dependabot-nuget 0.267.0 → 0.270.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 19fd9d2635d3d1f5737870ebe8bcd155fb5e90557c7eec2b6832233bb0573b29
-  data.tar.gz: d1bd4ff99ae3fd8319a796cf04ba3a859c084cd465013cd5a1c8b106969a8183
+  metadata.gz: 690337cc223bbf06e50f9f66fff955f966931bbc4368fe4d5849efb386c4a123
+  data.tar.gz: bce0d34b0c79064c99a511b88b8087f5d287ff7fef85aa01bb32b6d3b824a7d4
 SHA512:
-  metadata.gz: 4b1c5c0ed9ca379e3c209c21dbc047e7364a9c3f7eda956ebd11a6f0f44b5a3a3e5a7fe9493ccafe82ac98bad132ab2323a56817c2f234c135814282cd229c30
-  data.tar.gz: c0f297752cb28d6c32df1261ab10199a5f39e17af23f3c3e46ed76aafd59785e79cd43c81e1a164b8fe92b9f7763f50e3d2c4a8d34c9bb59a4976d0e6eb44be4
+  metadata.gz: 431e6a7b442ce8a7430882a125ccebe3b77b54dfc68698aa5c6279be0cde427a924c3faafceb0b1414d2e0feff35ad43e29e31aa410b11ea3bf451ac5cbf5288
+  data.tar.gz: 805297f077777b6cc7f8fdccbe46a37909b008bd7a09abfc86816ad3cdfda1da837b8fa49f8c4086e5910c27f61bc2179b4b550d84e26cabc378d34201aee4f5

data/helpers/lib/NuGetUpdater/NuGetUpdater.Cli.Test/EntryPointTests.Update.cs

@@ -407,6 +407,7 @@ public partial class EntryPointTests
                 try
                 {
                     await MockNuGetPackagesInDirectory(packages, path);
+
                     var args = getArgs(path);
                     var result = await Program.Main(args);
                     if (result != 0)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/AnalyzeWorker.cs

@@ -255,6 +255,12 @@ public partial class AnalyzeWorker
         CancellationToken cancellationToken)
     {
         var versions = versionResult.GetVersions();
+        if (versions.Length == 0)
+        {
+            // if absolutely nothing was found, then we can't update
+            return null;
+        }
+
         var orderedVersions = findLowestVersion
             ? versions.OrderBy(v => v) // If we are fixing a vulnerability, then we want the lowest version that is safe.
             : versions.OrderByDescending(v => v); // If we are just updating versions, then we want the highest version possible.

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/CompatabilityChecker.cs

@@ -84,24 +84,27 @@ internal static class CompatibilityChecker
         var reader = new NuspecReader(nuspecStream);
 
         var isDevDependency = reader.GetDevelopmentDependency();
+        var tfms = new HashSet<NuGetFramework>();
+        var dependencyGroups = reader.GetDependencyGroups().ToArray();
 
-        var tfms = reader.GetDependencyGroups()
-            .Select(d => d.TargetFramework)
-            .ToImmutableArray();
-        if (tfms.Length == 0)
+        foreach (var d in dependencyGroups)
         {
-            // If the nuspec doesn't have any dependency groups,
-            // try to get the TargetFramework from files in the lib folder.
             var libItems = (await readers.ContentReader.GetLibItemsAsync(cancellationToken)).ToList();
-            if (libItems.Count == 0)
+
+            foreach (var item in libItems)
             {
-                // If there is no lib folder in this package, then assume it is a dev dependency.
-                isDevDependency = true;
+                tfms.Add(item.TargetFramework);
             }
 
-            tfms = libItems.Select(item => item.TargetFramework)
-                .Distinct()
-                .ToImmutableArray();
+            if (!d.TargetFramework.IsAny)
+            {
+                tfms.Add(d.TargetFramework);
+            }
+        }
+
+        if (!tfms.Any())
+        {
+            tfms.Add(NuGetFramework.AnyFramework);
         }
 
