dependabot-nuget 0.294.0 → 0.296.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (14) hide show
  1. checksums.yaml +4 -4
  2. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/DiscoveryWorker.cs +2 -1
  3. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/SdkProjectDiscovery.cs +1 -1
  4. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/ExperimentsManager.cs +6 -2
  5. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/RunWorker.cs +165 -123
  6. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/PackageReferenceUpdater.cs +1 -1
  7. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/PackagesConfigUpdater.cs +3 -6
  8. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs +43 -18
  9. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/RunWorkerTests.cs +338 -0
  10. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/SerializationTests.cs +30 -0
  11. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/UpdateAllowedTests.cs +286 -0
  12. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/UpdatedDependencyListTests.cs +9 -1
  13. data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs +112 -2
  14. metadata +6 -5
data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/RunWorkerTests.cs CHANGED
@@ -1711,6 +1711,344 @@ public class RunWorkerTests
1711
1711
  );
1712
1712
  }
1713
1713
 
1714
+ [Fact]
1715
+ public async Task UpdatePackageWithDifferentVersionsInDifferentDirectories()
1716
+ {
1717
+ // this test passes `null` for discovery, analyze, and update workers to fully test the desired behavior
1718
+
1719
+ // the same dependency Some.Package is reported for 3 cases:
1720
+ // library1.csproj - top level dependency, already up to date
1721
+ // library2.csproj - top level dependency, needs direct update
1722
+ // library3.csproj - transitive dependency, needs pin
1723
+ await RunAsync(
1724
+ experimentsManager: new ExperimentsManager() { UseDirectDiscovery = true },
1725
+ packages: [
1726
+ MockNuGetPackage.CreateSimplePackage("Some.Package", "1.0.0", "net8.0"),
1727
+ MockNuGetPackage.CreateSimplePackage("Some.Package", "2.0.0", "net8.0"),
1728
+ MockNuGetPackage.CreateSimplePackage("Package.With.Transitive.Dependency", "0.1.0", "net8.0", [(null, [("Some.Package", "1.0.0")])]),
1729
+ ],
1730
+ job: new Job()
1731
+ {
1732
+ AllowedUpdates = [new() { UpdateType = UpdateType.Security }],
1733
+ SecurityAdvisories =
1734
+ [
1735
+ new()
1736
+ {
1737
+ DependencyName = "Some.Package",
1738
+ AffectedVersions = [Requirement.Parse("= 1.0.0")]
1739
+ }
1740
+ ],
1741
+ Source = new()
1742
+ {
1743
+ Provider = "github",
1744
+ Repo = "test/repo",
1745
+ Directory = "/"
1746
+ }
1747
+ },
1748
+ files: [
1749
+ ("dirs.proj", """
1750
+ <Project>
1751
+ <ItemGroup>
1752
+ <ProjectFile Include="library1\library1.csproj" />
1753
+ <ProjectFile Include="library2\library2.csproj" />
1754
+ <ProjectFile Include="library3\library3.csproj" />
1755
+ </ItemGroup>
1756
+ </Project>
1757
+ """),
1758
+ ("Directory.Build.props", "<Project />"),
1759
+ ("Directory.Build.targets", "<Project />"),
1760
+ ("Directory.Packages.props", """
1761
+ <Project>
1762
+ <PropertyGroup>
1763
+ <ManagePackageVersionsCentrally>false</ManagePackageVersionsCentrally>
