dependabot-nuget 0.288.0 → 0.289.0

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs

@@ -51,7 +51,7 @@ internal static partial class MSBuildHelper
         var globalJsonPaths = candidateDirectories.Select(d => Path.Combine(d, "global.json")).Where(File.Exists).Select(p => (p, p + Guid.NewGuid().ToString())).ToArray();
         foreach (var (globalJsonPath, tempGlobalJsonPath) in globalJsonPaths)
         {
-            logger.Log($"Temporarily removing `global.json` from `{Path.GetDirectoryName(globalJsonPath)}`{(retainMSBuildSdks ? " and retaining MSBuild SDK declarations" : string.Empty)}.");
+            logger.Info($"Temporarily removing `global.json` from `{Path.GetDirectoryName(globalJsonPath)}`{(retainMSBuildSdks ? " and retaining MSBuild SDK declarations" : string.Empty)}.");
             File.Move(globalJsonPath, tempGlobalJsonPath);
             if (retainMSBuildSdks)
             {
@@ -80,7 +80,7 @@ internal static partial class MSBuildHelper
         {
             foreach (var (globalJsonpath, tempGlobalJsonPath) in globalJsonPaths)
             {
-                logger.Log($"Restoring `global.json` to `{Path.GetDirectoryName(globalJsonpath)}`.");
+                logger.Info($"Restoring `global.json` to `{Path.GetDirectoryName(globalJsonpath)}`.");
                 File.Move(tempGlobalJsonPath, globalJsonpath, overwrite: retainMSBuildSdks);
             }
         }
@@ -327,7 +327,7 @@ internal static partial class MSBuildHelper
         var tempDirectory = Directory.CreateTempSubdirectory("package-dependency-coherence_");
         try
         {
-            var tempProjectPath = await CreateTempProjectAsync(tempDirectory, repoRoot, projectPath, targetFramework, packages);
+            var tempProjectPath = await CreateTempProjectAsync(tempDirectory, repoRoot, projectPath, targetFramework, packages, logger);
             var (exitCode, stdOut, stdErr) = await ProcessEx.RunAsync("dotnet", ["restore", tempProjectPath], workingDirectory: tempDirectory.FullName);
 
             // NU1608: Detected package version outside of dependency constraint
@@ -347,7 +347,7 @@ internal static partial class MSBuildHelper
 
         try
         {
-            string tempProjectPath = await CreateTempProjectAsync(tempDirectory, repoRoot, projectPath, targetFramework, packages);
+            string tempProjectPath = await CreateTempProjectAsync(tempDirectory, repoRoot, projectPath, targetFramework, packages, logger);
             var (exitCode, stdOut, stdErr) = await ProcessEx.RunAsync("dotnet", ["restore", tempProjectPath], workingDirectory: tempDirectory.FullName);
 
             // Add Dependency[] packages to List<PackageToUpdate> existingPackages
@@ -398,10 +398,10 @@ internal static partial class MSBuildHelper
             if (added == true)
             {
                 // Add existing versions to existing list
-                packageManager.UpdateExistingPackagesWithNewVersions(existingDuplicate, packagesToUpdate);
+                packageManager.UpdateExistingPackagesWithNewVersions(existingDuplicate, packagesToUpdate, logger);
 
                 // Make relationships
-                await packageManager.PopulatePackageDependenciesAsync(existingDuplicate, targetFramework, Path.GetDirectoryName(projectPath));
+                await packageManager.PopulatePackageDependenciesAsync(existingDuplicate, targetFramework, Path.GetDirectoryName(projectPath), logger);
 
                 // Update all to new versions
                 foreach (var package in existingDuplicate)
@@ -414,10 +414,10 @@ internal static partial class MSBuildHelper
             else
             {
                 // Add existing versions to existing list
-                packageManager.UpdateExistingPackagesWithNewVersions(existingPackages, packagesToUpdate);
+                packageManager.UpdateExistingPackagesWithNewVersions(existingPackages, packagesToUpdate, logger);
 
                 // Make relationships
-                await packageManager.PopulatePackageDependenciesAsync(existingPackages, targetFramework, Path.GetDirectoryName(projectPath));
+                await packageManager.PopulatePackageDependenciesAsync(existingPackages, targetFramework, Path.GetDirectoryName(projectPath), logger);
 