         // The interfaces we given are not disposable but the underlying type can be.
@@ -109,7 +112,7 @@ internal static class CompatibilityChecker
         (readers.CoreReader as IDisposable)?.Dispose();
         (readers.ContentReader as IDisposable)?.Dispose();
 
-        return (isDevDependency, tfms);
+        return (isDevDependency, tfms.ToImmutableArray());
     }
 
     internal static PackageReaders ReadPackage(string tempPackagePath)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/Requirement.cs

@@ -116,7 +116,14 @@ public class IndividualRequirement : Requirement
             : [requirement[..(splitIndex + 1)].Trim(), requirement[(splitIndex + 1)..].Trim()];
 
         var op = parts.Length == 1 ? "=" : parts[0];
-        var version = NuGetVersion.Parse(parts[^1]);
+        var versionString = parts[^1];
+
+        // allow for single character wildcards; may be asterisk (NuGet-style: 1.*) or a single letter (alternate style: 1.x)
+        var versionParts = versionString.Split('.');
+        var recreatedVersionParts = versionParts.Select(vp => vp.Length == 1 && (vp == "*" || char.IsAsciiLetter(vp[0])) ? "0" : vp).ToArray();
+
+        var rebuiltVersionString = string.Join(".", recreatedVersionParts);
+        var version = NuGetVersion.Parse(rebuiltVersionString);
 
         return new IndividualRequirement(op, version);
     }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/SdkPackageUpdater.cs

@@ -24,6 +24,7 @@ internal static class SdkPackageUpdater
 
         // Get the set of all top-level dependencies in the current project
         var topLevelDependencies = MSBuildHelper.GetTopLevelPackageDependencyInfos(buildFiles).ToArray();
+
         if (!await DoesDependencyRequireUpdateAsync(repoRootPath, projectPath, tfms, topLevelDependencies, dependencyName, newDependencyVersion, logger))
         {
             return;
@@ -31,7 +32,7 @@ internal static class SdkPackageUpdater
 
         if (isTransitive)
         {
-            await UpdateTransitiveDependencyAsnyc(projectPath, dependencyName, newDependencyVersion, buildFiles, logger);
+            await UpdateTransitiveDependencyAsync(repoRootPath, projectPath, dependencyName, newDependencyVersion, buildFiles, logger);
         }
         else
         {
@@ -123,7 +124,7 @@ internal static class SdkPackageUpdater
         return true;
     }
 
-    private static async Task UpdateTransitiveDependencyAsnyc(string projectPath, string dependencyName, string newDependencyVersion, ImmutableArray<ProjectBuildFile> buildFiles, Logger logger)
+    private static async Task UpdateTransitiveDependencyAsync(string repoRootPath, string projectPath, string dependencyName, string newDependencyVersion, ImmutableArray<ProjectBuildFile> buildFiles, Logger logger)
     {
         var directoryPackagesWithPinning = buildFiles.OfType<ProjectBuildFile>()
             .FirstOrDefault(bf => IsCpmTransitivePinningEnabled(bf));
@@ -133,7 +134,7 @@ internal static class SdkPackageUpdater
         }
         else
         {
-            await AddTransitiveDependencyAsync(projectPath, dependencyName, newDependencyVersion, logger);
+            await AddTransitiveDependencyAsync(repoRootPath, projectPath, dependencyName, newDependencyVersion, logger);
         }
     }
 
@@ -222,17 +223,21 @@ internal static class SdkPackageUpdater
         directoryPackages.Update(updatedXml);
     }
 
