RubyGems - dependabot-nuget - Versions diffs - 0.323.0 → 0.325.1 - Mend

dependabot-nuget 0.323.0 → 0.325.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (80) hide show

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ModifiedFilesTracker.cs CHANGED Viewed

@@ -72,7 +72,7 @@ public class ModifiedFilesTracker
         }
     }
-    public async Task<ImmutableArray<DependencyFile>> StopTrackingAsync()
+    public async Task<ImmutableArray<DependencyFile>> StopTrackingAsync(bool restoreOriginalContents = false)
     {
         if (_currentDiscoveryResult is null)
         {
@@ -108,6 +108,14 @@ public class ModifiedFilesTracker
                     Content = reportedContent,
                     ContentEncoding = encoding,
                 };
+                if (restoreOriginalContents)
+                {
+                    var originalRawContent = originalContent
+                        .SetEOL(_originalDependencyFileEOFs[repoFullPath])
+                        .SetBOM(_originalDependencyFileBOMs[repoFullPath]);
+                    await File.WriteAllBytesAsync(localFullPath, originalRawContent);
+                }
             }
         }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/PullRequestBodyGenerator/DetailedPullRequestBodyGenerator.cs CHANGED Viewed

@@ -57,6 +57,12 @@ internal class DetailedPullRequestBodyGenerator : IPullRequestBodyGenerator, IDi
             }
             else
             {
+                if (sourceUrl.EndsWith(".git"))
+                {
+                    // remove the trailing .git if present
+                    sourceUrl = sourceUrl[..^4];
+                }
                 // build detailed report
                 var packageNameIndex = reportText.IndexOf(updateOperation.DependencyName, StringComparison.OrdinalIgnoreCase);
                 if (packageNameIndex >= 0)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/RunWorker.cs CHANGED Viewed

@@ -152,7 +152,7 @@ public class RunWorker
         }
     }
-    internal static DependencyInfo GetDependencyInfo(Job job, Dependency dependency)
+    internal static DependencyInfo GetDependencyInfo(Job job, Dependency dependency, bool allowCooldown)
     {
         var dependencyVersion = NuGetVersion.Parse(dependency.Version!);
         var securityAdvisories = job.SecurityAdvisories.Where(s => s.DependencyName.Equals(dependency.Name, StringComparison.OrdinalIgnoreCase)).ToArray();
@@ -175,6 +175,12 @@ public class RunWorker
             .SelectMany(c => c.UpdateTypes ?? [])
             .Distinct()
             .ToImmutableArray();
+        // while it would be nice to lift the cooldown options into the IgnoredUpdateTypes field, we don't know the
+        // publish date of the packages, so we have to pass along the whole object for the version finder to sort out
+        var includeCooldown = allowCooldown &&
+            job.Cooldown is not null &&
+            job.Cooldown.AppliesToPackage(dependency.Name);
         var dependencyInfo = new DependencyInfo()
         {
             Name = dependency.Name,
@@ -183,6 +189,7 @@ public class RunWorker
             IgnoredVersions = ignoredVersions,
             Vulnerabilities = vulnerabilities,
             IgnoredUpdateTypes = ignoredUpdateTypes,
+            Cooldown = includeCooldown ? job.Cooldown : null,
         };
         return dependencyInfo;
     }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/CreateSecurityUpdatePullRequestHandler.cs CHANGED Viewed

@@ -67,7 +67,7 @@ internal class CreateSecurityUpdatePullRequestHandler : IUpdateHandler
             {
                 var dependencyName = dependencyGroupToUpdate.Key;
                 var vulnerableCandidateDependenciesToUpdate = dependencyGroupToUpdate.Value
-                    .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency)))
+                    .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency, allowCooldown: false)))
                     .Where(set => set.Item3.IsVulnerable)
                     .ToArray();
                 var vulnerableDependenciesToUpdate = vulnerableCandidateDependenciesToUpdate

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/GroupUpdateAllVersionsHandler.cs CHANGED Viewed

