dependabot-nuget 0.312.0 → 0.314.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: acb9d775c29330f4cae905aa23b7ad9c36f0ed161d8cc1c2fbfc7391fb52646b
-  data.tar.gz: 97b60783a35914969fe10efc5235a91d29a470faf40e4520cf331bf6bafe21f1
+  metadata.gz: 63addcf7753f130114a786641a1c8f3b82b2d8a3cd4c46e4f3d072c3d1b189f7
+  data.tar.gz: 36ad00f20c6beb2fd1146ddba62f9cffe9c42246e358f70fc4ec115372c93540
 SHA512:
-  metadata.gz: d1d117e611b42497834c3276f08e35e3a70a3b2d0f960ac3d666dde3c12eb32697f911e0af3409e76500977f4c1db835c4979a85879e86bbd00e0ec0df4cc34c
-  data.tar.gz: b3f8f76bc8be51fc23493c1660cb41e5f6b9c10721941bd98c72c49652c807bb320def722cdc3c08d822f2cd2ed0dbe993b75cd6d43d0f1593de6890a753af32
+  metadata.gz: 967973760977d8dce179417fe4a786c134db3a0b14fce254b303ca52c930a25b43fa990447b5fbddc36dfd6223129ba727764b628fd817598cab3f7f77feddec
+  data.tar.gz: 1616f671a195834522840194d936d3a301f1664f00d66201f31b27276436bdcbe5c1ed604b4d0ec06bae55276e183dfa6f464d1178f2fe0536edc421d3756f49

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/JobErrorBase.cs

@@ -47,24 +47,64 @@ public abstract record JobErrorBase : MessageBase
 
     public static JobErrorBase ErrorFromException(Exception ex, string jobId, string currentDirectory)
     {
-        return ex switch
+        switch (ex)
         {
-            BadRequirementException badRequirement => new BadRequirement(badRequirement.Message),
-            BadResponseException badResponse => new PrivateSourceBadResponse([badResponse.Uri]),
-            DependencyNotFoundException dependencyNotFound => new DependencyNotFound(string.Join(", ", dependencyNotFound.Dependencies)),
-            HttpRequestException httpRequest => httpRequest.StatusCode switch
-            {
-                HttpStatusCode.Unauthorized or
-                HttpStatusCode.Forbidden => new PrivateSourceAuthenticationFailure(NuGetContext.GetPackageSourceUrls(currentDirectory)),
-                HttpStatusCode.TooManyRequests => new PrivateSourceBadResponse(NuGetContext.GetPackageSourceUrls(currentDirectory)),
-                HttpStatusCode.ServiceUnavailable => new PrivateSourceBadResponse(NuGetContext.GetPackageSourceUrls(currentDirectory)),
-                _ => new UnknownError(ex, jobId),
-            },
-            InvalidProjectFileException invalidProjectFile => new DependencyFileNotParseable(invalidProjectFile.ProjectFile),
-            MissingFileException missingFile => new DependencyFileNotFound(missingFile.FilePath, missingFile.Message),
-            UnparseableFileException unparseableFile => new DependencyFileNotParseable(unparseableFile.FilePath, unparseableFile.Message),
-            UpdateNotPossibleException updateNotPossible => new UpdateNotPossible(updateNotPossible.Dependencies),
-            _ => new UnknownError(ex, jobId),
-        };
+            case BadRequirementException badRequirement:
+                return new BadRequirement(badRequirement.Message);
+            case BadResponseException badResponse:
+                return new PrivateSourceBadResponse([badResponse.Uri]);
+            case DependencyNotFoundException dependencyNotFound:
+                return new DependencyNotFound(string.Join(", ", dependencyNotFound.Dependencies));
+            case HttpRequestException httpRequest:
+                if (httpRequest.StatusCode is null)
+                {
+                    if (httpRequest.InnerException is HttpIOException ioException &&
+                        ioException.HttpRequestError == HttpRequestError.ResponseEnded)
+                    {
+                        // server hung up on us
+                        return new PrivateSourceBadResponse(NuGetContext.GetPackageSourceUrls(currentDirectory));
+                    }
+
+                    return new UnknownError(ex, jobId);
+                }
+
+                switch (httpRequest.StatusCode)
+                {
+                    case HttpStatusCode.Unauthorized:
+                    case HttpStatusCode.Forbidden:
+                        return new PrivateSourceAuthenticationFailure(NuGetContext.GetPackageSourceUrls(currentDirectory));
+                    case HttpStatusCode.TooManyRequests:
+                    case HttpStatusCode.ServiceUnavailable:
+                        return new PrivateSourceBadResponse(NuGetContext.GetPackageSourceUrls(currentDirectory));
+                    default:
+                        if ((int)httpRequest.StatusCode / 100 == 5)
+                        {
+                            return new PrivateSourceBadResponse(NuGetContext.GetPackageSourceUrls(currentDirectory));
+                        }
+
+                        return new UnknownError(ex, jobId);
+                }
+            case InvalidProjectFileException invalidProjectFile:
+                return new DependencyFileNotParseable(invalidProjectFile.ProjectFile);
+            case MissingFileException missingFile:
+                return new DependencyFileNotFound(missingFile.FilePath, missingFile.Message);
+            case UnparseableFileException unparseableFile:
+                return new DependencyFileNotParseable(unparseableFile.FilePath, unparseableFile.Message);
+            case UpdateNotPossibleException updateNotPossible:
+                return new UpdateNotPossible(updateNotPossible.Dependencies);
+            default:
+                // if a more specific inner exception was encountered, use that, otherwise...
+                if (ex.InnerException is not null)
+                {
+                    var innerError = ErrorFromException(ex.InnerException, jobId, currentDirectory);
+                    if (innerError is not UnknownError)
+                    {
+                        return innerError;
+                    }
+                }
+
+                // ...return the whole thing
+                return new UnknownError(ex, jobId);
+        }
     }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/IApiHandler.cs

