dependabot-nuget 0.299.1 → 0.300.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 660e8ce19f7c5fe8fc23479b4d2bda8b68c18c2ef3b233c7ee7e1d0bb07c5ab7
-  data.tar.gz: 6169f17f97aae5ef7188ce33482a6e22b25f1e827b5f1edfc724d6d46e0f40cb
+  metadata.gz: 332ca34b57d20f0c5690563f3aeb969fb638fb8a9a5e02e569dc1360ef5ad066
+  data.tar.gz: 7dba4cc1963936c3b0b32dfa845e1285cb3bee679429da04c7cdad13590fc9dc
 SHA512:
-  metadata.gz: 89d65ebba5930c8fa88fde8d63614e187fc4e72f0cec66cbad9af08abafaf7b2601bede6d351e3ea73c1572a51a7c6245d488228a33b677204bc50982fbc41f5
-  data.tar.gz: 76df476a5b3c605128e79343ed2fe6248033a5a3d63fe4a2b8be03bedab6332aeb4c01d0d96a87766316d13d769ab69c4c953189ff0eae15ed4370914abc17ef
+  metadata.gz: 7b7a1770111410a3a3c9c7281e8e275f485e977e8c57290f7ea1d5e86219588d640bb82bf5c5f6d0a65b8b8a275edb4aadd051c0cc953df3cb62edc8fdf25a8d
+  data.tar.gz: 1b2ed4ce448d6a239c28d3b448fa73096b211a03dbd8083bbc6168c6655c3cb5d3d76d07262c3e0aeb9f7ccd8a58d7372f6dd21dc2ce6dc428160313bb8b653f

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/DependencyDiscovery.props

@@ -1,8 +1,16 @@
 <Project>
   <!-- The following properties enable target framework and dependency discovery when OS-specific workloads are required -->
   <PropertyGroup>
+    <!--
+
+    $(TargetPlatformVersion) should default to '0.0' as per https://github.com/dotnet/sdk/blob/v9.0.100/src/Tasks/Microsoft.NET.Build.Tasks/targets/Microsoft.NET.TargetFrameworkInference.targets#L69
+
+    HOWEVER, this will need to be set differently (e.g., '1.0') to do dependency discovery
+
+    -->
+    <_DefaultTargetPlatformVersion Condition="'$(_DefaultTargetPlatformVersion)' == ''">0.0</_DefaultTargetPlatformVersion>
     <DesignTimeBuild>true</DesignTimeBuild>
     <EnableWindowsTargeting Condition="$(TargetFramework.Contains('-windows'))">true</EnableWindowsTargeting>
-    <TargetPlatformVersion Condition="$(TargetPlatformVersion) == '' AND $(TargetFramework.Contains('-'))">1.0</TargetPlatformVersion>
+    <TargetPlatformVersion Condition="$(TargetPlatformVersion) == '' AND $(TargetFramework.Contains('-'))">$(_DefaultTargetPlatformVersion)</TargetPlatformVersion>
   </PropertyGroup>
 </Project>

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/DependencyDiscovery.targets

@@ -1,4 +1,9 @@
 <Project>
+  <PropertyGroup>
+    <!-- Dependency discovery requires a non-zero value for $(TargetPlatformVersion) -->
+    <_DefaultTargetPlatformVersion>1.0</_DefaultTargetPlatformVersion>
+  </PropertyGroup>
+
   <Import Project="DependencyDiscovery.props" />
 
   <Target Name="_DiscoverDependencies" DependsOnTargets="ResolveAssemblyReferences;GenerateBuildDependencyFile;ResolvePackageAssets">

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/SdkProjectDiscovery.cs

@@ -101,7 +101,7 @@ internal static class SdkProjectDiscovery
                 {
                     // the built-in target `GenerateBuildDependencyFile` forces resolution of all NuGet packages, but doesn't invoke a full build
                     var dependencyDiscoveryTargetsPath = Path.Combine(Path.GetDirectoryName(Assembly.GetExecutingAssembly().Location)!, "DependencyDiscovery.targets");
-                    var args = new string[]
+                    var args = new List<string>()
                     {
                         "build",
                         startingProjectPath,
@@ -112,6 +112,16 @@ internal static class SdkProjectDiscovery
                         $"/bl:{binLogPath}"
                     };
                     var (exitCode, stdOut, stdErr) = await ProcessEx.RunDotnetWithoutMSBuildEnvironmentVariablesAsync(args, startingProjectDirectory, experimentsManager);
+                    if (exitCode != 0 && stdOut.Contains("error : Object reference not set to an instance of an object."))
+                    {
+                        // https://github.com/NuGet/Home/issues/11761#issuecomment-1105218996
+                        // Due to a bug in NuGet, there can be a null reference exception thrown and adding this command line argument will work around it,
+                        // but this argument can't always be added; it can cause problems in other instances, so we're taking the approach of not using it
+                        // unless we have to.
+                        args.Add("/RestoreProperty:__Unused__=__Unused__");
+                        (exitCode, stdOut, stdErr) = await ProcessEx.RunDotnetWithoutMSBuildEnvironmentVariablesAsync(args, startingProjectDirectory, experimentsManager);
+                    }
+
                     return (exitCode, stdOut, stdErr);
                 }, logger, retainMSBuildSdks: true);
                 MSBuildHelper.ThrowOnError(stdOut);

