dependabot-nuget 0.278.0 → 0.279.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d29298584fd13989b51d63574bc462c199b1db8144a2a28b6c893ae90bf41dec
-  data.tar.gz: f2fc3a71de6471f5cca05fe294ce492bb4dbb1837ce2feb03bf40cfcec9ff4cb
+  metadata.gz: 644fb3ec407649eb15e5e9ab7be78a85f8f03900adcc93819e3be781610cf78e
+  data.tar.gz: 408ef4e6a5d517d159256429a2d68d61bc0e0188e3f0c13a4c0aa6b00b55e74b
 SHA512:
-  metadata.gz: 80ad942cbaf12ad2bec0eacf04124a26cb37b4a8f54cda4f3290f9a4b8c776f16a907cd963099634be43d925c64f0bef54ef5247632360954e9e28064bcda676
-  data.tar.gz: f413dfafd425032365e31d9c0969a94c6c8ac8195efe0de8b922ab464575fac246276012a6ceca8b1f9f55b10e3d8fb49d9cd5c4390f281674782a04a91b15ca
+  metadata.gz: 25125733df999707391798277975f970cfcf4bd87809165612d600a245d758e9bad553e046c8a0ff566446a90426c6719fedffa3a82139212c6f106de412bea7
+  data.tar.gz: 5db427ffb67c418e0f99dcc3f83a5f320a7fc3aaff177425a5c32d9b48b3296495c9fdc5f0fbd0959c2da0cc0b35132a532b1ec83af494950df15d3fa076435e

data/helpers/build

@@ -32,7 +32,7 @@ cd "$install_dir/lib/NuGetUpdater/NuGetUpdater.Cli"
 dotnet publish \
     --configuration Release \
     --output "$install_dir/NuGetUpdater" \
-    --framework net8.0 \
+    --framework net9.0 \
     --runtime "$os-$arch"
 dotnet clean
 

data/helpers/lib/NuGetUpdater/.editorconfig

@@ -20,6 +20,7 @@ tab_width = 4
 
 # New line preferences
 insert_final_newline = true
+end_of_line = lf
 
 #### .NET Coding Conventions ####
 [*.{cs,vb}]

data/helpers/lib/NuGetUpdater/Directory.Build.props

@@ -1,6 +1,7 @@
 <Project>
 
   <PropertyGroup>
+    <CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
     <NoWarn>$(NoWarn);NU1701</NoWarn>
     <Nullable>enable</Nullable>
   </PropertyGroup>

data/helpers/lib/NuGetUpdater/Directory.Common.props

@@ -9,7 +9,7 @@
             NuGetUpdater\NuGetUpdater.Core\FrameworkChecker\SupportedFrameworks.cs
       2. Update tests as needed at `NuGetUpdater\NuGetUpdater.Core.Test\FrameworkChecker\CompatibilityCheckerFacts.cs`
     -->
-    <CommonTargetFramework>net8.0</CommonTargetFramework>
+    <CommonTargetFramework>net9.0</CommonTargetFramework>
     <ImplicitUsings>enable</ImplicitUsings>
     <UseArtifactsOutput>true</UseArtifactsOutput>
     <ArtifactsPath>$(MSBuildThisFileDirectory)artifacts</ArtifactsPath>

data/helpers/lib/NuGetUpdater/Directory.Packages.props

@@ -7,7 +7,7 @@
   <ItemGroup>
     <PackageVersion Include="DiffPlex" Version="1.7.1" />
 
-    <PackageVersion Include="GuiLabs.Language.Xml" Version="1.2.60" />
+    <PackageVersion Include="GuiLabs.Language.Xml" Version="1.2.93" />
 
     <PackageVersion Include="Microsoft.Build.Locator" Version="1.6.1" />
     <PackageVersion Include="Microsoft.Build" Version="17.5.0" ExcludeAssets="Runtime" PrivateAssets="All" />
@@ -20,6 +20,11 @@
     <PackageVersion Include="NuGet.Core" Version="2.14.0-rtm-832" Aliases="CoreV2" />
 
     <PackageVersion Include="System.CommandLine" Version="2.0.0-beta4.22272.1" />
+    <PackageVersion Include="System.Net.Http" Version="4.3.4" />
+    <PackageVersion Include="System.Formats.Asn1" Version="8.0.1" />
+    <PackageVersion Include="System.Security.Cryptography.Pkcs" Version="8.0.0" />
+    <PackageVersion Include="System.Text.Json" Version="8.0.4" />
+    <PackageVersion Include="System.Text.RegularExpressions" Version="4.3.1" />
 
