RubyGems - dependabot-nuget - Versions diffs - 0.288.0 → 0.290.0 - Mend

dependabot-nuget 0.288.0 → 0.290.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (117) hide show

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/SerializationTests.cs CHANGED Viewed

@@ -1,5 +1,9 @@
+using NuGet.Versioning;
+using NuGetUpdater.Core.Analyze;
 using NuGetUpdater.Core.Run;
 using NuGetUpdater.Core.Run.ApiModel;
+using NuGetUpdater.Core.Test.Utilities;
 using Xunit;
@@ -245,7 +249,7 @@ public class SerializationTests
         // assert
         Assert.False(experimentsManager.UseLegacyDependencySolver);
         Assert.False(experimentsManager.UseDirectDiscovery);
-        Assert.Single(capturingTestLogger.Messages.Where(m => m.Contains("Error deserializing job file")));
+        Assert.Single(capturingTestLogger.Messages, m => m.Contains("Error deserializing job file"));
     }
     [Fact]
@@ -257,13 +261,349 @@ public class SerializationTests
         Assert.Equal(expected, actual);
     }
+    [Fact]
+    public void DeserializeJobIgnoreConditions()
+    {
+        var jobContent = """
+            {
+              "job": {
+                "package-manager": "nuget",
+                "source": {
+                  "provider": "github",
+                  "repo": "some-org/some-repo",
+                  "directory": "specific-sdk"
+                },
+                "ignore-conditions": [
+                  {
+                    "dependency-name": "Package.1",
+                    "source": "some-file",
+                    "update-types": [
+                      "version-update:semver-major"
+                    ],
+                    "version-requirement": "> 1.2.3"
+                  },
+                  {
+                    "dependency-name": "Package.2",
+                    "updated-at": "2024-12-05T15:47:12Z"
+                  }
+                ]
+              }
+            }
+            """;
+        var jobWrapper = RunWorker.Deserialize(jobContent)!;
+        Assert.Equal(2, jobWrapper.Job.IgnoreConditions.Length);
+        Assert.Equal("Package.1", jobWrapper.Job.IgnoreConditions[0].DependencyName);
+        Assert.Equal("some-file", jobWrapper.Job.IgnoreConditions[0].Source);
+        Assert.Equal("version-update:semver-major", jobWrapper.Job.IgnoreConditions[0].UpdateTypes.Single());
+        Assert.Null(jobWrapper.Job.IgnoreConditions[0].UpdatedAt);
+        Assert.Equal("> 1.2.3", jobWrapper.Job.IgnoreConditions[0].VersionRequirement?.ToString());
+        Assert.Equal("Package.2", jobWrapper.Job.IgnoreConditions[1].DependencyName);
+        Assert.Null(jobWrapper.Job.IgnoreConditions[1].Source);
+        Assert.Empty(jobWrapper.Job.IgnoreConditions[1].UpdateTypes);
+        Assert.Equal(new DateTime(2024, 12, 5, 15, 47, 12), jobWrapper.Job.IgnoreConditions[1].UpdatedAt);
+        Assert.Null(jobWrapper.Job.IgnoreConditions[1].VersionRequirement);
+    }
+    [Theory]
+    [MemberData(nameof(DeserializeAllowedUpdatesData))]
+    public void DeserializeAllowedUpdates(string? allowedUpdatesJsonBody, AllowedUpdate[] expectedAllowedUpdates)
+    {
+        string? allowedUpdatesJson = allowedUpdatesJsonBody is null
+            ? null
+            : $$"""
+                ,
+                "allowed-updates": {{allowedUpdatesJsonBody}}
+                """;
+        var jobWrapperJson = $$"""
+            {
+                "job": {
+                    "source": {
+                        "provider": "github",
+                        "repo": "some/repo"
+                    }
+                    {{allowedUpdatesJson}}
+                }
+            }
+            """;
+        var jobWrapper = RunWorker.Deserialize(jobWrapperJson)!;
+        AssertEx.Equal(expectedAllowedUpdates, jobWrapper.Job.AllowedUpdates);
+    }
+    [Fact]
+    public void DeserializeDependencyGroups()
+    {
+        var jsonWrapperJson = """
+            {
+                "job": {
+                    "source": {
+                        "provider": "github",
+                        "repo": "some/repo"
+                    },
+                    "dependency-groups": [
+                        {
+                            "name": "Some.Dependency",
+                            "rules": {
+                                "patterns": ["1.2.3", "4.5.6"]
+                            }
+                        },
+                        {
+                            "name": "Some.Other.Dependency",
+                            "applies-to": "something"
+                        }
+                    ]
+                }
+            }
+            """;
+        var jobWrapper = RunWorker.Deserialize(jsonWrapperJson)!;
+        Assert.Equal(2, jobWrapper.Job.DependencyGroups.Length);
+        Assert.Equal("Some.Dependency", jobWrapper.Job.DependencyGroups[0].Name);
+        Assert.Null(jobWrapper.Job.DependencyGroups[0].AppliesTo);
