dependabot-nuget 0.265.0 → 0.266.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0c8985bae397230599aee116240d6569573ea126c70bc39a37a568935aaf3649
-  data.tar.gz: b137e9983b1ce14c86235b898a70039c53aadf9eb7a4389b94631bc787ba7914
+  metadata.gz: 4669e522f1ce196d5657096bdf738e6ab353c5a697ea1b0acb1f0c87f9815a44
+  data.tar.gz: 33657445578fcd52b0370490b3c1f4b2fe165ad9f00e22d831d6a216b89458f5
 SHA512:
-  metadata.gz: bbcf0d5509e6bad8ea0af998c7ee6ea6047c13153c4111b2f9e46d568b559bcbe93eb21e8a200ee9deabb4c41bad10e789d236bb6fb30a34ed8c072a47537ced
-  data.tar.gz: 21ffbb1f7c7ff6a40d8db845b6e175c0f9478d5b99cadd969b127bbed07171b2b120bb3c6a107a1a41d59245906a7276f4006f0cdef4a2f01105d218596bfc6e
+  metadata.gz: 0ca40a2a42e55b376edc0694253f81a54eb30d75748c3a5572e3a754b64aab96fe86b34f753d0f4566bdf66816da3318aed0eba31fc195581cb2072f89c0d8cb
+  data.tar.gz: 115640e60d1b2a59edb5b6956c9e8d3c35105dafa6ce00d60aa5de52561da96670606af7862d1a24ab1f24bc4fd91651b4856eeb4b7fc545ca230cc72a529493

data/helpers/lib/NuGetUpdater/NuGetUpdater.Cli/Commands/UpdateCommand.cs

@@ -1,6 +1,4 @@
-using System;
 using System.CommandLine;
-using System.IO;
 
 using NuGetUpdater.Core;
 
@@ -15,6 +13,7 @@ internal static class UpdateCommand
     internal static readonly Option<string> PreviousVersionOption = new("--previous-version") { IsRequired = true };
     internal static readonly Option<bool> IsTransitiveOption = new("--transitive", getDefaultValue: () => false);
     internal static readonly Option<bool> VerboseOption = new("--verbose", getDefaultValue: () => false);
+    internal static readonly Option<string?> ResultOutputPathOption = new("--result-output-path", getDefaultValue: () => null);
 
     internal static Command GetCommand(Action<int> setExitCode)
     {
@@ -26,17 +25,18 @@ internal static class UpdateCommand
             NewVersionOption,
             PreviousVersionOption,
             IsTransitiveOption,
-            VerboseOption
+            VerboseOption,
+            ResultOutputPathOption
         };
 
         command.TreatUnmatchedTokensAsErrors = true;
 
-        command.SetHandler(async (repoRoot, solutionOrProjectFile, dependencyName, newVersion, previousVersion, isTransitive, verbose) =>
+        command.SetHandler(async (repoRoot, solutionOrProjectFile, dependencyName, newVersion, previousVersion, isTransitive, verbose, resultOutputPath) =>
         {
             var worker = new UpdaterWorker(new Logger(verbose));
-            await worker.RunAsync(repoRoot.FullName, solutionOrProjectFile.FullName, dependencyName, previousVersion, newVersion, isTransitive);
+            await worker.RunAsync(repoRoot.FullName, solutionOrProjectFile.FullName, dependencyName, previousVersion, newVersion, isTransitive, resultOutputPath);
             setExitCode(0);
-        }, RepoRootOption, SolutionOrProjectFileOption, DependencyNameOption, NewVersionOption, PreviousVersionOption, IsTransitiveOption, VerboseOption);
+        }, RepoRootOption, SolutionOrProjectFileOption, DependencyNameOption, NewVersionOption, PreviousVersionOption, IsTransitiveOption, VerboseOption, ResultOutputPathOption);
 
         return command;
     }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/AnalysisResult.cs

@@ -2,7 +2,7 @@ using System.Collections.Immutable;
 
 namespace NuGetUpdater.Core.Analyze;
 