     <PackageVersion Include="xunit" Version="2.4.2" />
     <PackageVersion Include="xunit.runner.visualstudio" Version="2.4.5" />

data/helpers/lib/NuGetUpdater/NuGetUpdater.Cli.Test/EntryPointTests.Update.cs

@@ -352,8 +352,7 @@ public partial class EntryPointTests
                 </Project>
                 """);
             var executableName = Path.Join(Path.GetDirectoryName(GetType().Assembly.Location), "NuGetUpdater.Cli.dll");
-            var executableArgs = string.Join(" ",
-            [
+            IEnumerable<string> executableArgs = [
                 executableName,
                 "update",
                 "--repo-root",
@@ -367,7 +366,7 @@ public partial class EntryPointTests
                 "--previous-version",
                 "7.0.1",
                 "--verbose"
-            ]);
+            ];
 
             // verify base run
             var workingDirectory = tempDir.DirectoryPath;

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/AnalyzeWorker.cs

@@ -31,9 +31,29 @@ public partial class AnalyzeWorker
 
     public async Task RunAsync(string repoRoot, string discoveryPath, string dependencyPath, string analysisDirectory)
     {
+        AnalysisResult analysisResult;
         var discovery = await DeserializeJsonFileAsync<WorkspaceDiscoveryResult>(discoveryPath, nameof(WorkspaceDiscoveryResult));
         var dependencyInfo = await DeserializeJsonFileAsync<DependencyInfo>(dependencyPath, nameof(DependencyInfo));
-        var analysisResult = await RunAsync(repoRoot, discovery, dependencyInfo);
+
+        try
+        {
+            analysisResult = await RunAsync(repoRoot, discovery, dependencyInfo);
+        }
+        catch (HttpRequestException ex)
+        when (ex.StatusCode == HttpStatusCode.Unauthorized || ex.StatusCode == HttpStatusCode.Forbidden)
+        {
+            var localPath = PathHelper.JoinPath(repoRoot, discovery.Path);
+            var nugetContext = new NuGetContext(localPath);
+            analysisResult = new AnalysisResult
+            {
+                ErrorType = ErrorType.AuthenticationFailure,
+                ErrorDetails = "(" + string.Join("|", nugetContext.PackageSources.Select(s => s.Source)) + ")",
+                UpdatedVersion = string.Empty,
+                CanUpdate = false,
+                UpdatedDependencies = [],
+            };
+        }
+
         await WriteResultsAsync(analysisDirectory, dependencyInfo.Name, analysisResult, _logger);
     }
 