-    private static async Task AddTransitiveDependencyAsync(string projectPath, string dependencyName, string newDependencyVersion, Logger logger)
+    private static async Task AddTransitiveDependencyAsync(string repoRootPath, string projectPath, string dependencyName, string newDependencyVersion, Logger logger)
     {
-        logger.Log($"    Adding [{dependencyName}/{newDependencyVersion}] as a top-level package reference.");
-
-        // see https://learn.microsoft.com/nuget/consume-packages/install-use-packages-dotnet-cli
-        var (exitCode, stdout, stderr) = await ProcessEx.RunAsync("dotnet", $"add {projectPath} package {dependencyName} --version {newDependencyVersion}", workingDirectory: Path.GetDirectoryName(projectPath));
-        MSBuildHelper.ThrowOnUnauthenticatedFeed(stdout);
-        if (exitCode != 0)
+        var projectDirectory = Path.GetDirectoryName(projectPath)!;
+        await MSBuildHelper.SidelineGlobalJsonAsync(projectDirectory, repoRootPath, async () =>
         {
-            logger.Log($"    Transitive dependency [{dependencyName}/{newDependencyVersion}] was not added.\nSTDOUT:\n{stdout}\nSTDERR:\n{stderr}");
-        }
+            logger.Log($"    Adding [{dependencyName}/{newDependencyVersion}] as a top-level package reference.");
+
+            // see https://learn.microsoft.com/nuget/consume-packages/install-use-packages-dotnet-cli
+            var (exitCode, stdout, stderr) = await ProcessEx.RunAsync("dotnet", $"add {projectPath} package {dependencyName} --version {newDependencyVersion}", workingDirectory: projectDirectory);
+            MSBuildHelper.ThrowOnUnauthenticatedFeed(stdout);
+            if (exitCode != 0)
+            {
+                logger.Log($"    Transitive dependency [{dependencyName}/{newDependencyVersion}] was not added.\nSTDOUT:\n{stdout}\nSTDERR:\n{stderr}");
+            }
+        }, retainMSBuildSdks: true);
     }
 
     /// <summary>
@@ -302,6 +307,7 @@ internal static class SdkPackageUpdater
         IDictionary<string, string> peerDependencies,
         Logger logger)
     {
+
         var result = TryUpdateDependencyVersion(buildFiles, dependencyName, previousDependencyVersion, newDependencyVersion, logger);
         if (result == UpdateResult.NotFound)
         {
@@ -320,7 +326,20 @@ internal static class SdkPackageUpdater
         {
             foreach (string tfm in targetFrameworks)
             {
-                Dependency[]? resolvedDependencies = await MSBuildHelper.ResolveDependencyConflicts(repoRootPath, projectFile.Path, tfm, updatedTopLevelDependencies, logger);
+                if (MSBuildHelper.UseNewDependencySolver())
+                {
+                    // Find the index of the dependency we are updating and revert it to the previous version
+                    int dependencyIndex = Array.FindIndex(updatedTopLevelDependencies, d => string.Equals(d.Name, dependencyName, StringComparison.OrdinalIgnoreCase));
+                    if (dependencyIndex != -1)
+                    {
+                        var originalDependency = updatedTopLevelDependencies[dependencyIndex];
+                        updatedTopLevelDependencies[dependencyIndex] = originalDependency with { Version = previousDependencyVersion };
+                    }
+
+                }
+                Dependency[] update = [new Dependency(dependencyName, newDependencyVersion, DependencyType.PackageReference)];
+                Dependency[]? resolvedDependencies = await MSBuildHelper.ResolveDependencyConflicts(repoRootPath, projectFile.Path, tfm, updatedTopLevelDependencies, update, logger);
+
                 if (resolvedDependencies is null)
                 {
                     logger.Log($"    Unable to resolve dependency conflicts for {projectFile.Path}.");
@@ -341,7 +360,7 @@ internal static class SdkPackageUpdater
                     continue;
                 }
 
-                // update all other dependencies
+                // update all dependencies
                 foreach (Dependency resolvedDependency in resolvedDependencies
                                                           .Where(d => !d.Name.Equals(dependencyName, StringComparison.OrdinalIgnoreCase))
                                                           .Where(d => d.Version is not null))