-public record AnalysisResult
+public record AnalysisResult : NativeResult
 {
     public required string UpdatedVersion { get; init; }
     public bool CanUpdate { get; init; }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/AnalyzeWorker.cs

@@ -1,8 +1,8 @@
 using System.Collections.Immutable;
+using System.Net;
 using System.Text.Json;
 using System.Text.Json.Serialization;
 
-using NuGet.Configuration;
 using NuGet.Frameworks;
 using NuGet.Versioning;
 
@@ -57,70 +57,87 @@ public partial class AnalyzeWorker
         ImmutableArray<Dependency> updatedDependencies = [];
 
         bool isUpdateNecessary = IsUpdateNecessary(dependencyInfo, projectsWithDependency);
-        if (isUpdateNecessary)
+        using var nugetContext = new NuGetContext(startingDirectory);
+        AnalysisResult result;
+        try
         {
-            var nugetContext = new NuGetContext(startingDirectory);
-            if (!Directory.Exists(nugetContext.TempPackageDirectory))
+            if (isUpdateNecessary)
             {
-                Directory.CreateDirectory(nugetContext.TempPackageDirectory);
-            }
-
-            _logger.Log($"  Determining multi-dependency property.");
-            var multiDependencies = DetermineMultiDependencyDetails(
-                discovery,
-                dependencyInfo.Name,
-                propertyBasedDependencies);
-
-            usesMultiDependencyProperty = multiDependencies.Any(md => md.DependencyNames.Count > 1);
-            var dependenciesToUpdate = usesMultiDependencyProperty
-                ? multiDependencies
-                    .SelectMany(md => md.DependencyNames)
-                    .ToImmutableHashSet(StringComparer.OrdinalIgnoreCase)
-                : [dependencyInfo.Name];
-            var applicableTargetFrameworks = usesMultiDependencyProperty
-                ? multiDependencies
-                    .SelectMany(md => md.TargetFrameworks)
-                    .ToImmutableHashSet(StringComparer.OrdinalIgnoreCase)
-                    .Select(NuGetFramework.Parse)
-                    .ToImmutableArray()
-                : projectFrameworks;
-
-            _logger.Log($"  Finding updated version.");
-            updatedVersion = await FindUpdatedVersionAsync(
-                startingDirectory,
-                dependencyInfo,
-                dependenciesToUpdate,
-                applicableTargetFrameworks,
-                nugetContext,
-                _logger,
-                CancellationToken.None);
+                if (!Directory.Exists(nugetContext.TempPackageDirectory))
+                {
+                    Directory.CreateDirectory(nugetContext.TempPackageDirectory);
+                }
 
-            _logger.Log($"  Finding updated peer dependencies.");
-            updatedDependencies = updatedVersion is not null
-                ? await FindUpdatedDependenciesAsync(
-                    repoRoot,
+                _logger.Log($"  Determining multi-dependency property.");
+                var multiDependencies = DetermineMultiDependencyDetails(
                     discovery,
+                    dependencyInfo.Name,
+                    propertyBasedDependencies);
+
+                usesMultiDependencyProperty = multiDependencies.Any(md => md.DependencyNames.Count > 1);
+                var dependenciesToUpdate = usesMultiDependencyProperty
+                    ? multiDependencies
+                        .SelectMany(md => md.DependencyNames)
+                        .ToImmutableHashSet(StringComparer.OrdinalIgnoreCase)
+                    : [dependencyInfo.Name];
+                var applicableTargetFrameworks = usesMultiDependencyProperty
+                    ? multiDependencies
+                        .SelectMany(md => md.TargetFrameworks)
+                        .ToImmutableHashSet(StringComparer.OrdinalIgnoreCase)
+                        .Select(NuGetFramework.Parse)
+                        .ToImmutableArray()
+                    : projectFrameworks;
+
+                _logger.Log($"  Finding updated version.");
+                updatedVersion = await FindUpdatedVersionAsync(
+                    startingDirectory,
+                    dependencyInfo,
                     dependenciesToUpdate,
-                    updatedVersion,
+                    applicableTargetFrameworks,
                     nugetContext,
                     _logger,
-                    CancellationToken.None)
-                : [];
-
-            //TODO: At this point we should add the peer dependencies to a queue where
-            // we will analyze them one by one to see if they themselves are part of a
-            // multi-dependency property. Basically looping this if-body until we have
-            // emptied the queue and have a complete list of updated dependencies. We
-            // should track the dependenciesToUpdate as they have already been analyzed.
-        }
+                    CancellationToken.None);
+
+                _logger.Log($"  Finding updated peer dependencies.");
+                updatedDependencies = updatedVersion is not null
+                    ? await FindUpdatedDependenciesAsync(
+                        repoRoot,
+                        discovery,
+                        dependenciesToUpdate,
+                        updatedVersion,
+                        nugetContext,
+                        _logger,
+                        CancellationToken.None)
+                    : [];
+
+                //TODO: At this point we should add the peer dependencies to a queue where
+                // we will analyze them one by one to see if they themselves are part of a
+                // multi-dependency property. Basically looping this if-body until we have
+                // emptied the queue and have a complete list of updated dependencies. We
+                // should track the dependenciesToUpdate as they have already been analyzed.
+            }
 
