dependabot-nuget 0.277.0 → 0.279.0

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/CreatePullRequest.cs

@@ -0,0 +1,18 @@
+using System.Text.Json.Serialization;
+
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public sealed record CreatePullRequest
+{
+    public required ReportedDependency[] Dependencies { get; init; }
+    [JsonPropertyName("updated-dependency-files")]
+    public required DependencyFile[] UpdatedDependencyFiles { get; init; }
+    [JsonPropertyName("base-commit-sha")]
+    public required string BaseCommitSha { get; init; }
+    [JsonPropertyName("commit-message")]
+    public required string CommitMessage { get; init; }
+    [JsonPropertyName("pr-title")]
+    public required string PrTitle { get; init; }
+    [JsonPropertyName("pr-body")]
+    public required string PrBody { get; init; }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/DependencyFile.cs

@@ -0,0 +1,18 @@
+using System.Text.Json.Serialization;
+
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public sealed record DependencyFile
+{
+    public required string Name { get; init; }
+    public required string Content { get; init; }
+    public required string Directory { get; init; }
+    public string Type { get; init; } = "file"; // TODO: enum
+    [JsonPropertyName("support_file")]
+    public bool SupportFile { get; init; } = false;
+    [JsonPropertyName("content_encoding")]
+    public string ContentEncoding { get; init; } = "utf-8";
+    public bool Deleted { get; init; } = false;
+    public string Operation { get; init; } = "update"; // TODO: enum
+    public string? Mode { get; init; } = null; // TODO: what is this?
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/DependencyFileNotFound.cs

@@ -0,0 +1,6 @@
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public record DependencyFileNotFound : JobErrorBase
+{
+    public override string Type => "dependency_file_not_found";
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/IncrementMetric.cs

@@ -0,0 +1,7 @@
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public sealed record IncrementMetric
+{
+    public required string Metric { get; init; }
+    public Dictionary<string, string> Tags { get; init; } = new();
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/Job.cs

@@ -0,0 +1,49 @@
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public sealed record Job
+{
+    public required string PackageManager { get; init; }
+    public AllowedUpdate[]? AllowedUpdates { get; init; } = null;
+    public bool Debug { get; init; } = false;
+    public object[]? DependencyGroups { get; init; } = null;
+    public object[]? Dependencies { get; init; } = null;
+    public string? DependencyGroupToRefresh { get; init; } = null;
+    public object[]? ExistingPullRequests { get; init; } = null;
+    public object[]? ExistingGroupPullRequests { get; init; } = null;
+    public Dictionary<string, object>? Experiments { get; init; } = null;
+    public object[]? IgnoreConditions { get; init; } = null;
+    public bool LockfileOnly { get; init; } = false;
+    public string? RequirementsUpdateStrategy { get; init; } = null;
+    public object[]? SecurityAdvisories { get; init; } = null;
+    public bool SecurityUpdatesOnly { get; init; } = false;
+    public required JobSource Source { get; init; }
+    public bool UpdateSubdependencies { get; init; } = false;
+    public bool UpdatingAPullRequest { get; init; } = false;
+    public bool VendorDependencies { get; init; } = false;
+    public bool RejectExternalCode { get; init; } = false;
+    public bool RepoPrivate { get; init; } = false;
+    public object? CommitMessageOptions { get; init; } = null;
+    public object[]? CredentialsMetadata { get; init; } = null;
+    public int MaxUpdaterRunTime { get; init; } = 0;
+
+    public IEnumerable<string> GetAllDirectories()
+    {
+        var returnedADirectory = false;
+        if (Source.Directory is not null)
+        {
+            returnedADirectory = true;
+            yield return Source.Directory;
+        }
+
+        foreach (var directory in Source.Directories ?? [])
+        {
+            returnedADirectory = true;
+            yield return directory;
+        }
+
+        if (!returnedADirectory)
+        {
+            yield return "/";
+        }
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/JobErrorBase.cs

@@ -0,0 +1,11 @@
+using System.Text.Json.Serialization;
+
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public abstract record JobErrorBase
+{
+    [JsonPropertyName("error-type")]
+    public abstract string Type { get; }
+    [JsonPropertyName("error-details")]
+    public required string Details { get; init; }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/JobFile.cs

