dependabot-nuget 0.317.0 → 0.318.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4f345f9ee257e7f76d38a1895964aaf6f6356182d190037a19df23107f62c18b
-  data.tar.gz: 47c6ec4d4a5157c2a644856532129923aa9a65d6710d01a40bf18c59f8483971
+  metadata.gz: 59a38e30a99a2cfa01adea0a410d889454db7c97be7403dc961f3a657cef9057
+  data.tar.gz: 9cd7cf460715c6bcd81b7a879eb9e18410e6bb7a5e3312f6c97e491530377d77
 SHA512:
-  metadata.gz: 453d1742deef75f810dab148d9d9344a79f39ce893d1dfec90020d7bec36b6018b1acddf0d02c5e109e9957a94f7e3b1d09a4808b2f35e3e9b1e20f5b8bc1e15
-  data.tar.gz: 25bf0a85529e9fa9af427d5fa860b4208c7df6cd763d4059ce66fe8c1f6ee04596322f75cf20d5c4cfb6132d0157edb92f63a956191fa67f0c95d43f99444a29
+  metadata.gz: 973628f0b72b612b75538f4428d1a71dd98517aed42f9725353455cfbb80bc9da8b5c92688a83197e3651f01084dcd97859f2bf2921dfdafdf8d26ae3f32280c
+  data.tar.gz: 9a5fc49a9cb8a586cde53c7f472be221712aa11a61349be64feddb42ab174257d7cdffab7954f3f0ccfc78d07a380c75c4f9001902ffbdbbb9a4a6790e0d8c8a

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/DependencyInfo.cs

@@ -1,5 +1,7 @@
 using System.Collections.Immutable;
 
+using NuGetUpdater.Core.Run.ApiModel;
+
 namespace NuGetUpdater.Core.Analyze;
 
 public sealed record DependencyInfo
@@ -9,4 +11,5 @@ public sealed record DependencyInfo
     public required bool IsVulnerable { get; init; }
     public ImmutableArray<Requirement> IgnoredVersions { get; init; }
     public ImmutableArray<SecurityVulnerability> Vulnerabilities { get; init; }
+    public ImmutableArray<ConditionUpdateType> IgnoredUpdateTypes { get; init; } = [];
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/VersionFinder.cs

@@ -10,6 +10,8 @@ using NuGet.Protocol;
 using NuGet.Protocol.Core.Types;
 using NuGet.Versioning;
 
+using NuGetUpdater.Core.Run.ApiModel;
+
 namespace NuGetUpdater.Core.Analyze;
 
 internal static class VersionFinder
@@ -155,12 +157,39 @@ internal static class VersionFinder
             var isIgnoredVersion = dependencyInfo.IgnoredVersions.Any(i => i.IsSatisfiedBy(version));
             var isVulnerableVersion = dependencyInfo.Vulnerabilities.Any(v => v.IsVulnerable(version));
             var isSafeVersion = !safeVersions.Any() || safeVersions.Any(s => s.IsSatisfiedBy(version));
+
+            var isIgnoredByType = false;
+            if (currentVersion is not null)
+            {
+                var isMajorBump = version.Major > currentVersion.Major;
+                var isMinorBump = version.Major == currentVersion.Major && version.Minor > currentVersion.Minor;
+                var isPatchBump = version.Major == currentVersion.Major && version.Minor == currentVersion.Minor && version.Patch > currentVersion.Patch;
+                foreach (var ignoreType in dependencyInfo.IgnoredUpdateTypes)
+                {
+                    switch (ignoreType)
+                    {
+                        case ConditionUpdateType.SemVerPatch:
+                            isIgnoredByType = isIgnoredByType || isPatchBump || isMinorBump || isMajorBump;
+                            break;
+                        case ConditionUpdateType.SemVerMinor:
+                            isIgnoredByType = isIgnoredByType || isMinorBump || isMajorBump;
+                            break;
+                        case ConditionUpdateType.SemVerMajor:
+                            isIgnoredByType = isIgnoredByType || isMajorBump;
+                            break;
+                        default:
+                            break;
+                    }
+                }
+            }
+
             return versionGreaterThanCurrent
                 && rangeSatisfies
                 && prereleaseTypeMatches
                 && !isIgnoredVersion
                 && !isVulnerableVersion
-                && isSafeVersion;
+                && isSafeVersion
+                && !isIgnoredByType;
         };
     }
 

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/FrameworkChecker/FrameworkCompatibilityService.cs

@@ -24,7 +24,7 @@ public class FrameworkCompatibilityService
 
         foreach (var packageFramework in packageFrameworks)
         {
-            if (packageFrameworks == null || packageFramework.IsUnsupported || packageFramework.IsPCL)
+            if (packageFrameworks == null || packageFramework.IsUnsupported)
             {
                 continue;
             }
@@ -79,6 +79,30 @@ public class FrameworkCompatibilityService
             }
         }
 
+        // portable profiles
+        var portableMappings = new DefaultPortableFrameworkMappings();
+        var portableFrameworks = portableMappings.ProfileFrameworks.ToDictionary(p => p.Key, p => p.Value);
+        foreach (var (profileNumber, frameworkRange) in portableMappings.CompatibilityMappings)
+        {
+            var profileFramework = new NuGetFramework(FrameworkConstants.FrameworkIdentifiers.Portable, new Version(0, 0, 0, 0), $"Profile{profileNumber}");
+            var compatibleFrameworks = new HashSet<NuGetFramework>();
+            matrix.Add(profileFramework, compatibleFrameworks);
+
+            foreach (var packageFramework in AllSupportedFrameworks)
+            {
+                if (frameworkRange.Satisfies(packageFramework))
+                {
+                    foreach (var projectFramework in AllSupportedFrameworks)
+                    {
+                        if (CompatibilityProvider.IsCompatible(projectFramework, packageFramework))
+                        {
+                            compatibleFrameworks.Add(projectFramework);
+                        }
+                    }
+                }
+            }
+        }
+
         return matrix;
     }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/Condition.cs