-        var result = new AnalysisResult
+            result = new AnalysisResult
+            {
+                UpdatedVersion = updatedVersion?.ToNormalizedString() ?? dependencyInfo.Version,
+                CanUpdate = updatedVersion is not null,
+                VersionComesFromMultiDependencyProperty = usesMultiDependencyProperty,
+                UpdatedDependencies = updatedDependencies,
+            };
+        }
+        catch (HttpRequestException ex)
+        when (ex.StatusCode == HttpStatusCode.Unauthorized || ex.StatusCode == HttpStatusCode.Forbidden)
         {
-            UpdatedVersion = updatedVersion?.ToNormalizedString() ?? dependencyInfo.Version,
-            CanUpdate = updatedVersion is not null,
-            VersionComesFromMultiDependencyProperty = usesMultiDependencyProperty,
-            UpdatedDependencies = updatedDependencies,
-        };
+            // TODO: consolidate this error handling between AnalyzeWorker, DiscoveryWorker, and UpdateWorker
+            result = new AnalysisResult
+            {
+                ErrorType = ErrorType.AuthenticationFailure,
+                ErrorDetails = "(" + string.Join("|", nugetContext.PackageSources.Select(s => s.Source)) + ")",
+                UpdatedVersion = string.Empty,
+                CanUpdate = false,
+                UpdatedDependencies = [],
+            };
+        }
 
         await WriteResultsAsync(analysisDirectory, dependencyInfo.Name, result, _logger);
 
@@ -314,27 +331,6 @@ public partial class AnalyzeWorker
         return true;
     }
 
-    internal static async Task<ImmutableDictionary<NuGetFramework, ImmutableArray<Dependency>>> GetDependenciesAsync(
-        string workspacePath,
-        string projectPath,
-        IEnumerable<NuGetFramework> frameworks,
-        Dependency package,
-        Logger logger)
-    {
-        var result = ImmutableDictionary.CreateBuilder<NuGetFramework, ImmutableArray<Dependency>>();
-        foreach (var framework in frameworks)
-        {
-            var dependencies = await MSBuildHelper.GetAllPackageDependenciesAsync(
-                workspacePath,
-                projectPath,
-                framework.ToString(),
-                [package],
-                logger);
-            result.Add(framework, [.. dependencies]);
-        }
-        return result.ToImmutable();
-    }
-
     internal static async Task<ImmutableArray<Dependency>> FindUpdatedDependenciesAsync(
         string repoRoot,
         WorkspaceDiscoveryResult discovery,