                 // Update all to new versions
                 foreach (var package in existingPackages)
@@ -503,7 +503,7 @@ internal static partial class MSBuildHelper
         var tempDirectory = Directory.CreateTempSubdirectory("package-dependency-coherence_");
         try
         {
-            var tempProjectPath = await CreateTempProjectAsync(tempDirectory, repoRoot, projectPath, targetFramework, packages);
+            var tempProjectPath = await CreateTempProjectAsync(tempDirectory, repoRoot, projectPath, targetFramework, packages, logger);
             var (exitCode, stdOut, stdErr) = await ProcessEx.RunAsync("dotnet", ["restore", tempProjectPath], workingDirectory: tempDirectory.FullName);
             ThrowOnUnauthenticatedFeed(stdOut);
 
@@ -627,7 +627,7 @@ internal static partial class MSBuildHelper
         return projectRoot;
     }
 
-    private static IEnumerable<PackageSource>? LoadPackageSources(string nugetConfigPath)
+    private static IEnumerable<PackageSource>? LoadPackageSources(string nugetConfigPath, ILogger logger)
     {
         try
         {
@@ -638,8 +638,8 @@ internal static partial class MSBuildHelper
         }
         catch (NuGetConfigurationException ex)
         {
-            Console.WriteLine("Error while parsing NuGet.config");
-            Console.WriteLine(ex.Message);
+            logger.Warn("Error while parsing NuGet.config");
+            logger.Warn(ex.Message);
 
             // Nuget.config is invalid. Won't be able to do anything with specific sources.
             return null;
@@ -652,6 +652,7 @@ internal static partial class MSBuildHelper
         string projectPath,
         string targetFramework,
         IReadOnlyCollection<Dependency> packages,
+        ILogger logger,
         bool usePackageDownload = false)
     {
         var projectDirectory = Path.GetDirectoryName(projectPath);
@@ -664,7 +665,7 @@ internal static partial class MSBuildHelper
             File.Copy(nugetConfigPath, Path.Combine(tempDir.FullName, "NuGet.Config"));
             var nugetConfigDir = Path.GetDirectoryName(nugetConfigPath);
 
-            var packageSources = LoadPackageSources(nugetConfigPath);
+            var packageSources = LoadPackageSources(nugetConfigPath, logger);
             if (packageSources is not null)
             {
                 // We need to copy local package sources from the NuGet.Config file to the temp directory
@@ -761,7 +762,7 @@ internal static partial class MSBuildHelper
         ThrowOnUnauthenticatedFeed(stdOut);
         if (exitCode != 0)
         {
-            logger.Log($"Error determining target frameworks.\nSTDOUT:\n{stdOut}\nSTDERR:\n{stdErr}");
+            logger.Warn($"Error determining target frameworks.\nSTDOUT:\n{stdOut}\nSTDERR:\n{stdErr}");
         }
 
         // There are 3 return values, all uses slightly differently.  Only one will be set, the others will be blank
@@ -805,13 +806,13 @@ internal static partial class MSBuildHelper
         string projectPath,
         string targetFramework,
         IReadOnlyCollection<Dependency> packages,
-        ILogger? logger = null)
+        ILogger logger)
     {
         var tempDirectory = Directory.CreateTempSubdirectory("package-dependency-resolution_");
         try
         {
             var topLevelPackagesNames = packages.Select(p => p.Name).ToHashSet(StringComparer.OrdinalIgnoreCase);
-            var tempProjectPath = await CreateTempProjectAsync(tempDirectory, repoRoot, projectPath, targetFramework, packages);
+            var tempProjectPath = await CreateTempProjectAsync(tempDirectory, repoRoot, projectPath, targetFramework, packages, logger);
 
             var (exitCode, stdout, stderr) = await ProcessEx.RunAsync("dotnet", ["build", tempProjectPath, "/t:_ReportDependencies"], workingDirectory: tempDirectory.FullName);
             ThrowOnUnauthenticatedFeed(stdout);
@@ -836,7 +837,7 @@ internal static partial class MSBuildHelper
             }
             else
             {
-                logger?.Log($"dotnet build in {nameof(GetAllPackageDependenciesAsync)} failed. STDOUT: {stdout} STDERR: {stderr}");
+                logger?.Warn($"dotnet build in {nameof(GetAllPackageDependenciesAsync)} failed. STDOUT: {stdout} STDERR: {stderr}");
                 return [];
             }
         }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/NuGetHelper.cs