1764
+ </PropertyGroup>
1765
+ </Project>
1766
+ """),
1767
+ ("library1/library1.csproj", """
1768
+ <Project Sdk="Microsoft.NET.Sdk">
1769
+ <PropertyGroup>
1770
+ <TargetFramework>net8.0</TargetFramework>
1771
+ </PropertyGroup>
1772
+ <ItemGroup>
1773
+ <PackageReference Include="Some.Package" Version="2.0.0" />
1774
+ </ItemGroup>
1775
+ </Project>
1776
+ """),
1777
+ ("library2/library2.csproj", """
1778
+ <Project Sdk="Microsoft.NET.Sdk">
1779
+ <PropertyGroup>
1780
+ <TargetFramework>net8.0</TargetFramework>
1781
+ </PropertyGroup>
1782
+ <ItemGroup>
1783
+ <PackageReference Include="Some.Package" Version="1.0.0" />
1784
+ </ItemGroup>
1785
+ </Project>
1786
+ """),
1787
+ ("library3/library3.csproj", """
1788
+ <Project Sdk="Microsoft.NET.Sdk">
1789
+ <PropertyGroup>
1790
+ <TargetFramework>net8.0</TargetFramework>
1791
+ </PropertyGroup>
1792
+ <ItemGroup>
1793
+ <PackageReference Include="Package.With.Transitive.Dependency" Version="0.1.0" />
1794
+ </ItemGroup>
1795
+ </Project>
1796
+ """),
1797
+ ],
1798
+ discoveryWorker: null,
1799
+ analyzeWorker: null,
1800
+ updaterWorker: null,
1801
+ expectedResult: new RunResult()
1802
+ {
1803
+ Base64DependencyFiles =
1804
+ [
1805
+ new DependencyFile()
1806
+ {
1807
+ Directory = "/",
1808
+ Name = "Directory.Build.props",
1809
+ Content = Convert.ToBase64String(Encoding.UTF8.GetBytes("<Project />"))
1810
+ },
1811
+ new DependencyFile()
1812
+ {
1813
+ Directory = "/",
1814
+ Name = "Directory.Build.targets",
1815
+ Content = Convert.ToBase64String(Encoding.UTF8.GetBytes("<Project />"))
1816
+ },
1817
+ new DependencyFile()
1818
+ {
1819
+ Directory = "/",
1820
+ Name = "Directory.Packages.props",
1821
+ Content = Convert.ToBase64String(Encoding.UTF8.GetBytes("""
1822
+ <Project>
1823
+ <PropertyGroup>
1824
+ <ManagePackageVersionsCentrally>false</ManagePackageVersionsCentrally>
1825
+ </PropertyGroup>
1826
+ </Project>
1827
+ """))
1828
+ },
1829
+ new DependencyFile()
1830
+ {
1831
+ Directory = "/library1",
1832
+ Name = "library1.csproj",
1833
+ Content = Convert.ToBase64String(Encoding.UTF8.GetBytes("""
1834
+ <Project Sdk="Microsoft.NET.Sdk">
1835
+ <PropertyGroup>
1836
+ <TargetFramework>net8.0</TargetFramework>
1837
+ </PropertyGroup>
1838
+ <ItemGroup>
1839
+ <PackageReference Include="Some.Package" Version="2.0.0" />
1840
+ </ItemGroup>
1841
+ </Project>
1842
+ """))
1843
+ },
1844
+ new DependencyFile()
1845
+ {
1846
+ Directory = "/library2",
1847
+ Name = "library2.csproj",
1848
+ Content = Convert.ToBase64String(Encoding.UTF8.GetBytes("""
1849
+ <Project Sdk="Microsoft.NET.Sdk">
1850
+ <PropertyGroup>
1851
+ <TargetFramework>net8.0</TargetFramework>
1852
+ </PropertyGroup>
1853
+ <ItemGroup>
1854
+ <PackageReference Include="Some.Package" Version="1.0.0" />
1855
+ </ItemGroup>
1856
+ </Project>
1857
+ """))
1858
+ },
1859
+ new DependencyFile()
1860
+ {
1861
+ Directory = "/library3",
1862
+ Name = "library3.csproj",
1863
+ Content = Convert.ToBase64String(Encoding.UTF8.GetBytes("""
1864
+ <Project Sdk="Microsoft.NET.Sdk">
1865
+ <PropertyGroup>
1866
+ <TargetFramework>net8.0</TargetFramework>
1867
+ </PropertyGroup>
1868
+ <ItemGroup>
1869
+ <PackageReference Include="Package.With.Transitive.Dependency" Version="0.1.0" />