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/CompatabilityChecker.cs

@@ -54,6 +54,11 @@ internal static class CompatibilityChecker
 
         var compatibilityService = new FrameworkCompatibilityService();
         var compatibleFrameworks = compatibilityService.GetCompatibleFrameworks(packageFrameworks);
+        var packageSupportsAny = compatibleFrameworks.Any(f => f.IsAny);
+        if (packageSupportsAny)
+        {
+            return true;
+        }
 
         var incompatibleFrameworks = projectFrameworks.Where(f => !compatibleFrameworks.Contains(f)).ToArray();
         if (incompatibleFrameworks.Length > 0)
@@ -141,15 +146,23 @@ internal static class CompatibilityChecker
                 throw new NotSupportedException($"Failed to get FindPackageByIdResource for {source.SourceUri}");
             }
 
-            var exists = await feed.DoesPackageExistAsync(
-                package.Id,
-                package.Version,
-                context.SourceCacheContext,
-                NullLogger.Instance,
-                cancellationToken);
-
-            if (!exists)
+            try
+            {
+                // a non-compliant v2 API returning 404 can cause this to throw
+                var exists = await feed.DoesPackageExistAsync(
+                    package.Id,
+                    package.Version,
+                    context.SourceCacheContext,
+                    NullLogger.Instance,
+                    cancellationToken);
+                if (!exists)
+                {
+                    continue;
+                }
+            }
+            catch (FatalProtocolException)
             {
+                // if anything goes wrong here, the package source obviously doesn't contain the requested package
                 continue;
             }
 

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/NuGetContext.cs

@@ -47,6 +47,13 @@ internal record NuGetContext : IDisposable
 
     private readonly Dictionary<PackageIdentity, string?> _packageInfoUrlCache = new();
 
+    public static string[] GetPackageSourceUrls(string currentDirectory)
+    {
+        using var context = new NuGetContext(currentDirectory);
+        var sourceUrls = context.PackageSources.Select(s => s.Source).ToArray();
+        return sourceUrls;
+    }
+
     public async Task<string?> GetPackageInfoUrlAsync(string packageId, string packageVersion, CancellationToken cancellationToken)
     {
         var packageIdentity = new PackageIdentity(packageId, NuGetVersion.Parse(packageVersion));
@@ -86,15 +93,24 @@ internal record NuGetContext : IDisposable
                 continue;
             }
 
-            var existsInFeed = await feed.Exists(
-                packageIdentity,
-                includeUnlisted: false,
-                SourceCacheContext,
-                NullLogger.Instance,
-                cancellationToken);
-            if (!existsInFeed)
+            try
+            {
+                // a non-compliant v2 API returning 404 can cause this to throw
+                var existsInFeed = await feed.Exists(
+                    packageIdentity,
+                    includeUnlisted: false,
+                    SourceCacheContext,
+                    NullLogger.Instance,
+                    cancellationToken);
+                if (!existsInFeed)
+                {
+                    message.AppendLine($"    package {packageIdentity} does not exist in {source.Name}");
+                    continue;
+                }
+            }
+            catch (FatalProtocolException)
             {
-                message.AppendLine($"    package {packageIdentity} does not exist in {source.Name}");
+                // if anything goes wrong here, the package source obviously doesn't contain the requested package
                 continue;
             }
 

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/VersionFinder.cs

@@ -66,15 +66,24 @@ internal static class VersionFinder
                 continue;
             }
 
-            var existsInFeed = await feed.Exists(
-                packageId,
-                includePrerelease,
-                includeUnlisted: false,
-                nugetContext.SourceCacheContext,
-                NullLogger.Instance,
-                cancellationToken);
-            if (!existsInFeed)
+            try
+            {
+                // a non-compliant v2 API returning 404 can cause this to throw
+                var existsInFeed = await feed.Exists(
+                    packageId,
+                    includePrerelease,
+                    includeUnlisted: false,
+                    nugetContext.SourceCacheContext,
+                    NullLogger.Instance,
+                    cancellationToken);
+                if (!existsInFeed)
+                {
+                    continue;
+                }
+            }
+            catch (FatalProtocolException)
             {
+                // if anything goes wrong here, the package source obviously doesn't contain the requested package
                 continue;
             }
 
@@ -162,15 +171,23 @@ internal static class VersionFinder
                 continue;
             }
 