@@ -11,9 +11,21 @@ public sealed record Condition
     [JsonPropertyName("source")]
     public string? Source { get; init; } = null;
     [JsonPropertyName("update-types")]
-    public string[] UpdateTypes { get; init; } = [];
+    public ConditionUpdateType[]? UpdateTypes { get; init; } = null;
     [JsonPropertyName("updated-at")]
     public DateTime? UpdatedAt { get; init; } = null;
     [JsonPropertyName("version-requirement")]
     public Requirement? VersionRequirement { get; init; } = null;
 }
+
+public enum ConditionUpdateType
+{
+    [JsonStringEnumMemberName("version-update:semver-major")]
+    SemVerMajor,
+
+    [JsonStringEnumMemberName("version-update:semver-minor")]
+    SemVerMinor,
+
+    [JsonStringEnumMemberName("version-update:semver-patch")]
+    SemVerPatch,
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/DependencyGroup.cs

@@ -1,5 +1,6 @@
 using System.Collections.Immutable;
 using System.IO.Enumeration;
+using System.Text.Json;
 
 namespace NuGetUpdater.Core.Run.ApiModel;
 
@@ -32,33 +33,43 @@ public class GroupMatcher
 
     public static GroupMatcher FromRules(Dictionary<string, object> rules)
     {
-        string[] patterns;
-        if (rules.TryGetValue("patterns", out var patternsObject) &&
-            patternsObject is string[] patternsArray)
+        var patterns = GetStringArray(rules, "patterns", ["*"]); // default to matching everything unless explicitly excluded
+        var excludePatterns = GetStringArray(rules, "exclude-patterns", []);
+
+        return new GroupMatcher()
         {
-            patterns = patternsArray;
-        }
-        else
+            Patterns = patterns,
+            ExcludePatterns = excludePatterns,
+        };
+    }
+
+    private static ImmutableArray<string> GetStringArray(Dictionary<string, object> rules, string propertyName, ImmutableArray<string> defaultValue)
+    {
+        if (!rules.TryGetValue(propertyName, out var propertyObject))
         {
-            patterns = ["*"]; // default to matching everything unless excluded below
+            return defaultValue;
         }
 
-        string[] excludePatterns;
-        if (rules.TryGetValue("exclude-patterns", out var excludePatternsObject) &&
-            excludePatternsObject is string[] excludePatternsArray)
+        if (propertyObject is string[] stringArray)
         {
-            excludePatterns = excludePatternsArray;
+            // shortcut for unit tests which directly supply the array
+            return [.. stringArray];
         }
-        else
+
+        var patternsElements = new List<string>();
+        if (propertyObject is JsonElement element &&
+            element.ValueKind == JsonValueKind.Array)
         {
-            excludePatterns = [];
+            foreach (var arrayElement in element.EnumerateArray())
+            {
+                if (arrayElement.ValueKind == JsonValueKind.String)
+                {
+                    patternsElements.Add(arrayElement.GetString()!);
+                }
+            }
         }
 
-        return new GroupMatcher()
-        {
-            Patterns = [.. patterns],
-            ExcludePatterns = [.. excludePatterns],
-        };
+        return [.. patternsElements];
     }
 }
 

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/Job.cs

@@ -100,15 +100,14 @@ public sealed record Job
         return existingPullRequest;
     }
 
-    public bool IsDependencyIgnored(string dependencyName, string dependencyVersion)
+    public bool IsDependencyIgnoredByNameOnly(string dependencyName)
     {
-        var versionsToIgnore = IgnoreConditions
-            .Where(c => FileSystemName.MatchesSimpleExpression(c.DependencyName, dependencyName))
-            .Select(c => c.VersionRequirement ?? Requirement.Parse(">= 0.0.0")) // no range means ignore everything
+        var packageNamesToIgnore = IgnoreConditions
+            .Where(c => (c.UpdateTypes ?? []).Length == 0 && c.VersionRequirement is null) // ignoring by name means there can't be any qualification
+            .Select(c => c.DependencyName)
             .ToArray();
-        var parsedDependencyVersion = NuGetVersion.Parse(dependencyVersion);
-        var isIgnored = versionsToIgnore
-            .Any(r => r.IsSatisfiedBy(parsedDependencyVersion));
+        var isIgnored = packageNamesToIgnore
+            .Any(p => FileSystemName.MatchesSimpleExpression(p, dependencyName));
         return isIgnored;
     }
 

