string versionString, string expectedString)
+    {
+        var version = NuGetVersion.Parse(versionString);
+        var expected = Version.Parse(expectedString);
+        var actual = Requirement.Bump(version);
+        Assert.Equal(expected, actual);
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Analyze/SecurityVulnerabilityExtensionsTests.cs ADDED Viewed

@@ -0,0 +1,78 @@
+using NuGet.Versioning;
+using NuGetUpdater.Core.Analyze;
+using Xunit;
+namespace NuGetUpdater.Core.Test.Analyze;
+public class SecurityVulnerabilityExtensionsTests
+{
+    [Fact]
+    public void VersionInSafeVersions_IsNotVulnerable()
+    {
+        var version = NuGetVersion.Parse("1.0.1");
+        var vulnerability = new SecurityVulnerability
+        {
+            DependencyName = "Dependency",
+            PackageManager = "PackageManager",
+            SafeVersions = [Requirement.Parse("> 1.0.0")],
+            VulnerableVersions = [Requirement.Parse("<= 1.0.0")],
+        };
+        var result = vulnerability.IsVulnerable(version);
+        Assert.False(result);
+    }
+    [Fact]
+    public void VersionInVulnerableVersions_IsVulnerable()
+    {
+        var version = NuGetVersion.Parse("1.0.0");
+        var vulnerability = new SecurityVulnerability
+        {
+            DependencyName = "Dependency",
+            PackageManager = "PackageManager",
+            SafeVersions = [Requirement.Parse("> 1.0.0")],
+            VulnerableVersions = [Requirement.Parse("<= 1.0.0")],
+        };
+        var result = vulnerability.IsVulnerable(version);
+        Assert.True(result);
+    }
+    [Fact]
+    public void VersionNotInVulnerableVersions_IsNotVulnerable()
+    {
+        var version = NuGetVersion.Parse("1.0.1");
+        var vulnerability = new SecurityVulnerability
+        {
+            DependencyName = "Dependency",
+            PackageManager = "PackageManager",
+            SafeVersions = [],
+            VulnerableVersions = [Requirement.Parse("<= 1.0.0")],
+        };
+        var result = vulnerability.IsVulnerable(version);
+        Assert.False(result);
+    }
+    [Fact]
+    public void VersionNotInSafeVersions_IsVulnerable()
+    {
+        var version = NuGetVersion.Parse("1.0.0");
+        var vulnerability = new SecurityVulnerability
+        {
+            DependencyName = "Dependency",
+            PackageManager = "PackageManager",
+            SafeVersions = [Requirement.Parse("> 1.0.0")],
+            VulnerableVersions = [],
+        };
+        var result = vulnerability.IsVulnerable(version);
+        Assert.True(result);
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Analyze/VersionFinderTests.cs ADDED Viewed

