dependabot-nuget 0.265.0 → 0.267.0

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/Requirement.cs

@@ -12,7 +12,59 @@ namespace NuGetUpdater.Core.Analyze;
 /// See Gem::Version for a description on how versions and requirements work
 /// together in RubyGems.
 /// </remarks>
-public class Requirement
+public abstract class Requirement
+{
+    public abstract bool IsSatisfiedBy(NuGetVersion version);
+
+    private static readonly Dictionary<string, Version> BumpMap = [];
+    /// <summary>
+    /// Return a new version object where the next to the last revision
+    /// number is one greater (e.g., 5.3.1 => 5.4).
+    /// </summary>
+    /// <remarks>
+    /// This logic intended to be similar to RubyGems Gem::Version#bump
+    /// </remarks>
+    public static Version Bump(NuGetVersion version)
+    {
+        if (BumpMap.TryGetValue(version.OriginalVersion!, out var bumpedVersion))
+        {
+            return bumpedVersion;
+        }
+
+        var versionParts = version.OriginalVersion! // Get the original string this version was created from
+            .Split('-')[0] // Get the version part without pre-release
+            .Split('.') // Split into Major.Minor.Patch.Revision if present
+            .Select(int.Parse)
+            .ToArray();
+
+        if (versionParts.Length > 1)
+        {
+            versionParts = versionParts[..^1]; // Remove the last part
+        }
+
+        versionParts[^1]++; // Increment the new last part
+
+        bumpedVersion = NuGetVersion.Parse(string.Join('.', versionParts)).Version;
+        BumpMap[version.OriginalVersion!] = bumpedVersion;
+
+        return bumpedVersion;
+    }
+
+    public static Requirement Parse(string requirement)
+    {
+        var specificParts = requirement.Split(',');
+        if (specificParts.Length == 1)
+        {
+            return IndividualRequirement.ParseIndividual(requirement);
+        }
+
+        var specificRequirements = specificParts.Select(IndividualRequirement.ParseIndividual).ToArray();
+        return new MultiPartRequirement(specificRequirements);
+    }
+}
+
+
+public class IndividualRequirement : Requirement
 {
     private static readonly ImmutableDictionary<string, Func<NuGetVersion, NuGetVersion, bool>> Operators = new Dictionary<string, Func<NuGetVersion, NuGetVersion, bool>>()
     {
@@ -25,30 +77,10 @@ public class Requirement
         ["~>"] = (v, r) => v >= r && v.Version < Bump(r),
     }.ToImmutableDictionary();
 
-    public static Requirement Parse(string requirement)
-    {
-        var splitIndex = requirement.LastIndexOfAny(['=', '>', '<']);
-
-        // Throw if the requirement is all operator and no version.
-        if (splitIndex == requirement.Length - 1)
-        {
-            throw new ArgumentException($"`{requirement}` is a invalid requirement string", nameof(requirement));
-        }
-
-        string[] parts = splitIndex == -1
-            ? [requirement.Trim()]
-            : [requirement[..(splitIndex + 1)].Trim(), requirement[(splitIndex + 1)..].Trim()];
-
-        var op = parts.Length == 1 ? "=" : parts[0];
-        var version = NuGetVersion.Parse(parts[^1]);
-
-        return new Requirement(op, version);
-    }
-
     public string Operator { get; }
     public NuGetVersion Version { get; }
 
-    public Requirement(string op, NuGetVersion version)
+    public IndividualRequirement(string op, NuGetVersion version)
     {
         if (!Operators.ContainsKey(op))
         {
@@ -64,42 +96,53 @@ public class Requirement
         return $"{Operator} {Version}";
     }
 
-    public bool IsSatisfiedBy(NuGetVersion version)
+    public override bool IsSatisfiedBy(NuGetVersion version)
     {
         return Operators[Operator](version, Version);
     }
 
-    private static readonly Dictionary<string, Version> BumpMap = [];
-    /// <summary>
-    /// Return a new version object where the next to the last revision
-    /// number is one greater (e.g., 5.3.1 => 5.4).
-    /// </summary>
-    /// <remarks>
-    /// This logic intended to be similar to RubyGems Gem::Version#bump
-    /// </remarks>
-    public static Version Bump(NuGetVersion version)
+    public static IndividualRequirement ParseIndividual(string requirement)
     {
-        if (BumpMap.TryGetValue(version.OriginalVersion!, out var bumpedVersion))
+        var splitIndex = requirement.LastIndexOfAny(['=', '>', '<']);
+
+        // Throw if the requirement is all operator and no version.
+        if (splitIndex == requirement.Length - 1)
         {
-            return bumpedVersion;
+            throw new ArgumentException($"`{requirement}` is a invalid requirement string", nameof(requirement));
         }
 