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.cs

@@ -1381,4 +1381,57 @@ public partial class DiscoveryWorkerTests : DiscoveryWorkerTestBase
             }
         );
     }
+
+    // If the "Restore" target is invoked and $(RestoreUseStaticGraphEvaluation) is set to true, NuGet can throw
+    // a NullReferenceException.
+    // https://github.com/NuGet/Home/issues/11761#issuecomment-1105218996
+    [Fact]
+    public async Task NullReferenceExceptionFromNuGetRestoreIsWorkedAround()
+    {
+        await TestDiscoveryAsync(
+            packages: [
+                MockNuGetPackage.CreateSimplePackage("Some.Package", "1.2.3", "net8.0"),
+            ],
+            experimentsManager: new ExperimentsManager() { UseDirectDiscovery = true },
+            workspacePath: "",
+            files: [
+                ("project.csproj", """
+                    <Project Sdk="Microsoft.NET.Sdk">
+                      <PropertyGroup>
+                        <TargetFramework>net8.0</TargetFramework>
+                        <RestoreUseStaticGraphEvaluation>true</RestoreUseStaticGraphEvaluation>
+                      </PropertyGroup>
+                      <ItemGroup>
+                        <PackageReference Include="Some.Package" Version="1.2.3" />
+                      </ItemGroup>
+                    </Project>
+                    """),
+                // a pattern seen in the wild; always run restore
+                ("Directory.Build.rsp", """
+                    /Restore
+                    """)
+            ],
+            expectedResult: new()
+            {
+                Path = "",
+                Projects = [
+                    new()
+                    {
+                        FilePath = "project.csproj",
+                        TargetFrameworks = ["net8.0"],
+                        Dependencies = [
+                            new("Some.Package", "1.2.3", DependencyType.PackageReference, TargetFrameworks: ["net8.0"], IsDirect: true)
+                        ],
+                        Properties = [
+                            new("RestoreUseStaticGraphEvaluation", "true", "project.csproj"),
+                            new("TargetFramework", "net8.0", "project.csproj"),
+                        ],
+                        ReferencedProjectPaths = [],
+                        ImportedFiles = [],
+                        AdditionalFiles = [],
+                    }
+                ]
+            }
+        );
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/SdkProjectDiscoveryTests.cs

@@ -479,6 +479,51 @@ public class SdkProjectDiscoveryTests : DiscoveryWorkerTestBase
         );
     }
 
+    [Fact]
+    public async Task DependenciesCanBeDiscoveredWithWindowsSpecificTfm()
+    {
+        await TestDiscoverAsync(
+            packages:
+            [
+                MockNuGetPackage.CreateSimplePackage("Some.Dependency", "1.2.3", "netstandard2.0"),
+            ],
+            startingDirectory: "src",
+            projectPath: "src/library.csproj",
+            files:
+            [
+                ("src/library.csproj", """
+                    <Project Sdk="Microsoft.NET.Sdk">
+                      <PropertyGroup>
+                        <TargetFramework>net9.0-windows</TargetFramework>
+                      </PropertyGroup>
+                      <ItemGroup>
+                        <PackageReference Include="Some.Dependency" Version="1.2.3" />
+                      </ItemGroup>
+                    </Project>
+                    """)
+            ],
+            expectedProjects:
+            [
+                new()
+                {
+                    FilePath = "library.csproj",
+                    Dependencies =
+                    [
+                        new("Some.Dependency", "1.2.3", DependencyType.PackageReference, TargetFrameworks: ["net9.0-windows"], IsDirect: true),
+                    ],
+                    ImportedFiles = [],
+                    Properties =
+                    [
+                        new("TargetFramework", "net9.0-windows", "src/library.csproj"),
+                    ],
+                    TargetFrameworks = ["net9.0-windows"],
+                    ReferencedProjectPaths = [],
+                    AdditionalFiles = [],
+                },
+            ]
+        );
+    }
+
     private static async Task TestDiscoverAsync(string startingDirectory, string projectPath, TestFile[] files, ImmutableArray<ExpectedSdkProjectDiscoveryResult> expectedProjects, MockNuGetPackage[]? packages = null)
     {
         using var testDirectory = await TemporaryDirectory.CreateWithContentsAsync(files);

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs

@@ -606,6 +606,18 @@ public class MSBuildHelperTests : TestBase
             new[] { "net8.0-windows7.0" }
         ];
 
+        yield return
+        [
+            """
+            <Project Sdk="Microsoft.NET.Sdk">
+              <PropertyGroup>
+                <TargetFramework>net9.0-windows</TargetFramework>
+              </PropertyGroup>
+            </Project>
+            """,
+            new[] { "net9.0-windows" }
+        ];
+
         // legacy projects
         yield return
         [

data/lib/dependabot/nuget/nuget_config_credential_helpers.rb

@@ -28,7 +28,7 @@ module Dependabot
 
         File.rename(user_nuget_config_path, temporary_nuget_config_path)
 
-        package_sources = []
+        package_sources = ["    <add key=\"nuget.org\" value=\"https://api.nuget.org/v3/index.json\" />"]
         package_source_credentials = []
         nuget_credentials.each_with_index do |c, i|
           source_name = "nuget_source_#{i + 1}"

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-nuget
 version: !ruby/object:Gem::Version
-  version: 0.299.1
+  version: 0.300.0
 platform: ruby
 authors:
 - Dependabot
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2025-02-28 00:00:00.000000000 Z
+date: 2025-03-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.299.1
+        version: 0.300.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.299.1
+        version: 0.300.0
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
@@ -537,7 +537,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.299.1
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.300.0
 post_install_message:
 rdoc_options: []
 require_paths: