dependabot-nuget 0.286.0 → 0.287.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 01a6eb36ac3591d016d45ddfc4fc9dbb4068bda72e8560b6453461f5019362f7
-  data.tar.gz: 4db4968d74f3b9bfac17cbf32a8017635b07cf5338ad0f9db53dd9a16b188874
+  metadata.gz: 3bb2d903f08322511a7917fba47df7b66208dbbaca42e52d30a1954f9ef3eaa2
+  data.tar.gz: f19cfed3ad2939c93812727546b53ecec603c712641a6c1d0581469cce72d584
 SHA512:
-  metadata.gz: 1fce16345ed91813776f2b83b802212e466e15cf5784fcd239c8907ec3af683f0727b7a8e00df7fcb6b97035802c68023ddeb2481a28acce479db6fdfdb6674b
-  data.tar.gz: 59d4ac62296d157fbeb3870bcfc18313df3deac4e3f86c0c040ea0c2d2d3c73c1c8d0e84f05d32d83a9129583e6b6e38a1f5314e2cbd0df833c1657c5eb2d7f9
+  metadata.gz: a3fdc15bd985678106cf45f57c6af6dd4be57858f54b50abea6f4521a8aed3ab66b7ca67cb54f9e73dabe536d8c012619bbf049662207211bc92cbb5e938c321
+  data.tar.gz: 3542f489f10b67fe78b3bd55703cc420a58279bf5fb131da4a99be0d99a20fcd7430b124c4b49100929b74f39178b3c7e108e7bb0170baef5f5a91a16dfbd63f

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/AnalyzeWorker.cs

@@ -50,7 +50,7 @@ public partial class AnalyzeWorker : IAnalyzeWorker
         when (ex.StatusCode == HttpStatusCode.Unauthorized || ex.StatusCode == HttpStatusCode.Forbidden)
         {
             var localPath = PathHelper.JoinPath(repoRoot, discovery.Path);
-            var nugetContext = new NuGetContext(localPath);
+            using var nugetContext = new NuGetContext(localPath);
             analysisResult = new AnalysisResult
             {
                 ErrorType = ErrorType.AuthenticationFailure,

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/CompatabilityChecker.cs

@@ -24,11 +24,16 @@ internal static class CompatibilityChecker
         ILogger logger,
         CancellationToken cancellationToken)
     {
-        var (isDevDependency, packageFrameworks) = await GetPackageInfoAsync(
+        var packageInfo = await GetPackageInfoAsync(
             package,
             nugetContext,
             cancellationToken);
+        if (packageInfo is null)
+        {
+            return false;
+        }
 
+        var (isDevDependency, packageFrameworks) = packageInfo.GetValueOrDefault();
         return PerformCheck(package, projectFrameworks, isDevDependency, packageFrameworks, logger);
     }
 
@@ -70,7 +75,7 @@ internal static class CompatibilityChecker
         return true;
     }
 
-    internal static async Task<PackageInfo> GetPackageInfoAsync(
+    internal static async Task<PackageReaders?> GetPackageReadersAsync(
         PackageIdentity package,
         NuGetContext nugetContext,
         CancellationToken cancellationToken)
@@ -79,7 +84,21 @@ internal static class CompatibilityChecker
         var readers = File.Exists(tempPackagePath)
             ? ReadPackage(tempPackagePath)
             : await DownloadPackageAsync(package, nugetContext, cancellationToken);
+        return readers;
+    }
+
+    internal static async Task<PackageInfo?> GetPackageInfoAsync(
+        PackageIdentity package,
+        NuGetContext nugetContext,
+        CancellationToken cancellationToken)
+    {
+        var readersOption = await GetPackageReadersAsync(package, nugetContext, cancellationToken);
+        if (readersOption is null)
+        {
+            return null;
+        }
 
+        var readers = readersOption.GetValueOrDefault();
         var nuspecStream = await readers.CoreReader.GetNuspecAsync(cancellationToken);
         var reader = new NuspecReader(nuspecStream);
 
@@ -127,7 +146,7 @@ internal static class CompatibilityChecker
         return (archiveReader, archiveReader);
     }
 