+        Assert.Single(jobWrapper.Job.DependencyGroups[0].Rules);
+        Assert.Equal("[\"1.2.3\", \"4.5.6\"]", jobWrapper.Job.DependencyGroups[0].Rules["patterns"].ToString());
+        Assert.Equal("Some.Other.Dependency", jobWrapper.Job.DependencyGroups[1].Name);
+        Assert.Equal("something", jobWrapper.Job.DependencyGroups[1].AppliesTo);
+        Assert.Empty(jobWrapper.Job.DependencyGroups[1].Rules);
+    }
+    [Fact]
+    public void DeserializeExistingPullRequests()
+    {
+        var jsonWrapperJson = """
+            {
+                "job": {
+                    "source": {
+                        "provider": "github",
+                        "repo": "some/repo"
+                    },
+                    "existing-pull-requests": [
+                        [
+                            {
+                                "dependency-name": "Some.Package",
+                                "dependency-version": "1.2.3"
+                            }
+                        ]
+                    ]
+                }
+            }
+            """;
+        var jobWrapper = RunWorker.Deserialize(jsonWrapperJson)!;
+        Assert.Single(jobWrapper.Job.ExistingPullRequests);
+        Assert.Single(jobWrapper.Job.ExistingPullRequests[0]);
+        Assert.Equal("Some.Package", jobWrapper.Job.ExistingPullRequests[0][0].DependencyName);
+        Assert.Equal(NuGetVersion.Parse("1.2.3"), jobWrapper.Job.ExistingPullRequests[0][0].DependencyVersion);
+        Assert.False(jobWrapper.Job.ExistingPullRequests[0][0].DependencyRemoved);
+        Assert.Null(jobWrapper.Job.ExistingPullRequests[0][0].Directory);
+    }
+    [Fact]
+    public void DeserializeExistingGroupPullRequests()
+    {
+        var jsonWrapperJson = """
+            {
+                "job": {
+                    "source": {
+                        "provider": "github",
+                        "repo": "some/repo"
+                    },
+                    "existing-group-pull-requests": [
+                        {
+                            "dependency-group-name": "Some-Group-Name",
+                            "dependencies": [
+                                {
+                                    "dependency-name": "Some.Package",
+                                    "dependency-version": "1.2.3"
+                                },
+                                {
+                                    "dependency-name": "Some.Other.Package",
+                                    "dependency-version": "4.5.6",
+                                    "directory": "/some-dir"
+                                }
+                            ]
+                        }
+                    ]
+                }
+            }
+            """;
+        var jobWrapper = RunWorker.Deserialize(jsonWrapperJson)!;
+        Assert.Single(jobWrapper.Job.ExistingGroupPullRequests);
+        Assert.Equal("Some-Group-Name", jobWrapper.Job.ExistingGroupPullRequests[0].DependencyGroupName);
+        Assert.Equal(2, jobWrapper.Job.ExistingGroupPullRequests[0].Dependencies.Length);
+        Assert.Equal("Some.Package", jobWrapper.Job.ExistingGroupPullRequests[0].Dependencies[0].DependencyName);
+        Assert.Equal("1.2.3", jobWrapper.Job.ExistingGroupPullRequests[0].Dependencies[0].DependencyVersion.ToString());
+        Assert.Null(jobWrapper.Job.ExistingGroupPullRequests[0].Dependencies[0].Directory);
+        Assert.Equal("Some.Other.Package", jobWrapper.Job.ExistingGroupPullRequests[0].Dependencies[1].DependencyName);
+        Assert.Equal("4.5.6", jobWrapper.Job.ExistingGroupPullRequests[0].Dependencies[1].DependencyVersion.ToString());
+        Assert.Equal("/some-dir", jobWrapper.Job.ExistingGroupPullRequests[0].Dependencies[1].Directory);
+    }
+    [Theory]
+    [InlineData("null", null)]
+    [InlineData("\"bump_versions\"", RequirementsUpdateStrategy.BumpVersions)]
+    [InlineData("\"lockfile_only\"", RequirementsUpdateStrategy.LockfileOnly)]
+    public void DeserializeRequirementsUpdateStrategy(string requirementsUpdateStrategyStringJson, RequirementsUpdateStrategy? expectedRequirementsUpdateStrategy)
+    {
+        var jsonWrapperJson = $$"""
+            {
+                "job": {
+                    "source": {
+                        "provider": "github",
+                        "repo": "some/repo"
+                    },
+                    "requirements-update-strategy": {{requirementsUpdateStrategyStringJson}}
+                }
+            }
+            """;
+        var jobWrapper = RunWorker.Deserialize(jsonWrapperJson)!;
+        var actualRequirementsUpdateStrategy = jobWrapper.Job.RequirementsUpdateStrategy;
+        Assert.Equal(expectedRequirementsUpdateStrategy, actualRequirementsUpdateStrategy);
+    }
+    [Fact]
+    public void DeserializeSecurityAdvisories()
+    {