1870
+ </ItemGroup>
1871
+ </Project>
1872
+ """))
1873
+ }
1874
+ ],
1875
+ BaseCommitSha = "TEST-COMMIT-SHA",
1876
+ },
1877
+ expectedApiMessages: [
1878
+ new UpdatedDependencyList()
1879
+ {
1880
+ Dependencies = [
1881
+ new()
1882
+ {
1883
+ Name = "Some.Package",
1884
+ Version = "2.0.0",
1885
+ Requirements = [
1886
+ new()
1887
+ {
1888
+ Requirement = "2.0.0",
1889
+ File = "/library1/library1.csproj",
1890
+ Groups = ["dependencies"],
1891
+ }
1892
+ ]
1893
+ },
1894
+ new()
1895
+ {
1896
+ Name = "Some.Package",
1897
+ Version = "1.0.0",
1898
+ Requirements = [
1899
+ new()
1900
+ {
1901
+ Requirement = "1.0.0",
1902
+ File = "/library2/library2.csproj",
1903
+ Groups = ["dependencies"],
1904
+ }
1905
+ ]
1906
+ },
1907
+ new()
1908
+ {
1909
+ Name = "Package.With.Transitive.Dependency",
1910
+ Version = "0.1.0",
1911
+ Requirements = [
1912
+ new()
1913
+ {
1914
+ Requirement = "0.1.0",
1915
+ File = "/library3/library3.csproj",
1916
+ Groups = ["dependencies"],
1917
+ }
1918
+ ]
1919
+ },
1920
+ new()
1921
+ {
1922
+ Name = "Some.Package",
1923
+ Version = "1.0.0",
1924
+ Requirements = [
1925
+ new()
1926
+ {
1927
+ Requirement = "1.0.0",
1928
+ File = "/library3/library3.csproj",
1929
+ Groups = ["dependencies"],
1930
+ }
1931
+ ]
1932
+ },
1933
+ ],
1934
+ DependencyFiles = [
1935
+ "/Directory.Build.props",
1936
+ "/Directory.Build.targets",
1937
+ "/Directory.Packages.props",
1938
+ "/library1/library1.csproj",
1939
+ "/library2/library2.csproj",
1940
+ "/library3/library3.csproj",
1941
+ ],
1942
+ },
1943
+ new IncrementMetric()
1944
+ {
1945
+ Metric = "updater.started",
1946
+ Tags = new()
1947
+ {
1948
+ ["operation"] = "group_update_all_versions"
1949
+ }
1950
+ },
1951
+ new CreatePullRequest()
1952
+ {
1953
+ Dependencies = [
1954
+ new()
1955
+ {
1956
+ Name = "Some.Package",
1957
+ Version = "2.0.0",
1958
+ Requirements = [
1959
+ new()
1960
+ {
1961
+ Requirement = "2.0.0",
1962
+ File = "/library2/library2.csproj",
1963
+ Groups = ["dependencies"],
1964
+ Source = new()
1965
+ {
1966
+ SourceUrl = null,
1967
+ Type = "nuget_repo",
1968
+ }
1969
+ }
1970
+ ],
1971
+ PreviousVersion = "1.0.0",
1972
+ PreviousRequirements = [
1973
+ new()
1974
+ {
1975
+ Requirement = "1.0.0",
1976
+ File = "/library2/library2.csproj",
1977
+ Groups = ["dependencies"],
1978
+ }
1979
+ ],
1980
+ },
1981
+ new()
1982
+ {
1983
+ Name = "Some.Package",
1984
+ Version = "2.0.0",
1985
+ Requirements = [
1986
+ new()
1987
+ {
1988
+ Requirement = "2.0.0",
1989
+ File = "/library3/library3.csproj",
1990
+ Groups = ["dependencies"],
1991
+ Source = new()
1992
+ {
1993
+ SourceUrl = null,
1994
+ Type = "nuget_repo",
1995
+ }
1996
+ }
1997
+ ],
1998
+ PreviousVersion = "1.0.0",
1999
+ PreviousRequirements = [
2000
+ new()
2001
+ {
2002
+ Requirement = "1.0.0",
2003
+ File = "/library3/library3.csproj",
2004
+ Groups = ["dependencies"],
2005
+ }
2006
+ ],
2007
+ },
2008
+ ],
2009
+ UpdatedDependencyFiles = [
2010
+ new()
2011
+ {
2012
+ Directory = "/library2",
2013
+ Name = "library2.csproj",
2014
+ Content = """
2015
+ <Project Sdk="Microsoft.NET.Sdk">
2016
+ <PropertyGroup>
2017
+ <TargetFramework>net8.0</TargetFramework>
2018
+ </PropertyGroup>
