dependabot-nuget 0.315.0 → 0.316.0

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ModifiedFilesTracker.cs

@@ -0,0 +1,151 @@
+using System.Collections.Immutable;
+
+using NuGetUpdater.Core.Discover;
+using NuGetUpdater.Core.Run.ApiModel;
+using NuGetUpdater.Core.Utilities;
+
+using static NuGetUpdater.Core.Utilities.EOLHandling;
+
+namespace NuGetUpdater.Core.Run;
+
+public class ModifiedFilesTracker
+{
+    public readonly DirectoryInfo RepoContentsPath;
+    private WorkspaceDiscoveryResult? _currentDiscoveryResult = null;
+
+    private readonly Dictionary<string, string> _originalDependencyFileContents = [];
+    private readonly Dictionary<string, EOLType> _originalDependencyFileEOFs = [];
+    private readonly Dictionary<string, bool> _originalDependencyFileBOMs = [];
+    private string[] _nonProjectFiles = [];
+
+    public IReadOnlyDictionary<string, string> OriginalDependencyFileContents => _originalDependencyFileContents;
+    //public IReadOnlyDictionary<string, EOLType> OriginalDependencyFileEOFs => _originalDependencyFileEOFs;
+    public IReadOnlyDictionary<string, bool> OriginalDependencyFileBOMs => _originalDependencyFileBOMs;
+
+    public ModifiedFilesTracker(DirectoryInfo repoContentsPath)
+    {
+        RepoContentsPath = repoContentsPath;
+    }
+
+    public async Task StartTrackingAsync(WorkspaceDiscoveryResult discoveryResult)
+    {
+        if (_currentDiscoveryResult is not null)
+        {
+            throw new InvalidOperationException("Already tracking modified files.");
+        }
+
+        _currentDiscoveryResult = discoveryResult;
+
+        // track original contents for later handling
+        async Task TrackOriginalContentsAsync(string directory, string fileName)
+        {
+            var repoFullPath = Path.Join(directory, fileName).FullyNormalizedRootedPath();
+            var localFullPath = Path.Join(RepoContentsPath.FullName, repoFullPath);
+            var content = await File.ReadAllTextAsync(localFullPath);
+            var rawContent = await File.ReadAllBytesAsync(localFullPath);
+            _originalDependencyFileContents[repoFullPath] = content;
+            _originalDependencyFileEOFs[repoFullPath] = content.GetPredominantEOL();
+            _originalDependencyFileBOMs[repoFullPath] = rawContent.HasBOM();
+        }
+
+        foreach (var project in _currentDiscoveryResult.Projects)
+        {
+            var projectDirectory = Path.GetDirectoryName(project.FilePath);
+            await TrackOriginalContentsAsync(_currentDiscoveryResult.Path, project.FilePath);
+            foreach (var extraFile in project.ImportedFiles.Concat(project.AdditionalFiles))
+            {
+                var extraFilePath = Path.Join(projectDirectory, extraFile);
+                await TrackOriginalContentsAsync(_currentDiscoveryResult.Path, extraFilePath);
+            }
+        }
+
+        _nonProjectFiles = new[]
+        {
+            _currentDiscoveryResult.GlobalJson?.FilePath,
+            _currentDiscoveryResult.DotNetToolsJson?.FilePath,
+        }.Where(f => f is not null).Cast<string>().ToArray();
+        foreach (var nonProjectFile in _nonProjectFiles)
+        {
+            await TrackOriginalContentsAsync(_currentDiscoveryResult.Path, nonProjectFile);
+        }
+    }
+
+    public async Task<ImmutableArray<DependencyFile>> StopTrackingAsync()
+    {
+        if (_currentDiscoveryResult is null)
+        {