@@ -0,0 +1,6 @@
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public sealed record JobFile
+{
+    public required Job Job { get; init; }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/JobSource.cs

@@ -0,0 +1,11 @@
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public sealed class JobSource
+{
+    public required string Provider { get; init; }
+    public required string Repo { get; init; }
+    public string? Directory { get; init; } = null;
+    public string[]? Directories { get; init; } = null;
+    public string? Hostname { get; init; } = null;
+    public string? ApiEndpoint { get; init; } = null;
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/MarkAsProcessed.cs

@@ -0,0 +1,9 @@
+using System.Text.Json.Serialization;
+
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public sealed record MarkAsProcessed
+{
+    [JsonPropertyName("base-commit-sha")]
+    public required string BaseCommitSha { get; init; }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/PrivateSourceAuthenticationFailure.cs

@@ -0,0 +1,6 @@
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public record PrivateSourceAuthenticationFailure : JobErrorBase
+{
+    public override string Type => "private_source_authentication_failure";
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/ReportedDependency.cs

@@ -0,0 +1,16 @@
+using System.Text.Json.Serialization;
+
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public sealed record ReportedDependency
+{
+    public required string Name { get; init; }
+    public required string? Version { get; init; }
+    public required ReportedRequirement[] Requirements { get; init; }
+    [JsonPropertyName("previous-version")]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public string? PreviousVersion { get; init; } = null;
+    [JsonPropertyName("previous-requirements")]
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public ReportedRequirement[]? PreviousRequirements { get; init; } = null;
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/ReportedRequirement.cs

@@ -0,0 +1,9 @@
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public sealed record ReportedRequirement
+{
+    public required string Requirement { get; init; }
+    public required string File { get; init; }
+    public string[] Groups { get; init; } = Array.Empty<string>();
+    public RequirementSource? Source { get; init; } = null;
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/RequirementSource.cs

@@ -0,0 +1,7 @@
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public sealed record RequirementSource
+{
+    public required string? SourceUrl { get; init; }
+    public string Type { get; init; } = "nuget_repo";
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/UnknownError.cs

@@ -0,0 +1,6 @@
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public record UnknownError : JobErrorBase
+{
+    public override string Type => "unknown_error";
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/UpdatedDependencyList.cs

@@ -0,0 +1,7 @@
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public sealed record UpdatedDependencyList
+{
+    public required ReportedDependency[] Dependencies { get; init; }
+    public required string[] DependencyFiles { get; init; }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/HttpApiHandler.cs

@@ -0,0 +1,64 @@
+using System.Text;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+
+using NuGetUpdater.Core.Run.ApiModel;
+
+namespace NuGetUpdater.Core.Run;
+
+public class HttpApiHandler : IApiHandler
+{
+    private static readonly HttpClient HttpClient = new();
+
+    public static readonly JsonSerializerOptions SerializerOptions = new()
+    {
+        PropertyNamingPolicy = JsonNamingPolicy.SnakeCaseLower,
+        Converters = { new JsonStringEnumConverter() },
+    };
+
+    private readonly string _apiUrl;
+    private readonly string _jobId;
+
+    public HttpApiHandler(string apiUrl, string jobId)
+    {
+        _apiUrl = apiUrl.TrimEnd('/');
+        _jobId = jobId;
+    }
+
+    public async Task RecordUpdateJobError(JobErrorBase error)
+    {
+        await PostAsJson("record_update_job_error", error);
+    }
+
+    public async Task UpdateDependencyList(UpdatedDependencyList updatedDependencyList)
+    {
+        await PostAsJson("update_dependency_list", updatedDependencyList);
+    }
+
+    public async Task IncrementMetric(IncrementMetric incrementMetric)
+    {
+        await PostAsJson("increment_metric", incrementMetric);
+    }
+
+    public async Task CreatePullRequest(CreatePullRequest createPullRequest)
+    {
+        await PostAsJson("create_pull_request", createPullRequest);
+    }
+
+    public async Task MarkAsProcessed(MarkAsProcessed markAsProcessed)
+    {
+        await PostAsJson("mark_as_processed", markAsProcessed);
+    }
+
+    private async Task PostAsJson(string endpoint, object body)
+    {
+        var wrappedBody = new
+        {
+            Data = body,
+        };
+        var payload = JsonSerializer.Serialize(wrappedBody, SerializerOptions);
+        var content = new StringContent(payload, Encoding.UTF8, "application/json");
+        var response = await HttpClient.PostAsync($"{_apiUrl}/update_jobs/{_jobId}/{endpoint}", content);
+        var _ = response.EnsureSuccessStatusCode();
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/IApiHandler.cs

