RubyGems - dependabot-nuget - Versions diffs - 0.316.0 → 0.318.0 - Mend

dependabot-nuget 0.316.0 → 0.318.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (29) hide show

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/SpecialImportsConditionPatcher.cs CHANGED Viewed

@@ -2,6 +2,8 @@ using System.Collections.Immutable;
 using Microsoft.Language.Xml;
+using NuGetUpdater.Core.Utilities;
 namespace NuGetUpdater.Core.Updater
 {
     internal class SpecialImportsConditionPatcher : IDisposable
@@ -24,9 +26,20 @@ namespace NuGetUpdater.Core.Updater
         public SpecialImportsConditionPatcher(string projectFilePath)
         {
+            var hasBOM = false;
             _processor = new XmlFilePreAndPostProcessor(
-                getContent: () => File.ReadAllText(projectFilePath),
-                setContent: s => File.WriteAllText(projectFilePath, s),
+                getContent: () =>
+                {
+                    var content = File.ReadAllText(projectFilePath);
+                    var rawContent = File.ReadAllBytes(projectFilePath);
+                    hasBOM = rawContent.HasBOM();
+                    return content;
+                },
+                setContent: content =>
+                {
+                    var rawContent = content.SetBOM(hasBOM);
+                    File.WriteAllBytes(projectFilePath, rawContent);
+                },
                 nodeFinder: doc => doc.Descendants()
                     .Where(e => e.Name == "Import")
                     .Where(e =>

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs CHANGED Viewed

@@ -478,7 +478,7 @@ internal static partial class MSBuildHelper
             // Return as array
             var candidatePackagesArray = candidatePackages.ToImmutableArray();
-            var targetFrameworks = new NuGetFramework[] { NuGetFramework.Parse(targetFramework) };
+            var targetFrameworks = ImmutableArray.Create<NuGetFramework>(NuGetFramework.Parse(targetFramework));
             var resolveProjectPath = projectPath;
@@ -492,15 +492,23 @@ internal static partial class MSBuildHelper
             // Target framework compatibility check
             foreach (var package in candidatePackages)
             {
-                if (!NuGetVersion.TryParse(package.Version, out var nuGetVersion))
+                if (package.Version is null ||
+                    !VersionRange.TryParse(package.Version, out var nuGetVersionRange))
                 {
                     // If version is not valid, return original packages and revert
                     return packages;
                 }
+                if (nuGetVersionRange.IsFloating)
+                {
+                    // If a wildcard version, the original project specified it this way and we can count on restore to do the appropriate thing
+                    continue;
+                }
+                var nuGetVersion = nuGetVersionRange.MinVersion; // not a wildcard, so `MinVersion` is just the version itself
                 var packageIdentity = new NuGet.Packaging.Core.PackageIdentity(package.Name, nuGetVersion);
-                bool isNewPackageCompatible = await CompatibilityChecker.CheckAsync(packageIdentity, targetFrameworks.ToImmutableArray(), nugetContext, logger, CancellationToken.None);
+                bool isNewPackageCompatible = await CompatibilityChecker.CheckAsync(packageIdentity, targetFrameworks, nugetContext, logger, CancellationToken.None);
                 if (!isNewPackageCompatible)
                 {
                     // If the package target framework is not compatible, return original packages and revert

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Analyze/VersionFinderTests.cs CHANGED Viewed