-        var versionParts = version.OriginalVersion! // Get the original string this version was created from
-            .Split('-')[0] // Get the version part without pre-release
-            .Split('.') // Split into Major.Minor.Patch.Revision if present
-            .Select(int.Parse)
-            .ToArray();
+        string[] parts = splitIndex == -1
+            ? [requirement.Trim()]
+            : [requirement[..(splitIndex + 1)].Trim(), requirement[(splitIndex + 1)..].Trim()];
 
-        if (versionParts.Length > 1)
+        var op = parts.Length == 1 ? "=" : parts[0];
+        var version = NuGetVersion.Parse(parts[^1]);
+
+        return new IndividualRequirement(op, version);
+    }
+}
+
+public class MultiPartRequirement : Requirement
+{
+    public ImmutableArray<IndividualRequirement> Parts { get; }
+
+    public MultiPartRequirement(IndividualRequirement[] parts)
+    {
+        if (parts.Length <= 1)
         {
-            versionParts = versionParts[..^1]; // Remove the last part
+            throw new ArgumentException("At least two parts are required", nameof(parts));
         }
 
-        versionParts[^1]++; // Increment the new last part
+        Parts = parts.ToImmutableArray();
+    }
 
-        bumpedVersion = NuGetVersion.Parse(string.Join('.', versionParts)).Version;
-        BumpMap[version.OriginalVersion!] = bumpedVersion;
+    public override string ToString()
+    {
+        return string.Join(", ", Parts);
+    }
 
-        return bumpedVersion;
+    public override bool IsSatisfiedBy(NuGetVersion version)
+    {
+        return Parts.All(part => part.IsSatisfiedBy(version));
     }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/VersionFinder.cs

@@ -66,15 +66,24 @@ internal static class VersionFinder
                 continue;
             }
 
-            var existsInFeed = await feed.Exists(
-                packageId,
-                includePrerelease,
-                includeUnlisted: false,
-                nugetContext.SourceCacheContext,
-                NullLogger.Instance,
-                cancellationToken);
-            if (!existsInFeed)
+            try
+            {
+                // a non-compliant v2 API returning 404 can cause this to throw
+                var existsInFeed = await feed.Exists(
+                    packageId,
+                    includePrerelease,
+                    includeUnlisted: false,
+                    nugetContext.SourceCacheContext,
+                    NullLogger.Instance,
+                    cancellationToken);
+                if (!existsInFeed)
+                {
+                    continue;
+                }
+            }
+            catch (FatalProtocolException)
             {
+                // if anything goes wrong here, the package source obviously doesn't contain the requested package
                 continue;
             }
 
@@ -162,15 +171,23 @@ internal static class VersionFinder
                 continue;
             }
 
-            var existsInFeed = await feed.Exists(
-                new PackageIdentity(packageId, version),
-                includeUnlisted: false,
-                nugetContext.SourceCacheContext,
-                NullLogger.Instance,
-                cancellationToken);
-            if (existsInFeed)
+            try
+            {
+                // a non-compliant v2 API returning 404 can cause this to throw
+                var existsInFeed = await feed.Exists(
+                    new PackageIdentity(packageId, version),
+                    includeUnlisted: false,
+                    nugetContext.SourceCacheContext,
+                    NullLogger.Instance,
+                    cancellationToken);
+                if (existsInFeed)
+                {
+                    return true;
+                }
+            }
+            catch (FatalProtocolException)
             {
-                return true;
+                // if anything goes wrong here, the package source obviously doesn't contain the requested package
             }
         }
 

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/DiscoveryWorker.cs

@@ -1,4 +1,5 @@
 using System.Collections.Immutable;
+using System.Net;
 using System.Text.Json;
 using System.Text.Json.Serialization;
 
@@ -6,6 +7,7 @@ using Microsoft.Build.Construction;
 using Microsoft.Build.Definition;
 using Microsoft.Build.Evaluation;
 