@@ -4,28 +4,12 @@ namespace NuGetUpdater.Core;
 
 internal static class NuGetHelper
 {
-    internal const string PackagesConfigFileName = "packages.config";
-
-    public static bool TryGetPackagesConfigFile(string projectPath, [NotNullWhen(returnValue: true)] out string? packagesConfigPath)
-    {
-        var projectDirectory = Path.GetDirectoryName(projectPath);
-
-        packagesConfigPath = PathHelper.JoinPath(projectDirectory, PackagesConfigFileName);
-        if (File.Exists(packagesConfigPath))
-        {
-            return true;
-        }
-
-        packagesConfigPath = null;
-        return false;
-    }
-
     internal static async Task<bool> DownloadNuGetPackagesAsync(string repoRoot, string projectPath, IReadOnlyCollection<Dependency> packages, ILogger logger)
     {
         var tempDirectory = Directory.CreateTempSubdirectory("msbuild_sdk_restore_");
         try
         {
-            var tempProjectPath = await MSBuildHelper.CreateTempProjectAsync(tempDirectory, repoRoot, projectPath, "netstandard2.0", packages, usePackageDownload: true);
+            var tempProjectPath = await MSBuildHelper.CreateTempProjectAsync(tempDirectory, repoRoot, projectPath, "netstandard2.0", packages, logger, usePackageDownload: true);
             var (exitCode, stdOut, stdErr) = await ProcessEx.RunAsync("dotnet", ["restore", tempProjectPath]);
 
             return exitCode == 0;

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/PathHelper.cs

@@ -105,7 +105,7 @@ internal static class PathHelper
     /// </summary>
     /// <param name="filePath">The file path to resolve.</param>
     /// <param name="repoRootPath">The root path of the repository.</param>
-    public static string? ResolveCaseInsensitivePathInsideRepoRoot(string filePath, string repoRootPath)
+    public static List<string>? ResolveCaseInsensitivePathsInsideRepoRoot(string filePath, string repoRootPath)
     {
         if (string.IsNullOrEmpty(filePath) || string.IsNullOrEmpty(repoRootPath))
         {
@@ -123,7 +123,7 @@ internal static class PathHelper
         }
 
         // Start resolving from the root path
-        var currentPath = normalizedRepoRoot;
+        var currentPaths = new List<string> { normalizedRepoRoot };
         var relativePath = normalizedFilePath.Substring(normalizedRepoRoot.Length).TrimStart('/');
 
         foreach (var part in relativePath.Split('/'))
@@ -133,20 +133,28 @@ internal static class PathHelper
                 continue;
             }
 
-            // Enumerate the current directory to find a case-insensitive match
-            var nextPath = Directory
-                .EnumerateFileSystemEntries(currentPath)
-                .FirstOrDefault(entry => string.Equals(Path.GetFileName(entry), part, StringComparison.OrdinalIgnoreCase));
+            var nextPaths = new List<string>();
 
-            if (nextPath == null)
+            // Iterate through all current paths to find matches for the current part
+            foreach (var currentPath in currentPaths)
+            {
+                var matches = Directory
+                    .EnumerateFileSystemEntries(currentPath)
+                    .Where(entry => string.Equals(Path.GetFileName(entry), part, StringComparison.OrdinalIgnoreCase));
+
+                nextPaths.AddRange(matches);
+            }
+
+            if (!nextPaths.Any())
             {
                 return null; // Part of the path does not exist
             }
 
-            currentPath = nextPath;
+            currentPaths = nextPaths;
         }
 
-        return currentPath.NormalizePathToUnix(); // Fully resolved path with correct casing
+        // Normalize all resulting paths to Unix format
+        return currentPaths.Select(path => path.NormalizePathToUnix()).ToList();
     }
 