@@ -296,4 +296,43 @@ public class VersionFinderTests : TestBase
         var actualJson = JsonSerializer.Serialize(error, RunWorker.SerializerOptions);
         Assert.Equal(expectedJson, actualJson);
     }
+    [Theory]
+    [InlineData(null, "1.0.1", "1.1.0", "2.0.0")]
+    [InlineData(ConditionUpdateType.SemVerMajor, "1.0.1", "1.1.0")]
+    [InlineData(ConditionUpdateType.SemVerMinor, "1.0.1")]
+    [InlineData(ConditionUpdateType.SemVerPatch)]
+    public async Task VersionFinder_IgnoredUpdateTypesIsHonored(ConditionUpdateType? ignoredUpdateType, params string[] expectedVersions)
+    {
+        // arrange
+        using var tempDir = new TemporaryDirectory();
+        await UpdateWorkerTestBase.MockNuGetPackagesInDirectory([
+            MockNuGetPackage.CreateSimplePackage("Some.Dependency", "1.0.1", "net9.0"),
+            MockNuGetPackage.CreateSimplePackage("Some.Dependency", "1.1.0", "net9.0"),
+            MockNuGetPackage.CreateSimplePackage("Some.Dependency", "2.0.0", "net9.0"),
+        ], tempDir.DirectoryPath);
+        var tfm = NuGetFramework.Parse("net9.0");
+        var ignoredUpdateTypes = ignoredUpdateType is not null
+            ? new ConditionUpdateType[] { ignoredUpdateType.Value }
+            : [];
+        var dependencyInfo = new DependencyInfo()
+        {
+            Name = "Some.Dependency",
+            Version = "1.0.0",
+            IsVulnerable = false,
+            IgnoredVersions = [],
+            Vulnerabilities = [],
+            IgnoredUpdateTypes = [.. ignoredUpdateTypes],
+        };
+        var logger = new TestLogger();
+        var nugetContext = new NuGetContext(tempDir.DirectoryPath);
+        // act
+        var versionResult = await VersionFinder.GetVersionsAsync([tfm], dependencyInfo, nugetContext, logger, CancellationToken.None);
+        var versions = versionResult.GetVersions();
+        // assert
+        var actualVersions = versions.Select(v => v.ToString()).OrderBy(v => v).ToArray();
+        AssertEx.Equal(expectedVersions, actualVersions);
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/FrameworkChecker/FrameworkCompatibilityServiceFacts.cs CHANGED Viewed

@@ -1,10 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
-using System;
-using System.Collections.Generic;
-using System.Linq;
 using NuGet.Frameworks;
 using NuGetUpdater.Core.FrameworkChecker;
@@ -64,17 +60,18 @@ public class FrameworkCompatibilityServiceFacts
     }
     [Theory]
-    [InlineData("portable-net45+sl4+win8+wp7")]
-    [InlineData("portable-net40+sl4")]
-    [InlineData("portable-net45+sl5+win8+wpa81+wp8")]
-    public void PCLPackageFrameworksReturnsEmptySet(string pclFrameworkName)
+    [InlineData("portable-net45+win8+wpa81", "net48", true)] // profile 111, compatible
+    [InlineData("portable-net45+win8+wpa81", "net40", false)] // profile 111, incompatible
+    [InlineData("portable-net45+win8+wp8+wpa81", "net48", true)] // profile 259, compatible
+    public void PCLPackageFrameworksReportCompatibility(string pclFrameworkName, string projectFrameworkName, bool expectedCompatible)
     {
         var portableFramework = NuGetFramework.Parse(pclFrameworkName);
+        var projectFramework = NuGetFramework.Parse(projectFrameworkName);
-        var result = _service.GetCompatibleFrameworks([portableFramework]);
+        var compatible = _service.GetCompatibleFrameworks([portableFramework]);
-        Assert.True(portableFramework.IsPCL);
-        Assert.Empty(result);
+        var actualCompatible = compatible.Contains(projectFramework);
+        Assert.Equal(expectedCompatible, actualCompatible);
     }
     [Theory]

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/MiscellaneousTests.cs CHANGED Viewed