+        var jsonWrapperJson = """
+            {
+                "job": {
+                    "source": {
+                        "provider": "github",
+                        "repo": "some/repo"
+                    },
+                    "security-advisories": [
+                        {
+                            "dependency-name": "Some.Package",
+                            "affected-versions": [
+                                ">= 1.0.0, < 1.2.0"
+                            ],
+                            "patched-versions": null
+                        }
+                    ]
+                }
+            }
+            """;
+        var jobWrapper = RunWorker.Deserialize(jsonWrapperJson)!;
+        Assert.Single(jobWrapper.Job.SecurityAdvisories);
+        Assert.Equal("Some.Package", jobWrapper.Job.SecurityAdvisories[0].DependencyName);
+        Assert.Equal(">= 1.0.0, < 1.2.0", jobWrapper.Job.SecurityAdvisories[0].AffectedVersions!.Value.Single().ToString());
+        Assert.Null(jobWrapper.Job.SecurityAdvisories[0].PatchedVersions);
+        Assert.Null(jobWrapper.Job.SecurityAdvisories[0].PatchedVersions);
+    }
+    [Fact]
+    public void DeserializeCommitOptions()
+    {
+        var jsonWrapperJson = """
+            {
+                "job": {
+                    "source": {
+                        "provider": "github",
+                        "repo": "some/repo"
+                    },
+                    "commit-message-options": {
+                        "prefix": "[SECURITY] "
+                    }
+                }
+            }
+            """;
+        var jobWrapper = RunWorker.Deserialize(jsonWrapperJson)!;
+        Assert.Equal("[SECURITY] ", jobWrapper.Job.CommitMessageOptions!.Prefix);
+        Assert.Null(jobWrapper.Job.CommitMessageOptions!.PrefixDevelopment);
+        Assert.Null(jobWrapper.Job.CommitMessageOptions!.IncludeScope);
+    }
+    public static IEnumerable<object?[]> DeserializeAllowedUpdatesData()
+    {
+        // common default value - most job files look like this
+        yield return
+        [
+            // allowedUpdatesJsonBody
+            """
+            [
+                {
+                    "update-type": "all"
+                }
+            ]
+            """,
+            // expectedAllowedUpdates
+            new[]
+            {
+                new AllowedUpdate()
+                {
+                    DependencyType = Core.Run.ApiModel.DependencyType.All,
+                    DependencyName = null,
+                    UpdateType = UpdateType.All
+                }
+            }
+        ];
+        // allowed updates is missing - ensure proper defaults
+        yield return
+        [
+            // allowedUpdatesJsonBody
+            null,
+            // expectedAllowedUpdates
+            new[]
+            {
+                new AllowedUpdate()
+            }
+        ];
+        // multiple non-default values
+        yield return
+        [
+            // allowedUpdatesJsonBody
+            """
+            [
+                {
+                    "dependency-type": "indirect",
+                    "dependency-name": "Dependency.One",
+                    "update-type": "security"
+                },
+                {
+                    "dependency-type": "production",
+                    "dependency-name": "Dependency.Two",
+                    "update-type": "all"
+                },
+                {
+                    "dependency-type": "indirect",
+                    "update-type": "security"
+                }
+            ]
+            """,
+            new[]
+            {
+                new AllowedUpdate()
+                {
+                    DependencyType = Core.Run.ApiModel.DependencyType.Indirect,
+                    DependencyName = "Dependency.One",
+                    UpdateType = UpdateType.Security
+                },
+                new AllowedUpdate()
+                {
+                    DependencyType = Core.Run.ApiModel.DependencyType.Production,
+                    DependencyName = "Dependency.Two",
+                    UpdateType = UpdateType.All
+                },
+                new AllowedUpdate()
+                {
+                    DependencyType = Core.Run.ApiModel.DependencyType.Indirect,
+                    DependencyName = null,
+                    UpdateType = UpdateType.Security
+                }
+            }
+        ];
+    }
     private class CapturingTestLogger : ILogger
     {
         private readonly List<string> _messages = new();
         public IReadOnlyList<string> Messages => _messages;
-        public void Log(string message)
+        public void LogRaw(string message)
         {
             _messages.Add(message);
         }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/UpdatedDependencyListTests.cs CHANGED Viewed