2019
+ <ItemGroup>
2020
+ <PackageReference Include="Some.Package" Version="2.0.0" />
2021
+ </ItemGroup>
2022
+ </Project>
2023
+ """
2024
+ },
2025
+ new()
2026
+ {
2027
+ Directory = "/library3",
2028
+ Name = "library3.csproj",
2029
+ Content = """
2030
+ <Project Sdk="Microsoft.NET.Sdk">
2031
+ <PropertyGroup>
2032
+ <TargetFramework>net8.0</TargetFramework>
2033
+ </PropertyGroup>
2034
+ <ItemGroup>
2035
+ <PackageReference Include="Package.With.Transitive.Dependency" Version="0.1.0" />
2036
+ <PackageReference Include="Some.Package" Version="2.0.0" />
2037
+ </ItemGroup>
2038
+ </Project>
2039
+ """
2040
+ }
2041
+ ],
2042
+ BaseCommitSha = "TEST-COMMIT-SHA",
2043
+ CommitMessage = "TODO: message",
2044
+ PrTitle = "TODO: title",
2045
+ PrBody = "TODO: body"
2046
+ },
2047
+ new MarkAsProcessed("TEST-COMMIT-SHA")
2048
+ ]
2049
+ );
2050
+ }
2051
+
1714
2052
  private static async Task RunAsync(Job job, TestFile[] files, IDiscoveryWorker? discoveryWorker, IAnalyzeWorker? analyzeWorker, IUpdaterWorker? updaterWorker, RunResult expectedResult, object[] expectedApiMessages, MockNuGetPackage[]? packages = null, ExperimentsManager? experimentsManager = null, string? repoContentsPath = null)
1715
2053
  {
1716
2054
  // arrange
data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/SerializationTests.cs CHANGED
@@ -227,6 +227,36 @@ public class SerializationTests
227
227
  Assert.False(experimentsManager.UseDirectDiscovery);
228
228
  }
229
229
 
230
+ [Fact]
231
+ public void DeserializeExperimentsManager_AlternateNames()
232
+ {
233
+ // experiment names can be either snake case or kebab case
234
+ var jobWrapper = RunWorker.Deserialize("""
235
+ {
236
+ "job": {
237
+ "package-manager": "nuget",
238
+ "allowed-updates": [
239
+ {
240
+ "update-type": "all"
241
+ }
242
+ ],
243
+ "source": {
244
+ "provider": "github",
245
+ "repo": "some-org/some-repo",
246
+ "directory": "some-dir"
247
+ },
248
+ "experiments": {
249
+ "nuget-legacy-dependency-solver": true,
250
+ "nuget-use-direct-discovery": true
251
+ }
252
+ }
253
+ }
254
+ """);
255
+ var experimentsManager = ExperimentsManager.GetExperimentsManager(jobWrapper.Job.Experiments);
256
+ Assert.True(experimentsManager.UseLegacyDependencySolver);
257
+ Assert.True(experimentsManager.UseDirectDiscovery);
258
+ }
259
+
230
260
  [Theory]
231
261
  [MemberData(nameof(DeserializeErrorTypesData))]
232
262
  public void SerializeError(JobErrorBase error, string expectedSerialization)
data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/UpdateAllowedTests.cs ADDED
@@ -0,0 +1,286 @@
1
+ using System.Collections.Immutable;
2
+
3
+ using NuGetUpdater.Core.Analyze;
4
+ using NuGetUpdater.Core.Run;
5
+ using NuGetUpdater.Core.Run.ApiModel;
6
+
7
+ using Xunit;
8
+
9
+ using DepType = NuGetUpdater.Core.Run.ApiModel.DependencyType;
10
+
11
+ namespace NuGetUpdater.Core.Test.Run;
12
+
13
+ public class UpdateAllowedTests
14
+ {
15
+ [Theory]
16
+ [MemberData(nameof(IsUpdateAllowedTestData))]
17
+ public void IsUpdateAllowed(Job job, Dependency dependency, bool expectedResult)
18
+ {
19
+ var actualResult = RunWorker.IsUpdateAllowed(job, dependency);
20
+ Assert.Equal(expectedResult, actualResult);
21
+ }
22
+
23