+            throw new InvalidOperationException("No discovery result to track.");
+        }
+
+        var updatedDependencyFiles = new Dictionary<string, DependencyFile>();
+        async Task AddUpdatedFileIfDifferentAsync(string directory, string fileName)
+        {
+            var repoFullPath = Path.Join(directory, fileName).FullyNormalizedRootedPath();
+            var localFullPath = Path.GetFullPath(Path.Join(RepoContentsPath.FullName, repoFullPath));
+            var originalContent = _originalDependencyFileContents[repoFullPath];
+            var updatedContent = await File.ReadAllTextAsync(localFullPath);
+
+            updatedContent = updatedContent.SetEOL(_originalDependencyFileEOFs[repoFullPath]);
+            var updatedRawContent = updatedContent.SetBOM(_originalDependencyFileBOMs[repoFullPath]);
+            await File.WriteAllBytesAsync(localFullPath, updatedRawContent);
+
+            if (updatedContent != originalContent)
+            {
+                var reportedContent = updatedContent;
+                var encoding = "utf-8";
+                if (_originalDependencyFileBOMs[repoFullPath])
+                {
+                    reportedContent = Convert.ToBase64String(updatedRawContent);
+                    encoding = "base64";
+                }
+
+                updatedDependencyFiles[localFullPath] = new DependencyFile()
+                {
+                    Name = Path.GetFileName(repoFullPath),
+                    Directory = Path.GetDirectoryName(repoFullPath)!.NormalizePathToUnix(),
+                    Content = reportedContent,
+                    ContentEncoding = encoding,
+                };
+            }
+        }
+
+        foreach (var project in _currentDiscoveryResult.Projects)
+        {
+            await AddUpdatedFileIfDifferentAsync(_currentDiscoveryResult.Path, project.FilePath);
+            var projectDirectory = Path.GetDirectoryName(project.FilePath);
+            foreach (var extraFile in project.ImportedFiles.Concat(project.AdditionalFiles))
+            {
+                var extraFilePath = Path.Join(projectDirectory, extraFile);
+                await AddUpdatedFileIfDifferentAsync(_currentDiscoveryResult.Path, extraFilePath);
+            }
+        }
+
+        foreach (var nonProjectFile in _nonProjectFiles)
+        {
+            await AddUpdatedFileIfDifferentAsync(_currentDiscoveryResult.Path, nonProjectFile);
+        }
+
+        _currentDiscoveryResult = null;
+
+        var updatedDependencyFileList = updatedDependencyFiles
+            .OrderBy(kvp => kvp.Key)
+            .Select(kvp => kvp.Value)
+            .ToImmutableArray();
+        return updatedDependencyFileList;
+    }
+
+    public static ImmutableArray<DependencyFile> MergeUpdatedFileSet(ImmutableArray<DependencyFile> setA, ImmutableArray<DependencyFile> setB)
+    {
+        static string GetFullName(DependencyFile df) => Path.Join(df.Directory, df.Name).NormalizePathToUnix();
+        var finalSet = setA.ToDictionary(GetFullName, df => df);
+        foreach (var dependencyFile in setB)
+        {
+            finalSet[GetFullName(dependencyFile)] = dependencyFile;
+        }
+
+        return finalSet
+            .OrderBy(kvp => kvp.Key, StringComparer.OrdinalIgnoreCase)
+            .Select(kvp => kvp.Value)
+            .ToImmutableArray();
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/PullRequestTextGenerator.cs

