dependabot-nuget 0.283.0 → 0.285.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6a3154a8f2ecd254dc3463bcca6f6e188e033bcf1d6aea863090f348035a9fe8
-  data.tar.gz: 480467b2e57d224ed646f81cd6614fbad2af03154ba07fc0dc4dde36d2ab3440
+  metadata.gz: d8dd6e625e132b28270ffbff6c1af11b0173e3a786a1f6518080c20adc028ac2
+  data.tar.gz: 7afe9afdd9b8ab5ae40372ac51fb292efce75ed4d4b5ba7fee96468e00e835bc
 SHA512:
-  metadata.gz: 8b56eff2a40277413354577fe830f472bf0c46e72ba22cd948f207de01e2c3e0990ba84f60af648ba5e833fe209f8a7cc46b1172aa44987da2a3a6669cab9df5
-  data.tar.gz: 3f0bec73a56ac9e6eeed3e61eee12b0dcac72875325b6e543797b893a7dcbc4e2099f318c8822c115e9db810560df61179f0df68c6008d2474d9b0569a116fb7
+  metadata.gz: 0d9b4fdc7ba52be531cb199699324e7be1a68ae6a698619e961535f0cdb993833cc06e6e4f0df7a88f5b12e3a8bb06627a5ba2233e24bcafa4ade1badcf6a2bf
+  data.tar.gz: e9619a91fc865a8aa45a812a923f089a10e67f0be0c8588908206726e4e2b6d95ee1626cc0897d3dad5c5aca1a2e89f1c657e25a9137d4f186e05a7813b3e34c

data/helpers/lib/NuGetUpdater/NuGetUpdater.Cli/Commands/CloneCommand.cs

@@ -0,0 +1,40 @@
+using System.CommandLine;
+
+using NuGetUpdater.Core;
+using NuGetUpdater.Core.Clone;
+using NuGetUpdater.Core.Run;
+
+namespace NuGetUpdater.Cli.Commands;
+
+internal static class CloneCommand
+{
+    internal static readonly Option<FileInfo> JobPathOption = new("--job-path") { IsRequired = true };
+    internal static readonly Option<DirectoryInfo> RepoContentsPathOption = new("--repo-contents-path") { IsRequired = true };
+    internal static readonly Option<Uri> ApiUrlOption = new("--api-url") { IsRequired = true };
+    internal static readonly Option<string> JobIdOption = new("--job-id") { IsRequired = true };
+
+    internal static Command GetCommand(Action<int> setExitCode)
+    {
+        var command = new Command("clone", "Clones a repository in preparation for a dependabot job.")
+        {
+            JobPathOption,
+            RepoContentsPathOption,
+            ApiUrlOption,
+            JobIdOption,
+        };
+
+        command.TreatUnmatchedTokensAsErrors = true;
+
+        command.SetHandler(async (jobPath, repoContentsPath, apiUrl, jobId) =>
+        {
+            var apiHandler = new HttpApiHandler(apiUrl.ToString(), jobId);
+            var logger = new ConsoleLogger();
+            var gitCommandHandler = new ShellGitCommandHandler(logger);
+            var worker = new CloneWorker(apiHandler, gitCommandHandler, logger);
+            var exitCode = await worker.RunAsync(jobPath, repoContentsPath);
+            setExitCode(exitCode);
+        }, JobPathOption, RepoContentsPathOption, ApiUrlOption, JobIdOption);
+
+        return command;
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Cli/Program.cs

@@ -13,6 +13,7 @@ internal sealed class Program
 
         var command = new RootCommand
         {
+            CloneCommand.GetCommand(setExitCode),
             FrameworkCheckCommand.GetCommand(setExitCode),
             DiscoverCommand.GetCommand(setExitCode),
             AnalyzeCommand.GetCommand(setExitCode),

data/helpers/lib/NuGetUpdater/NuGetUpdater.Cli.Test/EntryPointTests.Run.cs

@@ -41,7 +41,6 @@ public partial class EntryPointTests
                 ],
                 job: new Job()
                 {
-                    PackageManager = "nuget",
                     AllowedUpdates = [
                         new()
                         {