+ public static IEnumerable<object[]> IsUpdateAllowedTestData()
24
+ {
25
+ // with default allowed updates on a transitive dependency
26
+ yield return
27
+ [
28
+ CreateJob(
29
+ allowedUpdates: [
30
+ new AllowedUpdate() { DependencyType = DepType.Direct, UpdateType = UpdateType.All }
31
+ ],
32
+ securityAdvisories: [
33
+ new Advisory() { DependencyName = "Some.Package", AffectedVersions = [], PatchedVersions = [Requirement.Parse(">= 1.11.0")], UnaffectedVersions = [] }
34
+ ],
35
+ securityUpdatesOnly: false),
36
+ new Dependency("Some.Package", "1.8.0", DependencyType.PackageReference, IsTransitive: true),
37
+ // expectedResult
38
+ false,
39
+ ];
40
+
41
+ // when dealing with a security update
42
+ yield return
43
+ [
44
+ CreateJob(
45
+ allowedUpdates: [
46
+ new AllowedUpdate() { DependencyType = DepType.Direct, UpdateType = UpdateType.All }
47
+ ],
48
+ securityAdvisories: [
49
+ new Advisory() { DependencyName = "Some.Package", AffectedVersions = [], PatchedVersions = [Requirement.Parse(">= 1.11.0")], UnaffectedVersions = [] }
50
+ ],
51
+ securityUpdatesOnly: true),
52
+ new Dependency("Some.Package", "1.8.0", DependencyType.PackageReference, IsTransitive: true),
53
+ // expectedResult
54
+ true,
55
+ ];
56
+
57
+ // with a top-level dependency
58
+ yield return
59
+ [
60
+ CreateJob(
61
+ allowedUpdates: [
62
+ new AllowedUpdate() { DependencyType = DepType.Direct, UpdateType = UpdateType.All },
63
+ new AllowedUpdate() { DependencyType = DepType.Indirect, UpdateType = UpdateType.Security }
64
+ ],
65
+ securityAdvisories: [],
66
+ securityUpdatesOnly: false),
67
+ new Dependency("Some.Package", "1.8.0", DependencyType.PackageReference, IsTransitive: false),
68
+ // expectedResult
69
+ true,
70
+ ];
71
+
72
+ // with a sub-dependency
73
+ yield return
74
+ [
75
+ CreateJob(
76
+ allowedUpdates: [
77
+ new AllowedUpdate() { DependencyType = DepType.Direct, UpdateType = UpdateType.All },
78
+ new AllowedUpdate() { DependencyType = DepType.Indirect, UpdateType = UpdateType.Security }
79
+ ],
80
+ securityAdvisories: [],
81
+ securityUpdatesOnly: false),
82
+ new Dependency("Some.Package", "1.8.0", DependencyType.PackageReference, IsTransitive: true),
83
+ // expectedResult
84
+ false,
85
+ ];
86
+
87
+ // when insecure
88
+ yield return
89
+ [
90
+ CreateJob(
91
+ allowedUpdates: [
92
+ new AllowedUpdate() { DependencyType = DepType.Direct, UpdateType = UpdateType.All },
93
+ new AllowedUpdate() { DependencyType = DepType.Indirect, UpdateType = UpdateType.Security }
94
+ ],
95
+ securityAdvisories: [
96
+ new Advisory() { DependencyName = "Some.Package", AffectedVersions = [], PatchedVersions = [Requirement.Parse(">= 1.11.0")], UnaffectedVersions = [] }
97
+ ],
98
+ securityUpdatesOnly: false),
99
+ new Dependency("Some.Package", "1.8.0", DependencyType.PackageReference, IsTransitive: true),
100
+ // expectedResult
101
+ true,
102
+ ];
103
+
104
+ // when only security fixes are allowed
105
+ yield return
106
+ [
107
+ CreateJob(
108
+ allowedUpdates: [
109
+ new AllowedUpdate() { DependencyType = DepType.Direct, UpdateType = UpdateType.All },
110
+ new AllowedUpdate() { DependencyType = DepType.Indirect, UpdateType = UpdateType.Security }
111
+ ],
112
+ securityAdvisories: [],
