dependabot-nuget 0.315.0 → 0.316.0

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/RefreshSecurityUpdatePullRequestHandler.cs

@@ -0,0 +1,187 @@
+using System.Collections.Immutable;
+
+using NuGetUpdater.Core.Run.ApiModel;
+using NuGetUpdater.Core.Updater;
+
+namespace NuGetUpdater.Core.Run.UpdateHandlers;
+
+internal class RefreshSecurityUpdatePullRequestHandler : IUpdateHandler
+{
+    public static IUpdateHandler Instance { get; } = new RefreshSecurityUpdatePullRequestHandler();
+
+    public string TagName => "update_security_pr";
+
+    public bool CanHandle(Job job)
+    {
+        if (!job.SecurityUpdatesOnly)
+        {
+            return false;
+        }
+
+        if (job.Dependencies.Length == 0)
+        {
+            return false;
+        }
+
+        return job.UpdatingAPullRequest;
+    }
+
+    public async Task HandleAsync(Job job, DirectoryInfo repoContentsPath, string baseCommitSha, IDiscoveryWorker discoveryWorker, IAnalyzeWorker analyzeWorker, IUpdaterWorker updaterWorker, IApiHandler apiHandler, ExperimentsManager experimentsManager, ILogger logger)
+    {
+        var jobDependencies = job.Dependencies.ToHashSet(StringComparer.OrdinalIgnoreCase);
+        foreach (var directory in job.GetAllDirectories())
+        {
+            var discoveryResult = await discoveryWorker.RunAsync(repoContentsPath.FullName, directory);
+            logger.ReportDiscovery(discoveryResult);
+            if (discoveryResult.Error is not null)
+            {
+                await apiHandler.RecordUpdateJobError(discoveryResult.Error);
+                return;
+            }
+
+            var updatedDependencyList = RunWorker.GetUpdatedDependencyListFromDiscovery(discoveryResult);
+            await apiHandler.UpdateDependencyList(updatedDependencyList);
+            await this.ReportUpdaterStarted(apiHandler);
+
+            var updateOperationsPerformed = new List<UpdateOperationBase>();
+            var updatedDependencies = new List<ReportedDependency>();
+            var updateOperationsToPerform = RunWorker.GetUpdateOperations(discoveryResult).ToArray();
+            var groupedUpdateOperationsToPerform = updateOperationsToPerform
+                .GroupBy(o => o.Dependency.Name, StringComparer.OrdinalIgnoreCase)
+                .Where(g => jobDependencies.Contains(g.Key))
+                .ToDictionary(g => g.Key, g => g.ToArray(), StringComparer.OrdinalIgnoreCase);
+
+            logger.Info($"Updating dependencies: {string.Join(", ", groupedUpdateOperationsToPerform.Select(g => g.Key).Distinct().OrderBy(d => d, StringComparer.OrdinalIgnoreCase))}");
+
+            if (groupedUpdateOperationsToPerform.Count == 0)
+            {
+                await apiHandler.ClosePullRequest(ClosePullRequest.WithDependenciesRemoved(job));
+                continue;
+            }
+
+            var missingDependencies = jobDependencies
+                .Where(d => !groupedUpdateOperationsToPerform.ContainsKey(d))
+                .OrderBy(d => d, StringComparer.OrdinalIgnoreCase)
+                .ToImmutableArray();
+            if (missingDependencies.Length > 0)
+            {
+                await apiHandler.ClosePullRequest(ClosePullRequest.WithDependencyRemoved(job));
+                continue;
+            }
+
+            var tracker = new ModifiedFilesTracker(repoContentsPath);
+            await tracker.StartTrackingAsync(discoveryResult);
+            foreach (var dependencyGroupToUpdate in groupedUpdateOperationsToPerform)
+            {
+                var dependencyName = dependencyGroupToUpdate.Key;
+                var vulnerableDependenciesToUpdate = dependencyGroupToUpdate.Value
+                    .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency)))
+                    .Where(set => !job.IsDependencyIgnored(set.Dependency.Name, set.Dependency.Version!))
+                    .Where(set => set.Item3.IsVulnerable)
+                    .ToArray();
+
+                if (vulnerableDependenciesToUpdate.Length < dependencyGroupToUpdate.Value.Length)
+                {
+                    await apiHandler.ClosePullRequest(ClosePullRequest.WithUpToDate(job));
+                    return;
+                }
+
+                foreach (var (projectPath, dependency, dependencyInfo) in vulnerableDependenciesToUpdate)
+                {
+                    var analysisResult = await analyzeWorker.RunAsync(repoContentsPath.FullName, discoveryResult, dependencyInfo);
+                    if (analysisResult.Error is not null)
+                    {
+                        logger.Error($"Error analyzing {dependency.Name} in {projectPath}: {analysisResult.Error.GetReport()}");
+                        await apiHandler.RecordUpdateJobError(analysisResult.Error);
+                        return;
+                    }
+
+                    if (!analysisResult.CanUpdate)
+                    {
+                        logger.Info($"No updatable version found for {dependency.Name} in {projectPath}.");