@@ -35,6 +35,30 @@ public static class IApiHandlerExtensions
     public static Task UpdatePullRequest(this IApiHandler handler, UpdatePullRequest updatePullRequest) => handler.PostAsJson("update_pull_request", updatePullRequest);
     public static Task MarkAsProcessed(this IApiHandler handler, MarkAsProcessed markAsProcessed) => handler.PatchAsJson("mark_as_processed", markAsProcessed);
 
-    private static Task PostAsJson(this IApiHandler handler, string endpoint, object body) => handler.SendAsync(endpoint, body, "POST");
-    private static Task PatchAsJson(this IApiHandler handler, string endpoint, object body) => handler.SendAsync(endpoint, body, "PATCH");
+    private static Task PostAsJson(this IApiHandler handler, string endpoint, object body) => handler.WithRetries(() => handler.SendAsync(endpoint, body, "POST"));
+    private static Task PatchAsJson(this IApiHandler handler, string endpoint, object body) => handler.WithRetries(() => handler.SendAsync(endpoint, body, "PATCH"));
+
+    private const int MaxRetries = 3;
+    private const int MinRetryDelay = 3;
+    private const int MaxRetryDelay = 10;
+
+    private static async Task WithRetries(this IApiHandler handler, Func<Task> action)
+    {
+        var retryCount = 0;
+        while (true)
+        {
+            try
+            {
+                await action();
+                return;
+            }
+            catch (HttpRequestException ex)
+            when (retryCount < MaxRetries &&
+                (ex.StatusCode is null || ((int)ex.StatusCode) / 100 == 5))
+            {
+                retryCount++;
+                await Task.Delay(TimeSpan.FromSeconds(Random.Shared.Next(MinRetryDelay, MaxRetryDelay)));
+            }
+        }
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs

@@ -969,6 +969,7 @@ internal static partial class MSBuildHelper
         ThrowOnUpdateNotPossible(output);
         ThrowOnRateLimitExceeded(output);
         ThrowOnServiceUnavailable(output);
+        ThrowOnUnparseableFile(output);
     }
 
     private static void ThrowOnUnauthenticatedFeed(string stdout)
@@ -978,6 +979,7 @@ internal static partial class MSBuildHelper
             "The plugin credential provider could not acquire credentials",
             "401 (Unauthorized)",
             "error NU1301: Unable to load the service index for source",
+            "Response status code does not indicate success: 401",
             "Response status code does not indicate success: 403",
         };
         if (unauthorizedMessageSnippets.Any(stdout.Contains))
@@ -1058,6 +1060,7 @@ internal static partial class MSBuildHelper
             new Regex(@"Could not install package '(?<PackageName>[^ ]+) (?<PackageVersion>[^']+)'. You are trying to install this package"),
             new Regex(@"Unable to find a version of '[^']+' that is compatible with '[^ ]+ [^ ]+ constraint: (?<PackageName>[^ ]+) \([^ ]+ (?<PackageVersion>[^)]+)\)'"),
             new Regex(@"the following error\(s\) may be blocking the current package operation: '(?<PackageName>[^ ]+) (?<PackageVersion>[^ ]+) constraint:"),
+            new Regex(@"Unable to resolve '(?<PackageName>[^']+)'. An additional constraint '\((?<PackageVersion>[^)]+)\)' defined in packages.config prevents this operation."),
         };
         var matches = patterns.Select(p => p.Match(output)).Where(m => m.Success);
         if (matches.Any())
@@ -1067,6 +1070,19 @@ internal static partial class MSBuildHelper
         }
     }
 