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Clone/CloneWorker.cs

@@ -0,0 +1,144 @@
+using System.Net;
+
+using NuGetUpdater.Core.Run;
+using NuGetUpdater.Core.Run.ApiModel;
+
+using CommandArguments = (string[] Args, string? WorkingDirectory);
+
+namespace NuGetUpdater.Core.Clone;
+
+public class CloneWorker
+{
+    private readonly IApiHandler _apiHandler;
+    private readonly IGitCommandHandler _gitCommandHandler;
+    private readonly ILogger _logger;
+
+    public CloneWorker(IApiHandler apiHandler, IGitCommandHandler gitCommandHandler, ILogger logger)
+    {
+        _apiHandler = apiHandler;
+        _gitCommandHandler = gitCommandHandler;
+        _logger = logger;
+    }
+
+    // entrypoint for cli
+    public async Task<int> RunAsync(FileInfo jobFilePath, DirectoryInfo repoContentsPath)
+    {
+        var jobFileContent = await File.ReadAllTextAsync(jobFilePath.FullName);
+        var jobWrapper = RunWorker.Deserialize(jobFileContent);
+        var result = await RunAsync(jobWrapper.Job, repoContentsPath.FullName);
+        return result;
+    }
+
+    // object model entry point
+    public async Task<int> RunAsync(Job job, string repoContentsPath)
+    {
+        JobErrorBase? error = null;
+        try
+        {
+            var commandArgs = GetAllCommandArgs(job, repoContentsPath);
+            foreach (var (args, workingDirectory) in commandArgs)
+            {
+                await _gitCommandHandler.RunGitCommandAsync(args, workingDirectory);
+            }
+        }
+        catch (HttpRequestException ex)
+        when (ex.StatusCode == HttpStatusCode.Unauthorized || ex.StatusCode == HttpStatusCode.Forbidden)
+        {
+            error = new JobRepoNotFound(ex.Message);
+        }
+        catch (Exception ex)
+        {
+            error = new UnknownError(ex.ToString());
+        }
+
+        if (error is not null)
+        {
+            await _apiHandler.RecordUpdateJobError(error);
+            await _apiHandler.MarkAsProcessed(new("unknown"));
+            return 1;
+        }
+
+        return 0;
+    }
+
+    internal static CommandArguments[] GetAllCommandArgs(Job job, string repoContentsPath)
+    {
+        var commandArgs = new List<CommandArguments>()
+        {
+            GetCloneArgs(job, repoContentsPath)
+        };
+
+        if (job.Source.Commit is { } commit)
+        {
+            commandArgs.Add(GetFetchArgs(commit, repoContentsPath));
+            commandArgs.Add(GetResetArgs(commit, repoContentsPath));
+        }
+
+        return commandArgs.ToArray();
+    }
+
+    internal static CommandArguments GetCloneArgs(Job job, string repoContentsPath)
+    {
+        var url = GetRepoUrl(job);
+        var args = new List<string>()
+        {
+            "clone",
+            "--no-tags",
+            "--depth",
+            "1",
+            "--recurse-submodules",
+            "--shallow-submodules",
+        };
+
+        if (job.Source.Branch is { } branch)
+        {
+            args.Add("--branch");
+            args.Add(branch);
+            args.Add("--single-branch");
+        }
+
+        args.Add(url);
+        args.Add(repoContentsPath);
+        return (args.ToArray(), null);
+    }
+
+    internal static CommandArguments GetFetchArgs(string commit, string repoContentsPath)
+    {
+        return
+        (
+            [
+                "fetch",
+                "--depth",
+                "1",
+                "--recurse-submodules=on-demand",
+                "origin",
+                commit
+            ],
+            repoContentsPath
+        );
+    }
+
+    internal static CommandArguments GetResetArgs(string commit, string repoContentsPath)
+    {
+        return
+        (
+            [
+                "reset",
+                "--hard",
+                "--recurse-submodules",
+                commit
+            ],
+            repoContentsPath
+        );
+    }
+
+    private static string GetRepoUrl(Job job)
+    {
+        return job.Source.Provider switch
+        {
+            "azure" => $"https://dev.azure.com/{job.Source.Repo}",
+            "github" => $"https://github.com/{job.Source.Repo}",
+            _ => throw new ArgumentException($"Unknown provider: {job.Source.Provider}")
+        };
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Clone/IGitCommandHandler.cs