@@ -0,0 +1,193 @@
+using NuGet.Versioning;
+using NuGetUpdater.Core.Analyze;
+using Xunit;
+namespace NuGetUpdater.Core.Test.Analyze;
+public class VersionFinderTests
+{
+    [Fact]
+    public void VersionFilter_VersionInIgnoredVersions_ReturnsFalse()
+    {
+        var dependencyInfo = new DependencyInfo
+        {
+            Name = "Dependency",
+            Version = "0.8.0",
+            IsVulnerable = false,
+            IgnoredVersions = [Requirement.Parse("< 1.0.0")],
+            Vulnerabilities = [],
+        };
+        var filter = VersionFinder.CreateVersionFilter(dependencyInfo, VersionRange.Parse(dependencyInfo.Version));
+        var version = NuGetVersion.Parse("0.9.0");
+        var result = filter(version);
+        Assert.False(result);
+    }
+    [Fact]
+    public void VersionFilter_VersionNotInIgnoredVersions_ReturnsTrue()
+    {
+        var dependencyInfo = new DependencyInfo
+        {
+            Name = "Dependency",
+            Version = "0.8.0",
+            IsVulnerable = false,
+            IgnoredVersions = [Requirement.Parse("< 1.0.0")],
+            Vulnerabilities = [],
+        };
+        var filter = VersionFinder.CreateVersionFilter(dependencyInfo, VersionRange.Parse(dependencyInfo.Version));
+        var version = NuGetVersion.Parse("1.0.1");
+        var result = filter(version);
+        Assert.True(result);
+    }
+    [Fact]
+    public void VersionFilter_VersionInVulnerabilities_ReturnsFalse()
+    {
+        var dependencyInfo = new DependencyInfo
+        {
+            Name = "Dependency",
+            Version = "0.8.0",
+            IsVulnerable = false,
+            IgnoredVersions = [],
+            Vulnerabilities = [new()
+            {
+                DependencyName = "Dependency",
+                PackageManager = "PackageManager",
+                SafeVersions = [],
+                VulnerableVersions = [Requirement.Parse("< 1.0.0")],
+            }],
+        };
+        var filter = VersionFinder.CreateVersionFilter(dependencyInfo, VersionRange.Parse(dependencyInfo.Version));
+        var version = NuGetVersion.Parse("0.9.0");
+        var result = filter(version);
+        Assert.False(result);
+    }
+    [Fact]
+    public void VersionFilter_VersionNotInVulnerabilities_ReturnsTrue()
+    {
+        var dependencyInfo = new DependencyInfo
+        {
+            Name = "Dependency",
+            Version = "0.8.0",
+            IsVulnerable = false,
+            IgnoredVersions = [],
+            Vulnerabilities = [new()
+            {
+                DependencyName = "Dependency",
+                PackageManager = "PackageManager",
+                SafeVersions = [],
+                VulnerableVersions = [Requirement.Parse("< 1.0.0")],
+            }],
+        };
+        var filter = VersionFinder.CreateVersionFilter(dependencyInfo, VersionRange.Parse(dependencyInfo.Version));
+        var version = NuGetVersion.Parse("1.0.1");
+        var result = filter(version);
+        Assert.True(result);
+    }
+    [Fact]
+    public void VersionFilter_VersionLessThanCurrentVersion_ReturnsFalse()
+    {
+        var dependencyInfo = new DependencyInfo
+        {
+            Name = "Dependency",
+            Version = "1.0.0",
+            IsVulnerable = false,
+            IgnoredVersions = [],
+            Vulnerabilities = [],
+        };
+        var filter = VersionFinder.CreateVersionFilter(dependencyInfo, VersionRange.Parse(dependencyInfo.Version));
+        var version = NuGetVersion.Parse("0.9.0");
+        var result = filter(version);
+        Assert.False(result);
+    }
+    [Fact]
+    public void VersionFilter_VersionHigherThanCurrentVersion_ReturnsTrue()
+    {
+        var dependencyInfo = new DependencyInfo
+        {
+            Name = "Dependency",
+            Version = "1.0.0",
+            IsVulnerable = false,
+            IgnoredVersions = [],
+            Vulnerabilities = [],
+        };
+        var filter = VersionFinder.CreateVersionFilter(dependencyInfo, VersionRange.Parse(dependencyInfo.Version));
+        var version = NuGetVersion.Parse("1.0.1");
+        var result = filter(version);
+        Assert.True(result);
+    }
+    [Fact]
+    public void VersionFilter_PreviewVersionDifferentThanCurrentVersion_ReturnsFalse()
+    {
+        var dependencyInfo = new DependencyInfo
+        {
+            Name = "Dependency",
+            Version = "1.0.0-alpha",
+            IsVulnerable = false,
+            IgnoredVersions = [],
+            Vulnerabilities = [],
+        };
+        var filter = VersionFinder.CreateVersionFilter(dependencyInfo, VersionRange.Parse(dependencyInfo.Version));
+        var version = NuGetVersion.Parse("1.0.1-beta");
+        var result = filter(version);
+        Assert.False(result);
+    }
+    [Fact]
+    public void VersionFilter_PreviewVersionSameAsCurrentVersion_ReturnsTrue()
+    {
+        var dependencyInfo = new DependencyInfo
+        {
+            Name = "Dependency",
+            Version = "1.0.0-alpha",
+            IsVulnerable = false,
+            IgnoredVersions = [],
+            Vulnerabilities = [],
+        };
+        var filter = VersionFinder.CreateVersionFilter(dependencyInfo, VersionRange.Parse(dependencyInfo.Version));
+        var version = NuGetVersion.Parse("1.0.0-beta");
+        var result = filter(version);
+        Assert.True(result);
+    }
+    [Fact]
+    public void VersionFilter_WildcardPreviewVersion_ReturnsTrue()
+    {
+        var dependencyInfo = new DependencyInfo
+        {
+            Name = "Dependency",
+            Version = "*-*",
+            IsVulnerable = false,
+            IgnoredVersions = [],
+            Vulnerabilities = [],
+        };
+        var filter = VersionFinder.CreateVersionFilter(dependencyInfo, VersionRange.Parse(dependencyInfo.Version));
+        var version = NuGetVersion.Parse("1.0.0-beta");
+        var result = filter(version);
+        Assert.True(result);
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTestBase.cs CHANGED Viewed