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/RunWorker.cs

@@ -1,5 +1,6 @@
 using System.Collections.Immutable;
 using System.IO;
+using System.IO.Enumeration;
 using System.Text;
 using System.Text.Json;
 using System.Text.Json.Serialization;
@@ -677,7 +678,12 @@ public class RunWorker
         var dependencyVersion = NuGetVersion.Parse(dependency.Version!);
         var securityAdvisories = job.SecurityAdvisories.Where(s => s.DependencyName.Equals(dependency.Name, StringComparison.OrdinalIgnoreCase)).ToArray();
         var isVulnerable = securityAdvisories.Any(s => (s.AffectedVersions ?? []).Any(v => v.IsSatisfiedBy(dependencyVersion)));
-        var ignoredVersions = GetIgnoredRequirementsForDependency(job, dependency.Name);
+        var ignoredVersions = job.IgnoreConditions
+            .Where(c => FileSystemName.MatchesSimpleExpression(c.DependencyName, dependency.Name))
+            .Select(c => c.VersionRequirement)
+            .Where(r => r is not null)
+            .Cast<Requirement>()
+            .ToImmutableArray();
         var vulnerabilities = securityAdvisories.Select(s => new SecurityVulnerability()
         {
             DependencyName = dependency.Name,
@@ -685,6 +691,11 @@ public class RunWorker
             VulnerableVersions = s.AffectedVersions ?? [],
             SafeVersions = s.SafeVersions.ToImmutableArray(),
         }).ToImmutableArray();
+        var ignoredUpdateTypes = job.IgnoreConditions
+            .Where(c => FileSystemName.MatchesSimpleExpression(c.DependencyName, dependency.Name))
+            .SelectMany(c => c.UpdateTypes ?? [])
+            .Distinct()
+            .ToImmutableArray();
         var dependencyInfo = new DependencyInfo()
         {
             Name = dependency.Name,
@@ -692,6 +703,7 @@ public class RunWorker
             IsVulnerable = isVulnerable,
             IgnoredVersions = ignoredVersions,
             Vulnerabilities = vulnerabilities,
+            IgnoredUpdateTypes = ignoredUpdateTypes,
         };
         return dependencyInfo;
     }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/CreateSecurityUpdatePullRequestHandler.cs

@@ -65,13 +65,29 @@ internal class CreateSecurityUpdatePullRequestHandler : IUpdateHandler
             foreach (var dependencyGroupToUpdate in groupedUpdateOperationsToPerform)
             {
                 var dependencyName = dependencyGroupToUpdate.Key;
-                var vulnerableDependenciesToUpdate = dependencyGroupToUpdate.Value
+                var vulnerableCandidateDependenciesToUpdate = dependencyGroupToUpdate.Value
                     .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency)))
                     .Where(set => set.Item3.IsVulnerable)
                     .ToArray();
+                var vulnerableDependenciesToUpdate = vulnerableCandidateDependenciesToUpdate
+                    .Where(o => !job.IsDependencyIgnoredByNameOnly(o.Dependency.Name))
+                    .ToArray();
                 if (vulnerableDependenciesToUpdate.Length == 0)
                 {
-                    await apiHandler.RecordUpdateJobError(new SecurityUpdateNotNeeded(dependencyName));
+                    // no update possible, check backwards to see if it's because of ignore conditions
+                    var ignoredUpdates = vulnerableCandidateDependenciesToUpdate
+                        .Where(set => set.Dependency.Name.Equals(dependencyName, StringComparison.OrdinalIgnoreCase))
+                        .ToArray();
+                    if (ignoredUpdates.Length > 0)
+                    {
+                        logger.Error($"Cannot update {dependencyName} because all versions are ignored.");
+                        await apiHandler.RecordUpdateJobError(new SecurityUpdateIgnored(dependencyName));
+                    }
+                    else
+                    {
+                        await apiHandler.RecordUpdateJobError(new SecurityUpdateNotNeeded(dependencyName));
+                    }
+
                     continue;
                 }
 
@@ -92,14 +108,6 @@ internal class CreateSecurityUpdatePullRequestHandler : IUpdateHandler
                         continue;
                     }
 
-                    if (dependencyInfo.IgnoredVersions.Any(ignored => ignored.IsSatisfiedBy(NuGetVersion.Parse(analysisResult.UpdatedVersion))) ||
-                        job.IsDependencyIgnored(dependency.Name, dependency.Version!))
-                    {
-                        logger.Error($"Cannot update {dependency.Name} for {projectPath} because all versions are ignored.");
-                        await apiHandler.RecordUpdateJobError(new SecurityUpdateIgnored(dependencyName));
-                        continue;
-                    }
-
                     logger.Info($"Attempting update of {dependency.Name} from {dependency.Version} to {analysisResult.UpdatedVersion} for {projectPath}.");
                     var projectDiscovery = discoveryResult.GetProjectDiscoveryFromPath(projectPath);
                     var updaterResult = await updaterWorker.RunAsync(repoContentsPath.FullName, projectPath, dependency.Name, dependency.Version!, analysisResult.UpdatedVersion, dependency.IsTransitive);

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/GroupUpdateAllVersionsHandler.cs

@@ -98,9 +98,9 @@ internal class GroupUpdateAllVersionsHandler : IUpdateHandler
                         continue;
                     }
 
-                    if (job.IsDependencyIgnored(dependency.Name, dependency.Version!))
+                    if (job.IsDependencyIgnoredByNameOnly(dependency.Name))
                     {
-                        logger.Info($"Skipping ignored dependency {dependency.Name}/{dependency.Version}.");
+                        logger.Info($"Skipping ignored dependency {dependency.Name}.");
                         continue;
                     }
 
@@ -119,12 +119,6 @@ internal class GroupUpdateAllVersionsHandler : IUpdateHandler
                         continue;
                     }
 
-                    if (dependencyInfo.IgnoredVersions.Any(ignored => ignored.IsSatisfiedBy(NuGetVersion.Parse(analysisResult.UpdatedVersion))))
-                    {
-                        logger.Info($"Cannot update {dependency.Name} for {projectPath} because all versions are ignored.");
-                        continue;
-                    }
-
                     var projectDiscovery = discoveryResult.GetProjectDiscoveryFromPath(projectPath);
                     var updaterResult = await updaterWorker.RunAsync(repoContentsPath.FullName, projectPath, dependency.Name, dependency.Version!, analysisResult.UpdatedVersion, dependency.IsTransitive);
                     if (updaterResult.Error is not null)
@@ -203,9 +197,9 @@ internal class GroupUpdateAllVersionsHandler : IUpdateHandler
                     continue;
                 }
 