+                        await apiHandler.ClosePullRequest(ClosePullRequest.WithUpdateNoLongerPossible(job));
+                        return;
+                    }
+
+                    logger.Info($"Attempting update of {dependency.Name} from {dependency.Version} to {analysisResult.UpdatedVersion} for {projectPath}.");
+                    var projectDiscovery = discoveryResult.GetProjectDiscoveryFromPath(projectPath);
+                    var updaterResult = await updaterWorker.RunAsync(repoContentsPath.FullName, projectPath, dependency.Name, dependency.Version!, analysisResult.UpdatedVersion, dependency.IsTransitive);
+                    if (updaterResult.Error is not null)
+                    {
+                        logger.Error($"Error updating {dependency.Name} in {projectPath}: {updaterResult.Error.GetReport()}");
+                        await apiHandler.RecordUpdateJobError(updaterResult.Error);
+                        continue;
+                    }
+
+                    if (updaterResult.UpdateOperations.Length == 0)
+                    {
+                        // nothing was done, but we may have already handled it
+                        var alreadyHandled = updatedDependencies.Where(updated => updated.Name == dependencyName && updated.Version == analysisResult.UpdatedVersion).Any();
+                        if (!alreadyHandled)
+                        {
+                            await apiHandler.ClosePullRequest(ClosePullRequest.WithUpdateNoLongerPossible(job));
+                            return;
+                        }
+                    }
+
+                    var patchedUpdateOperations = RunWorker.PatchInOldVersions(updaterResult.UpdateOperations, projectDiscovery);
+                    var updatedDependenciesForThis = patchedUpdateOperations
+                        .Select(o => o.ToReportedDependency(projectPath, updatedDependencyList.Dependencies, analysisResult.UpdatedDependencies))
+                        .ToArray();
+
+                    updatedDependencies.AddRange(updatedDependenciesForThis);
+                    updateOperationsPerformed.AddRange(patchedUpdateOperations);
+                    foreach (var o in patchedUpdateOperations)
+                    {
+                        logger.Info($"Update operation performed: {o.GetReport()}");
+                    }
+                }
+            }
+
+            var updatedDependencyFiles = await tracker.StopTrackingAsync();
+            var rawDependencies = updatedDependencies.Select(d => new Dependency(d.Name, d.Version, DependencyType.Unknown)).ToArray();
+            if (rawDependencies.Length > 0)
+            {
+                var commitMessage = PullRequestTextGenerator.GetPullRequestCommitMessage(job, [.. updateOperationsPerformed], null);
+                var prTitle = PullRequestTextGenerator.GetPullRequestTitle(job, [.. updateOperationsPerformed], null);
+                var prBody = PullRequestTextGenerator.GetPullRequestBody(job, [.. updateOperationsPerformed], null);
+
+                var existingPullRequest = job.GetExistingPullRequestForDependencies(rawDependencies, considerVersions: true);
+                if (existingPullRequest is not null)
+                {
+                    await apiHandler.UpdatePullRequest(new UpdatePullRequest()
+                    {
+                        DependencyNames = [.. jobDependencies.OrderBy(n => n, StringComparer.OrdinalIgnoreCase)],
+                        DependencyGroup = null,
+                        UpdatedDependencyFiles = [.. updatedDependencyFiles],
+                        BaseCommitSha = baseCommitSha,
+                        CommitMessage = commitMessage,
+                        PrTitle = prTitle,
+                        PrBody = prBody,
+                    });
+                    continue;
+                }
+                else
+                {
+                    var existingPrButDifferent = job.GetExistingPullRequestForDependencies(rawDependencies, considerVersions: false);
+                    if (existingPrButDifferent is not null)
+                    {
+                        await apiHandler.ClosePullRequest(ClosePullRequest.WithDependenciesChanged(job));
+                    }
+
+                    await apiHandler.CreatePullRequest(new CreatePullRequest()
+                    {
+                        Dependencies = [.. updatedDependencies],
+                        UpdatedDependencyFiles = [.. updatedDependencyFiles],
+                        BaseCommitSha = baseCommitSha,
+                        CommitMessage = commitMessage,
+                        PrTitle = prTitle,
+                        PrBody = prBody,
+                        DependencyGroup = null,
+                    });
+                    continue;
+                }
+            }
+        }
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/RefreshVersionUpdatePullRequestHandler.cs

@@ -0,0 +1,175 @@
+using System.Collections.Immutable;
+
+using NuGetUpdater.Core.Run.ApiModel;
+using NuGetUpdater.Core.Updater;
+
+namespace NuGetUpdater.Core.Run.UpdateHandlers;
+
+internal class RefreshVersionUpdatePullRequestHandler : IUpdateHandler
+{
+    public static IUpdateHandler Instance { get; } = new RefreshVersionUpdatePullRequestHandler();
+
+    public string TagName => "update_version_pr";
+
+    public bool CanHandle(Job job)
+    {
+        if (job.SecurityUpdatesOnly)
+        {
+            return false;
+        }
+
+        if (job.Dependencies.Length == 0)
+        {
+            return false;
+        }
+
+        return job.UpdatingAPullRequest;
+    }
+
+    public async Task HandleAsync(Job job, DirectoryInfo repoContentsPath, string baseCommitSha, IDiscoveryWorker discoveryWorker, IAnalyzeWorker analyzeWorker, IUpdaterWorker updaterWorker, IApiHandler apiHandler, ExperimentsManager experimentsManager, ILogger logger)
+    {
+        var jobDependencies = job.Dependencies.ToHashSet(StringComparer.OrdinalIgnoreCase);
+        foreach (var directory in job.GetAllDirectories())
+        {
+            var discoveryResult = await discoveryWorker.RunAsync(repoContentsPath.FullName, directory);
+            logger.ReportDiscovery(discoveryResult);
+            if (discoveryResult.Error is not null)
+            {
+                await apiHandler.RecordUpdateJobError(discoveryResult.Error);
+                return;
+            }
+
+            var updatedDependencyList = RunWorker.GetUpdatedDependencyListFromDiscovery(discoveryResult);
+            await apiHandler.UpdateDependencyList(updatedDependencyList);
+            await this.ReportUpdaterStarted(apiHandler);
+
+            var updateOperationsPerformed = new List<UpdateOperationBase>();
+            var updatedDependencies = new List<ReportedDependency>();
+            var updateOperationsToPerform = RunWorker.GetUpdateOperations(discoveryResult).ToArray();
+            var relevantUpdateOperationsToPerform = updateOperationsToPerform
+                .GroupBy(o => o.Dependency.Name, StringComparer.OrdinalIgnoreCase)
+                .Where(g => jobDependencies.Contains(g.Key))
+                .ToDictionary(g => g.Key, g => g.ToArray(), StringComparer.OrdinalIgnoreCase);
+
+            if (relevantUpdateOperationsToPerform.Count == 0)
+            {
+                await apiHandler.ClosePullRequest(ClosePullRequest.WithDependenciesRemoved(job));
+                continue;
+            }
+
+            var missingDependencies = jobDependencies
+                .Where(d => !relevantUpdateOperationsToPerform.ContainsKey(d))
+                .OrderBy(d => d, StringComparer.OrdinalIgnoreCase)
+                .ToImmutableArray();
+            if (missingDependencies.Length > 0)
+            {
+                await apiHandler.ClosePullRequest(ClosePullRequest.WithDependencyRemoved(job));
+                continue;
+            }
+
+            logger.Info($"Updating dependencies: {string.Join(", ", relevantUpdateOperationsToPerform.Select(g => g.Key).Distinct().OrderBy(d => d, StringComparer.OrdinalIgnoreCase))}");
+
+            var tracker = new ModifiedFilesTracker(repoContentsPath);
+            await tracker.StartTrackingAsync(discoveryResult);
+            foreach (var dependencyUpdatesToPeform in relevantUpdateOperationsToPerform)
+            {
+                var dependencyName = dependencyUpdatesToPeform.Key;
+                var dependencyInfosToUpdate = dependencyUpdatesToPeform.Value
+                    .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency)))
+                    .Where(set => !job.IsDependencyIgnored(set.Dependency.Name, set.Dependency.Version!))
+                    .ToArray();
+
+                foreach (var (projectPath, dependency, dependencyInfo) in dependencyInfosToUpdate)
+                {
+                    var analysisResult = await analyzeWorker.RunAsync(repoContentsPath.FullName, discoveryResult, dependencyInfo);
+                    if (analysisResult.Error is not null)
+                    {
+                        logger.Error($"Error analyzing {dependency.Name} in {projectPath}: {analysisResult.Error.GetReport()}");
+                        await apiHandler.RecordUpdateJobError(analysisResult.Error);
+                        return;
+                    }
+
+                    if (!analysisResult.CanUpdate)
+                    {
+                        logger.Info($"No updatable version found for {dependency.Name} in {projectPath}.");
+                        await apiHandler.ClosePullRequest(ClosePullRequest.WithUpdateNoLongerPossible(job));
+                        return;
+                    }
+
+                    logger.Info($"Attempting update of {dependency.Name} from {dependency.Version} to {analysisResult.UpdatedVersion} for {projectPath}.");
+                    var projectDiscovery = discoveryResult.GetProjectDiscoveryFromPath(projectPath);
+                    var updaterResult = await updaterWorker.RunAsync(repoContentsPath.FullName, projectPath, dependency.Name, dependency.Version!, analysisResult.UpdatedVersion, dependency.IsTransitive);
+                    if (updaterResult.Error is not null)
+                    {
+                        logger.Error($"Error updating {dependency.Name} in {projectPath}: {updaterResult.Error.GetReport()}");
+                        await apiHandler.RecordUpdateJobError(updaterResult.Error);
+                        continue;
+                    }
+
+                    if (updaterResult.UpdateOperations.Length == 0)
+                    {
+                        await apiHandler.ClosePullRequest(ClosePullRequest.WithUpdateNoLongerPossible(job));
+                        return;
+                    }
+
+                    var patchedUpdateOperations = RunWorker.PatchInOldVersions(updaterResult.UpdateOperations, projectDiscovery);
+                    var updatedDependenciesForThis = patchedUpdateOperations
+                        .Select(o => o.ToReportedDependency(projectPath, updatedDependencyList.Dependencies, analysisResult.UpdatedDependencies))
+                        .ToArray();
+
+                    updatedDependencies.AddRange(updatedDependenciesForThis);
+                    updateOperationsPerformed.AddRange(patchedUpdateOperations);
+                    foreach (var o in patchedUpdateOperations)
+                    {
+                        logger.Info($"Update operation performed: {o.GetReport()}");
+                    }
+                }
+            }
+
+            var updatedDependencyFiles = await tracker.StopTrackingAsync();
+            var rawDependencies = updatedDependencies.Select(d => new Dependency(d.Name, d.Version, DependencyType.Unknown)).ToArray();
+            if (rawDependencies.Length > 0)
+            {
+                var commitMessage = PullRequestTextGenerator.GetPullRequestCommitMessage(job, [.. updateOperationsPerformed], null);
+                var prTitle = PullRequestTextGenerator.GetPullRequestTitle(job, [.. updateOperationsPerformed], null);
+                var prBody = PullRequestTextGenerator.GetPullRequestBody(job, [.. updateOperationsPerformed], null);
+
+                var existingPullRequest = job.GetExistingPullRequestForDependencies(rawDependencies, considerVersions: true);
+                if (existingPullRequest is not null)
+                {
+                    await apiHandler.UpdatePullRequest(new UpdatePullRequest()
+                    {
+                        DependencyNames = [.. jobDependencies.OrderBy(n => n, StringComparer.OrdinalIgnoreCase)],
+                        DependencyGroup = null,
+                        UpdatedDependencyFiles = [.. updatedDependencyFiles],
+                        BaseCommitSha = baseCommitSha,
+                        CommitMessage = commitMessage,
+                        PrTitle = prTitle,
+                        PrBody = prBody,
+                    });
+                    continue;
+                }
+                else
+                {
+                    var existingPrButDifferent = job.GetExistingPullRequestForDependencies(rawDependencies, considerVersions: false);
+                    if (existingPrButDifferent is not null)
+                    {
+                        await apiHandler.ClosePullRequest(ClosePullRequest.WithDependenciesChanged(job));
+                    }
+
+                    await apiHandler.CreatePullRequest(new CreatePullRequest()
+                    {
+                        Dependencies = [.. updatedDependencies],
+                        UpdatedDependencyFiles = [.. updatedDependencyFiles],
+                        BaseCommitSha = baseCommitSha,
+                        CommitMessage = commitMessage,
+                        PrTitle = prTitle,
+                        PrBody = prBody,
+                        DependencyGroup = null,
+                    });
+                    continue;
+                }
+            }
+        }
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/UpdateOperationBase.cs