+using NuGetUpdater.Core.Analyze;
 using NuGetUpdater.Core.Utilities;
 
 namespace NuGetUpdater.Core.Discover;
@@ -47,43 +49,60 @@ public partial class DiscoveryWorker
         DirectoryPackagesPropsDiscoveryResult? directoryPackagesPropsDiscovery = null;
 
         ImmutableArray<ProjectDiscoveryResult> projectResults = [];
+        WorkspaceDiscoveryResult result;
 
-        if (Directory.Exists(workspacePath))
+        try
         {
-            _logger.Log($"Discovering build files in workspace [{workspacePath}].");
+            if (Directory.Exists(workspacePath))
+            {
+                _logger.Log($"Discovering build files in workspace [{workspacePath}].");
 
-            dotNetToolsJsonDiscovery = DotNetToolsJsonDiscovery.Discover(repoRootPath, workspacePath, _logger);
-            globalJsonDiscovery = GlobalJsonDiscovery.Discover(repoRootPath, workspacePath, _logger);
+                dotNetToolsJsonDiscovery = DotNetToolsJsonDiscovery.Discover(repoRootPath, workspacePath, _logger);
+                globalJsonDiscovery = GlobalJsonDiscovery.Discover(repoRootPath, workspacePath, _logger);
 
-            if (globalJsonDiscovery is not null)
-            {
-                await TryRestoreMSBuildSdksAsync(repoRootPath, workspacePath, globalJsonDiscovery.Dependencies, _logger);
-            }
+                if (globalJsonDiscovery is not null)
+                {
+                    await TryRestoreMSBuildSdksAsync(repoRootPath, workspacePath, globalJsonDiscovery.Dependencies, _logger);
+                }
 
-            projectResults = await RunForDirectoryAsnyc(repoRootPath, workspacePath);
+                // this next line should throw or something
+                projectResults = await RunForDirectoryAsnyc(repoRootPath, workspacePath);
 
-            directoryPackagesPropsDiscovery = DirectoryPackagesPropsDiscovery.Discover(repoRootPath, workspacePath, projectResults, _logger);
+                directoryPackagesPropsDiscovery = DirectoryPackagesPropsDiscovery.Discover(repoRootPath, workspacePath, projectResults, _logger);
 
-            if (directoryPackagesPropsDiscovery is not null)
+                if (directoryPackagesPropsDiscovery is not null)
+                {
+                    projectResults = projectResults.Remove(projectResults.First(p => p.FilePath.Equals(directoryPackagesPropsDiscovery.FilePath, StringComparison.OrdinalIgnoreCase)));
+                }
+            }
+            else
             {
-                projectResults = projectResults.Remove(projectResults.First(p => p.FilePath.Equals(directoryPackagesPropsDiscovery.FilePath, StringComparison.OrdinalIgnoreCase)));
+                _logger.Log($"Workspace path [{workspacePath}] does not exist.");
             }
+
+            result = new WorkspaceDiscoveryResult
+            {
+                Path = initialWorkspacePath,
+                DotNetToolsJson = dotNetToolsJsonDiscovery,
+                GlobalJson = globalJsonDiscovery,
+                DirectoryPackagesProps = directoryPackagesPropsDiscovery,
+                Projects = projectResults.OrderBy(p => p.FilePath).ToImmutableArray(),
+            };
         }
-        else
+        catch (HttpRequestException ex)
+        when (ex.StatusCode == HttpStatusCode.Unauthorized || ex.StatusCode == HttpStatusCode.Forbidden)
         {
-            _logger.Log($"Workspace path [{workspacePath}] does not exist.");
+            // TODO: consolidate this error handling between AnalyzeWorker, DiscoveryWorker, and UpdateWorker
+            result = new WorkspaceDiscoveryResult
+            {
+                ErrorType = ErrorType.AuthenticationFailure,
+                ErrorDetails = "(" + string.Join("|", NuGetContext.GetPackageSourceUrls(workspacePath)) + ")",
+                Path = initialWorkspacePath,
+                Projects = [],
+            };
         }
 