-                if (job.IsDependencyIgnored(dependency.Name, dependency.Version!))
+                if (job.IsDependencyIgnoredByNameOnly(dependency.Name))
                 {
-                    logger.Info($"Skipping ignored dependency {dependency.Name}/{dependency.Version}.");
+                    logger.Info($"Skipping ignored dependency {dependency.Name}.");
                     continue;
                 }
 
@@ -224,12 +218,6 @@ internal class GroupUpdateAllVersionsHandler : IUpdateHandler
                     continue;
                 }
 
-                if (dependencyInfo.IgnoredVersions.Any(ignored => ignored.IsSatisfiedBy(NuGetVersion.Parse(analysisResult.UpdatedVersion))))
-                {
-                    logger.Info($"Cannot update {dependency.Name} for {projectPath} because all versions are ignored.");
-                    continue;
-                }
-
                 var projectDiscovery = discoveryResult.GetProjectDiscoveryFromPath(projectPath);
                 var updaterResult = await updaterWorker.RunAsync(repoContentsPath.FullName, projectPath, dependency.Name, dependency.Version!, analysisResult.UpdatedVersion, dependency.IsTransitive);
                 if (updaterResult.Error is not null)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/RefreshGroupUpdatePullRequestHandler.cs

@@ -91,8 +91,8 @@ internal class RefreshGroupUpdatePullRequestHandler : IUpdateHandler
             {
                 var dependencyName = dependencyGroupToUpdate.Key;
                 var relevantDependenciesToUpdate = dependencyGroupToUpdate.Value
+                    .Where(o => !job.IsDependencyIgnoredByNameOnly(o.Dependency.Name))
                     .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency)))
-                    .Where(set => !job.IsDependencyIgnored(set.Dependency.Name, set.Dependency.Version!))
                     .ToArray();
 
                 foreach (var (projectPath, dependency, dependencyInfo) in relevantDependenciesToUpdate)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/RefreshSecurityUpdatePullRequestHandler.cs

@@ -80,8 +80,8 @@ internal class RefreshSecurityUpdatePullRequestHandler : IUpdateHandler
             {
                 var dependencyName = dependencyGroupToUpdate.Key;
                 var vulnerableDependenciesToUpdate = dependencyGroupToUpdate.Value
+                    .Where(o => !job.IsDependencyIgnoredByNameOnly(o.Dependency.Name))
                     .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency)))
-                    .Where(set => !job.IsDependencyIgnored(set.Dependency.Name, set.Dependency.Version!))
                     .Where(set => set.Item3.IsVulnerable)
                     .ToArray();
 

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/RefreshVersionUpdatePullRequestHandler.cs

@@ -79,8 +79,8 @@ internal class RefreshVersionUpdatePullRequestHandler : IUpdateHandler
             {
                 var dependencyName = dependencyUpdatesToPeform.Key;
                 var dependencyInfosToUpdate = dependencyUpdatesToPeform.Value
+                    .Where(o => !job.IsDependencyIgnoredByNameOnly(o.Dependency.Name))
                     .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency)))
-                    .Where(set => !job.IsDependencyIgnored(set.Dependency.Name, set.Dependency.Version!))
                     .ToArray();
 
                 foreach (var (projectPath, dependency, dependencyInfo) in dependencyInfosToUpdate)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/PackageReferenceUpdater.cs

@@ -201,6 +201,7 @@ internal static class PackageReferenceUpdater
     )
     {
         var topLevelNames = topLevelDependencies.Select(d => d.Name).ToHashSet(StringComparer.OrdinalIgnoreCase);
+        var topLevelVersionStrings = topLevelDependencies.ToDictionary(d => d.Name, d => d.Version!, StringComparer.OrdinalIgnoreCase);
         var requestedVersions = requestedUpdates.ToDictionary(d => d.Name, d => NuGetVersion.Parse(d.Version!), StringComparer.OrdinalIgnoreCase);
         var resolvedVersions = resolvedDependencies
             .Select(d => (d.Name, NuGetVersion.TryParse(d.Version, out var version), version))
@@ -248,16 +249,22 @@ internal static class PackageReferenceUpdater
                         }
                     }
 
-                    if (rootPackageName is not null)
+                    if (rootPackageName is not null && resolvedVersions.TryGetValue(rootPackageName, out var rootPackageVersion))
                     {
-                        updateOperations.Add(new ParentUpdate()
+                        // from a few lines up we've already confirmed that `rootPackageName` was a top-level dependency
+                        var rootPackageVersionString = topLevelVersionStrings[rootPackageName];
+                        if (NuGetVersion.TryParse(rootPackageVersionString, out var resolvedRootPackageVersion)
+                            && rootPackageVersion > resolvedRootPackageVersion)
                         {
-                            DependencyName = requestedDependencyName,
-                            NewVersion = requestedVersions[requestedDependencyName],
-                            UpdatedFiles = [],
-                            ParentDependencyName = rootPackageName,
-                            ParentNewVersion = packageVersions[rootPackageName],
-                        });
+                            updateOperations.Add(new ParentUpdate()
+                            {
+                                DependencyName = requestedDependencyName,
+                                NewVersion = requestedVersions[requestedDependencyName],
+                                UpdatedFiles = [],
+                                ParentDependencyName = rootPackageName,
+                                ParentNewVersion = packageVersions[rootPackageName],
+                            });
+                        }
                     }
                     break;
                 case (true, false):