@@ -16,8 +16,8 @@ namespace NuGetUpdater.Core.Test.Run;
 public class MiscellaneousTests
 {
     [Theory]
-    [MemberData(nameof(IsDependencyIgnoredTestData))]
-    public void IsDependencyIgnored(Condition[] ignoreConditions, string dependencyName, string dependencyVersion, bool expectedIgnored)
+    [MemberData(nameof(IsDependencyIgnoredByNameOnlyTestData))]
+    public void IsDependencyIgnoredByNameOnly(Condition[] ignoreConditions, string dependencyName, bool expectedIgnored)
     {
         // arrange
         var job = new Job()
@@ -31,14 +31,15 @@ public class MiscellaneousTests
         };
         // act
-        var actualIsIgnored = job.IsDependencyIgnored(dependencyName, dependencyVersion);
+        var actualIsIgnored = job.IsDependencyIgnoredByNameOnly(dependencyName);
         // assert
         Assert.Equal(expectedIgnored, actualIsIgnored);
     }
-    public static IEnumerable<object[]> IsDependencyIgnoredTestData()
+    public static IEnumerable<object[]> IsDependencyIgnoredByNameOnlyTestData()
     {
+        // non-matching name
         yield return
         [
             // ignoreConditions
@@ -51,12 +52,11 @@ public class MiscellaneousTests
             },
             // dependencyName
             "Some.Dependency",
-            // dependencyVersion
-            "1.2.3",
             // expectedIgnored
             false,
         ];
+        // matching name, but has version requirement
         yield return
         [
             // ignoreConditions
@@ -70,12 +70,11 @@ public class MiscellaneousTests
             },
             // dependencyName
             "Some.Dependency",
-            // dependencyVersion
-            "1.2.3",
             // expectedIgnored
             false,
         ];
+        // wildcard matching name
         yield return
         [
             // ignoreConditions
@@ -83,18 +82,34 @@ public class MiscellaneousTests
             {
                 new Condition()
                 {
-                    DependencyName = "Some.Dependency",
-                    VersionRequirement = Requirement.Parse("> 1.0.0"),
+                    DependencyName = "Some.*",
                 }
             },
             // dependencyName
             "Some.Dependency",
-            // dependencyVersion
-            "1.2.3",
             // expectedIgnored
             true,
         ];
+        // matching name, but has update type restrictions
+        yield return
+        [
+            // ignoreConditions
+            new[]
+            {
+                new Condition()
+                {
+                    DependencyName = "Some.*",
+                    UpdateTypes = [ConditionUpdateType.SemVerMajor],
+                }
+            },
+            // dependencyName
+            "Some.Dependency",
+            // expectedIgnored
+            false,
+        ];
+        // explicitly null update types
         yield return
         [
             // ignoreConditions
@@ -103,17 +118,56 @@ public class MiscellaneousTests
                 new Condition()
                 {
                     DependencyName = "Some.*",
+                    UpdateTypes = null,
                 }
             },
             // dependencyName
             "Some.Dependency",
-            // dependencyVersion
-            "1.2.3",
             // expectedIgnored
             true,
         ];
     }
+    [Fact]
+    public void DeserializeDependencyGroup()
+    {
+        var json = """
+            {
+              "name": "test-group",
+              "rules": {
+                "patterns": ["Test.*"],
+                "exclude-patterns": ["Dependency.*"]
+              }
+            }
+            """;
+        var group = JsonSerializer.Deserialize<DependencyGroup>(json, RunWorker.SerializerOptions);
+        Assert.NotNull(group);
+        Assert.Equal("test-group", group.Name);
+        var matcher = group.GetGroupMatcher();
+        Assert.Equal(["Test.*"], matcher.Patterns);
+        Assert.Equal(["Dependency.*"], matcher.ExcludePatterns);
+    }
+    [Fact]
+    public void DeserializeDependencyGroup_UnexpectedShape()
+    {
+        var json = """
+            {
+              "name": "test-group",
+              "rules": {
+                "patterns": { "unexpected": 1 },
+                "exclude-patterns": { "unexpected": 2 }
+              }
+            }
+            """;
+        var group = JsonSerializer.Deserialize<DependencyGroup>(json, RunWorker.SerializerOptions);
+        Assert.NotNull(group);
+        Assert.Equal("test-group", group.Name);
+        var matcher = group.GetGroupMatcher();
+        Assert.Equal([], matcher.Patterns);
+        Assert.Equal([], matcher.ExcludePatterns);
+    }
     [Theory]
     [MemberData(nameof(DependencyGroup_IsMatchTestData))]
     public void DependencyGroup_IsMatch(string[]? patterns, string[]? excludePatterns, string dependencyName, bool expectedMatch)
@@ -625,6 +679,7 @@ public class MiscellaneousTests
     public static IEnumerable<object[]> DependencyInfoFromJobData()
     {
+        // with security advisory
         yield return
         [
             // job
@@ -667,7 +722,45 @@ public class MiscellaneousTests
                         VulnerableVersions = [Requirement.Parse(">= 1.0.0, < 1.1.0")],
                         SafeVersions = [Requirement.Parse("= 1.1.0"), Requirement.Parse("= 1.2.0")],
                     }
-                ]
+                ],
+                IgnoredUpdateTypes = [],
+            }
+        ];
+        yield return
+        [
+            // job
+            new Job()
+            {
+                Source = new()
+                {
+                    Provider = "github",
+                    Repo = "some/repo",
+                },
+                IgnoreConditions = [
+                    new Condition()
+                    {
+                        DependencyName = "Some.*",
+                        UpdateTypes = [ConditionUpdateType.SemVerMajor],
+                    },
+                    new Condition()
+                    {
+                        DependencyName = "Unrelated.*",
+                        UpdateTypes = [ConditionUpdateType.SemVerMinor],
+                    },
+                ],
+            },
+            // dependency
+            new Dependency("Some.Dependency", "1.0.0", DependencyType.PackageReference),
+            // expectedDependencyInfo
+            new DependencyInfo()
+            {
+                Name = "Some.Dependency",
+                Version = "1.0.0",
+                IsVulnerable = false,
+                IgnoredVersions = [],
+                Vulnerabilities = [],
+                IgnoredUpdateTypes = [ConditionUpdateType.SemVerMajor],
             }
         ];
     }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/PullRequestTextTests.cs CHANGED Viewed