@@ -4,6 +4,7 @@ using System.Text.Json.Serialization;
 
 using NuGet.Versioning;
 
+using NuGetUpdater.Core.Run.ApiModel;
 using NuGetUpdater.Core.Utilities;
 
 
@@ -16,11 +17,38 @@ public abstract record UpdateOperationBase
 {
     public abstract string Type { get; }
     public required string DependencyName { get; init; }
+    public NuGetVersion? OldVersion { get; init; } = null;
     public required NuGetVersion NewVersion { get; init; }
     public required ImmutableArray<string> UpdatedFiles { get; init; }
 
     public abstract string GetReport();
 
+    public ReportedDependency ToReportedDependency(string projectPath, IEnumerable<ReportedDependency> previouslyReportedDependencies, IEnumerable<Dependency> updatedDependencies)
+    {
+        var updatedFilesSet = UpdatedFiles.ToHashSet(StringComparer.OrdinalIgnoreCase);
+        var previousDependency = previouslyReportedDependencies
+            .SingleOrDefault(d => d.Name.Equals(DependencyName, StringComparison.OrdinalIgnoreCase) && PathComparer.Instance.Equals(d.Requirements.Single().File, projectPath));
+        return new ReportedDependency()
+        {
+            Name = DependencyName,
+            Version = NewVersion.ToString(),
+            Requirements = [
+                new()
+                {
+                    File = projectPath,
+                    Requirement = NewVersion.ToString(),
+                    Groups = previousDependency?.Requirements.FirstOrDefault()?.Groups ?? [],
+                    Source = new()
+                    {
+                        SourceUrl = updatedDependencies.FirstOrDefault(d => d.Name.Equals(DependencyName, StringComparison.OrdinalIgnoreCase))?.InfoUrl,
+                    }
+                }
+            ],
+            PreviousVersion = previousDependency?.Version,
+            PreviousRequirements = previousDependency?.Requirements,
+        };
+    }
+
     internal static string GenerateUpdateOperationReport(IEnumerable<UpdateOperationBase> updateOperations)
     {
         var updateMessages = updateOperations.Select(u => u.GetReport()).ToImmutableArray();
@@ -36,7 +64,7 @@ public abstract record UpdateOperationBase
     internal static ImmutableArray<UpdateOperationBase> NormalizeUpdateOperationCollection(string repoRootPath, IEnumerable<UpdateOperationBase> updateOperations)
     {
         var groupedByKindWithCombinedFiles = updateOperations
-            .GroupBy(u => (u.GetType(), u.DependencyName, u.NewVersion))
+            .GroupBy(u => (u.GetType(), u.DependencyName, u.OldVersion, u.NewVersion))
             .Select(g =>
             {
                 if (g.Key.Item1 == typeof(DirectUpdate))
@@ -44,6 +72,7 @@ public abstract record UpdateOperationBase
                     return new DirectUpdate()
                     {
                         DependencyName = g.Key.DependencyName,
+                        OldVersion = g.Key.OldVersion,
                         NewVersion = g.Key.NewVersion,
                         UpdatedFiles = [.. g.SelectMany(u => u.UpdatedFiles)],
                     } as UpdateOperationBase;
@@ -53,6 +82,7 @@ public abstract record UpdateOperationBase
                     return new PinnedUpdate()
                     {
                         DependencyName = g.Key.DependencyName,
+                        OldVersion = g.Key.OldVersion,
                         NewVersion = g.Key.NewVersion,
                         UpdatedFiles = [.. g.SelectMany(u => u.UpdatedFiles)],
                     };
@@ -63,6 +93,7 @@ public abstract record UpdateOperationBase
                     return new ParentUpdate()
                     {
                         DependencyName = g.Key.DependencyName,
+                        OldVersion = g.Key.OldVersion,
                         NewVersion = g.Key.NewVersion,
                         UpdatedFiles = [.. g.SelectMany(u => u.UpdatedFiles)],
                         ParentDependencyName = parentUpdate.ParentDependencyName,
@@ -82,6 +113,7 @@ public abstract record UpdateOperationBase
         var ordered = uniqueUpdateOperations
             .OrderBy(u => u.GetType().Name)
             .ThenBy(u => u.DependencyName)
+            .ThenBy(u => u.OldVersion)
             .ThenBy(u => u.NewVersion)
             .ThenBy(u => u.UpdatedFiles.Length)
             .ThenBy(u => string.Join(",", u.UpdatedFiles))
@@ -95,6 +127,7 @@ public abstract record UpdateOperationBase
     {
         var hash = new HashCode();
         hash.Add(DependencyName);
+        hash.Add(OldVersion);
         hash.Add(NewVersion);
         hash.Add(UpdatedFiles.Length);
         for (int i = 0; i < UpdatedFiles.Length; i++)
@@ -111,7 +144,14 @@ public abstract record UpdateOperationBase
 public record DirectUpdate : UpdateOperationBase
 {
     public override string Type => nameof(DirectUpdate);
-    public override string GetReport() => $"Updated {DependencyName} to {NewVersion} in {string.Join(", ", UpdatedFiles)}";
+    public override string GetReport()
+    {
+        var fromText = OldVersion is null
+            ? string.Empty
+            : $"from {OldVersion} ";
+        return $"Updated {DependencyName} {fromText}to {NewVersion} in {string.Join(", ", UpdatedFiles)}";
+    }
+
     public sealed override string ToString() => GetString();
 }
 
