dependabot-nuget 0.293.0 → 0.295.0

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/MiscellaneousTests.cs

@@ -1,3 +1,5 @@
+using System.Text.Json;
+
 using NuGet.Versioning;
 
 using NuGetUpdater.Core.Analyze;
@@ -29,6 +31,16 @@ public class MiscellaneousTests
         Assert.Equal(expectedRequirementsStrings, actualRequirementsStrings);
     }
 
+    [Theory]
+    [MemberData(nameof(DependencyInfoFromJobData))]
+    public void DependencyInfoFromJob(Job job, Dependency dependency, DependencyInfo expectedDependencyInfo)
+    {
+        var actualDependencyInfo = RunWorker.GetDependencyInfo(job, dependency);
+        var expectedString = JsonSerializer.Serialize(expectedDependencyInfo, AnalyzeWorker.SerializerOptions);
+        var actualString = JsonSerializer.Serialize(actualDependencyInfo, AnalyzeWorker.SerializerOptions);
+        Assert.Equal(expectedString, actualString);
+    }
+
     public static IEnumerable<object?[]> RequirementsFromIgnoredVersionsData()
     {
         yield return
@@ -82,4 +94,53 @@ public class MiscellaneousTests
             }
         ];
     }
+
+    public static IEnumerable<object[]> DependencyInfoFromJobData()
+    {
+        yield return
+        [
+            // job
+            new Job()
+            {
+                Source = new()
+                {
+                    Provider = "github",
+                    Repo = "some/repo"
+                },
+                SecurityAdvisories = [
+                    new()
+                    {
+                        DependencyName = "Some.Dependency",
+                        AffectedVersions = [Requirement.Parse(">= 1.0.0, < 1.1.0")],
+                        PatchedVersions = [Requirement.Parse("= 1.1.0")],
+                        UnaffectedVersions = [Requirement.Parse("= 1.2.0")]
+                    },
+                    new()
+                    {
+                        DependencyName = "Unrelated.Dependency",
+                        AffectedVersions = [Requirement.Parse(">= 1.0.0, < 99.99.99")]
+                    }
+                ]
+            },
+            // dependency
+            new Dependency("Some.Dependency", "1.0.0", DependencyType.PackageReference),
+            // expectedDependencyInfo
+            new DependencyInfo()
+            {
+                Name = "Some.Dependency",
+                Version = "1.0.0",
+                IsVulnerable = true,
+                IgnoredVersions = [],
+                Vulnerabilities = [
+                    new()
+                    {
+                        DependencyName = "Some.Dependency",
+                        PackageManager = "nuget",
+                        VulnerableVersions = [Requirement.Parse(">= 1.0.0, < 1.1.0")],
+                        SafeVersions = [Requirement.Parse("= 1.1.0"), Requirement.Parse("= 1.2.0")],
+                    }
+                ]
+            }
+        ];
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/RunWorkerTests.cs