@@ -40,6 +40,8 @@ public class UpdatedDependencyListTests
                     Properties = [],
                     TargetFrameworks = ["net8.0"],
                     ReferencedProjectPaths = [],
+                    ImportedFiles = [],
+                    AdditionalFiles = ["packages.config"],
                 },
                 new()
                 {
@@ -50,6 +52,8 @@ public class UpdatedDependencyListTests
                     Properties = [],
                     TargetFrameworks = ["net8.0"],
                     ReferencedProjectPaths = [],
+                    ImportedFiles = [],
+                    AdditionalFiles = ["packages.config"],
                 },
                 new()
                 {
@@ -62,6 +66,8 @@ public class UpdatedDependencyListTests
                     Properties = [],
                     TargetFrameworks = ["net8.0"],
                     ReferencedProjectPaths = [],
+                    ImportedFiles = [],
+                    AdditionalFiles = ["packages.config"],
                 }
             ]
         };
@@ -99,13 +105,65 @@ public class UpdatedDependencyListTests
                         new ReportedRequirement()
                         {
                             Requirement = "13.0.1",
-                            File = "/src/c/packages.config",
+                            File = "/src/c/project.csproj",
                             Groups = ["dependencies"],
                         },
                     ]
                 },
             ],
-            DependencyFiles = ["/src/a/project.csproj", "/src/b/project.csproj", "/src/c/project.csproj", "/src/a/packages.config", "/src/b/packages.config", "/src/c/packages.config"],
+            DependencyFiles = ["/src/a/packages.config", "/src/a/project.csproj", "/src/b/packages.config", "/src/b/project.csproj", "/src/c/packages.config", "/src/c/project.csproj"],
+        };
+        // doing JSON comparison makes this easier; we don't have to define custom record equality and we get an easy diff
+        var actualJson = JsonSerializer.Serialize(updatedDependencyList);
+        var expectedJson = JsonSerializer.Serialize(expectedDependencyList);
+        Assert.Equal(expectedJson, actualJson);
+    }
+    [Fact]
+    public async Task UpdatedDependencyListDeduplicatesFiles()
+    {
+        // arrange
+        using var tempDir = new TemporaryDirectory();
+        var testFiles = new[]
+        {
+            "Directory.Packages.props",
+            "project1/project1.csproj",
+            "project2/project2.csproj",
+        };
+        foreach (var testFile in testFiles)
+        {
+            var fullFilePath = Path.Join(tempDir.DirectoryPath, testFile);
+            Directory.CreateDirectory(Path.GetDirectoryName(fullFilePath)!);
+            await File.WriteAllTextAsync(fullFilePath, "");
+        }
+        var discovery = new WorkspaceDiscoveryResult()
+        {
+            Path = "",
+            Projects = [
+                new()
+                {
+                    FilePath = "project1/project1.csproj",
+                    Dependencies = [],
+                    ImportedFiles = ["../Directory.Packages.props"],
+                    AdditionalFiles = [],
+                },
+                new()
+                {
+                    FilePath = "project2/project2.csproj",
+                    Dependencies = [],
+                    ImportedFiles = ["../Directory.Packages.props"],
+                    AdditionalFiles = [],
+                }
+            ]
+        };
+        // act
+        var updatedDependencyList = RunWorker.GetUpdatedDependencyListFromDiscovery(discovery, pathToContents: tempDir.DirectoryPath);
+        var expectedDependencyList = new UpdatedDependencyList()
+        {
+            Dependencies = [],
+            DependencyFiles = ["/Directory.Packages.props", "/project1/project1.csproj", "/project2/project2.csproj"],
         };
         // doing JSON comparison makes this easier; we don't have to define custom record equality and we get an easy diff