@@ -68,100 +88,84 @@ public partial class AnalyzeWorker
         var isUpdateNecessary = isProjectUpdateNecessary || dotnetToolsHasDependency || globalJsonHasDependency;
         using var nugetContext = new NuGetContext(startingDirectory);
         AnalysisResult analysisResult;
-        try
+        if (isUpdateNecessary)
         {
-            if (isUpdateNecessary)
+            _logger.Log($"  Determining multi-dependency property.");
+            var multiDependencies = DetermineMultiDependencyDetails(
+                discovery,
+                dependencyInfo.Name,
+                propertyBasedDependencies);
+
+            usesMultiDependencyProperty = multiDependencies.Any(md => md.DependencyNames.Count > 1);
+            var dependenciesToUpdate = usesMultiDependencyProperty
+                ? multiDependencies
+                    .SelectMany(md => md.DependencyNames)
+                    .ToImmutableHashSet(StringComparer.OrdinalIgnoreCase)
+                : [dependencyInfo.Name];
+            var applicableTargetFrameworks = usesMultiDependencyProperty
+                ? multiDependencies
+                    .SelectMany(md => md.TargetFrameworks)
+                    .ToImmutableHashSet(StringComparer.OrdinalIgnoreCase)
+                    .Select(NuGetFramework.Parse)
+                    .ToImmutableArray()
+                : projectFrameworks;
+
+            _logger.Log($"  Finding updated version.");
+            updatedVersion = await FindUpdatedVersionAsync(
+                startingDirectory,
+                dependencyInfo,
+                dependenciesToUpdate,
+                applicableTargetFrameworks,
+                nugetContext,
+                _logger,
+                CancellationToken.None);
+
+            _logger.Log($"  Finding updated peer dependencies.");
+            if (updatedVersion is null)
+            {
+                updatedDependencies = [];
+            }
+            else if (isProjectUpdateNecessary)
             {
-                _logger.Log($"  Determining multi-dependency property.");
-                var multiDependencies = DetermineMultiDependencyDetails(
+                updatedDependencies = await FindUpdatedDependenciesAsync(
+                    repoRoot,
                     discovery,
-                    dependencyInfo.Name,
-                    propertyBasedDependencies);
-
-                usesMultiDependencyProperty = multiDependencies.Any(md => md.DependencyNames.Count > 1);
-                var dependenciesToUpdate = usesMultiDependencyProperty
-                    ? multiDependencies
-                        .SelectMany(md => md.DependencyNames)
-                        .ToImmutableHashSet(StringComparer.OrdinalIgnoreCase)
-                    : [dependencyInfo.Name];
-                var applicableTargetFrameworks = usesMultiDependencyProperty
-                    ? multiDependencies
-                        .SelectMany(md => md.TargetFrameworks)
-                        .ToImmutableHashSet(StringComparer.OrdinalIgnoreCase)
-                        .Select(NuGetFramework.Parse)
-                        .ToImmutableArray()
-                    : projectFrameworks;
-
-                _logger.Log($"  Finding updated version.");
-                updatedVersion = await FindUpdatedVersionAsync(
-                    startingDirectory,
-                    dependencyInfo,
                     dependenciesToUpdate,
-                    applicableTargetFrameworks,
+                    updatedVersion,
                     nugetContext,
                     _logger,
                     CancellationToken.None);
-
-                _logger.Log($"  Finding updated peer dependencies.");
-                if (updatedVersion is null)
-                {
-                    updatedDependencies = [];
-                }
-                else if (isProjectUpdateNecessary)
-                {
-                    updatedDependencies = await FindUpdatedDependenciesAsync(
-                        repoRoot,
-                        discovery,
-                        dependenciesToUpdate,
-                        updatedVersion,
-                        nugetContext,
-                        _logger,
-                        CancellationToken.None);
-                }
-                else if (dotnetToolsHasDependency)
-                {
-                    var infoUrl = await nugetContext.GetPackageInfoUrlAsync(dependencyInfo.Name, updatedVersion.ToNormalizedString(), CancellationToken.None);
-                    updatedDependencies = [new Dependency(dependencyInfo.Name, updatedVersion.ToNormalizedString(), DependencyType.DotNetTool, IsDirect: true, InfoUrl: infoUrl)];
-                }
-                else if (globalJsonHasDependency)
-                {
-                    var infoUrl = await nugetContext.GetPackageInfoUrlAsync(dependencyInfo.Name, updatedVersion.ToNormalizedString(), CancellationToken.None);
-                    updatedDependencies = [new Dependency(dependencyInfo.Name, updatedVersion.ToNormalizedString(), DependencyType.MSBuildSdk, IsDirect: true, InfoUrl: infoUrl)];
-                }
-                else
-                {
-                    throw new InvalidOperationException("Unreachable.");
-                }
-
-                //TODO: At this point we should add the peer dependencies to a queue where
-                // we will analyze them one by one to see if they themselves are part of a
-                // multi-dependency property. Basically looping this if-body until we have
-                // emptied the queue and have a complete list of updated dependencies. We
-                // should track the dependenciesToUpdate as they have already been analyzed.
             }
-
-            analysisResult = new AnalysisResult
+            else if (dotnetToolsHasDependency)
             {
-                UpdatedVersion = updatedVersion?.ToNormalizedString() ?? dependencyInfo.Version,
-                CanUpdate = updatedVersion is not null,
-                VersionComesFromMultiDependencyProperty = usesMultiDependencyProperty,
-                UpdatedDependencies = updatedDependencies,
-            };
-        }
-        catch (HttpRequestException ex)
-        when (ex.StatusCode == HttpStatusCode.Unauthorized || ex.StatusCode == HttpStatusCode.Forbidden)
-        {
-            // TODO: consolidate this error handling between AnalyzeWorker, DiscoveryWorker, and UpdateWorker
-            analysisResult = new AnalysisResult
+                var infoUrl = await nugetContext.GetPackageInfoUrlAsync(dependencyInfo.Name, updatedVersion.ToNormalizedString(), CancellationToken.None);
+                updatedDependencies = [new Dependency(dependencyInfo.Name, updatedVersion.ToNormalizedString(), DependencyType.DotNetTool, IsDirect: true, InfoUrl: infoUrl)];
+            }
+            else if (globalJsonHasDependency)
             {
-                ErrorType = ErrorType.AuthenticationFailure,
-                ErrorDetails = "(" + string.Join("|", nugetContext.PackageSources.Select(s => s.Source)) + ")",
-                UpdatedVersion = string.Empty,
-                CanUpdate = false,
-                UpdatedDependencies = [],
-            };
+                var infoUrl = await nugetContext.GetPackageInfoUrlAsync(dependencyInfo.Name, updatedVersion.ToNormalizedString(), CancellationToken.None);
+                updatedDependencies = [new Dependency(dependencyInfo.Name, updatedVersion.ToNormalizedString(), DependencyType.MSBuildSdk, IsDirect: true, InfoUrl: infoUrl)];
+            }
+            else
+            {
+                throw new InvalidOperationException("Unreachable.");
+            }
+
+            //TODO: At this point we should add the peer dependencies to a queue where
+            // we will analyze them one by one to see if they themselves are part of a
+            // multi-dependency property. Basically looping this if-body until we have
+            // emptied the queue and have a complete list of updated dependencies. We
+            // should track the dependenciesToUpdate as they have already been analyzed.
         }
 