@@ -0,0 +1,6 @@
+namespace NuGetUpdater.Core.Clone;
+
+public interface IGitCommandHandler
+{
+    Task RunGitCommandAsync(IReadOnlyCollection<string> args, string? workingDirectory = null);
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Clone/ShellGitCommandHandler.cs

@@ -0,0 +1,37 @@
+using System.Net;
+
+namespace NuGetUpdater.Core.Clone;
+
+public class ShellGitCommandHandler : IGitCommandHandler
+{
+    private readonly ILogger _logger;
+
+    public ShellGitCommandHandler(ILogger logger)
+    {
+        _logger = logger;
+    }
+
+    public async Task RunGitCommandAsync(IReadOnlyCollection<string> args, string? workingDirectory = null)
+    {
+        _logger.Log($"Running command: git {string.Join(" ", args)}{(workingDirectory is null ? "" : $" in directory {workingDirectory}")}");
+        var (exitCode, stdout, stderr) = await ProcessEx.RunAsync("git", args, workingDirectory);
+        HandleErrorsFromOutput(stdout, stderr);
+    }
+
+    internal static void HandleErrorsFromOutput(string stdout, string stderr)
+    {
+        foreach (var output in new[] { stdout, stderr })
+        {
+            ThrowOnUnauthenticated(output);
+        }
+    }
+
+    private static void ThrowOnUnauthenticated(string output)
+    {
+        if (output.Contains("Authentication failed for") ||
+            output.Contains("could not read Username for"))
+        {
+            throw new HttpRequestException(output, inner: null, statusCode: HttpStatusCode.Unauthorized);
+        }
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/DependencyFileNotFound.cs

@@ -2,5 +2,9 @@ namespace NuGetUpdater.Core.Run.ApiModel;
 
 public record DependencyFileNotFound : JobErrorBase
 {
-    public override string Type => "dependency_file_not_found";
+    public DependencyFileNotFound(string filePath)
+        : base("dependency_file_not_found")
+    {
+        Details = filePath;
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/Job.cs

@@ -2,7 +2,7 @@ namespace NuGetUpdater.Core.Run.ApiModel;
 
 public sealed record Job
 {
-    public required string PackageManager { get; init; }
+    public string PackageManager { get; init; } = "nuget";
     public AllowedUpdate[]? AllowedUpdates { get; init; } = null;
     public bool Debug { get; init; } = false;
     public object[]? DependencyGroups { get; init; } = null;

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/JobErrorBase.cs

@@ -4,8 +4,15 @@ namespace NuGetUpdater.Core.Run.ApiModel;
 
 public abstract record JobErrorBase
 {
+    public JobErrorBase(string type)
+    {
+        Type = type;
+    }
+
     [JsonPropertyName("error-type")]
-    public abstract string Type { get; }
+    public string Type { get; }
+
     [JsonPropertyName("error-details")]
-    public required object Details { get; init; }
+    [JsonIgnore(Condition = JsonIgnoreCondition.WhenWritingNull)]
+    public object? Details { get; init; } = null;
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/JobRepoNotFound.cs

@@ -0,0 +1,13 @@
+namespace NuGetUpdater.Core.Run.ApiModel;
+
+public record JobRepoNotFound : JobErrorBase
+{
+    public JobRepoNotFound(string message)
+        : base("job_repo_not_found")
+    {
+        Details = new Dictionary<string, string>()
+        {
+            ["message"] = message
+        };
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/JobSource.cs

@@ -4,6 +4,8 @@ public sealed class JobSource
 {
     public required string Provider { get; init; }
     public required string Repo { get; init; }
+    public string? Branch { get; init; } = null;
+    public string? Commit { get; init; } = null;
     public string? Directory { get; init; } = null;
     public string[]? Directories { get; init; } = null;
     public string? Hostname { get; init; } = null;

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/MarkAsProcessed.cs

@@ -4,6 +4,11 @@ namespace NuGetUpdater.Core.Run.ApiModel;
 
 public sealed record MarkAsProcessed
 {
+    public MarkAsProcessed(string baseCommitSha)
+    {
+        BaseCommitSha = baseCommitSha;
+    }
+
     [JsonPropertyName("base-commit-sha")]
-    public required string BaseCommitSha { get; init; }
+    public string BaseCommitSha { get; }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/PrivateSourceAuthenticationFailure.cs