@@ -1,10 +1,12 @@
 using System.Collections.Immutable;
-
-using NuGet.Versioning;
+using System.Text;
+using System.Text.RegularExpressions;
 
 using NuGetUpdater.Core.Run.ApiModel;
 using NuGetUpdater.Core.Updater;
 
+using DependencySet = (string Name, (NuGet.Versioning.NuGetVersion? OldVersion, NuGet.Versioning.NuGetVersion NewVersion)[] Versions);
+
 namespace NuGetUpdater.Core.Run;
 
 public class PullRequestTextGenerator
@@ -13,20 +15,58 @@ public class PullRequestTextGenerator
 
     public static string GetPullRequestTitle(Job job, ImmutableArray<UpdateOperationBase> updateOperationsPerformed, string? dependencyGroupName)
     {
-        // simple version looks like
-        //   Update Some.Package to 1.2.3
-        // if multiple packages are updated to multiple versions, result looks like:
-        //   Update Package.A to 1.0.0, 2.0.0; Package.B to 3.0.0, 4.0.0
-        var dependencySets = GetDependencySets(updateOperationsPerformed);
-        var updatedPartTitles = dependencySets
-            .Select(d => $"{d.Name} to {string.Join(", ", d.Versions.Select(v => v.ToString()))}")
-            .ToArray();
-        var title = $"{job.CommitMessageOptions?.Prefix}Update {string.Join("; ", updatedPartTitles)}";
+        var shortTitle = GetPullRequestShortTitle(job, updateOperationsPerformed, dependencyGroupName);
+        var titlePrefix = GetPullRequestTitlePrefix(job);
+        var fullTitle = $"{titlePrefix}{shortTitle}";
+        return fullTitle;
+    }
 
-        // don't let the title get too long
-        if (title.Length > MaxTitleLength && updatedPartTitles.Length >= 3)
+    private static string GetPullRequestTitlePrefix(Job job)
+    {
+        if (string.IsNullOrEmpty(job.CommitMessageOptions?.Prefix))
         {
-            title = $"{job.CommitMessageOptions?.Prefix}Update {dependencySets[0].Name} and {dependencySets.Length - 1} other dependencies";
+            return string.Empty;
+        }
+
+        var prefix = job.CommitMessageOptions?.Prefix ?? string.Empty;
+        if (Regex.IsMatch(prefix, @"[a-z0-9\)\]]$", RegexOptions.IgnoreCase))
+        {
+            prefix += ":";
+        }
+
+        if (!prefix.EndsWith(" "))
+        {
+            prefix += " ";
+        }
+
+        return prefix;
+    }
+
+    private static string GetPullRequestShortTitle(Job job, ImmutableArray<UpdateOperationBase> updateOperationsPerformed, string? dependencyGroupName)
+    {
+        string title;
+        var dependencySets = GetDependencySets(updateOperationsPerformed);
+        if (dependencyGroupName is not null)
+        {
+            title = $"Bump the {dependencyGroupName} group with {dependencySets.Length} update{(dependencySets.Length > 1 ? "s" : "")}";
+        }
+        else
+        {
+            if (dependencySets.Length == 1)
+            {
+                title = GetDependencySetBumpText(dependencySets[0], isCommitMessageDetail: false);
+            }
+            else
+            {
+                var dependencyNames = dependencySets.Select(d => d.Name).Distinct().OrderBy(n => n).ToArray();
+                title = $"Bump {string.Join(", ", dependencyNames.Take(dependencyNames.Length - 1))} and {dependencyNames[^1]}";
+
+                // don't let the title get too long
+                if (title.Length > MaxTitleLength && dependencyNames.Length >= 3)
+                {
+                    title = $"Bump {dependencyNames[0]} and {dependencyNames.Length - 1} others";
+                }
+            }
         }
 
         return title;
@@ -34,28 +74,33 @@ public class PullRequestTextGenerator
 
     public static string GetPullRequestCommitMessage(Job job, ImmutableArray<UpdateOperationBase> updateOperationsPerformed, string? dependencyGroupName)
     {
-        // updating a single dependency looks like
-        //   Update Some.Package to 1.2.3
-        // if multiple packages are updated, result looks like:
-        //   Update:
-        //   - Package.A to 1.0.0
-        //   - Package.B to 2.0.0
+        var sb = new StringBuilder();
+        sb.AppendLine(GetPullRequestTitle(job, updateOperationsPerformed, dependencyGroupName));
         var dependencySets = GetDependencySets(updateOperationsPerformed);
-        if (dependencySets.Length == 1)
+        if (dependencySets.Length > 1 ||
+            dependencyGroupName is not null)
         {
-            var depName = dependencySets[0].Name;
-            var depVersions = dependencySets[0].Versions.Select(v => v.ToString());
-            return $"Update {dependencySets[0].Name} to {string.Join(", ", depVersions)}";
+            // multiple updates performed, enumerate them
+            sb.AppendLine();
+            foreach (var dependencySet in dependencySets)
+            {
+                sb.AppendLine(GetDependencySetBumpText(dependencySet, isCommitMessageDetail: true));
+            }
         }
 