@@ -0,0 +1,12 @@
+using NuGetUpdater.Core.Run.ApiModel;
+
+namespace NuGetUpdater.Core.Run;
+
+public interface IApiHandler
+{
+    Task RecordUpdateJobError(JobErrorBase error);
+    Task UpdateDependencyList(UpdatedDependencyList updatedDependencyList);
+    Task IncrementMetric(IncrementMetric incrementMetric);
+    Task CreatePullRequest(CreatePullRequest createPullRequest);
+    Task MarkAsProcessed(MarkAsProcessed markAsProcessed);
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/RunResult.cs

@@ -0,0 +1,13 @@
+using System.Text.Json.Serialization;
+
+using NuGetUpdater.Core.Run.ApiModel;
+
+namespace NuGetUpdater.Core.Run;
+
+public sealed record RunResult
+{
+    [JsonPropertyName("base64_dependency_files")]
+    public required DependencyFile[] Base64DependencyFiles { get; init; }
+    [JsonPropertyName("base_commit_sha")]
+    public required string BaseCommitSha { get; init; }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/RunWorker.cs

@@ -0,0 +1,328 @@
+using System.Net;
+using System.Text;
+using System.Text.Json;
+using System.Text.Json.Serialization;
+
+using NuGetUpdater.Core.Analyze;
+using NuGetUpdater.Core.Discover;
+using NuGetUpdater.Core.Run.ApiModel;
+
+namespace NuGetUpdater.Core.Run;
+
+public class RunWorker
+{
+    private readonly IApiHandler _apiHandler;
+    private readonly Logger _logger;
+
+    internal static readonly JsonSerializerOptions SerializerOptions = new()
+    {
+        PropertyNamingPolicy = JsonNamingPolicy.KebabCaseLower,
+        WriteIndented = true,
+        Converters = { new JsonStringEnumConverter() },
+    };
+
+    public RunWorker(IApiHandler apiHandler, Logger logger)
+    {
+        _apiHandler = apiHandler;
+        _logger = logger;
+    }
+
+    public async Task RunAsync(FileInfo jobFilePath, DirectoryInfo repoContentsPath, string baseCommitSha, FileInfo outputFilePath)
+    {
+        var jobFileContent = await File.ReadAllTextAsync(jobFilePath.FullName);
+        var jobWrapper = Deserialize(jobFileContent);
+        var result = await RunAsync(jobWrapper.Job, repoContentsPath, baseCommitSha);
+        var resultJson = JsonSerializer.Serialize(result, SerializerOptions);
+        await File.WriteAllTextAsync(outputFilePath.FullName, resultJson);
+    }
+
+    public Task<RunResult> RunAsync(Job job, DirectoryInfo repoContentsPath, string baseCommitSha)
+    {
+        return RunWithErrorHandlingAsync(job, repoContentsPath, baseCommitSha);
+    }
+
+    private async Task<RunResult> RunWithErrorHandlingAsync(Job job, DirectoryInfo repoContentsPath, string baseCommitSha)
+    {
+        JobErrorBase? error = null;
+        string[] lastUsedPackageSourceUrls = []; // used for error reporting below
+        var runResult = new RunResult()
+        {
+            Base64DependencyFiles = [],
+            BaseCommitSha = baseCommitSha,
+        };
+
+        try
+        {
+            MSBuildHelper.RegisterMSBuild(repoContentsPath.FullName, repoContentsPath.FullName);
+
+            var allDependencyFiles = new Dictionary<string, DependencyFile>();
+            foreach (var directory in job.GetAllDirectories())
+            {
+                var localPath = PathHelper.JoinPath(repoContentsPath.FullName, directory);
+                lastUsedPackageSourceUrls = NuGetContext.GetPackageSourceUrls(localPath);
+                var result = await RunForDirectory(job, repoContentsPath, directory, baseCommitSha);
+                foreach (var dependencyFile in result.Base64DependencyFiles)
+                {
+                    allDependencyFiles[dependencyFile.Name] = dependencyFile;
+                }
+            }
+
+            runResult = new RunResult()
+            {
+                Base64DependencyFiles = allDependencyFiles.Values.ToArray(),
+                BaseCommitSha = baseCommitSha,
+            };
+        }
+        catch (HttpRequestException ex)
+        when (ex.StatusCode == HttpStatusCode.Unauthorized || ex.StatusCode == HttpStatusCode.Forbidden)
+        {
+            error = new PrivateSourceAuthenticationFailure()
+            {
+                Details = $"({string.Join("|", lastUsedPackageSourceUrls)})",
+            };
+        }
+        catch (MissingFileException ex)
+        {
+            error = new DependencyFileNotFound()
+            {
+                Details = ex.FilePath,
+            };
+        }
+        catch (Exception ex)
+        {
+            error = new UnknownError()
+            {
+                Details = ex.ToString(),
+            };
+        }
+
+        if (error is not null)
+        {
+            await _apiHandler.RecordUpdateJobError(error);
+        }
+
+        await _apiHandler.MarkAsProcessed(new() { BaseCommitSha = baseCommitSha });
+
+        return runResult;
+    }
+
+    private async Task<RunResult> RunForDirectory(Job job, DirectoryInfo repoContentsPath, string repoDirectory, string baseCommitSha)
+    {
+        var discoveryWorker = new DiscoveryWorker(_logger);
+        var discoveryResult = await discoveryWorker.RunAsync(repoContentsPath.FullName, repoDirectory);
+
+        _logger.Log("Discovery JSON content:");