+        analysisResult = new AnalysisResult
+        {
+            UpdatedVersion = updatedVersion?.ToNormalizedString() ?? dependencyInfo.Version,
+            CanUpdate = updatedVersion is not null,
+            VersionComesFromMultiDependencyProperty = usesMultiDependencyProperty,
+            UpdatedDependencies = updatedDependencies,
+        };
+
         _logger.Log($"Analysis complete.");
         return analysisResult;
     }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/Requirement.cs

@@ -52,10 +52,10 @@ public abstract class Requirement
 
     public static Requirement Parse(string requirement)
     {
-        var specificParts = requirement.Split(',');
+        var specificParts = requirement.Split(',').Where(p => !string.IsNullOrWhiteSpace(p)).ToArray();
         if (specificParts.Length == 1)
         {
-            return IndividualRequirement.ParseIndividual(requirement);
+            return IndividualRequirement.ParseIndividual(specificParts[0]);
         }
 
         var specificRequirements = specificParts.Select(IndividualRequirement.ParseIndividual).ToArray();

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/DiscoveryWorker.cs

@@ -30,7 +30,29 @@ public partial class DiscoveryWorker
         _logger = logger;
     }
 
-    public async Task<WorkspaceDiscoveryResult> RunAsync(string repoRootPath, string workspacePath)
+    public async Task RunAsync(string repoRootPath, string workspacePath, string outputPath)
+    {
+        WorkspaceDiscoveryResult result;
+        try
+        {
+            result = await RunAsync(repoRootPath, workspacePath);
+        }
+        catch (HttpRequestException ex)
+        when (ex.StatusCode == HttpStatusCode.Unauthorized || ex.StatusCode == HttpStatusCode.Forbidden)
+        {
+            result = new WorkspaceDiscoveryResult
+            {
+                ErrorType = ErrorType.AuthenticationFailure,
+                ErrorDetails = "(" + string.Join("|", NuGetContext.GetPackageSourceUrls(PathHelper.JoinPath(repoRootPath, workspacePath))) + ")",
+                Path = workspacePath,
+                Projects = [],
+            };
+        }
+
+        await WriteResultsAsync(repoRootPath, outputPath, result);
+    }
+
+    internal async Task<WorkspaceDiscoveryResult> RunAsync(string repoRootPath, string workspacePath)
     {
         MSBuildHelper.RegisterMSBuild(Environment.CurrentDirectory, repoRootPath);
 
@@ -51,69 +73,48 @@ public partial class DiscoveryWorker
         ImmutableArray<ProjectDiscoveryResult> projectResults = [];
         WorkspaceDiscoveryResult result;
 
-        try
+        if (Directory.Exists(workspacePath))
         {
-            if (Directory.Exists(workspacePath))
-            {
-                _logger.Log($"Discovering build files in workspace [{workspacePath}].");
+            _logger.Log($"Discovering build files in workspace [{workspacePath}].");
 