-        var updatedParts = dependencySets
-            .Select(d => $"- {d.Name} to {string.Join(", ", d.Versions.Select(v => v.ToString()))}")
-            .ToArray();
-        var message = string.Join("\n", ["Update:", .. updatedParts]);
-        return message;
+        return sb.ToString().Replace("\r", "").TrimEnd();
+    }
+
+    private static string GetDependencySetBumpText(DependencySet dependencySet, bool isCommitMessageDetail)
+    {
+        var bumpSuffix = isCommitMessageDetail ? "s" : string.Empty; // "Bumps" for commit message details, "Bump" otherwise
+        var fromText = dependencySet.Versions.Length == 1 && dependencySet.Versions[0].OldVersion is not null
+            ? $"from {dependencySet.Versions[0].OldVersion} "
+            : string.Empty;
+        return $"Bump{bumpSuffix} {dependencySet.Name} {fromText}to {string.Join(", ", dependencySet.Versions.Select(v => v.NewVersion.ToString()))}";
     }
 
-    private static (string Name, NuGetVersion[] Versions)[] GetDependencySets(ImmutableArray<UpdateOperationBase> updateOperationsPerformed)
+    private static DependencySet[] GetDependencySets(ImmutableArray<UpdateOperationBase> updateOperationsPerformed)
     {
         var dependencySets = updateOperationsPerformed
             .GroupBy(d => d.DependencyName, StringComparer.OrdinalIgnoreCase)
@@ -64,8 +109,9 @@ public class PullRequestTextGenerator
             {
                 var name = g.Key;
                 var versions = g
-                    .Select(d => d.NewVersion)
-                    .OrderBy(v => v)
+                    .OrderBy(d => d.OldVersion)
+                    .ThenBy(d => d.NewVersion)
+                    .Select(d => (d.OldVersion, d.NewVersion))
                     .ToArray();
                 return (name, versions);
             })

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/RunWorker.cs

@@ -1,4 +1,5 @@
 using System.Collections.Immutable;
+using System.IO;
 using System.Text;
 using System.Text.Json;
 using System.Text.Json.Serialization;
@@ -10,11 +11,10 @@ using NuGet.Versioning;
 using NuGetUpdater.Core.Analyze;
 using NuGetUpdater.Core.Discover;
 using NuGetUpdater.Core.Run.ApiModel;
+using NuGetUpdater.Core.Run.UpdateHandlers;
 using NuGetUpdater.Core.Updater;
 using NuGetUpdater.Core.Utilities;
 
-using static NuGetUpdater.Core.Utilities.EOLHandling;
-
 namespace NuGetUpdater.Core.Run;
 
 public class RunWorker
@@ -47,17 +47,74 @@ public class RunWorker
     {
         var jobFileContent = await File.ReadAllTextAsync(jobFilePath.FullName);
         var jobWrapper = Deserialize(jobFileContent);
-        var result = await RunAsync(jobWrapper.Job, repoContentsPath, baseCommitSha);
-        var resultJson = JsonSerializer.Serialize(result, SerializerOptions);
-        await File.WriteAllTextAsync(outputFilePath.FullName, resultJson);
+        var experimentsManager = ExperimentsManager.GetExperimentsManager(jobWrapper.Job.Experiments);
+        var result = await RunAsync(jobWrapper.Job, repoContentsPath, baseCommitSha, experimentsManager);
+        if (experimentsManager.UseLegacyUpdateHandler)
+        {
+            // only the legacy handler writes this file
+            var resultJson = JsonSerializer.Serialize(result, SerializerOptions);
+            await File.WriteAllTextAsync(outputFilePath.FullName, resultJson);
+        }
     }
 
-    public Task<RunResult> RunAsync(Job job, DirectoryInfo repoContentsPath, string baseCommitSha)
+    public async Task<RunResult> RunAsync(Job job, DirectoryInfo repoContentsPath, string baseCommitSha, ExperimentsManager experimentsManager)
     {
-        return RunWithErrorHandlingAsync(job, repoContentsPath, baseCommitSha);
+        RunResult result;
+        if (experimentsManager.UseLegacyUpdateHandler)
+        {
+            result = await RunWithErrorHandlingAsync(job, repoContentsPath, baseCommitSha, experimentsManager);
+        }
+        else
+        {
+            await RunScenarioHandlersWithErrorHandlingAsync(job, repoContentsPath, baseCommitSha, experimentsManager);
+
+            // the group updater doesn't return this, so we provide an empty object
+            result = new RunResult()
+            {
+                Base64DependencyFiles = [],
+                BaseCommitSha = baseCommitSha,
+            };
+        }
+
+        return result;
     }
 
-    private async Task<RunResult> RunWithErrorHandlingAsync(Job job, DirectoryInfo repoContentsPath, string baseCommitSha)
+    private static readonly ImmutableArray<IUpdateHandler> UpdateHandlers =
+    [
+        GroupUpdateAllVersionsHandler.Instance,
+        RefreshGroupUpdatePullRequestHandler.Instance,
+        CreateSecurityUpdatePullRequestHandler.Instance,
+        RefreshSecurityUpdatePullRequestHandler.Instance,
+        RefreshVersionUpdatePullRequestHandler.Instance,
+    ];
+
+    public static IUpdateHandler GetUpdateHandler(Job job) =>
+        UpdateHandlers.FirstOrDefault(h => h.CanHandle(job)) ?? throw new InvalidOperationException("Unable to find appropriate update handler.");
+
+    private async Task RunScenarioHandlersWithErrorHandlingAsync(Job job, DirectoryInfo repoContentsPath, string baseCommitSha, ExperimentsManager experimentsManager)
+    {
+        JobErrorBase? error = null;
+
+        try
+        {
+            var handler = GetUpdateHandler(job);
+            _logger.Info($"Starting update job of type {handler.TagName}");
+            await handler.HandleAsync(job, repoContentsPath, baseCommitSha, _discoveryWorker, _analyzeWorker, _updaterWorker, _apiHandler, experimentsManager, _logger);
+        }
+        catch (Exception ex)
+        {
+            error = JobErrorBase.ErrorFromException(ex, _jobId, repoContentsPath.FullName);
+        }
+
+        if (error is not null)
+        {
+            await _apiHandler.RecordUpdateJobError(error);
+        }
+
+        await _apiHandler.MarkAsProcessed(new(baseCommitSha));
+    }
+
+    private async Task<RunResult> RunWithErrorHandlingAsync(Job job, DirectoryInfo repoContentsPath, string baseCommitSha, ExperimentsManager experimentsManager)
     {
         JobErrorBase? error = null;
         var currentDirectory = repoContentsPath.FullName; // used for error reporting below
@@ -71,7 +128,6 @@ public class RunWorker
         {
             MSBuildHelper.RegisterMSBuild(repoContentsPath.FullName, repoContentsPath.FullName, _logger);
 
-            var experimentsManager = ExperimentsManager.GetExperimentsManager(job.Experiments);
             var allDependencyFiles = new Dictionary<string, DependencyFile>();
             foreach (var directory in job.GetAllDirectories())
             {
@@ -109,9 +165,7 @@ public class RunWorker
     private async Task<RunResult> RunForDirectory(Job job, DirectoryInfo repoContentsPath, string repoDirectory, string baseCommitSha, ExperimentsManager experimentsManager)
     {
         var discoveryResult = await _discoveryWorker.RunAsync(repoContentsPath.FullName, repoDirectory);
-
-        _logger.Info("Discovery JSON content:");
-        _logger.Info(JsonSerializer.Serialize(discoveryResult, DiscoveryWorker.SerializerOptions));
+        _logger.ReportDiscovery(discoveryResult);
 
         if (discoveryResult.Error is not null)
         {
@@ -125,50 +179,18 @@ public class RunWorker
         }
 
         // report dependencies
-        var discoveredUpdatedDependencies = GetUpdatedDependencyListFromDiscovery(discoveryResult, repoContentsPath.FullName);
+        var discoveredUpdatedDependencies = GetUpdatedDependencyListFromDiscovery(discoveryResult);
         await _apiHandler.UpdateDependencyList(discoveredUpdatedDependencies);
 
         var incrementMetric = GetIncrementMetric(job);
         await _apiHandler.IncrementMetric(incrementMetric);
 