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs

@@ -478,7 +478,7 @@ internal static partial class MSBuildHelper
             // Return as array
             var candidatePackagesArray = candidatePackages.ToImmutableArray();
 
-            var targetFrameworks = new NuGetFramework[] { NuGetFramework.Parse(targetFramework) };
+            var targetFrameworks = ImmutableArray.Create<NuGetFramework>(NuGetFramework.Parse(targetFramework));
 
             var resolveProjectPath = projectPath;
 
@@ -492,15 +492,23 @@ internal static partial class MSBuildHelper
             // Target framework compatibility check
             foreach (var package in candidatePackages)
             {
-                if (!NuGetVersion.TryParse(package.Version, out var nuGetVersion))
+                if (package.Version is null ||
+                    !VersionRange.TryParse(package.Version, out var nuGetVersionRange))
                 {
                     // If version is not valid, return original packages and revert
                     return packages;
                 }
 
+                if (nuGetVersionRange.IsFloating)
+                {
+                    // If a wildcard version, the original project specified it this way and we can count on restore to do the appropriate thing
+                    continue;
+                }
+
+                var nuGetVersion = nuGetVersionRange.MinVersion; // not a wildcard, so `MinVersion` is just the version itself
                 var packageIdentity = new NuGet.Packaging.Core.PackageIdentity(package.Name, nuGetVersion);
 
-                bool isNewPackageCompatible = await CompatibilityChecker.CheckAsync(packageIdentity, targetFrameworks.ToImmutableArray(), nugetContext, logger, CancellationToken.None);
+                bool isNewPackageCompatible = await CompatibilityChecker.CheckAsync(packageIdentity, targetFrameworks, nugetContext, logger, CancellationToken.None);
                 if (!isNewPackageCompatible)
                 {
                     // If the package target framework is not compatible, return original packages and revert

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Analyze/VersionFinderTests.cs

@@ -296,4 +296,43 @@ public class VersionFinderTests : TestBase
         var actualJson = JsonSerializer.Serialize(error, RunWorker.SerializerOptions);
         Assert.Equal(expectedJson, actualJson);
     }
+
+    [Theory]
+    [InlineData(null, "1.0.1", "1.1.0", "2.0.0")]
+    [InlineData(ConditionUpdateType.SemVerMajor, "1.0.1", "1.1.0")]
+    [InlineData(ConditionUpdateType.SemVerMinor, "1.0.1")]
+    [InlineData(ConditionUpdateType.SemVerPatch)]
+    public async Task VersionFinder_IgnoredUpdateTypesIsHonored(ConditionUpdateType? ignoredUpdateType, params string[] expectedVersions)
+    {
+        // arrange
+        using var tempDir = new TemporaryDirectory();
+        await UpdateWorkerTestBase.MockNuGetPackagesInDirectory([
+            MockNuGetPackage.CreateSimplePackage("Some.Dependency", "1.0.1", "net9.0"),
+            MockNuGetPackage.CreateSimplePackage("Some.Dependency", "1.1.0", "net9.0"),
+            MockNuGetPackage.CreateSimplePackage("Some.Dependency", "2.0.0", "net9.0"),
+        ], tempDir.DirectoryPath);
+        var tfm = NuGetFramework.Parse("net9.0");
+        var ignoredUpdateTypes = ignoredUpdateType is not null
+            ? new ConditionUpdateType[] { ignoredUpdateType.Value }
+            : [];
+        var dependencyInfo = new DependencyInfo()
+        {
+            Name = "Some.Dependency",
+            Version = "1.0.0",
+            IsVulnerable = false,
+            IgnoredVersions = [],
+            Vulnerabilities = [],
+            IgnoredUpdateTypes = [.. ignoredUpdateTypes],
+        };
+        var logger = new TestLogger();
+        var nugetContext = new NuGetContext(tempDir.DirectoryPath);
+
+        // act
+        var versionResult = await VersionFinder.GetVersionsAsync([tfm], dependencyInfo, nugetContext, logger, CancellationToken.None);
+        var versions = versionResult.GetVersions();
+
+        // assert
+        var actualVersions = versions.Select(v => v.ToString()).OrderBy(v => v).ToArray();
+        AssertEx.Equal(expectedVersions, actualVersions);
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/FrameworkChecker/FrameworkCompatibilityServiceFacts.cs

@@ -1,10 +1,6 @@
 // Copyright (c) .NET Foundation. All rights reserved.
 // Licensed under the Apache License, Version 2.0. See License.txt in the project root for license information.
 
-using System;
-using System.Collections.Generic;
-using System.Linq;
-
 using NuGet.Frameworks;
 
 using NuGetUpdater.Core.FrameworkChecker;
@@ -64,17 +60,18 @@ public class FrameworkCompatibilityServiceFacts
     }
 
     [Theory]
-    [InlineData("portable-net45+sl4+win8+wp7")]
-    [InlineData("portable-net40+sl4")]
-    [InlineData("portable-net45+sl5+win8+wpa81+wp8")]
-    public void PCLPackageFrameworksReturnsEmptySet(string pclFrameworkName)
+    [InlineData("portable-net45+win8+wpa81", "net48", true)] // profile 111, compatible
+    [InlineData("portable-net45+win8+wpa81", "net40", false)] // profile 111, incompatible
+    [InlineData("portable-net45+win8+wp8+wpa81", "net48", true)] // profile 259, compatible
+    public void PCLPackageFrameworksReportCompatibility(string pclFrameworkName, string projectFrameworkName, bool expectedCompatible)
     {
         var portableFramework = NuGetFramework.Parse(pclFrameworkName);
+        var projectFramework = NuGetFramework.Parse(projectFrameworkName);
 