     /// <summary>

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/ProjectHelper.cs

@@ -0,0 +1,96 @@
+using System.Collections.Immutable;
+
+using Microsoft.Build.Construction;
+
+namespace NuGetUpdater.Core.Utilities;
+
+internal static class ProjectHelper
+{
+    public const string PackagesConfigFileName = "packages.config";
+    public const string AppConfigFileName = "app.config";
+    public const string WebConfigFileName = "web.config";
+    public const string PackagesLockJsonFileName = "packages.lock.json";
+
+    public enum PathFormat
+    {
+        Relative,
+        Full,
+    }
+
+    public static ImmutableArray<string> GetAllAdditionalFilesFromProject(string fullProjectPath, PathFormat pathFormat)
+    {
+        return GetAdditionalFilesFromProjectContent(fullProjectPath, pathFormat)
+            .AddRange(GetAdditionalFilesFromProjectLocation(fullProjectPath, pathFormat));
+    }
+
+    public static ImmutableArray<string> GetAdditionalFilesFromProjectContent(string fullProjectPath, PathFormat pathFormat)
+    {
+        var projectRootElement = ProjectRootElement.Open(fullProjectPath);
+        var additionalFilesWithFullPaths = new[]
+        {
+            projectRootElement.GetItemPathWithFileName(PackagesConfigFileName),
+            projectRootElement.GetItemPathWithFileName(AppConfigFileName),
+            projectRootElement.GetItemPathWithFileName(WebConfigFileName),
+        }.Where(p => p is not null).Cast<string>().ToImmutableArray();
+
+        var additionalFiles = additionalFilesWithFullPaths
+            .Select(p => MakePathAppropriateFormat(fullProjectPath, p, pathFormat))
+            .ToImmutableArray();
+        return additionalFiles;
+    }
+
+    public static ImmutableArray<string> GetAdditionalFilesFromProjectLocation(string fullProjectPath, PathFormat pathFormat)
+    {
+        var additionalFilesWithFullPaths = new[]
+        {
+            GetPathWithRegardsToProjectFile(fullProjectPath, PackagesLockJsonFileName),
+        }.Where(p => p is not null).Cast<string>().ToImmutableArray();
+
+        var additionalFiles = additionalFilesWithFullPaths
+            .Select(p => MakePathAppropriateFormat(fullProjectPath, p, pathFormat))
+            .ToImmutableArray();
+        return additionalFiles;
+    }
+
+    public static string? GetPackagesConfigPathFromProject(string fullProjectPath, PathFormat pathFormat)
+    {
+        var additionalFiles = GetAdditionalFilesFromProjectContent(fullProjectPath, pathFormat);
+        var packagesConfigFile = additionalFiles.FirstOrDefault(p => Path.GetFileName(p).Equals(PackagesConfigFileName, StringComparison.Ordinal));
+        return packagesConfigFile;
+    }
+
+    private static string MakePathAppropriateFormat(string fullProjectPath, string fullFilePath, PathFormat pathFormat)
+    {
+        var projectDirectory = Path.GetDirectoryName(fullProjectPath)!;
+        var updatedPath = pathFormat switch
+        {
+            PathFormat.Full => fullFilePath,
+            PathFormat.Relative => Path.GetRelativePath(projectDirectory, fullFilePath),
+            _ => throw new NotSupportedException(),
+        };
+        return updatedPath.NormalizePathToUnix();
+    }
+
+    private static string? GetItemPathWithFileName(this ProjectRootElement projectRootElement, string itemFileName)
+    {
+        var projectDirectory = Path.GetDirectoryName(projectRootElement.FullPath)!;
+        var packagesConfigPath = projectRootElement.Items
+            .Where(i => i.ElementName.Equals("None", StringComparison.OrdinalIgnoreCase) ||
+                        i.ElementName.Equals("Content", StringComparison.OrdinalIgnoreCase))
+            .Where(i => Path.GetFileName(i.Include).Equals(itemFileName, StringComparison.OrdinalIgnoreCase))
+            .Select(i => Path.GetFullPath(Path.Combine(projectDirectory, i.Include)))
+            .Where(File.Exists)
+            .FirstOrDefault()
+            ?.NormalizePathToUnix();
+        return packagesConfigPath;
+    }
+
+    private static string? GetPathWithRegardsToProjectFile(string fullProjectPath, string fileName)
+    {
+        var projectDirectory = Path.GetDirectoryName(fullProjectPath)!;
+        var filePath = Directory.EnumerateFiles(projectDirectory)
+            .Where(p => Path.GetFileName(p).Equals(fileName, StringComparison.Ordinal))
+            .FirstOrDefault();
+        return filePath;
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Analyze/AnalyzeWorkerTests.cs