@@ -185,6 +225,7 @@ public class UpdateOperationBaseComparer : IEqualityComparer<UpdateOperationBase
         }
 
         if (x.DependencyName != y.DependencyName ||
+            x.OldVersion != y.OldVersion ||
             x.NewVersion != y.NewVersion ||
             !x.UpdatedFiles.SequenceEqual(y.UpdatedFiles))
         {

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/ILogger.cs

@@ -1,3 +1,8 @@
+using System.Text.Json;
+
+using NuGetUpdater.Core.Analyze;
+using NuGetUpdater.Core.Discover;
+
 namespace NuGetUpdater.Core;
 
 public interface ILogger
@@ -11,6 +16,18 @@ public static class LoggerExtensions
     public static void Warn(this ILogger logger, string message) => logger.LogWithLevel("WARN", message);
     public static void Error(this ILogger logger, string message) => logger.LogWithLevel("ERROR", message);
 
+    public static void ReportAnalysis(this ILogger logger, AnalysisResult analysisResult)
+    {
+        logger.Info("Analysis JSON content:");
+        logger.Info(JsonSerializer.Serialize(analysisResult, AnalyzeWorker.SerializerOptions));
+    }
+
+    public static void ReportDiscovery(this ILogger logger, WorkspaceDiscoveryResult discoveryResult)
+    {
+        logger.Info("Discovery JSON content:");
+        logger.Info(JsonSerializer.Serialize(discoveryResult, DiscoveryWorker.SerializerOptions));
+    }
+
     private static void LogWithLevel(this ILogger logger, string level, string message) => logger.LogRaw($"{GetCurrentTimestamp()} {level} {message}");
     private static string GetCurrentTimestamp() => DateTime.UtcNow.ToString("yyyy/MM/dd HH:mm:ss");
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs

@@ -968,7 +968,7 @@ internal static partial class MSBuildHelper
         ThrowOnMissingPackages(output);
         ThrowOnUpdateNotPossible(output);
         ThrowOnRateLimitExceeded(output);
-        ThrowOnServiceUnavailable(output);
+        ThrowOnBadResponse(output);
         ThrowOnUnparseableFile(output);
     }
 
@@ -1001,16 +1001,20 @@ internal static partial class MSBuildHelper
         }
     }
 