+        _logger.Log(JsonSerializer.Serialize(discoveryResult, DiscoveryWorker.SerializerOptions));
+
+        // report dependencies
+        var discoveredUpdatedDependencies = GetUpdatedDependencyListFromDiscovery(discoveryResult);
+        await _apiHandler.UpdateDependencyList(discoveredUpdatedDependencies);
+
+        // TODO: pull out relevant dependencies, then check each for updates and track the changes
+        // TODO: for each top-level dependency, _or_ specific dependency (if security, use transitive)
+        var originalDependencyFileContents = new Dictionary<string, string>();
+        var allowedUpdates = job.AllowedUpdates ?? [];
+        var actualUpdatedDependencies = new List<ReportedDependency>();
+        if (allowedUpdates.Any(a => a.UpdateType == "all"))
+        {
+            await _apiHandler.IncrementMetric(new()
+            {
+                Metric = "updater.started",
+                Tags = { ["operation"] = "group_update_all_versions" },
+            });
+
+            // track original contents for later handling
+            foreach (var project in discoveryResult.Projects)
+            {
+                // TODO: include global.json, etc.
+                var path = Path.Join(discoveryResult.Path, project.FilePath).NormalizePathToUnix().EnsurePrefix("/");
+                var localPath = Path.Join(repoContentsPath.FullName, discoveryResult.Path, project.FilePath);
+                var content = await File.ReadAllTextAsync(localPath);
+                originalDependencyFileContents[path] = content;
+            }
+
+            // do update
+            _logger.Log($"Running update in directory {repoDirectory}");
+            foreach (var project in discoveryResult.Projects)
+            {
+                foreach (var dependency in project.Dependencies.Where(d => !d.IsTransitive))
+                {
+                    if (dependency.Name == "Microsoft.NET.Sdk")
+                    {
+                        // this can't be updated
+                        // TODO: pull this out of discovery?
+                        continue;
+                    }
+
+                    if (dependency.Version is null)
+                    {
+                        // if we don't know the version, there's nothing we can do
+                        continue;
+                    }
+
+                    var analyzeWorker = new AnalyzeWorker(_logger);
+                    var dependencyInfo = new DependencyInfo()
+                    {
+                        Name = dependency.Name,
+                        Version = dependency.Version!,
+                        IsVulnerable = false,
+                        IgnoredVersions = [],
+                        Vulnerabilities = [],
+                    };
+                    var analysisResult = await analyzeWorker.RunAsync(repoContentsPath.FullName, discoveryResult, dependencyInfo);
+                    // TODO: log analysisResult
+                    if (analysisResult.CanUpdate)
+                    {
+                        // TODO: this is inefficient, but not likely causing a bottleneck
+                        var previousDependency = discoveredUpdatedDependencies.Dependencies
+                            .Single(d => d.Name == dependency.Name && d.Requirements.Single().File == Path.Join(discoveryResult.Path, project.FilePath).NormalizePathToUnix().EnsurePrefix("/"));
+                        var updatedDependency = new ReportedDependency()
+                        {
+                            Name = dependency.Name,
+                            Version = analysisResult.UpdatedVersion,
+                            Requirements =
+                            [
+                                new ReportedRequirement()
+                                {
+                                    File = Path.Join(discoveryResult.Path, project.FilePath).NormalizePathToUnix().EnsurePrefix("/"),
+                                    Requirement = analysisResult.UpdatedVersion,
+                                    Groups = previousDependency.Requirements.Single().Groups,
+                                    Source = new RequirementSource()
+                                    {
+                                        SourceUrl = analysisResult.UpdatedDependencies.Single(d => d.Name == dependency.Name).InfoUrl,
+                                    },
+                                }
+                            ],
+                            PreviousVersion = dependency.Version,
+                            PreviousRequirements = previousDependency.Requirements,
+                        };
+
+                        var updateWorker = new UpdaterWorker(_logger);
+                        var dependencyFilePath = Path.Join(discoveryResult.Path, project.FilePath).NormalizePathToUnix();
+                        var updateResult = await updateWorker.RunAsync(repoContentsPath.FullName, dependencyFilePath, dependency.Name, dependency.Version!, analysisResult.UpdatedVersion, isTransitive: false);
+                        // TODO: need to report if anything was actually updated