@@ -32,6 +32,9 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
                         Dependencies = [
                             new("Some.Package", "1.0.0", DependencyType.PackageReference),
                         ],
+                        ReferencedProjectPaths = [],
+                        ImportedFiles = [],
+                        AdditionalFiles = [],
                     },
                 ],
             },
@@ -80,6 +83,9 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
                             new("Some.Package", "4.0.1", DependencyType.PackageReference),
                             new("Some.Transitive.Dependency", "4.0.1", DependencyType.PackageReference),
                         ],
+                        ReferencedProjectPaths = [],
+                        ImportedFiles = [],
+                        AdditionalFiles = [],
                     },
                 ],
             },
@@ -129,6 +135,9 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
                         Dependencies = [
                             new("Some.Transitive.Dependency", "4.0.1", DependencyType.PackageReference, EvaluationResult: evaluationResult, TargetFrameworks: ["net8.0"]),
                         ],
+                        ReferencedProjectPaths = [],
+                        ImportedFiles = [],
+                        AdditionalFiles = [],
                     },
                     new()
                     {
@@ -137,6 +146,9 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
                         Dependencies = [
                             new("Some.Package", "4.0.1", DependencyType.PackageReference, EvaluationResult: evaluationResult, TargetFrameworks: ["net8.0"]),
                         ],
+                        ReferencedProjectPaths = [],
+                        ImportedFiles = [],
+                        AdditionalFiles = [],
                     },
                 ],
             },
@@ -187,6 +199,9 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
                         Dependencies = [
                             new("Package.A", "4.5.0", DependencyType.PackageReference, EvaluationResult: evaluationResult, TargetFrameworks: ["net8.0"]),
                         ],
+                        ReferencedProjectPaths = [],
+                        ImportedFiles = [],
+                        AdditionalFiles = [],
                     },
                     new()
                     {
@@ -195,6 +210,9 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
                         Dependencies = [
                             new("Package.B", "4.5.0", DependencyType.PackageReference, EvaluationResult: evaluationResult, TargetFrameworks: ["net8.0"]),
                         ],
+                        ReferencedProjectPaths = [],
+                        ImportedFiles = [],
+                        AdditionalFiles = [],
                     },
                 ],
             },
@@ -241,6 +259,9 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
                         Dependencies = [
                             new("Some.Transitive.Dependency", "$(MissingPackageVersion)", DependencyType.PackageReference, EvaluationResult: new EvaluationResult(EvaluationResultType.PropertyNotFound, "$(MissingPackageVersion)", "$(MissingPackageVersion)", "$(MissingPackageVersion)", ErrorMessage: null)),
                         ],
+                        ReferencedProjectPaths = [],
+                        ImportedFiles = [],
+                        AdditionalFiles = [],
                     },
                 ],
             },
@@ -281,6 +302,9 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
                         Dependencies = [
                             new("Some.Package", "1.0.0", DependencyType.PackageReference), // this was found in the source, but doesn't exist in any feed
                         ],
+                        ReferencedProjectPaths = [],
+                        ImportedFiles = [],
+                        AdditionalFiles = [],
                     },
                 ],
             },
@@ -326,6 +350,9 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
                         Dependencies = [
                             new("Some.Transitive.Dependency", "4.0.1", DependencyType.PackageReference),
                         ],
+                        ReferencedProjectPaths = [],
+                        ImportedFiles = [],
+                        AdditionalFiles = [],
                     },
                 ],
             },
@@ -366,7 +393,10 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
                         TargetFrameworks = ["net8.0"],
                         Dependencies = [
                             new("Some.Package", "1.0.0", DependencyType.PackageReference, TargetFrameworks: ["net8.0"]),
-                        ]
+                        ],
+                        ReferencedProjectPaths = [],
+                        ImportedFiles = [],
+                        AdditionalFiles = [],
                     },
                     new()
                     {
@@ -374,7 +404,10 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
                         TargetFrameworks = ["NET8.0"],
                         Dependencies = [
                             new("Some.Package", "1.0.0", DependencyType.PackageReference, TargetFrameworks: ["net8.0"]),
-                        ]
+                        ],
+                        ReferencedProjectPaths = [],
+                        ImportedFiles = [],
+                        AdditionalFiles = [],
                     }
                 ]
             },
@@ -418,6 +451,9 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
                         Dependencies = [
                             new("Some.Package", "1.0.0", DependencyType.PackageReference),
                         ],
+                        ReferencedProjectPaths = [],
+                        ImportedFiles = [],
+                        AdditionalFiles = [],
                     },
                 ],
             },
@@ -585,7 +621,10 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
                         Dependencies =
                         [
                             new("Some.Package", "1.0.0", DependencyType.PackageReference),
-                        ]
+                        ],
+                        ReferencedProjectPaths = [],
+                        ImportedFiles = [],
+                        AdditionalFiles = [],
                     }
                 ]
             },
@@ -754,7 +793,10 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
                         Dependencies =
                         [
                             new("Some.Package", "1.0.0", DependencyType.PackageReference),
-                        ]
+                        ],
+                        ReferencedProjectPaths = [],
+                        ImportedFiles = [],
+                        AdditionalFiles = [],
                     }
                 ]
             },
@@ -939,7 +981,10 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
                         Dependencies =
                         [
                             new("Some.Package", "1.0.0", DependencyType.PackageReference),
-                        ]
+                        ],
+                        ReferencedProjectPaths = [],
+                        ImportedFiles = [],
+                        AdditionalFiles = [],
                     }
                 ]
             },
@@ -1049,6 +1094,9 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
                         Dependencies = [
                             new("Some.Package", "1.2.3", DependencyType.PackageReference),
                         ],
+                        ReferencedProjectPaths = [],
+                        ImportedFiles = [],
+                        AdditionalFiles = [],
                     }
                 ]
             },
@@ -1167,6 +1215,9 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
                         Dependencies = [
                             new("Some.Package", "1.0.0", DependencyType.PackageReference),
                         ],
+                        ReferencedProjectPaths = [],
+                        ImportedFiles = [],
+                        AdditionalFiles = [],
                     }
                 ]
             },
@@ -1187,4 +1238,35 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
             }
         );
     }
+
+    [Fact]
+    public void DeserializeDependencyInfo_UnsupportedIgnoredVersionsAreIgnored()
+    {
+        // arrange
+        // "1.0.0.pre.rc2" isn't a valid NuGet version; ignore that requirement
+        var json = """
+            {
+                "Name": "Some.Package",
+                "Version": "1.10.0",
+                "IsVulnerable": false,
+                "IgnoredVersions": [
+                    "> 1.0.0.pre.rc2, < 2",
+                    "< 1.0.1"
+                ],
+                "Vulnerabilities": []
+            }
+            """;
+
+        // act
+        var dependencyInfo = AnalyzeWorker.DeserializeDependencyInfo(json);
+
+        // assert
+        Assert.NotNull(dependencyInfo);
+        Assert.Equal("Some.Package", dependencyInfo.Name);
+        Assert.Equal("1.10.0", dependencyInfo.Version);
+        Assert.False(dependencyInfo.IsVulnerable);
+        Assert.Single(dependencyInfo.IgnoredVersions);
+        Assert.Equal("< 1.0.1", dependencyInfo.IgnoredVersions.Single().ToString());
+        Assert.Empty(dependencyInfo.Vulnerabilities);
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTestBase.cs