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TemporaryDirectory.cs CHANGED Viewed

@@ -4,19 +4,32 @@ using TestFile = (string Path, string Contents);
 public sealed class TemporaryDirectory : IDisposable
 {
+    private readonly TemporaryEnvironment _environment;
+    private readonly string _rootDirectory;
     public string DirectoryPath { get; }
     public TemporaryDirectory()
     {
         var parentDir = Path.GetDirectoryName(GetType().Assembly.Location)!;
         var tempDirName = $"nuget-updater-{Guid.NewGuid():d}";
-        DirectoryPath = Path.Combine(parentDir, "test-data", tempDirName);
+        _rootDirectory = Path.Combine(parentDir, "test-data", tempDirName);
+        _environment = new TemporaryEnvironment(
+            [
+                ("NUGET_PACKAGES", Path.Combine(_rootDirectory, "NUGET_PACKAGES")),
+                ("NUGET_HTTP_CACHE_PATH", Path.Combine(_rootDirectory, "NUGET_HTTP_CACHE_PATH")),
+                ("NUGET_SCRATCH", Path.Combine(_rootDirectory, "NUGET_SCRATCH")),
+                ("NUGET_PLUGINS_CACHE_PATH", Path.Combine(_rootDirectory, "NUGET_PLUGINS_CACHE_PATH")),
+            ]);
+        DirectoryPath = Path.Combine(_rootDirectory, "repo-root");
         Directory.CreateDirectory(DirectoryPath);
     }
     public void Dispose()
     {
-        Directory.Delete(DirectoryPath, true);
+        _environment.Dispose();
+        Directory.Delete(_rootDirectory, true);
     }
     public async Task<TestFile[]> ReadFileContentsAsync(HashSet<string> filePaths)
@@ -47,12 +60,10 @@ public sealed class TemporaryDirectory : IDisposable
     {
         var temporaryDirectory = new TemporaryDirectory();
-        var parentDirectory = Path.GetDirectoryName(temporaryDirectory.DirectoryPath)!;
         // prevent directory crawling
-        await File.WriteAllTextAsync(Path.Combine(parentDirectory, "Directory.Build.props"), "<Project />");
-        await File.WriteAllTextAsync(Path.Combine(parentDirectory, "Directory.Build.targets"), "<Project />");
-        await File.WriteAllTextAsync(Path.Combine(parentDirectory, "Directory.Packages.props"), """
+        await File.WriteAllTextAsync(Path.Combine(temporaryDirectory._rootDirectory, "Directory.Build.props"), "<Project />");
+        await File.WriteAllTextAsync(Path.Combine(temporaryDirectory._rootDirectory, "Directory.Build.targets"), "<Project />");
+        await File.WriteAllTextAsync(Path.Combine(temporaryDirectory._rootDirectory, "Directory.Packages.props"), """
             <Project>
               <PropertyGroup>
                 <ManagePackageVersionsCentrally>false</ManagePackageVersionsCentrally>