@@ -402,6 +402,45 @@ public class PullRequestTextTests
             - Updated Package.B from 4.0.0 to 4.5.6 in a.txt
             """
         ];
+        // multiple updates to the same dependency
+        yield return
+        [
+            // job
+            FromCommitOptions(null),
+            // updateOperationsPerformed
+            new UpdateOperationBase[]
+            {
+                new DirectUpdate()
+                {
+                    DependencyName = "Some.Package",
+                    OldVersion = NuGetVersion.Parse("1.0.0"),
+                    NewVersion = NuGetVersion.Parse("1.2.3"),
+                    UpdatedFiles = ["a.txt"]
+                },
+                new DirectUpdate()
+                {
+                    DependencyName = "Some.Package",
+                    OldVersion = NuGetVersion.Parse("1.0.0"),
+                    NewVersion = NuGetVersion.Parse("1.2.3"),
+                    UpdatedFiles = ["b.txt"]
+                }
+            },
+            // dependencyGroupName
+            null,
+            // expectedTitle
+            "Bump Some.Package to 1.2.3",
+            // expectedCommitMessage
+            """
+            Bump Some.Package to 1.2.3
+            """,
+            // expectedBody
+            """
+            Performed the following updates:
+            - Updated Some.Package from 1.0.0 to 1.2.3 in a.txt
+            - Updated Some.Package from 1.0.0 to 1.2.3 in b.txt
+            """
+        ];
     }
     private static Job FromCommitOptions(CommitOptions? commitOptions)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/SerializationTests.cs CHANGED Viewed

@@ -316,13 +316,13 @@ public class SerializationTests : TestBase
         Assert.Equal("Package.1", jobWrapper.Job.IgnoreConditions[0].DependencyName);
         Assert.Equal("some-file", jobWrapper.Job.IgnoreConditions[0].Source);
-        Assert.Equal("version-update:semver-major", jobWrapper.Job.IgnoreConditions[0].UpdateTypes.Single());
+        Assert.Equal(ConditionUpdateType.SemVerMajor, jobWrapper.Job.IgnoreConditions[0].UpdateTypes!.Single());
         Assert.Null(jobWrapper.Job.IgnoreConditions[0].UpdatedAt);
         Assert.Equal("> 1.2.3", jobWrapper.Job.IgnoreConditions[0].VersionRequirement?.ToString());
         Assert.Equal("Package.2", jobWrapper.Job.IgnoreConditions[1].DependencyName);
         Assert.Null(jobWrapper.Job.IgnoreConditions[1].Source);
-        Assert.Empty(jobWrapper.Job.IgnoreConditions[1].UpdateTypes);
+        Assert.Null(jobWrapper.Job.IgnoreConditions[1].UpdateTypes);
         Assert.Equal(new DateTime(2024, 12, 5, 15, 47, 12), jobWrapper.Job.IgnoreConditions[1].UpdatedAt);
         Assert.Null(jobWrapper.Job.IgnoreConditions[1].VersionRequirement);
     }