@@ -43,7 +43,6 @@ public class DiscoveryWorkerTestBase : TestBase
         ValidateResultWithDependencies(expectedResult.GlobalJson, actualResult.GlobalJson);
         ValidateResultWithDependencies(expectedResult.DotNetToolsJson, actualResult.DotNetToolsJson);
         ValidateProjectResults(expectedResult.Projects, actualResult.Projects, experimentsManager);
-        AssertEx.Equal(expectedResult.ImportedFiles, actualResult.ImportedFiles, PathComparer.Instance);
         Assert.Equal(expectedResult.ExpectedProjectCount ?? expectedResult.Projects.Length, actualResult.Projects.Length);
         Assert.Equal(expectedResult.ErrorType, actualResult.ErrorType);
         Assert.Equal(expectedResult.ErrorDetails, actualResult.ErrorDetails);
@@ -92,10 +91,8 @@ public class DiscoveryWorkerTestBase : TestBase
             AssertEx.Equal(expectedProject.Properties, actualProperties, PropertyComparer.Instance);
             AssertEx.Equal(expectedProject.TargetFrameworks, actualProject.TargetFrameworks);
             AssertEx.Equal(expectedProject.ReferencedProjectPaths, actualProject.ReferencedProjectPaths);
-            if (expectedProject.ImportedFiles is not null)
-            {
-                AssertEx.Equal(expectedProject.ImportedFiles.Value.Select(PathHelper.NormalizePathToUnix), actualProject.ImportedFiles.Select(PathHelper.NormalizePathToUnix));
-            }
+            AssertEx.Equal(expectedProject.ImportedFiles, actualProject.ImportedFiles);
+            AssertEx.Equal(expectedProject.AdditionalFiles, actualProject.AdditionalFiles);
 