-    internal static async Task<PackageReaders> DownloadPackageAsync(
+    internal static async Task<PackageReaders?> DownloadPackageAsync(
         PackageIdentity package,
         NuGetContext context,
         CancellationToken cancellationToken)
@@ -179,13 +198,13 @@ internal static class CompatibilityChecker
             var isDownloaded = await downloader.CopyNupkgFileToAsync(tempPackagePath, cancellationToken);
             if (!isDownloaded)
             {
-                throw new Exception($"Failed to download package [{package.Id}/{package.Version}] from [${source.SourceUri}]");
+                continue;
             }
 
             return (downloader.CoreReader, downloader.ContentReader);
         }
 
-        throw new Exception($"Package [{package.Id}/{package.Version}] does not exist in any of the configured sources.");
+        return null;
     }
 
     internal static string GetTempPackagePath(PackageIdentity package, NuGetContext context)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/NuGetContext.cs

@@ -142,11 +142,22 @@ internal record NuGetContext : IDisposable
             }
 
             var metadataResource = await sourceRepository.GetResourceAsync<PackageMetadataResource>(cancellationToken);
-            var metadata = await metadataResource.GetMetadataAsync(packageIdentity, SourceCacheContext, Logger, cancellationToken);
-            var url = metadata.ProjectUrl ?? metadata.LicenseUrl;
-            if (url is not null)
+            if (metadataResource is not null)
             {
-                return url.ToString();
+                try
+                {
+                    var metadata = await metadataResource.GetMetadataAsync(packageIdentity, SourceCacheContext, Logger, cancellationToken);
+                    var url = metadata.ProjectUrl ?? metadata.LicenseUrl;
+                    if (url is not null)
+                    {
+                        return url.ToString();
+                    }
+                }
+                catch (ArgumentException)
+                {
+                    // there was an issue deserializing the package metadata; this doesn't necessarily mean the package
+                    // is unavailable, just that we can't return a URL
+                }
             }
         }
 

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/VersionFinder.cs

@@ -151,46 +151,17 @@ internal static class VersionFinder
         ILogger logger,
         CancellationToken cancellationToken)
     {
-        var includePrerelease = version.IsPrerelease;
-
-        var sourceMapping = PackageSourceMapping.GetPackageSourceMapping(nugetContext.Settings);
-        var packageSources = sourceMapping.GetConfiguredPackageSources(packageId).ToHashSet();
-        var sources = packageSources.Count == 0
-            ? nugetContext.PackageSources
-            : nugetContext.PackageSources
-                .Where(p => packageSources.Contains(p.Name))
-                .ToImmutableArray();
-
-        foreach (var source in sources)
+        // if it can be downloaded, it exists
+        var downloader = await CompatibilityChecker.DownloadPackageAsync(new PackageIdentity(packageId, version), nugetContext, cancellationToken);
+        var packageAndVersionExists = downloader is not null;
+        if (packageAndVersionExists)
         {
-            var sourceRepository = Repository.Factory.GetCoreV3(source);
-            var feed = await sourceRepository.GetResourceAsync<MetadataResource>();
-            if (feed is null)
-            {
-                logger.Log($"Failed to get MetadataResource for [{source.Source}]");
-                continue;
-            }
-
-            try
-            {
-                // a non-compliant v2 API returning 404 can cause this to throw
-                var existsInFeed = await feed.Exists(
-                    new PackageIdentity(packageId, version),
-                    includeUnlisted: false,
-                    nugetContext.SourceCacheContext,
-                    NullLogger.Instance,
-                    cancellationToken);
-                if (existsInFeed)
-                {
-                    return true;
-                }
-            }
-            catch (FatalProtocolException)
-            {
-                // if anything goes wrong here, the package source obviously doesn't contain the requested package
-            }
+            // release the handles
+            var readers = downloader.GetValueOrDefault();
+            (readers.CoreReader as IDisposable)?.Dispose();
+            (readers.ContentReader as IDisposable)?.Dispose();
         }
 
-        return false;
+        return packageAndVersionExists;
     }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/DiscoveryWorker.cs

@@ -275,22 +275,24 @@ public partial class DiscoveryWorker : IDiscoveryWorker
         foreach (var projectPath in projectPaths)
         {
             // If there is some MSBuild logic that needs to run to fully resolve the path skip the project
-            if (!File.Exists(projectPath))
+            // Ensure file existence is checked case-insensitively
+            var actualProjectPath = PathHelper.ResolveCaseInsensitivePathInsideRepoRoot(projectPath, repoRootPath);
+            if (actualProjectPath == null)
             {
                 continue;
             }
 