-        var result = new WorkspaceDiscoveryResult
-        {
-            Path = initialWorkspacePath,
-            DotNetToolsJson = dotNetToolsJsonDiscovery,
-            GlobalJson = globalJsonDiscovery,
-            DirectoryPackagesProps = directoryPackagesPropsDiscovery,
-            Projects = projectResults.OrderBy(p => p.FilePath).ToImmutableArray(),
-        };
-
-        await WriteResults(repoRootPath, outputPath, result);
+        await WriteResultsAsync(repoRootPath, outputPath, result);
 
         _logger.Log("Discovery complete.");
 
@@ -293,7 +312,7 @@ public partial class DiscoveryWorker
         return [.. results.Values];
     }
 
-    private static async Task WriteResults(string repoRootPath, string outputPath, WorkspaceDiscoveryResult result)
+    internal static async Task WriteResultsAsync(string repoRootPath, string outputPath, WorkspaceDiscoveryResult result)
     {
         var resultPath = Path.IsPathRooted(outputPath)
             ? outputPath

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/WorkspaceDiscoveryResult.cs

@@ -2,7 +2,7 @@ using System.Collections.Immutable;
 
 namespace NuGetUpdater.Core.Discover;
 
-public sealed record WorkspaceDiscoveryResult
+public sealed record WorkspaceDiscoveryResult : NativeResult
 {
     public required string Path { get; init; }
     public bool IsSuccess { get; init; } = true;

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/ErrorType.cs

@@ -0,0 +1,9 @@
+namespace NuGetUpdater.Core;
+
+public enum ErrorType
+{
+    // TODO: add `Unknown` option to track all other failure types
+    None,
+    AuthenticationFailure,
+    MissingFile,
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Files/ProjectBuildFile.cs

@@ -93,11 +93,11 @@ internal sealed class ProjectBuildFile : XmlBuildFile
     {
         var isUpdate = false;
 
-        var name = element.GetAttributeOrSubElementValue("Include", StringComparison.OrdinalIgnoreCase);
+        var name = element.GetAttributeOrSubElementValue("Include", StringComparison.OrdinalIgnoreCase)?.Trim();
         if (name is null)
         {
             isUpdate = true;
-            name = element.GetAttributeOrSubElementValue("Update", StringComparison.OrdinalIgnoreCase);
+            name = element.GetAttributeOrSubElementValue("Update", StringComparison.OrdinalIgnoreCase)?.Trim();
         }
 
         if (name is null || name.StartsWith("@("))

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/MissingFileException.cs

@@ -0,0 +1,11 @@
+namespace NuGetUpdater.Core;
+
+internal class MissingFileException : Exception
+{
+    public string FilePath { get; }
+
+    public MissingFileException(string filePath)
+    {
+        FilePath = filePath;
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/NativeResult.cs

@@ -0,0 +1,8 @@
+namespace NuGetUpdater.Core;
+
+public record NativeResult
+{
+    // TODO: nullable not required, `ErrorType.None` is the default anyway
+    public ErrorType? ErrorType { get; init; }
+    public string? ErrorDetails { get; init; }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/BindingRedirectManager.cs

@@ -149,42 +149,6 @@ internal static class BindingRedirectManager
             return (element.Name == "None" && string.Equals(path, "app.config", StringComparison.OrdinalIgnoreCase))
                    || (element.Name == "Content" && string.Equals(path, "web.config", StringComparison.OrdinalIgnoreCase));
         }
-
-        static string GetConfigFileName(XmlDocumentSyntax document)
-        {
-            var guidValue = document.Descendants()
-                .Where(static x => x.Name == "PropertyGroup")
-                .SelectMany(static x => x.Elements.Where(static x => x.Name == "ProjectGuid"))
-                .FirstOrDefault()
-                ?.GetContentValue();
-            return guidValue switch
-            {
-                "{E24C65DC-7377-472B-9ABA-BC803B73C61A}" or "{349C5851-65DF-11DA-9384-00065B846F21}" => "Web.config",
-                _ => "App.config"
-            };
-        }
-
-        static string GenerateDefaultAppConfig(XmlDocumentSyntax document)
-        {
-            var frameworkVersion = GetFrameworkVersion(document);
-            return $"""
-                <?xml version="1.0" encoding="utf-8" ?>
-                <configuration>
-                    <startup>
-                        <supportedRuntime version="v4.0" sku=".NETFramework,Version={frameworkVersion}" />
-                    </startup>
-                </configuration>
-                """;
-        }
-
-        static string? GetFrameworkVersion(XmlDocumentSyntax document)
-        {
-            return document.Descendants()
-                .Where(static x => x.Name == "PropertyGroup")
-                .SelectMany(static x => x.Elements.Where(static x => x.Name == "TargetFrameworkVersion"))
-                .FirstOrDefault()
-                ?.GetContentValue();
-        }
     }
 