-        var result = _service.GetCompatibleFrameworks([portableFramework]);
+        var compatible = _service.GetCompatibleFrameworks([portableFramework]);
 
-        Assert.True(portableFramework.IsPCL);
-        Assert.Empty(result);
+        var actualCompatible = compatible.Contains(projectFramework);
+        Assert.Equal(expectedCompatible, actualCompatible);
     }
 
     [Theory]

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/MiscellaneousTests.cs

@@ -16,8 +16,8 @@ namespace NuGetUpdater.Core.Test.Run;
 public class MiscellaneousTests
 {
     [Theory]
-    [MemberData(nameof(IsDependencyIgnoredTestData))]
-    public void IsDependencyIgnored(Condition[] ignoreConditions, string dependencyName, string dependencyVersion, bool expectedIgnored)
+    [MemberData(nameof(IsDependencyIgnoredByNameOnlyTestData))]
+    public void IsDependencyIgnoredByNameOnly(Condition[] ignoreConditions, string dependencyName, bool expectedIgnored)
     {
         // arrange
         var job = new Job()
@@ -31,14 +31,15 @@ public class MiscellaneousTests
         };
 
         // act
-        var actualIsIgnored = job.IsDependencyIgnored(dependencyName, dependencyVersion);
+        var actualIsIgnored = job.IsDependencyIgnoredByNameOnly(dependencyName);
 
         // assert
         Assert.Equal(expectedIgnored, actualIsIgnored);
     }
 
-    public static IEnumerable<object[]> IsDependencyIgnoredTestData()
+    public static IEnumerable<object[]> IsDependencyIgnoredByNameOnlyTestData()
     {
+        // non-matching name
         yield return
         [
             // ignoreConditions
@@ -51,12 +52,11 @@ public class MiscellaneousTests
             },
             // dependencyName
             "Some.Dependency",
-            // dependencyVersion
-            "1.2.3",
             // expectedIgnored
             false,
         ];
 
+        // matching name, but has version requirement
         yield return
         [
             // ignoreConditions
@@ -70,12 +70,11 @@ public class MiscellaneousTests
             },
             // dependencyName
             "Some.Dependency",
-            // dependencyVersion
-            "1.2.3",
             // expectedIgnored
             false,
         ];
 
+        // wildcard matching name
         yield return
         [
             // ignoreConditions
@@ -83,18 +82,34 @@ public class MiscellaneousTests
             {
                 new Condition()
                 {
-                    DependencyName = "Some.Dependency",
-                    VersionRequirement = Requirement.Parse("> 1.0.0"),
+                    DependencyName = "Some.*",
                 }
             },
             // dependencyName
             "Some.Dependency",
-            // dependencyVersion
-            "1.2.3",
             // expectedIgnored
             true,
         ];
 
+        // matching name, but has update type restrictions
+        yield return
+        [
+            // ignoreConditions
+            new[]
+            {
+                new Condition()
+                {
+                    DependencyName = "Some.*",
+                    UpdateTypes = [ConditionUpdateType.SemVerMajor],
+                }
+            },
+            // dependencyName
+            "Some.Dependency",
+            // expectedIgnored
+            false,
+        ];
+
+        // explicitly null update types
         yield return
         [
             // ignoreConditions
@@ -103,17 +118,56 @@ public class MiscellaneousTests
                 new Condition()
                 {
                     DependencyName = "Some.*",
+                    UpdateTypes = null,
                 }
             },
             // dependencyName
             "Some.Dependency",
-            // dependencyVersion
-            "1.2.3",
             // expectedIgnored
             true,
         ];
     }
 
+    [Fact]
+    public void DeserializeDependencyGroup()
+    {
+        var json = """
+            {
+              "name": "test-group",
+              "rules": {
+                "patterns": ["Test.*"],
+                "exclude-patterns": ["Dependency.*"]
+              }
+            }
+            """;
+        var group = JsonSerializer.Deserialize<DependencyGroup>(json, RunWorker.SerializerOptions);
+        Assert.NotNull(group);
+        Assert.Equal("test-group", group.Name);
+        var matcher = group.GetGroupMatcher();
+        Assert.Equal(["Test.*"], matcher.Patterns);
+        Assert.Equal(["Dependency.*"], matcher.ExcludePatterns);
+    }
+
+    [Fact]
+    public void DeserializeDependencyGroup_UnexpectedShape()
+    {
+        var json = """
+            {
+              "name": "test-group",
+              "rules": {
+                "patterns": { "unexpected": 1 },
+                "exclude-patterns": { "unexpected": 2 }
+              }
+            }
+            """;
+        var group = JsonSerializer.Deserialize<DependencyGroup>(json, RunWorker.SerializerOptions);
+        Assert.NotNull(group);
+        Assert.Equal("test-group", group.Name);
+        var matcher = group.GetGroupMatcher();
+        Assert.Equal([], matcher.Patterns);
+        Assert.Equal([], matcher.ExcludePatterns);
+    }
+
     [Theory]
     [MemberData(nameof(DependencyGroup_IsMatchTestData))]
     public void DependencyGroup_IsMatch(string[]? patterns, string[]? excludePatterns, string dependencyName, bool expectedMatch)
@@ -625,6 +679,7 @@ public class MiscellaneousTests
 