+                        if (updateResult.ErrorType is null || updateResult.ErrorType == ErrorType.None)
+                        {
+                            actualUpdatedDependencies.Add(updatedDependency);
+                        }
+                    }
+                }
+            }
+
+            // create PR - we need to manually check file contents; we can't easily use `git status` in tests
+            var updatedDependencyFiles = new List<DependencyFile>();
+            foreach (var project in discoveryResult.Projects)
+            {
+                var path = Path.Join(discoveryResult.Path, project.FilePath).NormalizePathToUnix().EnsurePrefix("/");
+                var localPath = Path.Join(repoContentsPath.FullName, discoveryResult.Path, project.FilePath);
+                var updatedContent = await File.ReadAllTextAsync(localPath);
+                var originalContent = originalDependencyFileContents[path];
+                if (updatedContent != originalContent)
+                {
+                    updatedDependencyFiles.Add(new DependencyFile()
+                    {
+                        Name = project.FilePath,
+                        Content = updatedContent,
+                        Directory = discoveryResult.Path,
+                    });
+                }
+            }
+
+            if (updatedDependencyFiles.Count > 0)
+            {
+                var createPullRequest = new CreatePullRequest()
+                {
+                    Dependencies = actualUpdatedDependencies.ToArray(),
+                    UpdatedDependencyFiles = updatedDependencyFiles.ToArray(),
+                    BaseCommitSha = baseCommitSha,
+                    CommitMessage = "TODO: message",
+                    PrTitle = "TODO: title",
+                    PrBody = "TODO: body",
+                };
+                await _apiHandler.CreatePullRequest(createPullRequest);
+                // TODO: log updated dependencies to console
+            }
+            else
+            {
+                // TODO: log or throw if nothing was updated, but was expected to be
+            }
+        }
+        else
+        {
+            // TODO: throw if no updates performed
+        }
+
+        var result = new RunResult()
+        {
+            Base64DependencyFiles = originalDependencyFileContents.Select(kvp => new DependencyFile()
+            {
+                Name = Path.GetFileName(kvp.Key),
+                Content = Convert.ToBase64String(Encoding.UTF8.GetBytes(kvp.Value)),
+                Directory = Path.GetDirectoryName(kvp.Key)!.NormalizePathToUnix(),
+            }).ToArray(),
+            BaseCommitSha = baseCommitSha,
+        };
+        return result;
+    }
+
+    internal static UpdatedDependencyList GetUpdatedDependencyListFromDiscovery(WorkspaceDiscoveryResult discoveryResult)
+    {
+        string GetFullRepoPath(string path)
+        {
+            // ensures `path\to\file` is `/path/to/file`
+            return Path.Join(discoveryResult.Path, path).NormalizePathToUnix().NormalizeUnixPathParts().EnsurePrefix("/");
+        }
+
+        var auxiliaryFiles = new List<string>();
+        if (discoveryResult.GlobalJson is not null)
+        {
+            auxiliaryFiles.Add(GetFullRepoPath(discoveryResult.GlobalJson.FilePath));
+        }
+        if (discoveryResult.DotNetToolsJson is not null)
+        {
+            auxiliaryFiles.Add(GetFullRepoPath(discoveryResult.DotNetToolsJson.FilePath));
+        }
+        if (discoveryResult.DirectoryPackagesProps is not null)
+        {
+            auxiliaryFiles.Add(GetFullRepoPath(discoveryResult.DirectoryPackagesProps.FilePath));
+        }
+
+        var updatedDependencyList = new UpdatedDependencyList()
+        {
+            Dependencies = discoveryResult.Projects.SelectMany(p =>
+            {
+                return p.Dependencies.Where(d => d.Version is not null).Select(d =>
+                    new ReportedDependency()
+                    {
+                        Name = d.Name,
+                        Requirements = d.IsTransitive ? [] : [new ReportedRequirement()
+                        {
+                            File = GetFullRepoPath(p.FilePath),
+                            Requirement = d.Version!,
+                            Groups = ["dependencies"],
+                        }],
+                        Version = d.Version,
+                    }
+                );
+            }).ToArray(),
+            DependencyFiles = discoveryResult.Projects.Select(p => GetFullRepoPath(p.FilePath)).Concat(auxiliaryFiles).ToArray(),
+        };
+        return updatedDependencyList;
+    }
+
+    public static JobFile Deserialize(string json)
+    {
+        var jobFile = JsonSerializer.Deserialize<JobFile>(json, SerializerOptions);
+        if (jobFile is null)
+        {
+            throw new InvalidOperationException("Unable to deserialize job wrapper.");
+        }
+
+        if (jobFile.Job.PackageManager != "nuget")
+        {
+            throw new InvalidOperationException("Package manager must be 'nuget'");
+        }
+
+        return jobFile;
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/LockFileUpdater.cs