-            if (_processedProjectPaths.Contains(projectPath))
+            if (_processedProjectPaths.Contains(actualProjectPath))
             {
                 continue;
             }
-            _processedProjectPaths.Add(projectPath);
+            _processedProjectPaths.Add(actualProjectPath);
 
-            var relativeProjectPath = Path.GetRelativePath(workspacePath, projectPath);
+            var relativeProjectPath = Path.GetRelativePath(workspacePath, actualProjectPath);
             var packagesConfigDependencies = PackagesConfigDiscovery.Discover(workspacePath, projectPath, _logger)
                     ?.Dependencies;
 
-            var projectResults = await SdkProjectDiscovery.DiscoverAsync(repoRootPath, workspacePath, projectPath, _logger);
+            var projectResults = await SdkProjectDiscovery.DiscoverAsync(repoRootPath, workspacePath, actualProjectPath, _logger);
 
             // Determine if there were unrestored MSBuildSdks
             var msbuildSdks = projectResults.SelectMany(p => p.Dependencies.Where(d => d.Type == DependencyType.MSBuildSdk)).ToImmutableArray();
@@ -299,7 +301,7 @@ public partial class DiscoveryWorker : IDiscoveryWorker
                 // If new SDKs were restored, then we need to rerun SdkProjectDiscovery.
                 if (await TryRestoreMSBuildSdksAsync(repoRootPath, workspacePath, msbuildSdks, _logger))
                 {
-                    projectResults = await SdkProjectDiscovery.DiscoverAsync(repoRootPath, workspacePath, projectPath, _logger);
+                    projectResults = await SdkProjectDiscovery.DiscoverAsync(repoRootPath, workspacePath, actualProjectPath, _logger);
                 }
             }
 

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Files/ProjectBuildFile.cs

@@ -43,7 +43,7 @@ internal sealed class ProjectBuildFile : XmlBuildFile
     {
         var sdkDependencies = GetSdkDependencies();
         var packageDependencies = PackageItemNodes
-            .Select(GetPackageDependency)
+            .SelectMany(e => GetPackageDependencies(e) ?? Enumerable.Empty<Dependency>())
             .OfType<Dependency>();
         return sdkDependencies.Concat(packageDependencies);
     }
@@ -89,8 +89,9 @@ internal sealed class ProjectBuildFile : XmlBuildFile
             : new Dependency(name, version, DependencyType.MSBuildSdk);
     }
 
-    private static Dependency? GetPackageDependency(IXmlElementSyntax element)
+    private static IEnumerable<Dependency>? GetPackageDependencies(IXmlElementSyntax element)
     {
+        List<Dependency> dependencies = [];
         var isUpdate = false;
 
         var name = element.GetAttributeOrSubElementValue("Include", StringComparison.OrdinalIgnoreCase)?.Trim();
@@ -113,12 +114,18 @@ internal sealed class ProjectBuildFile : XmlBuildFile
             isVersionOverride = version is not null;
         }
 
-        return new Dependency(
-            Name: name,
-            Version: version?.Length == 0 ? null : version,
-            Type: GetDependencyType(element.Name),
-            IsUpdate: isUpdate,
-            IsOverride: isVersionOverride);
+        dependencies.AddRange(
+            name.Split(';', StringSplitOptions.RemoveEmptyEntries)
+                .Select(dep => new Dependency(
+                        Name: dep.Trim(),
+                        Version: string.IsNullOrEmpty(version) ? null : version,
+                        Type: GetDependencyType(element.Name),
+                        IsUpdate: isUpdate,
+                        IsOverride: isVersionOverride))
+        );
+
+
+        return dependencies;
     }
 
     private static DependencyType GetDependencyType(string name)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/PackageReferenceUpdater.cs