     public static IEnumerable<object[]> DependencyInfoFromJobData()
     {
+        // with security advisory
         yield return
         [
             // job
@@ -667,7 +722,45 @@ public class MiscellaneousTests
                         VulnerableVersions = [Requirement.Parse(">= 1.0.0, < 1.1.0")],
                         SafeVersions = [Requirement.Parse("= 1.1.0"), Requirement.Parse("= 1.2.0")],
                     }
-                ]
+                ],
+                IgnoredUpdateTypes = [],
+            }
+        ];
+
+        yield return
+        [
+            // job
+            new Job()
+            {
+                Source = new()
+                {
+                    Provider = "github",
+                    Repo = "some/repo",
+                },
+                IgnoreConditions = [
+                    new Condition()
+                    {
+                        DependencyName = "Some.*",
+                        UpdateTypes = [ConditionUpdateType.SemVerMajor],
+                    },
+                    new Condition()
+                    {
+                        DependencyName = "Unrelated.*",
+                        UpdateTypes = [ConditionUpdateType.SemVerMinor],
+                    },
+                ],
+            },
+            // dependency
+            new Dependency("Some.Dependency", "1.0.0", DependencyType.PackageReference),
+            // expectedDependencyInfo
+            new DependencyInfo()
+            {
+                Name = "Some.Dependency",
+                Version = "1.0.0",
+                IsVulnerable = false,
+                IgnoredVersions = [],
+                Vulnerabilities = [],
+                IgnoredUpdateTypes = [ConditionUpdateType.SemVerMajor],
             }
         ];
     }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/SerializationTests.cs

@@ -316,13 +316,13 @@ public class SerializationTests : TestBase
 
         Assert.Equal("Package.1", jobWrapper.Job.IgnoreConditions[0].DependencyName);
         Assert.Equal("some-file", jobWrapper.Job.IgnoreConditions[0].Source);
-        Assert.Equal("version-update:semver-major", jobWrapper.Job.IgnoreConditions[0].UpdateTypes.Single());
+        Assert.Equal(ConditionUpdateType.SemVerMajor, jobWrapper.Job.IgnoreConditions[0].UpdateTypes!.Single());
         Assert.Null(jobWrapper.Job.IgnoreConditions[0].UpdatedAt);
         Assert.Equal("> 1.2.3", jobWrapper.Job.IgnoreConditions[0].VersionRequirement?.ToString());
 
         Assert.Equal("Package.2", jobWrapper.Job.IgnoreConditions[1].DependencyName);
         Assert.Null(jobWrapper.Job.IgnoreConditions[1].Source);
-        Assert.Empty(jobWrapper.Job.IgnoreConditions[1].UpdateTypes);
+        Assert.Null(jobWrapper.Job.IgnoreConditions[1].UpdateTypes);
         Assert.Equal(new DateTime(2024, 12, 5, 15, 47, 12), jobWrapper.Job.IgnoreConditions[1].UpdatedAt);
         Assert.Null(jobWrapper.Job.IgnoreConditions[1].VersionRequirement);
     }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/UpdateHandlers/GroupUpdateAllVersionsHandlerTests.cs

@@ -795,4 +795,133 @@ public class GroupUpdateAllVersionsHandlerTests : UpdateHandlersTestsBase
             ]
         );
     }
+
+    [Fact]
+    public async Task IgnoredVersionUpdateTypesAreHonored()
+    {
+        await TestAsync(
+            job: new()
+            {
+                Source = CreateJobSource("/src"),
+                IgnoreConditions = [
+                    new Condition()
+                    {
+                        DependencyName = "Some.Dependency",
+                        UpdateTypes = [ConditionUpdateType.SemVerMajor],
+                    }
+                ]
+            },
+            files: [("src/project.csproj", "initial contents")],
+            discoveryWorker: TestDiscoveryWorker.FromResults(
+                ("/src", new WorkspaceDiscoveryResult()
+                {
+                    Path = "/src",
+                    Projects = [
+                        new()
+                        {
+                            FilePath = "project.csproj",
+                            Dependencies = [
+                                new("Some.Dependency", "1.0.0", DependencyType.PackageReference, TargetFrameworks: ["net9.0"]),
+                            ],
+                            ImportedFiles = [],
+                            AdditionalFiles = [],
+                        }
+                    ],
+                })
+            ),
+            analyzeWorker: new TestAnalyzeWorker(input =>
+            {
+                var repoRoot = input.Item1;
+                var discovery = input.Item2;
+                var dependencyInfo = input.Item3;
+                if (dependencyInfo.IgnoredUpdateTypes.Length != 1 || !dependencyInfo.IgnoredUpdateTypes.Contains(ConditionUpdateType.SemVerMajor))
+                {
+                    throw new InvalidOperationException($"Expected to see ignored update type of {nameof(ConditionUpdateType.SemVerMajor)} but found [{string.Join(", ", dependencyInfo.IgnoredUpdateTypes)}]");
+                }
+                var newVersion = dependencyInfo.Name switch
+                {
+                    "Some.Dependency" => "1.1.0",
+                    _ => throw new NotImplementedException($"Test didn't expect to update dependency {dependencyInfo.Name}"),
+                };
+                return Task.FromResult(new AnalysisResult()
+                {
+                    CanUpdate = true,
+                    UpdatedVersion = newVersion,
+                    UpdatedDependencies = [],
+                });
+            }),
+            updaterWorker: new TestUpdaterWorker(async input =>
+            {
+                var repoRoot = input.Item1;
+                var workspacePath = input.Item2;
+                var dependencyName = input.Item3;
+                var previousVersion = input.Item4;
+                var newVersion = input.Item5;
+                var isTransitive = input.Item6;
+
+                await File.WriteAllTextAsync(Path.Join(repoRoot, workspacePath), "updated contents");
+
+                return new UpdateOperationResult()
+                {
+                    UpdateOperations = [new DirectUpdate() { DependencyName = dependencyName, NewVersion = NuGetVersion.Parse(newVersion), UpdatedFiles = [workspacePath] }],
+                };
+            }),
+            expectedUpdateHandler: GroupUpdateAllVersionsHandler.Instance,
+            expectedApiMessages: [
+                new IncrementMetric()
+                {
+                    Metric = "updater.started",
+                    Tags = new()
+                    {
+                        ["operation"] = "group_update_all_versions",
+                    }
+                },
+                new UpdatedDependencyList()
+                {
+                    Dependencies = [
+                        new()
+                        {
+                            Name = "Some.Dependency",
+                            Version = "1.0.0",
+                            Requirements = [
+                                new() { Requirement = "1.0.0", File = "/src/project.csproj", Groups = ["dependencies"] },
+                            ],
+                        },
+                    ],
+                    DependencyFiles = ["/src/project.csproj"],
+                },
+                new CreatePullRequest()
+                {
+                    Dependencies = [
+                        new()
+                        {
+                            Name = "Some.Dependency",
+                            Version = "1.1.0",
+                            Requirements = [
+                                new() { Requirement = "1.1.0", File = "/src/project.csproj", Groups = ["dependencies"], Source = new() { SourceUrl = null } },
+                            ],
+                            PreviousVersion = "1.0.0",
+                            PreviousRequirements = [
+                                new() { Requirement = "1.0.0", File = "/src/project.csproj", Groups = ["dependencies"] },
+                            ],
+                        },
+                    ],
+                    UpdatedDependencyFiles = [
+                        new()
+                        {
+                            Directory = "/src",
+                            Name = "project.csproj",
+                            Content = "updated contents",
+                        },
+                    ],
+                    BaseCommitSha = "TEST-COMMIT-SHA",
+                    CommitMessage = RunWorkerTests.TestPullRequestCommitMessage,
+                    PrTitle = RunWorkerTests.TestPullRequestTitle,
+                    PrBody = RunWorkerTests.TestPullRequestBody,
+                    DependencyGroup = null,
+                },
+                new MarkAsProcessed("TEST-COMMIT-SHA"),
+            ]
+        );
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Update/PackageReferenceUpdaterTests.cs