-                dotNetToolsJsonDiscovery = DotNetToolsJsonDiscovery.Discover(repoRootPath, workspacePath, _logger);
-                globalJsonDiscovery = GlobalJsonDiscovery.Discover(repoRootPath, workspacePath, _logger);
+            dotNetToolsJsonDiscovery = DotNetToolsJsonDiscovery.Discover(repoRootPath, workspacePath, _logger);
+            globalJsonDiscovery = GlobalJsonDiscovery.Discover(repoRootPath, workspacePath, _logger);
 
-                if (globalJsonDiscovery is not null)
-                {
-                    await TryRestoreMSBuildSdksAsync(repoRootPath, workspacePath, globalJsonDiscovery.Dependencies, _logger);
-                }
+            if (globalJsonDiscovery is not null)
+            {
+                await TryRestoreMSBuildSdksAsync(repoRootPath, workspacePath, globalJsonDiscovery.Dependencies, _logger);
+            }
 
-                // this next line should throw or something
-                projectResults = await RunForDirectoryAsnyc(repoRootPath, workspacePath);
+            // this next line should throw or something
+            projectResults = await RunForDirectoryAsnyc(repoRootPath, workspacePath);
 
-                directoryPackagesPropsDiscovery = DirectoryPackagesPropsDiscovery.Discover(repoRootPath, workspacePath, projectResults, _logger);
+            directoryPackagesPropsDiscovery = DirectoryPackagesPropsDiscovery.Discover(repoRootPath, workspacePath, projectResults, _logger);
 
-                if (directoryPackagesPropsDiscovery is not null)
-                {
-                    projectResults = projectResults.Remove(projectResults.First(p => p.FilePath.Equals(directoryPackagesPropsDiscovery.FilePath, StringComparison.OrdinalIgnoreCase)));
-                }
-            }
-            else
+            if (directoryPackagesPropsDiscovery is not null)
             {
-                _logger.Log($"Workspace path [{workspacePath}] does not exist.");
+                projectResults = projectResults.Remove(projectResults.First(p => p.FilePath.Equals(directoryPackagesPropsDiscovery.FilePath, StringComparison.OrdinalIgnoreCase)));
             }
-
-            result = new WorkspaceDiscoveryResult
-            {
-                Path = initialWorkspacePath,
-                DotNetToolsJson = dotNetToolsJsonDiscovery,
-                GlobalJson = globalJsonDiscovery,
-                DirectoryPackagesProps = directoryPackagesPropsDiscovery,
-                Projects = projectResults.OrderBy(p => p.FilePath).ToImmutableArray(),
-            };
         }
-        catch (HttpRequestException ex)
-        when (ex.StatusCode == HttpStatusCode.Unauthorized || ex.StatusCode == HttpStatusCode.Forbidden)
+        else
         {
-            // TODO: consolidate this error handling between AnalyzeWorker, DiscoveryWorker, and UpdateWorker
-            result = new WorkspaceDiscoveryResult
-            {
-                ErrorType = ErrorType.AuthenticationFailure,
-                ErrorDetails = "(" + string.Join("|", NuGetContext.GetPackageSourceUrls(workspacePath)) + ")",
-                Path = initialWorkspacePath,
-                Projects = [],
-            };
+            _logger.Log($"Workspace path [{workspacePath}] does not exist.");
         }
 
+        result = new WorkspaceDiscoveryResult
+        {
+            Path = initialWorkspacePath,
+            DotNetToolsJson = dotNetToolsJsonDiscovery,
+            GlobalJson = globalJsonDiscovery,
+            DirectoryPackagesProps = directoryPackagesPropsDiscovery,
+            Projects = projectResults.OrderBy(p => p.FilePath).ToImmutableArray(),
+        };
+
         _logger.Log("Discovery complete.");
         _processedProjectPaths.Clear();
 
         return result;
     }
 
-    public async Task RunAsync(string repoRootPath, string workspacePath, string outputPath)
-    {
-        var result = await RunAsync(repoRootPath, workspacePath);
-        await WriteResultsAsync(repoRootPath, outputPath, result);
-    }
-
     /// <summary>
     /// Restores MSBuild SDKs from the given dependencies.
     /// </summary>

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/DependencyFileNotFound.cs

@@ -0,0 +1,6 @@
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public record DependencyFileNotFound : JobErrorBase
+{
+    public override string Type => "dependency_file_not_found";
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/JobErrorBase.cs