-            var existsInFeed = await feed.Exists(
-                new PackageIdentity(packageId, version),
-                includeUnlisted: false,
-                nugetContext.SourceCacheContext,
-                NullLogger.Instance,
-                cancellationToken);
-            if (existsInFeed)
+            try
+            {
+                // a non-compliant v2 API returning 404 can cause this to throw
+                var existsInFeed = await feed.Exists(
+                    new PackageIdentity(packageId, version),
+                    includeUnlisted: false,
+                    nugetContext.SourceCacheContext,
+                    NullLogger.Instance,
+                    cancellationToken);
+                if (existsInFeed)
+                {
+                    return true;
+                }
+            }
+            catch (FatalProtocolException)
             {
-                return true;
+                // if anything goes wrong here, the package source obviously doesn't contain the requested package
             }
         }
 

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/DiscoveryWorker.cs

@@ -1,4 +1,5 @@
 using System.Collections.Immutable;
+using System.Net;
 using System.Text.Json;
 using System.Text.Json.Serialization;
 
@@ -6,6 +7,7 @@ using Microsoft.Build.Construction;
 using Microsoft.Build.Definition;
 using Microsoft.Build.Evaluation;
 
+using NuGetUpdater.Core.Analyze;
 using NuGetUpdater.Core.Utilities;
 
 namespace NuGetUpdater.Core.Discover;
@@ -47,43 +49,60 @@ public partial class DiscoveryWorker
         DirectoryPackagesPropsDiscoveryResult? directoryPackagesPropsDiscovery = null;
 
         ImmutableArray<ProjectDiscoveryResult> projectResults = [];
+        WorkspaceDiscoveryResult result;
 
-        if (Directory.Exists(workspacePath))
+        try
         {
-            _logger.Log($"Discovering build files in workspace [{workspacePath}].");
+            if (Directory.Exists(workspacePath))
+            {
+                _logger.Log($"Discovering build files in workspace [{workspacePath}].");
 
-            dotNetToolsJsonDiscovery = DotNetToolsJsonDiscovery.Discover(repoRootPath, workspacePath, _logger);
-            globalJsonDiscovery = GlobalJsonDiscovery.Discover(repoRootPath, workspacePath, _logger);
+                dotNetToolsJsonDiscovery = DotNetToolsJsonDiscovery.Discover(repoRootPath, workspacePath, _logger);
+                globalJsonDiscovery = GlobalJsonDiscovery.Discover(repoRootPath, workspacePath, _logger);
 
-            if (globalJsonDiscovery is not null)
-            {
-                await TryRestoreMSBuildSdksAsync(repoRootPath, workspacePath, globalJsonDiscovery.Dependencies, _logger);
-            }
+                if (globalJsonDiscovery is not null)
+                {
+                    await TryRestoreMSBuildSdksAsync(repoRootPath, workspacePath, globalJsonDiscovery.Dependencies, _logger);
+                }
 
-            projectResults = await RunForDirectoryAsnyc(repoRootPath, workspacePath);
+                // this next line should throw or something
+                projectResults = await RunForDirectoryAsnyc(repoRootPath, workspacePath);
 
-            directoryPackagesPropsDiscovery = DirectoryPackagesPropsDiscovery.Discover(repoRootPath, workspacePath, projectResults, _logger);
+                directoryPackagesPropsDiscovery = DirectoryPackagesPropsDiscovery.Discover(repoRootPath, workspacePath, projectResults, _logger);
 