@@ -189,7 +189,8 @@ public class PackageReferenceUpdaterTests
             MockNuGetPackage.CreateSimplePackage("Transitive.Package", "1.0.0", "net9.0", [(null, [("Super.Transitive.Package", "1.0.0")])]),
             MockNuGetPackage.CreateSimplePackage("Transitive.Package", "2.0.0", "net9.0", [(null, [("Super.Transitive.Package", "2.0.0")])]),
             MockNuGetPackage.CreateSimplePackage("Super.Transitive.Package", "1.0.0", "net9.0"),
-            MockNuGetPackage.CreateSimplePackage("Super.Transitive.Package", "2.0.0", "net9.0")
+            MockNuGetPackage.CreateSimplePackage("Super.Transitive.Package", "2.0.0", "net9.0"),
+            MockNuGetPackage.CreateSimplePackage("Unrelated.Package", "1.0.0", "net9.0"),
         ], repoRoot.DirectoryPath);
 
         // act
@@ -331,5 +332,54 @@ public class PackageReferenceUpdaterTests
                 }
             )
         ];
+
+        // dependency was not updated
+        yield return
+        [
+            // topLevelDependencies
+            ImmutableArray.Create(
+                new Dependency("Parent.Package", "1.0.0", DependencyType.PackageReference)
+            ),
+            // requestedUpdates
+            ImmutableArray.Create(
+                new Dependency("Transitive.Package", "2.0.0", DependencyType.PackageReference)
+            ),
+            // resolvedDependencies
+            ImmutableArray.Create(
+                new Dependency("Parent.Package", "1.0.0", DependencyType.PackageReference)
+            ),
+            // expectedUpdateOperations
+            ImmutableArray<UpdateOperationBase>.Empty,
+        ];
+
+        // initial dependency has a wildcard
+        yield return
+        [
+            // topLevelDependencies
+            ImmutableArray.Create(
+                new Dependency("Parent.Package", "1.0.0", DependencyType.PackageReference),
+                new Dependency("Unrelated.Package", "1.0.*", DependencyType.PackageReference)
+            ),
+            // requestedUpdates
+            ImmutableArray.Create(
+                new Dependency("Transitive.Package", "2.0.0", DependencyType.PackageReference)
+            ),
+            // resolvedDependencies
+            ImmutableArray.Create(
+                new Dependency("Parent.Package", "2.0.0", DependencyType.PackageReference),
+                new Dependency("Unrelated.Package", "1.0.0", DependencyType.PackageReference)
+            ),
+            // expectedUpdateOperations
+            ImmutableArray.Create<UpdateOperationBase>(
+                new ParentUpdate()
+                {
+                    DependencyName = "Transitive.Package",
+                    NewVersion = NuGetVersion.Parse("2.0.0"),
+                    UpdatedFiles = [],
+                    ParentDependencyName = "Parent.Package",
+                    ParentNewVersion = NuGetVersion.Parse("2.0.0"),
+                }
+            ),
+        ];
     }
 }

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-nuget
 version: !ruby/object:Gem::Version
-  version: 0.317.0
+  version: 0.318.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.317.0
+        version: 0.318.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.317.0
+        version: 0.318.0
 - !ruby/object:Gem::Dependency
   name: rubyzip
   requirement: !ruby/object:Gem::Requirement
@@ -580,7 +580,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.317.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.318.0
 rdoc_options: []
 require_paths:
 - lib