@@ -0,0 +1,11 @@
+using System.Text.Json.Serialization;
+
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public abstract record JobErrorBase
+{
+    [JsonPropertyName("error-type")]
+    public abstract string Type { get; }
+    [JsonPropertyName("error-details")]
+    public required string Details { get; init; }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/PrivateSourceAuthenticationFailure.cs

@@ -0,0 +1,6 @@
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public record PrivateSourceAuthenticationFailure : JobErrorBase
+{
+    public override string Type => "private_source_authentication_failure";
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/UnknownError.cs

@@ -0,0 +1,6 @@
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public record UnknownError : JobErrorBase
+{
+    public override string Type => "unknown_error";
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/HttpApiHandler.cs

@@ -25,6 +25,11 @@ public class HttpApiHandler : IApiHandler
         _jobId = jobId;
     }
 
+    public async Task RecordUpdateJobError(JobErrorBase error)
+    {
+        await PostAsJson("record_update_job_error", error);
+    }
+
     public async Task UpdateDependencyList(UpdatedDependencyList updatedDependencyList)
     {
         await PostAsJson("update_dependency_list", updatedDependencyList);

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/IApiHandler.cs

@@ -4,6 +4,7 @@ namespace NuGetUpdater.Core.Run;
 
 public interface IApiHandler
 {
+    Task RecordUpdateJobError(JobErrorBase error);
     Task UpdateDependencyList(UpdatedDependencyList updatedDependencyList);
     Task IncrementMetric(IncrementMetric incrementMetric);
     Task CreatePullRequest(CreatePullRequest createPullRequest);

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/RunWorker.cs

@@ -1,3 +1,4 @@
+using System.Net;
 using System.Text;
 using System.Text.Json;
 using System.Text.Json.Serialization;
@@ -35,25 +36,73 @@ public class RunWorker
         await File.WriteAllTextAsync(outputFilePath.FullName, resultJson);
     }
 
-    public async Task<RunResult> RunAsync(Job job, DirectoryInfo repoContentsPath, string baseCommitSha)
+    public Task<RunResult> RunAsync(Job job, DirectoryInfo repoContentsPath, string baseCommitSha)
     {
-        MSBuildHelper.RegisterMSBuild(repoContentsPath.FullName, repoContentsPath.FullName);
+        return RunWithErrorHandlingAsync(job, repoContentsPath, baseCommitSha);
+    }
+
+    private async Task<RunResult> RunWithErrorHandlingAsync(Job job, DirectoryInfo repoContentsPath, string baseCommitSha)
+    {
+        JobErrorBase? error = null;
+        string[] lastUsedPackageSourceUrls = []; // used for error reporting below
+        var runResult = new RunResult()
+        {
+            Base64DependencyFiles = [],
+            BaseCommitSha = baseCommitSha,
+        };
 
-        var allDependencyFiles = new Dictionary<string, DependencyFile>();
-        foreach (var directory in job.GetAllDirectories())
+        try
         {
-            var result = await RunForDirectory(job, repoContentsPath, directory, baseCommitSha);
-            foreach (var dependencyFile in result.Base64DependencyFiles)
+            MSBuildHelper.RegisterMSBuild(repoContentsPath.FullName, repoContentsPath.FullName);
+
+            var allDependencyFiles = new Dictionary<string, DependencyFile>();
+            foreach (var directory in job.GetAllDirectories())
             {
-                allDependencyFiles[dependencyFile.Name] = dependencyFile;
+                var localPath = PathHelper.JoinPath(repoContentsPath.FullName, directory);
+                lastUsedPackageSourceUrls = NuGetContext.GetPackageSourceUrls(localPath);
+                var result = await RunForDirectory(job, repoContentsPath, directory, baseCommitSha);
+                foreach (var dependencyFile in result.Base64DependencyFiles)
+                {
+                    allDependencyFiles[dependencyFile.Name] = dependencyFile;
+                }
             }
+
+            runResult = new RunResult()
+            {
+                Base64DependencyFiles = allDependencyFiles.Values.ToArray(),
+                BaseCommitSha = baseCommitSha,
+            };
+        }
+        catch (HttpRequestException ex)
+        when (ex.StatusCode == HttpStatusCode.Unauthorized || ex.StatusCode == HttpStatusCode.Forbidden)
+        {
+            error = new PrivateSourceAuthenticationFailure()
+            {
+                Details = $"({string.Join("|", lastUsedPackageSourceUrls)})",
+            };
+        }
+        catch (MissingFileException ex)
+        {
+            error = new DependencyFileNotFound()
+            {
+                Details = ex.FilePath,
+            };
+        }
+        catch (Exception ex)
+        {
+            error = new UnknownError()
+            {
+                Details = ex.ToString(),
+            };
         }
 