             // some dependencies are byproducts of the older temporary project discovery process and shouldn't be returned
             var actualDependencies = actualProject.Dependencies;

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.PackagesConfig.cs

@@ -30,6 +30,9 @@ public partial class DiscoveryWorkerTests
                           <PropertyGroup>
                             <TargetFramework>net46</TargetFramework>
                           </PropertyGroup>
+                          <ItemGroup>
+                            <None Include="packages.config" />
+                          </ItemGroup>
                         </Project>
                         """)
                 ],
@@ -48,6 +51,11 @@ public partial class DiscoveryWorkerTests
                                 new("Package.A", "1.0.0", DependencyType.PackagesConfig, TargetFrameworks: ["net46"]),
                                 new("Package.B", "2.0.0", DependencyType.PackagesConfig, TargetFrameworks: ["net46"]),
                             ],
+                            ReferencedProjectPaths = [],
+                            ImportedFiles = [],
+                            AdditionalFiles = [
+                                "packages.config"
+                            ],
                         }
                     ],
                 }
@@ -78,6 +86,9 @@ public partial class DiscoveryWorkerTests
                           <PropertyGroup>
                             <TargetFramework>net46</TargetFramework>
                           </PropertyGroup>
+                          <ItemGroup>
+                            <None Include="packages.config" />
+                          </ItemGroup>
                         </Project>
                         """)
                 ],
@@ -94,6 +105,11 @@ public partial class DiscoveryWorkerTests
                                 new("Package.A", "1.0.0", DependencyType.PackagesConfig, TargetFrameworks: ["net46"]),
                                 new("Package.B", "2.0.0", DependencyType.PackagesConfig, TargetFrameworks: ["net46"]),
                             ],
+                            ReferencedProjectPaths = [],
+                            ImportedFiles = [],
+                            AdditionalFiles = [
+                                "packages.config"
+                            ],
                         }
                     ],
                 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.Proj.cs

@@ -73,6 +73,9 @@ public partial class DiscoveryWorkerTests
                                 new("TargetFramework", "net8.0", "src/project1/project1.csproj")
                             ],
                             TargetFrameworks = ["net8.0"],
+                            ReferencedProjectPaths = [],
+                            ImportedFiles = [],
+                            AdditionalFiles = [],
                         },
                         new()
                         {
@@ -86,6 +89,9 @@ public partial class DiscoveryWorkerTests
                                 new("TargetFramework", "net8.0", "src/project2/project2.csproj")
                             ],
                             TargetFrameworks = ["net8.0"],
+                            ReferencedProjectPaths = [],
+                            ImportedFiles = [],
+                            AdditionalFiles = [],
                         }
                     ]
                 }