@@ -2,5 +2,9 @@ namespace NuGetUpdater.Core.Run.ApiModel;
 
 public record PrivateSourceAuthenticationFailure : JobErrorBase
 {
-    public override string Type => "private_source_authentication_failure";
+    public PrivateSourceAuthenticationFailure(string[] urls)
+        : base("private_source_authentication_failure")
+    {
+        Details = $"({string.Join("|", urls)})";
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/UnknownError.cs

@@ -2,5 +2,9 @@ namespace NuGetUpdater.Core.Run.ApiModel;
 
 public record UnknownError : JobErrorBase
 {
-    public override string Type => "unknown_error";
+    public UnknownError(string details)
+        : base("unknown_error")
+    {
+        Details = details;
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/UpdateNotPossible.cs

@@ -2,5 +2,9 @@ namespace NuGetUpdater.Core.Run.ApiModel;
 
 public record UpdateNotPossible : JobErrorBase
 {
-    public override string Type => "update_not_possible";
+    public UpdateNotPossible(string[] dependencies)
+        : base("update_not_possible")
+    {
+        Details = dependencies;
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/HttpApiHandler.cs

@@ -50,13 +50,19 @@ public class HttpApiHandler : IApiHandler
         await PostAsJson("mark_as_processed", markAsProcessed);
     }
 
-    private async Task PostAsJson(string endpoint, object body)
+    internal static string Serialize(object body)
     {
         var wrappedBody = new
         {
-            Data = body,
+            Data = body
         };
         var payload = JsonSerializer.Serialize(wrappedBody, SerializerOptions);
+        return payload;
+    }
+
+    private async Task PostAsJson(string endpoint, object body)
+    {
+        var payload = Serialize(body);
         var content = new StringContent(payload, Encoding.UTF8, "application/json");
         var response = await HttpClient.PostAsync($"{_apiUrl}/update_jobs/{_jobId}/{endpoint}", content);
         var _ = response.EnsureSuccessStatusCode();

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/RunWorker.cs

@@ -63,7 +63,8 @@ public class RunWorker
                 var result = await RunForDirectory(job, repoContentsPath, directory, baseCommitSha);
                 foreach (var dependencyFile in result.Base64DependencyFiles)
                 {
-                    allDependencyFiles[dependencyFile.Name] = dependencyFile;
+                    var uniqueKey = Path.GetFullPath(Path.Join(dependencyFile.Directory, dependencyFile.Name)).NormalizePathToUnix().EnsurePrefix("/");
+                    allDependencyFiles[uniqueKey] = dependencyFile;
                 }
             }
 
@@ -76,31 +77,19 @@ public class RunWorker
         catch (HttpRequestException ex)
         when (ex.StatusCode == HttpStatusCode.Unauthorized || ex.StatusCode == HttpStatusCode.Forbidden)
         {
-            error = new PrivateSourceAuthenticationFailure()
-            {
-                Details = $"({string.Join("|", lastUsedPackageSourceUrls)})",
-            };
+            error = new PrivateSourceAuthenticationFailure(lastUsedPackageSourceUrls);
         }
         catch (MissingFileException ex)
         {
-            error = new DependencyFileNotFound()
-            {
-                Details = ex.FilePath,
-            };
+            error = new DependencyFileNotFound(ex.FilePath);
         }
         catch (UpdateNotPossibleException ex)
         {
-            error = new UpdateNotPossible()
-            {
-                Details = ex.Dependencies,
-            };
+            error = new UpdateNotPossible(ex.Dependencies);
         }
         catch (Exception ex)
         {
-            error = new UnknownError()
-            {
-                Details = ex.ToString(),
-            };
+            error = new UnknownError(ex.ToString());
         }
 
         if (error is not null)
@@ -108,7 +97,7 @@ public class RunWorker
             await _apiHandler.RecordUpdateJobError(error);
         }
 
-        await _apiHandler.MarkAsProcessed(new() { BaseCommitSha = baseCommitSha });
+        await _apiHandler.MarkAsProcessed(new(baseCommitSha));
 
         return runResult;
     }
@@ -122,7 +111,7 @@ public class RunWorker
         _logger.Log(JsonSerializer.Serialize(discoveryResult, DiscoveryWorker.SerializerOptions));
 