@@ -7,7 +7,6 @@ using NuGetUpdater.Core.Test.Update;
 using NuGetUpdater.Core.Test.Utilities;
 using Xunit;
-using Xunit.Sdk;
 namespace NuGetUpdater.Core.Test.Discover;
@@ -35,7 +34,7 @@ public class DiscoveryWorkerTestBase
     protected static void ValidateWorkspaceResult(ExpectedWorkspaceDiscoveryResult expectedResult, WorkspaceDiscoveryResult actualResult)
     {
         Assert.NotNull(actualResult);
-        Assert.Equal(expectedResult.FilePath.NormalizePathToUnix(), actualResult.FilePath.NormalizePathToUnix());
+        Assert.Equal(expectedResult.Path.NormalizePathToUnix(), actualResult.Path.NormalizePathToUnix());
         ValidateDirectoryPackagesProps(expectedResult.DirectoryPackagesProps, actualResult.DirectoryPackagesProps);
         ValidateResultWithDependencies(expectedResult.GlobalJson, actualResult.GlobalJson);
         ValidateResultWithDependencies(expectedResult.DotNetToolsJson, actualResult.DotNetToolsJson);

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.DotNetToolsJson.cs CHANGED Viewed

@@ -36,7 +36,7 @@ public partial class DiscoveryWorkerTests
                 ],
                 expectedResult: new()
                 {
-                    FilePath = "",
+                    Path = "",
                     DotNetToolsJson = new()
                     {
                         FilePath = ".config/dotnet-tools.json",
@@ -80,7 +80,7 @@ public partial class DiscoveryWorkerTests
                 ],
                 expectedResult: new()
                 {
-                    FilePath = "",
+                    Path = "",
                     DotNetToolsJson = new()
                     {
                         FilePath = ".config/dotnet-tools.json",

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.GlobalJson.cs CHANGED Viewed

@@ -26,7 +26,7 @@ public partial class DiscoveryWorkerTests
                 ],
                 expectedResult: new()
                 {
-                    FilePath = "",
+                    Path = "",
                     GlobalJson = new()
                     {
                         FilePath = "global.json",
@@ -60,7 +60,7 @@ public partial class DiscoveryWorkerTests
                 ],
                 expectedResult: new()
                 {
-                    FilePath = "",
+                    Path = "",
                     GlobalJson = new()
                     {
                         FilePath = "global.json",

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.PackagesConfig.cs CHANGED Viewed

@@ -34,7 +34,7 @@ public partial class DiscoveryWorkerTests
                 ],
                 expectedResult: new()
                 {
-                    FilePath = "",
+                    Path = "",
                     Projects = [
                         new()
                         {

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.Proj.cs CHANGED Viewed

@@ -54,7 +54,7 @@ public partial class DiscoveryWorkerTests
                 ],
                 expectedResult: new()
                 {
-                    FilePath = "dependabot",
+                    Path = "dependabot",
                     Projects =
                     [
                         new()