     private static string AddBindingRedirects(ConfigurationFile configFile, IEnumerable<Runtime_AssemblyBinding> bindingRedirects)
@@ -213,10 +177,24 @@ internal static class BindingRedirectManager
 
         foreach (var bindingRedirect in bindingRedirects)
         {
-            // Look to see if we already have this in the list of bindings already in config.
-            if (currentBindings.TryGetValue((bindingRedirect.Name, bindingRedirect.PublicKeyToken), out var existingBinding))
+            // If the binding redirect already exists in config, update it. Otherwise, add it.
+            var bindingAssemblyIdentity = new AssemblyIdentity(bindingRedirect.Name, bindingRedirect.PublicKeyToken);
+            if (currentBindings.Contains(bindingAssemblyIdentity))
             {
-                UpdateBindingRedirectElement(existingBinding, bindingRedirect);
+                // Check if there are multiple bindings in config for this assembly and remove all but the first one.
+                // Normally there should only be one binding per assembly identity unless the config is malformed, which we'll fix here like NuGet.exe would.
+                var existingBindings = currentBindings[bindingAssemblyIdentity];
+                if (existingBindings.Any())
+                {
+                    // Remove all but the first element
+                    foreach (var bindingElement in existingBindings.Skip(1))
+                    {
+                        RemoveElement(bindingElement);
+                    }
+
+                    // Update the first one with the new binding
+                    UpdateBindingRedirectElement(existingBindings.First(), bindingRedirect);
+                }
             }
             else
             {
@@ -228,7 +206,10 @@ internal static class BindingRedirectManager
             }
         }
 
-        return document.ToString();
+        return string.Concat(
+            document.Declaration?.ToString() ?? String.Empty, // Ensure the <?xml> declaration node is preserved, if present
+            document.ToString()
+        );
 
         static XDocument GetConfiguration(string configFileContent)
         {
@@ -278,7 +259,7 @@ internal static class BindingRedirectManager
             }
         }
 
-        static Dictionary<(string Name, string PublicKeyToken), XElement> GetAssemblyBindings(XElement runtime)
+        static ILookup<AssemblyIdentity, XElement> GetAssemblyBindings(XElement runtime)
         {
             var dependencyAssemblyElements = runtime.Elements(AssemblyBindingName)
                 .Elements(DependentAssemblyName);
@@ -291,7 +272,12 @@ internal static class BindingRedirectManager
             });
 
             // Return a mapping from binding to element
-            return assemblyElementPairs.ToDictionary(p => (p.Binding.Name, p.Binding.PublicKeyToken), p => p.Element);
+            // It is possible that multiple elements exist for the same assembly identity, so use a lookup (1:*) instead of a dictionary (1:1) 
+            return assemblyElementPairs.ToLookup(
+                p => new AssemblyIdentity(p.Binding.Name, p.Binding.PublicKeyToken),
+                p => p.Element,
+                new AssemblyIdentityIgnoreCaseComparer()
+            );
         }
 
         static XElement GetAssemblyBindingElement(XElement runtime)
@@ -309,4 +295,21 @@ internal static class BindingRedirectManager
             return assemblyBinding;
         }
     }
+
+    internal sealed record AssemblyIdentity(string Name, string PublicKeyToken);
+
+    // Case-insensitive comparer. This helps avoid creating duplicate binding redirects when there is a case form mismatch between assembly identities.
+    // Especially important for PublicKeyToken which is typically lowercase (using NuGet.exe), but can also be uppercase when using other tools (e.g. Visual Studio auto-resolve assembly conflicts feature).
+    internal sealed class AssemblyIdentityIgnoreCaseComparer : IEqualityComparer<AssemblyIdentity>
+    {
+        public bool Equals(AssemblyIdentity? x, AssemblyIdentity? y) =>
+            string.Equals(x?.Name, y?.Name, StringComparison.OrdinalIgnoreCase) &&
+            string.Equals(x?.PublicKeyToken, y?.PublicKeyToken, StringComparison.OrdinalIgnoreCase);
+
+        public int GetHashCode(AssemblyIdentity obj) =>
+            HashCode.Combine(
+                obj.Name?.ToLowerInvariant(),
+                obj.PublicKeyToken?.ToLowerInvariant()
+            );
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/PackagesConfigUpdater.cs