-    private static void ThrowOnServiceUnavailable(string stdout)
+    private static void ThrowOnBadResponse(string stdout)
     {
-        var serviceUnavailableMessageSnippets = new string[]
+        var patterns = new[]
         {
-            "503 (Service Unavailable)",
-            "Response status code does not indicate success: 503",
+            new Regex(@"500 \(Internal Server Error\)"),
+            new Regex(@"503 \(Service Unavailable\)"),
+            new Regex(@"Response status code does not indicate success: 50\d"),
+            new Regex(@"The file is not a valid nupkg"),
+            new Regex(@"The response ended prematurely\. \(ResponseEnded\)"),
+            new Regex(@"The content at '.*' is not valid XML\."),
         };
-        if (serviceUnavailableMessageSnippets.Any(stdout.Contains))
+        if (patterns.Any(p => p.IsMatch(stdout)))
         {
-            throw new HttpRequestException(message: stdout, inner: null, statusCode: System.Net.HttpStatusCode.ServiceUnavailable);
+            throw new HttpRequestException(message: stdout, inner: null, statusCode: System.Net.HttpStatusCode.InternalServerError);
         }
     }
 
@@ -1030,11 +1034,12 @@ internal static partial class MSBuildHelper
             new Regex(@"Package '(?<PackageName>[^']*)' is not found on source '(?<PackageSource>[^$\r\n]*)'\."),
             new Regex(@"Unable to find package (?<PackageName>[^ ]+)\. No packages exist with this id in source\(s\): (?<PackageSource>.*)$", RegexOptions.Multiline),
             new Regex(@"Unable to find package (?<PackageName>[^ ]+) with version \((?<PackageVersion>[^)]+)\)"),
+            new Regex(@"Unable to find package '(?<PackageName>[^ ]+)'\."),
             new Regex(@"Could not resolve SDK ""(?<PackageName>[^ ]+)""\."),
             new Regex(@"Failed to fetch results from V2 feed at '.*FindPackagesById\(\)\?id='(?<PackageName>[^']+)'&semVerLevel=2\.0\.0' with following message : Response status code does not indicate success: 404\."),
         };
-        var matches = patterns.Select(p => p.Match(output)).Where(m => m.Success);
-        if (matches.Any())
+        var matches = patterns.Select(p => p.Match(output)).Where(m => m.Success).ToArray();
+        if (matches.Length > 0)
         {
             var packages = matches.Select(m =>
                 {
@@ -1075,6 +1080,7 @@ internal static partial class MSBuildHelper
         var patterns = new[]
         {
             new Regex(@"\nAn error occurred while reading file '(?<FilePath>[^']+)': (?<Message>[^\n]*)\n"),
+            new Regex(@"NuGet\.Config is not valid XML\. Path: '(?<FilePath>[^']+)'\.\n\s*(?<Message>[^\n]*)(\n|$)"),
         };
         var match = patterns.Select(p => p.Match(output)).Where(m => m.Success).FirstOrDefault();
         if (match is not null)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MarkdownListBuilder.cs

@@ -0,0 +1,65 @@
+namespace NuGetUpdater.Core.Utilities;
+
+public class MarkdownListBuilder
+{
+    public static string FromObject(object obj)
+    {
+        return string.Join(Environment.NewLine, LinesFromObject(obj));
+    }
+
+    private static string[] LinesFromObject(object obj)
+    {
+        var lines = new List<string>();
+        switch (obj)
+        {
+            case IDictionary<string, object> dict:
+                // key1: value1
+                // key2: value2
+                foreach (var (key, value) in dict)
+                {
+                    if (key == "error-backtrace")
+                    {
+                        continue;
+                    }
+
+                    var childLines = LinesFromObject(value);
+                    if (childLines.Length == 1)
+                    {
+                        // display inline
+                        lines.Add($"- {key}: {childLines[0]}");
+                    }
+                    else
+                    {
+                        // display in sub-list
+                        lines.Add($"- {key}:");
+                        foreach (var childLine in childLines)
+                        {
+                            lines.Add($"  {childLine}");
+                        }
+                    }
+                }
+                break;
+            case IEnumerable<object> values:
+                // - value1
+                // - value2
+                foreach (var value in values)
+                {
+                    var valueLines = LinesFromObject(value);
+                    lines.Add($"- {valueLines[0]}");
+                    foreach (var valueLine in valueLines.Skip(1))
+                    {
+                        lines.Add($"  {valueLine}");
+                    }
+                }
+                break;
+            case bool b:
+                lines.Add(b.ToString().ToLowerInvariant());
+                break;
+            default:
+                lines.Add(obj.ToString()!);
+                break;
+        }
+
+        return [.. lines];
+    }
+}