         // TODO: pull out relevant dependencies, then check each for updates and track the changes
-        var originalDependencyFileContents = new Dictionary<string, string>();
-        var originalDependencyFileEOFs = new Dictionary<string, EOLType>();
-        var originalDependencyFileBOMs = new Dictionary<string, bool>();
         var actualUpdatedDependencies = new List<ReportedDependency>();
 
         // track original contents for later handling
-        async Task TrackOriginalContentsAsync(string directory, string fileName)
-        {
-            var repoFullPath = Path.Join(directory, fileName).FullyNormalizedRootedPath();
-            var localFullPath = Path.Join(repoContentsPath.FullName, repoFullPath);
-            var content = await File.ReadAllTextAsync(localFullPath);
-            var rawContent = await File.ReadAllBytesAsync(localFullPath);
-            originalDependencyFileContents[repoFullPath] = content;
-            originalDependencyFileEOFs[repoFullPath] = content.GetPredominantEOL();
-            originalDependencyFileBOMs[repoFullPath] = rawContent.HasBOM();
-        }
-
-        foreach (var project in discoveryResult.Projects)
-        {
-            var projectDirectory = Path.GetDirectoryName(project.FilePath);
-            await TrackOriginalContentsAsync(discoveryResult.Path, project.FilePath);
-            foreach (var extraFile in project.ImportedFiles.Concat(project.AdditionalFiles))
-            {
-                var extraFilePath = Path.Join(projectDirectory, extraFile);
-                await TrackOriginalContentsAsync(discoveryResult.Path, extraFilePath);
-            }
-        }
-
-        var nonProjectFiles = new[]
-        {
-            discoveryResult.GlobalJson?.FilePath,
-            discoveryResult.DotNetToolsJson?.FilePath,
-        }.Where(f => f is not null).Cast<string>().ToArray();
-        foreach (var nonProjectFile in nonProjectFiles)
-        {
-            await TrackOriginalContentsAsync(discoveryResult.Path, nonProjectFile);
-        }
+        var tracker = new ModifiedFilesTracker(repoContentsPath);
+        await tracker.StartTrackingAsync(discoveryResult);
 
         // do update
         var updateOperationsPerformed = new List<UpdateOperationBase>();
@@ -210,8 +232,7 @@ public class RunWorker
 
             var dependencyInfo = GetDependencyInfo(job, dependency);
             var analysisResult = await _analyzeWorker.RunAsync(repoContentsPath.FullName, discoveryResult, dependencyInfo);
-            _logger.Info("Analysis content:");
-            _logger.Info(JsonSerializer.Serialize(analysisResult, AnalyzeWorker.SerializerOptions));
+            _logger.ReportAnalysis(analysisResult);
 
             if (analysisResult.Error is not null)
             {
@@ -227,7 +248,7 @@ public class RunWorker
                         .FirstOrDefault(d => d.Name.Equals(dependency.Name, StringComparison.OrdinalIgnoreCase));
                     if (updatedDependencyFromAnalysis is not null)
                     {
-                        var existingPullRequest = job.GetExistingPullRequestForDependency(updatedDependencyFromAnalysis);
+                        var existingPullRequest = job.GetExistingPullRequestForDependencies([updatedDependencyFromAnalysis], considerVersions: true);
                         if (existingPullRequest is not null)
                         {
                             await SendApiMessage(new PullRequestExistsForLatestVersion(dependency.Name, analysisResult.UpdatedVersion));
@@ -261,6 +282,7 @@ public class RunWorker
                     PreviousRequirements = previousDependency.Requirements,
                 };
 
+                var projectDiscovery = discoveryResult.GetProjectDiscoveryFromPath(updateOperation.ProjectPath);
                 var updateResult = await _updaterWorker.RunAsync(repoContentsPath.FullName, updateOperation.ProjectPath, dependency.Name, dependency.Version!, analysisResult.UpdatedVersion, isTransitive: dependency.IsTransitive);
                 if (updateResult.Error is not null)
                 {
@@ -271,70 +293,19 @@ public class RunWorker
                     actualUpdatedDependencies.Add(updatedDependency);
                 }
 