+    private static void ThrowOnUnparseableFile(string output)
+    {
+        var patterns = new[]
+        {
+            new Regex(@"\nAn error occurred while reading file '(?<FilePath>[^']+)': (?<Message>[^\n]*)\n"),
+        };
+        var match = patterns.Select(p => p.Match(output)).Where(m => m.Success).FirstOrDefault();
+        if (match is not null)
+        {
+            throw new UnparseableFileException(match.Groups["Message"].Value, match.Groups["FilePath"].Value);
+        }
+    }
+
     internal static bool TryGetGlobalJsonPath(string repoRootPath, string workspacePath, [NotNullWhen(returnValue: true)] out string? globalJsonPath)
     {
         globalJsonPath = PathHelper.GetFileInDirectoryOrParent(workspacePath, repoRootPath, "global.json", caseSensitive: false);

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/HttpApiHandlerTests.cs

@@ -39,7 +39,7 @@ public class HttpApiHandlerTests
         using var http = TestHttpServer.CreateTestServer((method, url) =>
         {
             // no error content returned
-            return (500, null);
+            return (400, null);
         });
         var handler = new HttpApiHandler(http.BaseUrl, "TEST-ID");
 
@@ -51,10 +51,51 @@ public class HttpApiHandlerTests
         }));
 
         // assert
-        var expectedMessage = $"500 (InternalServerError)";
+        var expectedMessage = $"400 (BadRequest)";
         Assert.Equal(expectedMessage, exception.Message);
     }
 
+    [Fact]
+    public async Task ApiCallsAreAutomaticallyRetriedWhenTheServerThrowsAnError()
+    {
+        // arrange
+        var requestCount = 0;
+        using var http = TestHttpServer.CreateTestServer((method, url) =>
+        {
+            if (requestCount < 2)
+            {
+                requestCount++;
+                return (500, Array.Empty<byte>());
+            }
+
+            return (200, Array.Empty<byte>());
+        });
+        var handler = new HttpApiHandler(http.BaseUrl, "TEST-ID");
+
+        // act
+        await handler.IncrementMetric(new()
+        {
+            Metric = "test",
+        });
+    }
+
+    [Fact]
+    public async Task ApiCallsAreNotRetriedOnABadRequest()
+    {
+        // arrange
+        var requestCount = 0;
+        using var http = TestHttpServer.CreateTestServer((method, url) =>
+        {
+            requestCount++;
+            return (400, Array.Empty<byte>());
+        });
+        var handler = new HttpApiHandler(http.BaseUrl, "TEST-ID");
+
+        // act
+        await Assert.ThrowsAsync<HttpRequestException>(() => handler.IncrementMetric(new() { Metric = "test" }));
+        Assert.True(requestCount == 1, $"Expected only 1 request, but received {requestCount}.");
+    }
+
     [Theory]
     [MemberData(nameof(ErrorsAreSentToTheCorrectEndpointTestData))]
     public async Task ErrorsAreSentToTheCorrectEndpoint(JobErrorBase error, params string[] expectedEndpoints)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/JobErrorBaseTests.cs