@@ -674,11 +674,21 @@ internal static class PackageReferenceUpdater
         ProjectBuildFile buildFile,
         string packageName)
         => buildFile.PackageItemNodes.Where(e =>
-            string.Equals(
-                (e.GetAttributeOrSubElementValue("Include", StringComparison.OrdinalIgnoreCase) ?? e.GetAttributeOrSubElementValue("Update", StringComparison.OrdinalIgnoreCase))?.Trim(),
-                packageName,
-                StringComparison.OrdinalIgnoreCase) &&
-            (e.GetAttributeOrSubElementValue("Version", StringComparison.OrdinalIgnoreCase) ?? e.GetAttributeOrSubElementValue("VersionOverride", StringComparison.OrdinalIgnoreCase)) is not null);
+        {
+            // Attempt to get "Include" or "Update" attribute values
+            var includeOrUpdateValue = e.GetAttributeOrSubElementValue("Include", StringComparison.OrdinalIgnoreCase)
+                                    ?? e.GetAttributeOrSubElementValue("Update", StringComparison.OrdinalIgnoreCase);
+            // Trim and split if there's a valid value
+            var packageNames = includeOrUpdateValue?
+                                .Trim()
+                                .Split(';', StringSplitOptions.RemoveEmptyEntries)
+                                .Select(t => t.Trim())
+                                .Where(t => t.Equals(packageName.Trim(), StringComparison.OrdinalIgnoreCase));
+            // Check if there's a matching package name and a non-null version attribute
+            return packageNames?.Any() == true &&
+                (e.GetAttributeOrSubElementValue("Version", StringComparison.OrdinalIgnoreCase)
+                    ?? e.GetAttributeOrSubElementValue("VersionOverride", StringComparison.OrdinalIgnoreCase)) is not null;
+        });
 
     private static async Task<bool> AreDependenciesCoherentAsync(string repoRootPath, string projectPath, string dependencyName, ILogger logger, ImmutableArray<ProjectBuildFile> buildFiles, string[] tfms)
     {

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs

@@ -261,7 +261,11 @@ internal static partial class MSBuildHelper
                 ? evaluationResult.EvaluatedValue.TrimStart('[', '(').TrimEnd(']', ')')
                 : evaluationResult.EvaluatedValue;
 
-            yield return new Dependency(name, packageVersion, dependencyType, EvaluationResult: evaluationResult, IsUpdate: isUpdate);
+            // If at this point we have a semicolon in the name then split it and yield multiple dependencies.
+            foreach (var splitName in name.Split(';', StringSplitOptions.RemoveEmptyEntries))
+            {
+                yield return new Dependency(splitName.Trim(), packageVersion, dependencyType, EvaluationResult: evaluationResult, IsUpdate: isUpdate);
+            }
         }
     }
 

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/PathHelper.cs

@@ -87,6 +87,55 @@ internal static class PathHelper
         return candidatePaths.ToArray();
     }
 
+    /// <summary>
+    /// Resolves the case of the file path in a case-insensitive manner. Returns null if the file path is not found. file path must be a full path inside the repoRootPath.
+    /// </summary>
+    /// <param name="filePath">The file path to resolve.</param>
+    /// <param name="repoRootPath">The root path of the repository.</param>
+    public static string? ResolveCaseInsensitivePathInsideRepoRoot(string filePath, string repoRootPath)
+    {
+        if (string.IsNullOrEmpty(filePath) || string.IsNullOrEmpty(repoRootPath))
+        {
+            return null; // Invalid input
+        }
+
+        // Normalize paths
+        var normalizedFilePath = filePath.FullyNormalizedRootedPath();
+        var normalizedRepoRoot = repoRootPath.FullyNormalizedRootedPath();
+
+        // Ensure the file path starts with the repo root path
+        if (!normalizedFilePath.StartsWith(normalizedRepoRoot + "/", StringComparison.OrdinalIgnoreCase))
+        {
+            return null; // filePath is outside of repoRootPath
+        }
+
+        // Start resolving from the root path
+        var currentPath = normalizedRepoRoot;
+        var relativePath = normalizedFilePath.Substring(normalizedRepoRoot.Length).TrimStart('/');
+
+        foreach (var part in relativePath.Split('/'))
+        {
+            if (string.IsNullOrEmpty(part))
+            {
+                continue;
+            }
+
+            // Enumerate the current directory to find a case-insensitive match
+            var nextPath = Directory
+                .EnumerateFileSystemEntries(currentPath)
+                .FirstOrDefault(entry => string.Equals(Path.GetFileName(entry), part, StringComparison.OrdinalIgnoreCase));
+
+            if (nextPath == null)
+            {
+                return null; // Part of the path does not exist
+            }
+
+            currentPath = nextPath;
+        }
+
+        return currentPath; // Fully resolved path with correct casing
+    }
+
     /// <summary>
     /// Check in every directory from <paramref name="initialPath"/> up to <paramref name="rootPath"/> for the file specified in <paramref name="fileName"/>.
     /// </summary>