-                updateOperationsPerformed.AddRange(updateResult.UpdateOperations);
+                var patchedUpdateOperations = PatchInOldVersions(updateResult.UpdateOperations, projectDiscovery);
+                updateOperationsPerformed.AddRange(patchedUpdateOperations);
             }
         }
 
         // create PR - we need to manually check file contents; we can't easily use `git status` in tests
-        var updatedDependencyFiles = new Dictionary<string, DependencyFile>();
-        async Task AddUpdatedFileIfDifferentAsync(string directory, string fileName)
-        {
-            var repoFullPath = Path.Join(directory, fileName).FullyNormalizedRootedPath();
-            var localFullPath = Path.GetFullPath(Path.Join(repoContentsPath.FullName, repoFullPath));
-            var originalContent = originalDependencyFileContents[repoFullPath];
-            var updatedContent = await File.ReadAllTextAsync(localFullPath);
-
-            updatedContent = updatedContent.SetEOL(originalDependencyFileEOFs[repoFullPath]);
-            var updatedRawContent = updatedContent.SetBOM(originalDependencyFileBOMs[repoFullPath]);
-            await File.WriteAllBytesAsync(localFullPath, updatedRawContent);
-
-            if (updatedContent != originalContent)
-            {
-                var reportedContent = updatedContent;
-                var encoding = "utf-8";
-                if (originalDependencyFileBOMs[repoFullPath])
-                {
-                    reportedContent = Convert.ToBase64String(updatedRawContent);
-                    encoding = "base64";
-                }
-
-                updatedDependencyFiles[localFullPath] = new DependencyFile()
-                {
-                    Name = Path.GetFileName(repoFullPath),
-                    Directory = Path.GetDirectoryName(repoFullPath)!.NormalizePathToUnix(),
-                    Content = reportedContent,
-                    ContentEncoding = encoding,
-                };
-            }
-        }
-
-        foreach (var project in discoveryResult.Projects)
-        {
-            await AddUpdatedFileIfDifferentAsync(discoveryResult.Path, project.FilePath);
-            var projectDirectory = Path.GetDirectoryName(project.FilePath);
-            foreach (var extraFile in project.ImportedFiles.Concat(project.AdditionalFiles))
-            {
-                var extraFilePath = Path.Join(projectDirectory, extraFile);
-                await AddUpdatedFileIfDifferentAsync(discoveryResult.Path, extraFilePath);
-            }
-        }
-
-        foreach (var nonProjectFile in nonProjectFiles)
-        {
-            await AddUpdatedFileIfDifferentAsync(discoveryResult.Path, nonProjectFile);
-        }
-
-        var updatedDependencyFileList = updatedDependencyFiles
-            .OrderBy(kvp => kvp.Key)
-            .Select(kvp => kvp.Value)
-            .ToArray();
-
+        var updatedDependencyFiles = await tracker.StopTrackingAsync();
         var normalizedUpdateOperationsPerformed = UpdateOperationBase.NormalizeUpdateOperationCollection(repoContentsPath.FullName, updateOperationsPerformed);
         var report = UpdateOperationBase.GenerateUpdateOperationReport(normalizedUpdateOperationsPerformed);
         _logger.Info(report);
 
         var sortedUpdatedDependencies = actualUpdatedDependencies.OrderBy(d => d.Name, StringComparer.OrdinalIgnoreCase).ToArray();
-        var resultMessage = GetPullRequestApiMessage(job, updatedDependencyFileList, sortedUpdatedDependencies, normalizedUpdateOperationsPerformed, baseCommitSha);
+        var resultMessage = GetPullRequestApiMessage(job, [.. updatedDependencyFiles], sortedUpdatedDependencies, normalizedUpdateOperationsPerformed, baseCommitSha);
         switch (resultMessage)
         {
             case ClosePullRequest close:
@@ -366,11 +337,11 @@ public class RunWorker
 