         // report dependencies
-        var discoveredUpdatedDependencies = GetUpdatedDependencyListFromDiscovery(discoveryResult);
+        var discoveredUpdatedDependencies = GetUpdatedDependencyListFromDiscovery(discoveryResult, repoContentsPath.FullName);
         await _apiHandler.UpdateDependencyList(discoveredUpdatedDependencies);
 
         // TODO: pull out relevant dependencies, then check each for updates and track the changes
@@ -146,6 +135,16 @@ public class RunWorker
                 var localPath = Path.Join(repoContentsPath.FullName, discoveryResult.Path, project.FilePath);
                 var content = await File.ReadAllTextAsync(localPath);
                 originalDependencyFileContents[path] = content;
+
+                // track packages.config if it exists
+                var projectDirectory = Path.GetDirectoryName(project.FilePath);
+                var packagesConfigPath = Path.Join(repoContentsPath.FullName, discoveryResult.Path, projectDirectory, "packages.config");
+                var normalizedPackagesConfigPath = Path.Join(discoveryResult.Path, projectDirectory, "packages.config").NormalizePathToUnix().EnsurePrefix("/");
+                if (File.Exists(packagesConfigPath))
+                {
+                    var packagesConfigContent = await File.ReadAllTextAsync(packagesConfigPath);
+                    originalDependencyFileContents[normalizedPackagesConfigPath] = packagesConfigContent;
+                }
             }
 
             // do update
@@ -180,9 +179,15 @@ public class RunWorker
                     // TODO: log analysisResult
                     if (analysisResult.CanUpdate)
                     {
+                        var dependencyLocation = Path.GetFullPath(Path.Join(discoveryResult.Path, project.FilePath).NormalizePathToUnix().EnsurePrefix("/"));
+                        if (dependency.Type == DependencyType.PackagesConfig)
+                        {
+                            dependencyLocation = Path.Combine(Path.GetDirectoryName(dependencyLocation)!, "packages.config");
+                        }
+
                         // TODO: this is inefficient, but not likely causing a bottleneck
                         var previousDependency = discoveredUpdatedDependencies.Dependencies
-                            .Single(d => d.Name == dependency.Name && d.Requirements.Single().File == Path.Join(discoveryResult.Path, project.FilePath).NormalizePathToUnix().EnsurePrefix("/"));
+                            .Single(d => d.Name == dependency.Name && d.Requirements.Single().File == dependencyLocation);
                         var updatedDependency = new ReportedDependency()
                         {
                             Name = dependency.Name,
@@ -191,7 +196,7 @@ public class RunWorker
                             [
                                 new ReportedRequirement()
                                 {
-                                    File = Path.Join(discoveryResult.Path, project.FilePath).NormalizePathToUnix().EnsurePrefix("/"),
+                                    File = dependencyLocation,
                                     Requirement = analysisResult.UpdatedVersion,
                                     Groups = previousDependency.Requirements.Single().Groups,
                                     Source = new RequirementSource()
@@ -210,6 +215,11 @@ public class RunWorker
                         // TODO: need to report if anything was actually updated
                         if (updateResult.ErrorType is null || updateResult.ErrorType == ErrorType.None)
                         {
+                            if (dependencyLocation != dependencyFilePath)
+                            {
+                                updatedDependency.Requirements.All(r => r.File == dependencyFilePath);
+                            }
+
                             actualUpdatedDependencies.Add(updatedDependency);
                         }
                     }
@@ -220,19 +230,40 @@ public class RunWorker
             var updatedDependencyFiles = new List<DependencyFile>();
             foreach (var project in discoveryResult.Projects)
             {
-                var path = Path.Join(discoveryResult.Path, project.FilePath).NormalizePathToUnix().EnsurePrefix("/");
-                var localPath = Path.Join(repoContentsPath.FullName, discoveryResult.Path, project.FilePath);
-                var updatedContent = await File.ReadAllTextAsync(localPath);
-                var originalContent = originalDependencyFileContents[path];
-                if (updatedContent != originalContent)
+                var projectPath = Path.Join(discoveryResult.Path, project.FilePath).NormalizePathToUnix().EnsurePrefix("/");
+                var localProjectPath = Path.Join(repoContentsPath.FullName, discoveryResult.Path, project.FilePath);
+                var updatedProjectContent = await File.ReadAllTextAsync(localProjectPath);
+                var originalProjectContent = originalDependencyFileContents[projectPath];
+
+                if (updatedProjectContent != originalProjectContent)
                 {
                     updatedDependencyFiles.Add(new DependencyFile()
                     {
                         Name = project.FilePath,
-                        Content = updatedContent,
-                        Directory = discoveryResult.Path,
+                        Content = updatedProjectContent,
+                        Directory = Path.GetDirectoryName(projectPath)!.NormalizeUnixPathParts(),
                     });
                 }
+
+                var projectDirectory = Path.GetDirectoryName(project.FilePath);
+                var packagesConfigPath = Path.Join(repoContentsPath.FullName, discoveryResult.Path, projectDirectory, "packages.config");
+                var normalizedPackagesConfigPath = Path.Join(discoveryResult.Path, projectDirectory, "packages.config").NormalizePathToUnix().EnsurePrefix("/");
+
+                if (File.Exists(packagesConfigPath))
+                {
+                    var updatedPackagesConfigContent = await File.ReadAllTextAsync(packagesConfigPath);
+                    var originalPackagesConfigContent = originalDependencyFileContents[normalizedPackagesConfigPath];
+
+                    if (updatedPackagesConfigContent != originalPackagesConfigContent)
+                    {
+                        updatedDependencyFiles.Add(new DependencyFile()
+                        {
+                            Name = Path.Join(projectDirectory!, "packages.config"),
+                            Content = updatedPackagesConfigContent,
+                            Directory = Path.GetDirectoryName(normalizedPackagesConfigPath)!.NormalizeUnixPathParts(),
+                        });
+                    }
+                }
             }
 