-            if (directoryPackagesPropsDiscovery is not null)
+                if (directoryPackagesPropsDiscovery is not null)
+                {
+                    projectResults = projectResults.Remove(projectResults.First(p => p.FilePath.Equals(directoryPackagesPropsDiscovery.FilePath, StringComparison.OrdinalIgnoreCase)));
+                }
+            }
+            else
             {
-                projectResults = projectResults.Remove(projectResults.First(p => p.FilePath.Equals(directoryPackagesPropsDiscovery.FilePath, StringComparison.OrdinalIgnoreCase)));
+                _logger.Log($"Workspace path [{workspacePath}] does not exist.");
             }
+
+            result = new WorkspaceDiscoveryResult
+            {
+                Path = initialWorkspacePath,
+                DotNetToolsJson = dotNetToolsJsonDiscovery,
+                GlobalJson = globalJsonDiscovery,
+                DirectoryPackagesProps = directoryPackagesPropsDiscovery,
+                Projects = projectResults.OrderBy(p => p.FilePath).ToImmutableArray(),
+            };
         }
-        else
+        catch (HttpRequestException ex)
+        when (ex.StatusCode == HttpStatusCode.Unauthorized || ex.StatusCode == HttpStatusCode.Forbidden)
         {
-            _logger.Log($"Workspace path [{workspacePath}] does not exist.");
+            // TODO: consolidate this error handling between AnalyzeWorker, DiscoveryWorker, and UpdateWorker
+            result = new WorkspaceDiscoveryResult
+            {
+                ErrorType = ErrorType.AuthenticationFailure,
+                ErrorDetails = "(" + string.Join("|", NuGetContext.GetPackageSourceUrls(workspacePath)) + ")",
+                Path = initialWorkspacePath,
+                Projects = [],
+            };
         }
 
-        var result = new WorkspaceDiscoveryResult
-        {
-            Path = initialWorkspacePath,
-            DotNetToolsJson = dotNetToolsJsonDiscovery,
-            GlobalJson = globalJsonDiscovery,
-            DirectoryPackagesProps = directoryPackagesPropsDiscovery,
-            Projects = projectResults.OrderBy(p => p.FilePath).ToImmutableArray(),
-        };
-
-        await WriteResults(repoRootPath, outputPath, result);
+        await WriteResultsAsync(repoRootPath, outputPath, result);
 
         _logger.Log("Discovery complete.");
 
@@ -293,7 +312,7 @@ public partial class DiscoveryWorker
         return [.. results.Values];
     }
 
-    private static async Task WriteResults(string repoRootPath, string outputPath, WorkspaceDiscoveryResult result)
+    internal static async Task WriteResultsAsync(string repoRootPath, string outputPath, WorkspaceDiscoveryResult result)
     {
         var resultPath = Path.IsPathRooted(outputPath)
             ? outputPath

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/WorkspaceDiscoveryResult.cs

@@ -2,7 +2,7 @@ using System.Collections.Immutable;
 
 namespace NuGetUpdater.Core.Discover;
 
-public sealed record WorkspaceDiscoveryResult
+public sealed record WorkspaceDiscoveryResult : NativeResult
 {
     public required string Path { get; init; }
     public bool IsSuccess { get; init; } = true;

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/ErrorType.cs

@@ -0,0 +1,8 @@
+namespace NuGetUpdater.Core;
+
+public enum ErrorType
+{
+    // TODO: add `Unknown` option to track all other failure types
+    None,
+    AuthenticationFailure,
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Files/ProjectBuildFile.cs

@@ -93,11 +93,11 @@ internal sealed class ProjectBuildFile : XmlBuildFile
     {
         var isUpdate = false;
 
-        var name = element.GetAttributeOrSubElementValue("Include", StringComparison.OrdinalIgnoreCase);
+        var name = element.GetAttributeOrSubElementValue("Include", StringComparison.OrdinalIgnoreCase)?.Trim();
         if (name is null)
         {
             isUpdate = true;
-            name = element.GetAttributeOrSubElementValue("Update", StringComparison.OrdinalIgnoreCase);
+            name = element.GetAttributeOrSubElementValue("Update", StringComparison.OrdinalIgnoreCase)?.Trim();
         }
 
         if (name is null || name.StartsWith("@("))

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/NativeResult.cs

@@ -0,0 +1,8 @@
+namespace NuGetUpdater.Core;
+
+public record NativeResult
+{
+    // TODO: nullable not required, `ErrorType.None` is the default anyway
+    public ErrorType? ErrorType { get; init; }
+    public string? ErrorDetails { get; init; }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/PackagesConfigUpdater.cs