@@ -1,3 +1,4 @@
+using System.Diagnostics;
 using System.Text;
 using System.Xml.Linq;
 using System.Xml.XPath;
@@ -102,9 +103,9 @@ internal static class PackagesConfigUpdater
         Console.SetError(writer);
 
         var currentDir = Environment.CurrentDirectory;
+        var existingSpawnedProcesses = GetLikelyNuGetSpawnedProcesses();
         try
         {
-
             Environment.CurrentDirectory = projectDirectory;
             var retryingAfterRestore = false;
 
@@ -144,6 +145,8 @@ internal static class PackagesConfigUpdater
                     goto doRestore;
                 }
 
+                MSBuildHelper.ThrowOnUnauthenticatedFeed(fullOutput);
+                MSBuildHelper.ThrowOnMissingFile(fullOutput);
                 throw new Exception(fullOutput);
             }
         }
@@ -157,9 +160,24 @@ internal static class PackagesConfigUpdater
             Environment.CurrentDirectory = currentDir;
             Console.SetOut(originalOut);
             Console.SetError(originalError);
+
+            // NuGet.exe can spawn processes that hold on to the temporary directory, so we need to kill them
+            var currentSpawnedProcesses = GetLikelyNuGetSpawnedProcesses();
+            var deltaSpawnedProcesses = currentSpawnedProcesses.Except(existingSpawnedProcesses).ToArray();
+            foreach (var credProvider in deltaSpawnedProcesses)
+            {
+                logger.Log($"Ending spawned credential provider process");
+                credProvider.Kill();
+            }
         }
     }
 
+    private static Process[] GetLikelyNuGetSpawnedProcesses()
+    {
+        var processes = Process.GetProcesses().Where(p => p.ProcessName.StartsWith("CredentialProvider", StringComparison.OrdinalIgnoreCase) == true).ToArray();
+        return processes;
+    }
+
     internal static string? GetPathToPackagesDirectory(ProjectBuildFile projectBuildFile, string dependencyName, string dependencyVersion, string packagesConfigPath)
     {
         // the packages directory can be found from the hint path of the matching dependency, e.g., when given "Newtonsoft.Json", "7.0.1", and a project like this:

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/SdkPackageUpdater.cs

@@ -228,6 +228,7 @@ internal static class SdkPackageUpdater
 
         // see https://learn.microsoft.com/nuget/consume-packages/install-use-packages-dotnet-cli
         var (exitCode, stdout, stderr) = await ProcessEx.RunAsync("dotnet", $"add {projectPath} package {dependencyName} --version {newDependencyVersion}", workingDirectory: Path.GetDirectoryName(projectPath));
+        MSBuildHelper.ThrowOnUnauthenticatedFeed(stdout);
         if (exitCode != 0)
         {
             logger.Log($"    Transitive dependency [{dependencyName}/{newDependencyVersion}] was not added.\nSTDOUT:\n{stdout}\nSTDERR:\n{stderr}");
@@ -594,7 +595,7 @@ internal static class SdkPackageUpdater
         string packageName)
         => buildFile.PackageItemNodes.Where(e =>
             string.Equals(
-                e.GetAttributeOrSubElementValue("Include", StringComparison.OrdinalIgnoreCase) ?? e.GetAttributeOrSubElementValue("Update", StringComparison.OrdinalIgnoreCase),
+                (e.GetAttributeOrSubElementValue("Include", StringComparison.OrdinalIgnoreCase) ?? e.GetAttributeOrSubElementValue("Update", StringComparison.OrdinalIgnoreCase))?.Trim(),
                 packageName,
                 StringComparison.OrdinalIgnoreCase) &&
             (e.GetAttributeOrSubElementValue("Version", StringComparison.OrdinalIgnoreCase) ?? e.GetAttributeOrSubElementValue("VersionOverride", StringComparison.OrdinalIgnoreCase)) is not null);

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/UpdateOperationResult.cs

@@ -0,0 +1,5 @@
+namespace NuGetUpdater.Core.Updater;
+
+public record UpdateOperationResult : NativeResult
+{
+}