         var result = new RunResult()
         {
-            Base64DependencyFiles = originalDependencyFileContents.OrderBy(kvp => kvp.Key).Select(kvp =>
+            Base64DependencyFiles = tracker.OriginalDependencyFileContents.OrderBy(kvp => kvp.Key).Select(kvp =>
             {
                 var fullPath = kvp.Key.FullyNormalizedRootedPath();
                 var rawContent = Encoding.UTF8.GetBytes(kvp.Value);
-                if (originalDependencyFileBOMs[kvp.Key])
+                if (tracker.OriginalDependencyFileBOMs[kvp.Key])
                 {
                     rawContent = Encoding.UTF8.GetPreamble().Concat(rawContent).ToArray();
                 }
@@ -388,6 +359,22 @@ public class RunWorker
         return result;
     }
 
+    internal static ImmutableArray<UpdateOperationBase> PatchInOldVersions(ImmutableArray<UpdateOperationBase> updateOperations, ProjectDiscoveryResult? projectDiscovery)
+    {
+        if (projectDiscovery is null)
+        {
+            return updateOperations;
+        }
+
+        var originalPackageVersions = projectDiscovery
+            .Dependencies
+            .ToDictionary(d => d.Name, d => d.Version is null ? null : NuGetVersion.Parse(d.Version), StringComparer.OrdinalIgnoreCase);
+        var patchedUpdateOperations = updateOperations
+            .Select(uo => uo with { OldVersion = originalPackageVersions.GetValueOrDefault(uo.DependencyName) })
+            .ToImmutableArray();
+        return patchedUpdateOperations;
+    }
+
     private async Task SendApiMessage(MessageBase? message)
     {
         if (message is null)
@@ -433,7 +420,7 @@ public class RunWorker
         if (existingPullRequest is null && updatedFiles.Length == 0)
         {
             // it's possible that we were asked to update a specific package, but it's no longer there; in that case find _that_ specific PR
-            var requestedUpdates = (job.Dependencies ?? []).ToHashSet(StringComparer.OrdinalIgnoreCase);
+            var requestedUpdates = job.Dependencies.ToHashSet(StringComparer.OrdinalIgnoreCase);
             existingPullRequest = existingPullRequests.FirstOrDefault(pr => pr.Item2.Select(d => d.DependencyName).All(requestedUpdates.Contains));
         }
 
@@ -489,6 +476,7 @@ public class RunWorker
                     CommitMessage = PullRequestTextGenerator.GetPullRequestCommitMessage(job, updateOperationsPerformed, dependencyGroupName: null),
                     PrTitle = PullRequestTextGenerator.GetPullRequestTitle(job, updateOperationsPerformed, dependencyGroupName: null),
                     PrBody = PullRequestTextGenerator.GetPullRequestBody(job, updateOperationsPerformed, dependencyGroupName: null),
+                    DependencyGroup = null,
                 };
             }
         }
@@ -638,7 +626,7 @@ public class RunWorker
                     // not vulnerable => no longer needed
                     var specificJobDependencies = job.SecurityAdvisories
                         .Select(a => a.DependencyName)
-                        .Concat(job.Dependencies ?? [])
+                        .Concat(job.Dependencies)
                         .ToHashSet(StringComparer.OrdinalIgnoreCase);
                     if (specificJobDependencies.Contains(dependency.Name))
                     {
@@ -652,7 +640,7 @@ public class RunWorker
             {
                 // not a security update, so only update if...
                 // ...we've been explicitly asked to update this
-                if ((job.Dependencies ?? []).Any(d => d.Equals(dependency.Name, StringComparison.OrdinalIgnoreCase)))
+                if (job.Dependencies.Any(d => d.Equals(dependency.Name, StringComparison.OrdinalIgnoreCase)))
                 {
                     return true;
                 }
@@ -708,7 +696,7 @@ public class RunWorker
         return dependencyInfo;
     }
 
-    internal static UpdatedDependencyList GetUpdatedDependencyListFromDiscovery(WorkspaceDiscoveryResult discoveryResult, string pathToContents)
+    internal static UpdatedDependencyList GetUpdatedDependencyListFromDiscovery(WorkspaceDiscoveryResult discoveryResult)
     {
         string GetFullRepoPath(string path)
         {