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/TestLogger.cs CHANGED Viewed

@@ -4,7 +4,7 @@ namespace NuGetUpdater.Core.Test;
 public class TestLogger : ILogger
 {
-    public void Log(string message)
+    public void LogRaw(string message)
     {
         Debug.WriteLine(message);
     }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/BindingRedirectsTests.cs CHANGED Viewed

@@ -2,7 +2,7 @@ using Xunit;
 namespace NuGetUpdater.Core.Test.Update;
-public class BindingRedirectsTests
+public class BindingRedirectsTests : TestBase
 {
     [Fact]
     public async Task SimpleBindingRedirectIsPerformed()

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/PackagesConfigUpdaterTests.cs CHANGED Viewed

@@ -169,5 +169,29 @@ public class PackagesConfigUpdaterTests : TestBase
             // expected packages directory path
             null
         ];
+        // project with differing package name and assembly name
+        yield return
+        [
+            // project contents
+            """
+            <Project xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+              <ItemGroup>
+                <Reference Include="Assembly.For.Some.Package, Version=1.0.0.0, Culture=neutral, PublicKeyToken=30ad4fe6b2a6aeed">
+                  <HintPath>..\packages\Some.Package.1.0.0\lib\net45\Assembly.For.Some.Package.dll</HintPath>
+                  <Private>True</Private>
+                </Reference>
+              </ItemGroup>
+            </Project>
+            """,
+            // packages.config contents
+            null,
+            // dependency name
+            "Some.Package",
+            // dependency version
+            "1.0.0",
+            // expected packages directory path
+            "../packages"
+        ];
     }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/UpdateWorkerTestBase.cs CHANGED Viewed

@@ -77,7 +77,8 @@ public abstract class UpdateWorkerTestBase : TestBase
         TestFile[]? additionalFiles = null,
         MockNuGetPackage[]? packages = null,
         ExperimentsManager? experimentsManager = null,
-        string projectFilePath = "test-project.csproj")
+        string projectFilePath = "test-project.csproj",
+        ExpectedUpdateOperationResult? expectedResult = null)
         => TestUpdateForProject(
             dependencyName,
             oldVersion,
@@ -88,7 +89,8 @@ public abstract class UpdateWorkerTestBase : TestBase
             additionalFiles,
             additionalFilesExpected: additionalFiles,
             packages: packages,
-            experimentsManager: experimentsManager);
+            experimentsManager: experimentsManager,
+            expectedResult: expectedResult);
     protected static Task TestUpdateForProject(
         string dependencyName,
@@ -270,10 +272,6 @@ public abstract class UpdateWorkerTestBase : TestBase
         {
             Job = new()
             {
-                AllowedUpdates =
-                [
-                    new() { UpdateType = "all" }
-                ],
                 Source = new()
                 {
                     Provider = "github",
@@ -313,14 +311,6 @@ public abstract class UpdateWorkerTestBase : TestBase
                 """
             );
         }
-        // override various nuget locations
-        foreach (var envName in new[] { "NUGET_PACKAGES", "NUGET_HTTP_CACHE_PATH", "NUGET_SCRATCH", "NUGET_PLUGINS_CACHE_PATH" })
-        {
-            string dir = Path.Join(temporaryDirectory, envName);
-            Directory.CreateDirectory(dir);
-            Environment.SetEnvironmentVariable(envName, dir);
-        }
     }
     protected static async Task<TestFile[]> RunUpdate(TestFile[] files, Func<string, Task> action)