113
+ securityUpdatesOnly: true),
114
+ new Dependency("Some.Package", "1.8.0", DependencyType.PackageReference, IsTransitive: false),
115
+ // expectedResult
116
+ false,
117
+ ];
118
+
119
+ // when dealing with a security fix
120
+ yield return
121
+ [
122
+ CreateJob(
123
+ allowedUpdates: [
124
+ new AllowedUpdate() { DependencyType = DepType.Direct, UpdateType = UpdateType.All },
125
+ new AllowedUpdate() { DependencyType = DepType.Indirect, UpdateType = UpdateType.Security }
126
+ ],
127
+ securityAdvisories: [
128
+ new Advisory() { DependencyName = "Some.Package", AffectedVersions = [], PatchedVersions = [Requirement.Parse(">= 1.11.0")], UnaffectedVersions = [] }
129
+ ],
130
+ securityUpdatesOnly: true),
131
+ new Dependency("Some.Package", "1.8.0", DependencyType.PackageReference, IsTransitive: false),
132
+ // expectedResult
133
+ true,
134
+ ];
135
+
136
+ // when dealing with a security fix that doesn't apply
137
+ yield return
138
+ [
139
+ CreateJob(
140
+ allowedUpdates: [
141
+ new AllowedUpdate() { DependencyType = DepType.Direct, UpdateType = UpdateType.All },
142
+ new AllowedUpdate() { DependencyType = DepType.Indirect, UpdateType = UpdateType.Security }
143
+ ],
144
+ securityAdvisories: [
145
+ new Advisory() { DependencyName = "Some.Package", AffectedVersions = [Requirement.Parse("> 1.8.0")], PatchedVersions = [], UnaffectedVersions = [] }
146
+ ],
147
+ securityUpdatesOnly: true),
148
+ new Dependency("Some.Package", "1.8.0", DependencyType.PackageReference, IsTransitive: false),
149
+ // expectedResult
150
+ false,
151
+ ];
152
+
153
+ // when dealing with a security fix that doesn't apply to some versions
154
+ yield return
155
+ [
156
+ CreateJob(
157
+ allowedUpdates: [
158
+ new AllowedUpdate() { DependencyType = DepType.Direct, UpdateType = UpdateType.All },
159
+ new AllowedUpdate() { DependencyType = DepType.Indirect, UpdateType = UpdateType.Security }
160
+ ],
161
+ securityAdvisories: [
162
+ new Advisory() { DependencyName = "Some.Package", AffectedVersions = [Requirement.Parse("< 1.8.0"), Requirement.Parse("> 1.8.0")], PatchedVersions = [], UnaffectedVersions = [] }
163
+ ],
164
+ securityUpdatesOnly: true),
165
+ new Dependency("Some.Package", "1.8.1", DependencyType.PackageReference, IsTransitive: false),
166
+ // expectedResult
167
+ true,
168
+ ];
169
+
170
+ // when a dependency allow list that includes the dependency
171
+ yield return
172
+ [
173
+ CreateJob(
174
+ allowedUpdates: [
175
+ new AllowedUpdate() { DependencyName = "Some.Package" }
176
+ ],
177
+ securityAdvisories: [],
178
+ securityUpdatesOnly: false),
179
+ new Dependency("Some.Package", "1.8.0", DependencyType.PackageReference, IsTransitive: false),
180
+ // expectedResult
181
+ true,
182
+ ];
183
+
184
+ // with a dependency allow list that uses a wildcard
185
+ yield return
186
+ [
187
+ CreateJob(
188
+ allowedUpdates: [
189
+ new AllowedUpdate() { DependencyName = "Some.*" }
190
+ ],
191
+ securityAdvisories: [],
192
+ securityUpdatesOnly: false),
193
+ new Dependency("Some.Package", "1.8.0", DependencyType.PackageReference, IsTransitive: false),
194
+ // expectedResult
195
+ true,
196
+ ];
197
+
198
+ // when dependency allow list that excludes the dependency