@@ -1711,6 +1711,344 @@ public class RunWorkerTests
         );
     }
 
+    [Fact]
+    public async Task UpdatePackageWithDifferentVersionsInDifferentDirectories()
+    {
+        // this test passes `null` for discovery, analyze, and update workers to fully test the desired behavior
+
+        // the same dependency Some.Package is reported for 3 cases:
+        //   library1.csproj - top level dependency, already up to date
+        //   library2.csproj - top level dependency, needs direct update
+        //   library3.csproj - transitive dependency, needs pin
+        await RunAsync(
+            experimentsManager: new ExperimentsManager() { UseDirectDiscovery = true },
+            packages: [
+                MockNuGetPackage.CreateSimplePackage("Some.Package", "1.0.0", "net8.0"),
+                MockNuGetPackage.CreateSimplePackage("Some.Package", "2.0.0", "net8.0"),
+                MockNuGetPackage.CreateSimplePackage("Package.With.Transitive.Dependency", "0.1.0", "net8.0", [(null, [("Some.Package", "1.0.0")])]),
+            ],
+            job: new Job()
+            {
+                AllowedUpdates = [new() { UpdateType = UpdateType.Security }],
+                SecurityAdvisories =
+                [
+                    new()
+                    {
+                        DependencyName = "Some.Package",
+                        AffectedVersions = [Requirement.Parse("= 1.0.0")]
+                    }
+                ],
+                Source = new()
+                {
+                    Provider = "github",
+                    Repo = "test/repo",
+                    Directory = "/"
+                }
+            },
+            files: [
+                ("dirs.proj", """
+                    <Project>
+                      <ItemGroup>
+                        <ProjectFile Include="library1\library1.csproj" />
+                        <ProjectFile Include="library2\library2.csproj" />
+                        <ProjectFile Include="library3\library3.csproj" />
+                      </ItemGroup>
+                    </Project>
+                    """),
+                ("Directory.Build.props", "<Project />"),
+                ("Directory.Build.targets", "<Project />"),
+                ("Directory.Packages.props", """
+                    <Project>
+                      <PropertyGroup>
+                        <ManagePackageVersionsCentrally>false</ManagePackageVersionsCentrally>
+                      </PropertyGroup>
+                    </Project>
+                    """),
+                ("library1/library1.csproj", """
+                    <Project Sdk="Microsoft.NET.Sdk">
+                      <PropertyGroup>
+                        <TargetFramework>net8.0</TargetFramework>
+                      </PropertyGroup>
+                      <ItemGroup>
+                        <PackageReference Include="Some.Package" Version="2.0.0" />
+                      </ItemGroup>
+                    </Project>
+                    """),
+                ("library2/library2.csproj", """
+                    <Project Sdk="Microsoft.NET.Sdk">
+                      <PropertyGroup>
+                        <TargetFramework>net8.0</TargetFramework>
+                      </PropertyGroup>
+                      <ItemGroup>
+                        <PackageReference Include="Some.Package" Version="1.0.0" />
+                      </ItemGroup>
+                    </Project>
+                    """),
+                ("library3/library3.csproj", """
+                    <Project Sdk="Microsoft.NET.Sdk">
+                      <PropertyGroup>
+                        <TargetFramework>net8.0</TargetFramework>
+                      </PropertyGroup>
+                      <ItemGroup>
+                        <PackageReference Include="Package.With.Transitive.Dependency" Version="0.1.0" />
+                      </ItemGroup>
+                    </Project>
+                    """),
+            ],
+            discoveryWorker: null,
+            analyzeWorker: null,
+            updaterWorker: null,
+            expectedResult: new RunResult()
+            {
+                Base64DependencyFiles =
+                [
+                    new DependencyFile()
+                    {
+                        Directory = "/",
+                        Name = "Directory.Build.props",
+                        Content = Convert.ToBase64String(Encoding.UTF8.GetBytes("<Project />"))
+                    },
+                    new DependencyFile()
+                    {
+                        Directory = "/",
+                        Name = "Directory.Build.targets",
+                        Content = Convert.ToBase64String(Encoding.UTF8.GetBytes("<Project />"))
+                    },
+                    new DependencyFile()
+                    {
+                        Directory = "/",
+                        Name = "Directory.Packages.props",
+                        Content = Convert.ToBase64String(Encoding.UTF8.GetBytes("""
+                            <Project>
+                              <PropertyGroup>
+                                <ManagePackageVersionsCentrally>false</ManagePackageVersionsCentrally>
+                              </PropertyGroup>
+                            </Project>
+                            """))
+                    },
+                    new DependencyFile()
+                    {
+                        Directory = "/library1",
+                        Name = "library1.csproj",
+                        Content = Convert.ToBase64String(Encoding.UTF8.GetBytes("""
+                            <Project Sdk="Microsoft.NET.Sdk">
+                              <PropertyGroup>
+                                <TargetFramework>net8.0</TargetFramework>
+                              </PropertyGroup>
+                              <ItemGroup>
+                                <PackageReference Include="Some.Package" Version="2.0.0" />
+                              </ItemGroup>
+                            </Project>
+                            """))
+                    },
+                    new DependencyFile()
+                    {
+                        Directory = "/library2",
+                        Name = "library2.csproj",
+                        Content = Convert.ToBase64String(Encoding.UTF8.GetBytes("""
+                            <Project Sdk="Microsoft.NET.Sdk">
+                              <PropertyGroup>
+                                <TargetFramework>net8.0</TargetFramework>
+                              </PropertyGroup>
+                              <ItemGroup>
+                                <PackageReference Include="Some.Package" Version="1.0.0" />
+                              </ItemGroup>
+                            </Project>
+                            """))
+                    },
+                    new DependencyFile()
+                    {
+                        Directory = "/library3",
+                        Name = "library3.csproj",
+                        Content = Convert.ToBase64String(Encoding.UTF8.GetBytes("""
+                            <Project Sdk="Microsoft.NET.Sdk">
+                              <PropertyGroup>
+                                <TargetFramework>net8.0</TargetFramework>
+                              </PropertyGroup>
+                              <ItemGroup>
+                                <PackageReference Include="Package.With.Transitive.Dependency" Version="0.1.0" />
+                              </ItemGroup>
+                            </Project>
+                            """))
+                    }
+                ],
+                BaseCommitSha = "TEST-COMMIT-SHA",
+            },
+            expectedApiMessages: [
+                new UpdatedDependencyList()
+                {
+                    Dependencies = [
+                        new()
+                        {