@@ -1,3 +1,4 @@
+using System.Diagnostics;
 using System.Text;
 using System.Xml.Linq;
 using System.Xml.XPath;
@@ -102,9 +103,9 @@ internal static class PackagesConfigUpdater
         Console.SetError(writer);
 
         var currentDir = Environment.CurrentDirectory;
+        var existingSpawnedProcesses = GetLikelyNuGetSpawnedProcesses();
         try
         {
-
             Environment.CurrentDirectory = projectDirectory;
             var retryingAfterRestore = false;
 
@@ -144,6 +145,7 @@ internal static class PackagesConfigUpdater
                     goto doRestore;
                 }
 
+                MSBuildHelper.ThrowOnUnauthenticatedFeed(fullOutput);
                 throw new Exception(fullOutput);
             }
         }
@@ -157,9 +159,24 @@ internal static class PackagesConfigUpdater
             Environment.CurrentDirectory = currentDir;
             Console.SetOut(originalOut);
             Console.SetError(originalError);
+
+            // NuGet.exe can spawn processes that hold on to the temporary directory, so we need to kill them
+            var currentSpawnedProcesses = GetLikelyNuGetSpawnedProcesses();
+            var deltaSpawnedProcesses = currentSpawnedProcesses.Except(existingSpawnedProcesses).ToArray();
+            foreach (var credProvider in deltaSpawnedProcesses)
+            {
+                logger.Log($"Ending spawned credential provider process");
+                credProvider.Kill();
+            }
         }
     }
 
+    private static Process[] GetLikelyNuGetSpawnedProcesses()
+    {
+        var processes = Process.GetProcesses().Where(p => p.ProcessName.StartsWith("CredentialProvider", StringComparison.OrdinalIgnoreCase) == true).ToArray();
+        return processes;
+    }
+
     internal static string? GetPathToPackagesDirectory(ProjectBuildFile projectBuildFile, string dependencyName, string dependencyVersion, string packagesConfigPath)
     {
         // the packages directory can be found from the hint path of the matching dependency, e.g., when given "Newtonsoft.Json", "7.0.1", and a project like this:

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/SdkPackageUpdater.cs

@@ -228,6 +228,7 @@ internal static class SdkPackageUpdater
 
         // see https://learn.microsoft.com/nuget/consume-packages/install-use-packages-dotnet-cli
         var (exitCode, stdout, stderr) = await ProcessEx.RunAsync("dotnet", $"add {projectPath} package {dependencyName} --version {newDependencyVersion}", workingDirectory: Path.GetDirectoryName(projectPath));
+        MSBuildHelper.ThrowOnUnauthenticatedFeed(stdout);
         if (exitCode != 0)
         {
             logger.Log($"    Transitive dependency [{dependencyName}/{newDependencyVersion}] was not added.\nSTDOUT:\n{stdout}\nSTDERR:\n{stderr}");
@@ -594,7 +595,7 @@ internal static class SdkPackageUpdater
         string packageName)
         => buildFile.PackageItemNodes.Where(e =>
             string.Equals(
-                e.GetAttributeOrSubElementValue("Include", StringComparison.OrdinalIgnoreCase) ?? e.GetAttributeOrSubElementValue("Update", StringComparison.OrdinalIgnoreCase),
+                (e.GetAttributeOrSubElementValue("Include", StringComparison.OrdinalIgnoreCase) ?? e.GetAttributeOrSubElementValue("Update", StringComparison.OrdinalIgnoreCase))?.Trim(),
                 packageName,
                 StringComparison.OrdinalIgnoreCase) &&
             (e.GetAttributeOrSubElementValue("Version", StringComparison.OrdinalIgnoreCase) ?? e.GetAttributeOrSubElementValue("VersionOverride", StringComparison.OrdinalIgnoreCase)) is not null);

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/UpdateOperationResult.cs

@@ -0,0 +1,5 @@
+namespace NuGetUpdater.Core.Updater;
+
+public record UpdateOperationResult : NativeResult
+{
+}