199
+ yield return
200
+ [
201
+ CreateJob(
202
+ allowedUpdates: [
203
+ new AllowedUpdate() { DependencyName = "Unrelated.Package" }
204
+ ],
205
+ securityAdvisories: [],
206
+ securityUpdatesOnly: false),
207
+ new Dependency("Some.Package", "1.8.0", DependencyType.PackageReference, IsTransitive: false),
208
+ // expectedResult
209
+ false,
210
+ ];
211
+
212
+ // when matching with an incomplete dependency name
213
+ yield return
214
+ [
215
+ CreateJob(
216
+ allowedUpdates: [
217
+ new AllowedUpdate() { DependencyName = "Some" }
218
+ ],
219
+ securityAdvisories: [],
220
+ securityUpdatesOnly: false),
221
+ new Dependency("Some.Package", "1.8.0", DependencyType.PackageReference, IsTransitive: false),
222
+ // expectedResult
223
+ false,
224
+ ];
225
+
226
+ // with a dependency allow list that uses a wildcard
227
+ yield return
228
+ [
229
+ CreateJob(
230
+ allowedUpdates: [
231
+ new AllowedUpdate() { DependencyName = "Unrelated.*" }
232
+ ],
233
+ securityAdvisories: [],
234
+ securityUpdatesOnly: false),
235
+ new Dependency("Some.Package", "1.8.0", DependencyType.PackageReference, IsTransitive: false),
236
+ // expectedResult
237
+ false,
238
+ ];
239
+
240
+ // when security fixes are also allowed
241
+ yield return
242
+ [
243
+ CreateJob(
244
+ allowedUpdates: [
245
+ new AllowedUpdate() { DependencyName = "Unrelated.Package" },
246
+ new AllowedUpdate() { UpdateType = UpdateType.Security }
247
+ ],
248
+ securityAdvisories: [],
249
+ securityUpdatesOnly: false),
250
+ new Dependency("Some.Package", "1.8.0", DependencyType.PackageReference, IsTransitive: false),
251
+ // expectedResult
252
+ false,
253
+ ];
254
+
255
+ // when dealing with a security fix
256
+ yield return
257
+ [
258
+ CreateJob(
259
+ allowedUpdates: [
260
+ new AllowedUpdate() { DependencyName = "Unrelated.Package"}, new AllowedUpdate(){ UpdateType = UpdateType.Security }
261
+ ],
262
+ securityAdvisories: [
263
+ new Advisory() { DependencyName = "Some.Package", AffectedVersions = [], PatchedVersions = [Requirement.Parse(">= 1.11.0")], UnaffectedVersions = [] }
264
+ ],
265
+ securityUpdatesOnly: false),
266
+ new Dependency("Some.Package", "1.8.0", DependencyType.PackageReference, IsTransitive: false),
267
+ // expectedResult
268
+ true,
269
+ ];
270
+ }
271
+
272
+ private static Job CreateJob(AllowedUpdate[] allowedUpdates, Advisory[] securityAdvisories, bool securityUpdatesOnly)
273
+ {
274
+ return new Job()
275
+ {
276
+ AllowedUpdates = allowedUpdates.ToImmutableArray(),
277
+ SecurityAdvisories = securityAdvisories.ToImmutableArray(),
278
+ SecurityUpdatesOnly = securityUpdatesOnly,
279
+ Source = new()
280
+ {
281
+ Provider = "nuget",
282
+ Repo = "test/repo",
283
+ }
284
+ };
285
+ }
286
+ }
data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/UpdatedDependencyListTests.cs CHANGED
@@ -94,7 +94,15 @@ public class UpdatedDependencyListTests
94
94
  {
95
95
  Name = "System.Text.Json",
96
96
  Version = "6.0.0",
97
- Requirements = [],
97
+ Requirements =
98
+ [
99
+ new ReportedRequirement()
100
+ {
101
+ Requirement = "6.0.0",
102
+ File = "/src/c/project.csproj",
103
+ Groups = ["dependencies"],
104
+ }
105
+ ],
98
106
  },
99
107
  new ReportedDependency()
100
108
  {