+                            Name = "Some.Package",
+                            Version = "2.0.0",
+                            Requirements = [
+                                new()
+                                {
+                                    Requirement = "2.0.0",
+                                    File = "/library1/library1.csproj",
+                                    Groups = ["dependencies"],
+                                }
+                            ]
+                        },
+                        new()
+                        {
+                            Name = "Some.Package",
+                            Version = "1.0.0",
+                            Requirements = [
+                                new()
+                                {
+                                    Requirement = "1.0.0",
+                                    File = "/library2/library2.csproj",
+                                    Groups = ["dependencies"],
+                                }
+                            ]
+                        },
+                        new()
+                        {
+                            Name = "Package.With.Transitive.Dependency",
+                            Version = "0.1.0",
+                            Requirements = [
+                                new()
+                                {
+                                    Requirement = "0.1.0",
+                                    File = "/library3/library3.csproj",
+                                    Groups = ["dependencies"],
+                                }
+                            ]
+                        },
+                        new()
+                        {
+                            Name = "Some.Package",
+                            Version = "1.0.0",
+                            Requirements = [
+                                new()
+                                {
+                                    Requirement = "1.0.0",
+                                    File = "/library3/library3.csproj",
+                                    Groups = ["dependencies"],
+                                }
+                            ]
+                        },
+                    ],
+                    DependencyFiles = [
+                        "/Directory.Build.props",
+                        "/Directory.Build.targets",
+                        "/Directory.Packages.props",
+                        "/library1/library1.csproj",
+                        "/library2/library2.csproj",
+                        "/library3/library3.csproj",
+                    ],
+                },
+                new IncrementMetric()
+                {
+                    Metric = "updater.started",
+                    Tags = new()
+                    {
+                        ["operation"] = "group_update_all_versions"
+                    }
+                },
+                new CreatePullRequest()
+                {
+                    Dependencies = [
+                        new()
+                        {
+                            Name = "Some.Package",
+                            Version = "2.0.0",
+                            Requirements = [
+                                new()
+                                {
+                                    Requirement = "2.0.0",
+                                    File = "/library2/library2.csproj",
+                                    Groups = ["dependencies"],
+                                    Source = new()
+                                    {
+                                        SourceUrl = null,
+                                        Type = "nuget_repo",
+                                    }
+                                }
+                            ],
+                            PreviousVersion = "1.0.0",
+                            PreviousRequirements = [
+                                new()
+                                {
+                                    Requirement = "1.0.0",
+                                    File = "/library2/library2.csproj",
+                                    Groups = ["dependencies"],
+                                }
+                            ],
+                        },
+                        new()
+                        {
+                            Name = "Some.Package",
+                            Version = "2.0.0",
+                            Requirements = [
+                                new()
+                                {
+                                    Requirement = "2.0.0",
+                                    File = "/library3/library3.csproj",
+                                    Groups = ["dependencies"],
+                                    Source = new()
+                                    {
+                                        SourceUrl = null,
+                                        Type = "nuget_repo",
+                                    }
+                                }
+                            ],
+                            PreviousVersion = "1.0.0",
+                            PreviousRequirements = [
+                                new()
+                                {
+                                    Requirement = "1.0.0",
+                                    File = "/library3/library3.csproj",
+                                    Groups = ["dependencies"],
+                                }
+                            ],
+                        },
+                    ],
+                    UpdatedDependencyFiles = [
+                        new()
+                        {
+                            Directory = "/library2",
+                            Name = "library2.csproj",
+                            Content = """
+                                <Project Sdk="Microsoft.NET.Sdk">
+                                  <PropertyGroup>
+                                    <TargetFramework>net8.0</TargetFramework>
+                                  </PropertyGroup>
+                                  <ItemGroup>
+                                    <PackageReference Include="Some.Package" Version="2.0.0" />
+                                  </ItemGroup>
+                                </Project>
+                                """
+                        },
+                        new()
+                        {
+                            Directory = "/library3",
+                            Name = "library3.csproj",
+                            Content = """
+                                <Project Sdk="Microsoft.NET.Sdk">
+                                  <PropertyGroup>
+                                    <TargetFramework>net8.0</TargetFramework>
+                                  </PropertyGroup>
+                                  <ItemGroup>
+                                    <PackageReference Include="Package.With.Transitive.Dependency" Version="0.1.0" />
+                                    <PackageReference Include="Some.Package" Version="2.0.0" />
+                                  </ItemGroup>
+                                </Project>
+                                """
+                        }
+                    ],
+                    BaseCommitSha = "TEST-COMMIT-SHA",
+                    CommitMessage = "TODO: message",
+                    PrTitle = "TODO: title",
+                    PrBody = "TODO: body"
+                },
+                new MarkAsProcessed("TEST-COMMIT-SHA")
+            ]
+        );
+    }
+
     private static async Task RunAsync(Job job, TestFile[] files, IDiscoveryWorker? discoveryWorker, IAnalyzeWorker? analyzeWorker, IUpdaterWorker? updaterWorker, RunResult expectedResult, object[] expectedApiMessages, MockNuGetPackage[]? packages = null, ExperimentsManager? experimentsManager = null, string? repoContentsPath = null)
     {
         // arrange