@@ -0,0 +1,28 @@
+namespace NuGetUpdater.Core;
+
+internal static class LockFileUpdater
+{
+    public static async Task UpdateLockFileAsync(
+        string repoRootPath,
+        string projectPath,
+        Logger logger)
+    {
+        var projectDirectory = Path.GetDirectoryName(projectPath);
+        var lockPath = Path.Combine(projectDirectory, "packages.lock.json");
+        logger.Log($"    Updating lock file");
+        if (!File.Exists(lockPath))
+        {
+            logger.Log($"      File [{Path.GetRelativePath(repoRootPath, lockPath)}] does not exist.");
+            return;
+        }
+
+        await MSBuildHelper.SidelineGlobalJsonAsync(projectDirectory, repoRootPath, async () =>
+        {
+            var (exitCode, stdout, stderr) = await ProcessEx.RunAsync("dotnet", ["restore", "--force-evaluate", projectPath], workingDirectory: projectDirectory);
+            if (exitCode != 0)
+            {
+                logger.Log($"      Lock file update failed.\nSTDOUT:\n{stdout}\nSTDERR:\n{stderr}");
+            }
+        }, retainMSBuildSdks: true);
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/SdkPackageUpdater.cs

@@ -231,7 +231,7 @@ internal static class SdkPackageUpdater
             logger.Log($"    Adding [{dependencyName}/{newDependencyVersion}] as a top-level package reference.");
 
             // see https://learn.microsoft.com/nuget/consume-packages/install-use-packages-dotnet-cli
-            var (exitCode, stdout, stderr) = await ProcessEx.RunAsync("dotnet", $"add {projectPath} package {dependencyName} --version {newDependencyVersion}", workingDirectory: projectDirectory);
+            var (exitCode, stdout, stderr) = await ProcessEx.RunAsync("dotnet", ["add", projectPath, "package", dependencyName, "--version", newDependencyVersion], workingDirectory: projectDirectory);
             MSBuildHelper.ThrowOnUnauthenticatedFeed(stdout);
             if (exitCode != 0)
             {