             if (updatedDependencyFiles.Count > 0)
@@ -265,14 +296,14 @@ public class RunWorker
             {
                 Name = Path.GetFileName(kvp.Key),
                 Content = Convert.ToBase64String(Encoding.UTF8.GetBytes(kvp.Value)),
-                Directory = Path.GetDirectoryName(kvp.Key)!.NormalizePathToUnix(),
+                Directory = Path.GetFullPath(Path.GetDirectoryName(kvp.Key)!).NormalizePathToUnix(),
             }).ToArray(),
             BaseCommitSha = baseCommitSha,
         };
         return result;
     }
 
-    internal static UpdatedDependencyList GetUpdatedDependencyListFromDiscovery(WorkspaceDiscoveryResult discoveryResult)
+    internal static UpdatedDependencyList GetUpdatedDependencyListFromDiscovery(WorkspaceDiscoveryResult discoveryResult, string pathToContents)
     {
         string GetFullRepoPath(string path)
         {
@@ -294,6 +325,17 @@ public class RunWorker
             auxiliaryFiles.Add(GetFullRepoPath(discoveryResult.DirectoryPackagesProps.FilePath));
         }
 
+        foreach (var project in discoveryResult.Projects)
+        {
+            var projectDirectory = Path.GetDirectoryName(project.FilePath);
+            var pathToPackagesConfig = Path.Join(pathToContents, discoveryResult.Path, projectDirectory, "packages.config").NormalizePathToUnix().EnsurePrefix("/");
+
+            if (File.Exists(pathToPackagesConfig))
+            {
+                auxiliaryFiles.Add(GetFullRepoPath(Path.Join(projectDirectory, "packages.config")));
+            }
+        }
+
         var updatedDependencyList = new UpdatedDependencyList()
         {
             Dependencies = discoveryResult.Projects.SelectMany(p =>
@@ -304,7 +346,7 @@ public class RunWorker
                         Name = d.Name,
                         Requirements = d.IsTransitive ? [] : [new ReportedRequirement()
                         {
-                            File = GetFullRepoPath(p.FilePath),
+                            File = d.Type == DependencyType.PackagesConfig ? Path.Combine(Path.GetDirectoryName(GetFullRepoPath(p.FilePath))!, "packages.config"): GetFullRepoPath(p.FilePath),
                             Requirement = d.Version!,
                             Groups = ["dependencies"],
                         }],