@@ -0,0 +1,86 @@
+using System.Net;
+using System.Text.Json;
+
+using NuGet.Protocol.Core.Types;
+
+using NuGetUpdater.Core.Run;
+using NuGetUpdater.Core.Run.ApiModel;
+
+using Xunit;
+
+namespace NuGetUpdater.Core.Test.Run;
+
+public class JobErrorBaseTests : TestBase
+{
+    [Theory]
+    [MemberData(nameof(GenerateErrorFromExceptionTestData))]
+    public async Task GenerateErrorFromException(Exception exception, JobErrorBase expectedError)
+    {
+        // arrange
+        // some error types require a NuGet.Config file to be present
+        using var tempDir = await TemporaryDirectory.CreateWithContentsAsync(
+            ("NuGet.Config", """
+                <configuration>
+                  <packageSources>
+                    <clear />
+                    <add key="some_package_feed" value="http://nuget.example.com/v3/index.json" allowInsecureConnections="true" />
+                  </packageSources>
+                </configuration>
+                """)
+        );
+
+        // act
+        var actualError = JobErrorBase.ErrorFromException(exception, "TEST-JOB-ID", tempDir.DirectoryPath);
+
+        // assert
+        var actualErrorJson = JsonSerializer.Serialize(actualError, RunWorker.SerializerOptions);
+        var expectedErrorJson = JsonSerializer.Serialize(expectedError, RunWorker.SerializerOptions);
+        Assert.Equal(expectedErrorJson, actualErrorJson);
+    }
+
+    public static IEnumerable<object[]> GenerateErrorFromExceptionTestData()
+    {
+        // internal error from package feed
+        yield return
+        [
+            new HttpRequestException("nope", null, HttpStatusCode.InternalServerError),
+            new PrivateSourceBadResponse(["http://nuget.example.com/v3/index.json"]),
+        ];
+
+        // inner exception turns into private_source_bad_response; 500
+        yield return
+        [
+            new FatalProtocolException("nope", new HttpRequestException("nope", null, HttpStatusCode.InternalServerError)),
+            new PrivateSourceBadResponse(["http://nuget.example.com/v3/index.json"]),
+        ];
+
+        // inner exception turns into private_source_bad_response; ResponseEnded
+        yield return
+        [
+            new FatalProtocolException("nope", new HttpRequestException("nope", new HttpIOException(HttpRequestError.ResponseEnded))),
+            new PrivateSourceBadResponse(["http://nuget.example.com/v3/index.json"]),
+        ];
+
+        // top-level exception turns into private_source_authentication_failure
+        yield return
+        [
+            new HttpRequestException("nope", null, HttpStatusCode.Unauthorized),
+            new PrivateSourceAuthenticationFailure(["http://nuget.example.com/v3/index.json"]),
+        ];
+
+        // inner exception turns into private_source_authentication_failure
+        yield return
+        [
+            // the NuGet libraries commonly do this
+            new FatalProtocolException("nope", new HttpRequestException("nope", null, HttpStatusCode.Unauthorized)),
+            new PrivateSourceAuthenticationFailure(["http://nuget.example.com/v3/index.json"]),
+        ];
+
+        // unknown errors all the way down; report the initial top-level error
+        yield return
+        [
+            new Exception("outer", new Exception("inner")),
+            new UnknownError(new Exception("outer", new Exception("inner")), "TEST-JOB-ID"),
+        ];
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs

@@ -1773,6 +1773,14 @@ public class MSBuildHelperTests : TestBase
             null,
         ];
 
+        yield return
+        [
+            // output
+            "Response status code does not indicate success: 401",
+            // expectedError
+            new PrivateSourceAuthenticationFailure(["http://localhost/test-feed"]),
+        ];
+
         yield return
         [
             // output
@@ -1853,6 +1861,14 @@ public class MSBuildHelperTests : TestBase
             new UpdateNotPossible(["Some.Package.1.2.3"]),
         ];
 
+        yield return
+        [
+            // output
+            "Unable to resolve 'Some.Package'. An additional constraint '(= 1.2.3)' defined in packages.config prevents this operation.",
+            // expectedError
+            new UpdateNotPossible(["Some.Package.= 1.2.3"]),
+        ];
+
         yield return
         [
             // output
@@ -1860,6 +1876,14 @@ public class MSBuildHelperTests : TestBase
             // expectedError
             new DependencyNotFound("Some.Package"),
         ];
+
+        yield return
+        [
+            // output
+            "This part is not reported.\nAn error occurred while reading file '/path/to/packages.config': Some error message.\nThis part is not reported.",
+            // expectedError
+            new DependencyFileNotParseable("/path/to/packages.config", "Some error message."),
+        ];
     }
 
     public static IEnumerable<object[]> GetTopLevelPackageDependencyInfosTestData()

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-nuget
 version: !ruby/object:Gem::Version
-  version: 0.312.0
+  version: 0.314.0
 platform: ruby
 authors:
 - Dependabot
 bindir: bin
 cert_chain: []
-date: 2025-05-09 00:00:00.000000000 Z
+date: 2025-05-22 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: dependabot-common
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.312.0
+        version: 0.314.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.312.0
+        version: 0.314.0
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
@@ -348,6 +348,7 @@ files:
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/NuGetUpdater.Core.Test.csproj
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/EndToEndTests.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/HttpApiHandlerTests.cs
+- helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/JobErrorBaseTests.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/MessageReportTests.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/MiscellaneousTests.cs
 - helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/PullRequestMessageTests.cs
@@ -557,7 +558,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.312.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.314.0
 rdoc_options: []
 require_paths:
 - lib