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.Project.cs CHANGED Viewed

@@ -37,7 +37,7 @@ public partial class DiscoveryWorkerTests
                 ],
                 expectedResult: new()
                 {
-                    FilePath = "",
+                    Path = "",
                     Projects = [
                         new()
                         {
@@ -108,7 +108,7 @@ public partial class DiscoveryWorkerTests
                 ],
                 expectedResult: new()
                 {
-                    FilePath = "",
+                    Path = "",
                     ExpectedProjectCount = 2,
                     Projects = [
                         new()
@@ -189,7 +189,7 @@ public partial class DiscoveryWorkerTests
                 ],
                 expectedResult: new()
                 {
-                    FilePath = "",
+                    Path = "",
                     Projects = [
                         new()
                         {
@@ -299,7 +299,7 @@ public partial class DiscoveryWorkerTests
                     ],
                     expectedResult: new()
                     {
-                        FilePath = "",
+                        Path = "",
                         ExpectedProjectCount = 5,
                         Projects = [
                             new()
@@ -365,7 +365,7 @@ public partial class DiscoveryWorkerTests
                 ],
                 expectedResult: new()
                 {
-                    FilePath = "",
+                    Path = "",
                     Projects = [
                         new()
                         {
@@ -386,6 +386,59 @@ public partial class DiscoveryWorkerTests
             );
         }
+        [Fact]
+        public async Task TargetFrameworkCanBeResolvedFromImplicitlyImportedFile()
+        {
+            await TestDiscoveryAsync(
+                packages: [],
+                workspacePath: "",
+                files: [
+                    ("myproj.csproj", """
+                        <Project Sdk="Microsoft.NET.Sdk">
+                          <PropertyGroup>
+                            <TargetFramework>$(SomeTfm)</TargetFramework>
+                          </PropertyGroup>
+                          <ItemGroup>
+                            <PackageReference Include="Package.A" Version="1.2.3" />
+                          </ItemGroup>
+                        </Project>
+                        """),
+                    ("Directory.Build.props", """
+                        <Project>
+                          <PropertyGroup>
+                            <SomeTfm>net8.0</SomeTfm>
+                          </PropertyGroup>
+                        </Project>
+                        """)
+                ],
+                expectedResult: new()
+                {
+                    Path = "",
+                    Projects = [
+                        new()
+                        {
+                            FilePath = "Directory.Build.props",
+                            Dependencies = [],
+                        },
+                        new()
+                        {
+                            FilePath = "myproj.csproj",
+                            ExpectedDependencyCount = 2,
+                            Dependencies = [
+                                new("Package.A", "1.2.3", DependencyType.PackageReference, TargetFrameworks: ["net8.0"], IsDirect: true),
+                            ],
+                            Properties = [
+                                new("SomeTfm", "net8.0", "Directory.Build.props"),
+                                new("TargetFramework", "$(SomeTfm)", "myproj.csproj"),
+                            ],
+                            TargetFrameworks = ["net8.0"],
+                            ReferencedProjectPaths = [],
+                        }
+                    ]
+                }
+            );
+        }
         [Fact]
         public async Task NoDependenciesReturnedIfNoTargetFrameworkCanBeResolved()
@@ -407,12 +460,52 @@ public partial class DiscoveryWorkerTests
                 ],
                 expectedResult: new()
                 {
-                    FilePath = "",
+                    Path = "",
                     Projects = []
                 }
             );
         }
+        [Fact]
+        public async Task PropertyWithWildcardVersionIsRetained()
+        {
+            await TestDiscoveryAsync(
+                packages: [],
+                workspacePath: "",
+                files: [
+                    ("myproj.csproj", """
+                        <Project Sdk="Microsoft.NET.Sdk">
+                          <PropertyGroup>
+                            <TargetFramework>net8.0</TargetFramework>
+                          </PropertyGroup>
+                          <ItemGroup>
+                            <PackageReference Include="Some.Package" Version="1.*" />
+                          </ItemGroup>
+                        </Project>
+                        """)
+                ],
+                expectedResult: new()
+                {
+                    Path = "",
+                    Projects = [
+                        new()
+                        {
+                            FilePath = "myproj.csproj",
+                            ExpectedDependencyCount = 2,
+                            Dependencies = [
+                                new("Some.Package", "1.*", DependencyType.PackageReference, TargetFrameworks: ["net8.0"], IsDirect: true),
+                            ],
+                            Properties = [
+                                new("TargetFramework", "net8.0", "myproj.csproj"),
+                            ],
+                            TargetFrameworks = ["net8.0"],
+                            ReferencedProjectPaths = [],
+                        }
+                    ]
+                }
+            );
+        }
         [Fact]
         public async Task DiscoverReportsTransitivePackageVersionsWithFourPartsForMultipleTargetFrameworks()
         {
@@ -438,7 +531,7 @@ public partial class DiscoveryWorkerTests
                 ],
                 expectedResult: new()
                 {
-                    FilePath = "",
+                    Path = "",
                     Projects = [
                         new()
                         {
@@ -493,7 +586,7 @@ public partial class DiscoveryWorkerTests
                 ],
                 expectedResult: new()
                 {
-                    FilePath = "test",
+                    Path = "test",
                     Projects = [
                         new()
                         {
@@ -569,7 +662,7 @@ public partial class DiscoveryWorkerTests
                 ],
                 expectedResult: new()
                 {
-                    FilePath = "solutions",
+                    Path = "solutions",
                     Projects = [
                         new()
                         {

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.cs CHANGED Viewed

@@ -33,7 +33,7 @@ public partial class DiscoveryWorkerTests : DiscoveryWorkerTestBase
             },
             expectedResult: new()
             {
-                FilePath = "src",
+                Path = "src",
                 Projects = [
                     new()
                     {
@@ -92,7 +92,7 @@ public partial class DiscoveryWorkerTests : DiscoveryWorkerTestBase
             },
             expectedResult: new()
             {
-                FilePath = "src",
+                Path = "src",
                 Projects = [
                     new()
                     {
@@ -151,7 +151,7 @@ public partial class DiscoveryWorkerTests : DiscoveryWorkerTestBase
             },
             expectedResult: new()
             {
-                FilePath = "src",
+                Path = "src",
                 ExpectedProjectCount = 2,
                 Projects = [
                     new()
@@ -276,7 +276,7 @@ public partial class DiscoveryWorkerTests : DiscoveryWorkerTestBase
             },
             expectedResult: new()
             {
-                FilePath = "",
+                Path = "",
                 ExpectedProjectCount = 2,
                 Projects = [
                     new()

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/ExpectedDiscoveryResults.cs CHANGED Viewed

@@ -4,9 +4,9 @@ using NuGetUpdater.Core.Discover;
 namespace NuGetUpdater.Core.Test.Discover;
-public record ExpectedWorkspaceDiscoveryResult : IDiscoveryResult
+public record ExpectedWorkspaceDiscoveryResult
 {
-    public required string FilePath { get; init; }
+    public required string Path { get; init; }
     public bool IsSuccess { get; init; } = true;
     public ImmutableArray<ExpectedSdkProjectDiscoveryResult> Projects { get; init; }
     public int? ExpectedProjectCount { get; init; }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/MockNuGetPackage.cs CHANGED Viewed

@@ -71,12 +71,18 @@ namespace NuGetUpdater.Core.Test
         /// Creates a mock NuGet package with a single assembly in the appropriate `lib/` directory.  The assembly will
         /// be empty.
         /// </summary>
-        public static MockNuGetPackage CreateSimplePackage(string id, string version, string targetFramework, (string? TargetFramework, (string Id, string Version)[] Packages)[]? dependencyGroups = null)
+        public static MockNuGetPackage CreateSimplePackage(
+            string id,
+            string version,
+            string targetFramework,
+            (string? TargetFramework, (string Id, string Version)[] Packages)[]? dependencyGroups = null,
+            XElement[]? additionalMetadata = null
+        )
         {
             return new(
                 id,
                 version,
-                AdditionalMetadata: null,
+                AdditionalMetadata: additionalMetadata,
                 DependencyGroups: dependencyGroups,
                 Files:
                 [