-        var runResult = new RunResult()
+        if (error is not null)
         {
-            Base64DependencyFiles = allDependencyFiles.Values.ToArray(),
-            BaseCommitSha = baseCommitSha,
-        };
+            await _apiHandler.RecordUpdateJobError(error);
+        }
+
+        await _apiHandler.MarkAsProcessed(new() { BaseCommitSha = baseCommitSha });
+
         return runResult;
     }
 
@@ -61,7 +110,6 @@ public class RunWorker
     {
         var discoveryWorker = new DiscoveryWorker(_logger);
         var discoveryResult = await discoveryWorker.RunAsync(repoContentsPath.FullName, repoDirectory);
-        // TODO: check discoveryResult.ErrorType
 
         _logger.Log("Discovery JSON content:");
         _logger.Log(JsonSerializer.Serialize(discoveryResult, DiscoveryWorker.SerializerOptions));
@@ -123,7 +171,6 @@ public class RunWorker
                     };
                     var analysisResult = await analyzeWorker.RunAsync(repoContentsPath.FullName, discoveryResult, dependencyInfo);
                     // TODO: log analysisResult
-                    // TODO: check analysisResult.ErrorType
                     if (analysisResult.CanUpdate)
                     {
                         // TODO: this is inefficient, but not likely causing a bottleneck
@@ -153,7 +200,6 @@ public class RunWorker
                         var updateWorker = new UpdaterWorker(_logger);
                         var dependencyFilePath = Path.Join(discoveryResult.Path, project.FilePath).NormalizePathToUnix();
                         var updateResult = await updateWorker.RunAsync(repoContentsPath.FullName, dependencyFilePath, dependency.Name, dependency.Version!, analysisResult.UpdatedVersion, isTransitive: false);
-                        // TODO: check specific contents of result.ErrorType
                         // TODO: need to report if anything was actually updated
                         if (updateResult.ErrorType is null || updateResult.ErrorType == ErrorType.None)
                         {
@@ -206,7 +252,6 @@ public class RunWorker
             // TODO: throw if no updates performed
         }
 
-        await _apiHandler.MarkAsProcessed(new() { BaseCommitSha = baseCommitSha });
         var result = new RunResult()
         {
             Base64DependencyFiles = originalDependencyFileContents.Select(kvp => new DependencyFile()

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/LockFileUpdater.cs

@@ -18,7 +18,7 @@ internal static class LockFileUpdater
 
         await MSBuildHelper.SidelineGlobalJsonAsync(projectDirectory, repoRootPath, async () =>
         {
-            var (exitCode, stdout, stderr) = await ProcessEx.RunAsync("dotnet", $"restore --force-evaluate {projectPath}", workingDirectory: projectDirectory);
+            var (exitCode, stdout, stderr) = await ProcessEx.RunAsync("dotnet", ["restore", "--force-evaluate", projectPath], workingDirectory: projectDirectory);
             if (exitCode != 0)
             {
                 logger.Log($"      Lock file update failed.\nSTDOUT:\n{stdout}\nSTDERR:\n{stderr}");

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/SdkPackageUpdater.cs

@@ -231,7 +231,7 @@ internal static class SdkPackageUpdater
             logger.Log($"    Adding [{dependencyName}/{newDependencyVersion}] as a top-level package reference.");
 
             // see https://learn.microsoft.com/nuget/consume-packages/install-use-packages-dotnet-cli
-            var (exitCode, stdout, stderr) = await ProcessEx.RunAsync("dotnet", $"add {projectPath} package {dependencyName} --version {newDependencyVersion}", workingDirectory: projectDirectory);
+            var (exitCode, stdout, stderr) = await ProcessEx.RunAsync("dotnet", ["add", projectPath, "package", dependencyName, "--version", newDependencyVersion], workingDirectory: projectDirectory);
             MSBuildHelper.ThrowOnUnauthenticatedFeed(stdout);
             if (exitCode != 0)
             {