@@ -1,7 +1,6 @@
 using System.Collections.Immutable;
-using NuGet.Versioning;
+using NuGetUpdater.Core.Discover;
 using NuGetUpdater.Core.Run.ApiModel;
 using NuGetUpdater.Core.Updater;
@@ -105,7 +104,7 @@ internal class GroupUpdateAllVersionsHandler : IUpdateHandler
                         continue;
                     }
-                    var dependencyInfo = RunWorker.GetDependencyInfo(job, dependency);
+                    var dependencyInfo = RunWorker.GetDependencyInfo(job, dependency, allowCooldown: experimentsManager.EnableCooldown);
                     var analysisResult = await analyzeWorker.RunAsync(repoContentsPath.FullName, discoveryResult, dependencyInfo);
                     if (analysisResult.Error is not null)
                     {
@@ -183,86 +182,99 @@ internal class GroupUpdateAllVersionsHandler : IUpdateHandler
                 return;
             }
-            var tracker = new ModifiedFilesTracker(originalRepoContentsPath, logger);
-            await tracker.StartTrackingAsync(discoveryResult);
             var updatedDependencyList = RunWorker.GetUpdatedDependencyListFromDiscovery(discoveryResult, originalRepoContentsPath.FullName, logger);
             await apiHandler.UpdateDependencyList(updatedDependencyList);
-            var updateOperationsPerformed = new List<UpdateOperationBase>();
-            var updatedDependencies = new List<ReportedDependency>();
-            var updateOperationsToPerform = RunWorker.GetUpdateOperations(discoveryResult).ToArray();
-            foreach (var (projectPath, dependency) in updateOperationsToPerform)
+            var updateOperationsToPerformByDependency = CollectUpdateOperationsByDependency(discoveryResult);
+            foreach (var sameDependencySet in updateOperationsToPerformByDependency)
             {
-                if (!job.IsUpdatePermitted(dependency))
-                {
-                    continue;
-                }
+                logger.Info($"Starting dependency update for {sameDependencySet.Key}");
+                var updateOperationsPerformed = new List<UpdateOperationBase>();
+                var updatedDependencies = new List<ReportedDependency>();
+                var tracker = new ModifiedFilesTracker(originalRepoContentsPath, logger);
+                await tracker.StartTrackingAsync(discoveryResult);
-                if (job.IsDependencyIgnoredByNameOnly(dependency.Name))
+                foreach (var (projectPath, dependency) in sameDependencySet)
                 {
-                    logger.Info($"Skipping ignored dependency {dependency.Name}.");
-                    continue;
-                }
+                    if (!job.IsUpdatePermitted(dependency))
+                    {
+                        continue;
+                    }
-                var dependencyInfo = RunWorker.GetDependencyInfo(job, dependency);
-                var analysisResult = await analyzeWorker.RunAsync(repoContentsPath.FullName, discoveryResult, dependencyInfo);
-                if (analysisResult.Error is not null)
-                {
-                    logger.Error($"Error analyzing {dependency.Name} in {projectPath}: {analysisResult.Error.GetReport()}");
-                    await apiHandler.RecordUpdateJobError(analysisResult.Error, logger);
-                    return;
-                }
+                    if (job.IsDependencyIgnoredByNameOnly(dependency.Name))
+                    {
+                        logger.Info($"Skipping ignored dependency {dependency.Name}.");
+                        continue;
+                    }
-                if (!analysisResult.CanUpdate)
-                {
-                    logger.Info($"No updatable version found for {dependency.Name} in {projectPath}.");
-                    continue;
-                }
+                    var dependencyInfo = RunWorker.GetDependencyInfo(job, dependency, allowCooldown: experimentsManager.EnableCooldown);
+                    var analysisResult = await analyzeWorker.RunAsync(repoContentsPath.FullName, discoveryResult, dependencyInfo);
+                    if (analysisResult.Error is not null)
+                    {
+                        logger.Error($"Error analyzing {dependency.Name} in {projectPath}: {analysisResult.Error.GetReport()}");
+                        await apiHandler.RecordUpdateJobError(analysisResult.Error, logger);
+                        return;
+                    }
-                var projectDiscovery = discoveryResult.GetProjectDiscoveryFromPath(projectPath);
-                var updaterResult = await updaterWorker.RunAsync(repoContentsPath.FullName, projectPath, dependency.Name, dependency.Version!, analysisResult.UpdatedVersion, dependency.IsTransitive);
-                if (updaterResult.Error is not null)
-                {
-                    await apiHandler.RecordUpdateJobError(updaterResult.Error, logger);
-                    continue;
-                }
+                    if (!analysisResult.CanUpdate)
+                    {
+                        logger.Info($"No updatable version found for {dependency.Name} in {projectPath}.");
+                        continue;
+                    }
-                if (updaterResult.UpdateOperations.Length == 0)
-                {
-                    continue;
-                }
+                    var projectDiscovery = discoveryResult.GetProjectDiscoveryFromPath(projectPath);
+                    var updaterResult = await updaterWorker.RunAsync(repoContentsPath.FullName, projectPath, dependency.Name, dependency.Version!, analysisResult.UpdatedVersion, dependency.IsTransitive);
+                    if (updaterResult.Error is not null)
+                    {
+                        await apiHandler.RecordUpdateJobError(updaterResult.Error, logger);
+                        continue;
+                    }
+                    if (updaterResult.UpdateOperations.Length == 0)
+                    {
+                        continue;
+                    }
-                var patchedUpdateOperations = RunWorker.PatchInOldVersions(updaterResult.UpdateOperations, projectDiscovery);
-                var updatedDependenciesForThis = patchedUpdateOperations
-                    .Select(o => o.ToReportedDependency(projectPath, updatedDependencyList.Dependencies, analysisResult.UpdatedDependencies))
-                    .ToArray();
+                    var patchedUpdateOperations = RunWorker.PatchInOldVersions(updaterResult.UpdateOperations, projectDiscovery);
+                    var updatedDependenciesForThis = patchedUpdateOperations
+                        .Select(o => o.ToReportedDependency(projectPath, updatedDependencyList.Dependencies, analysisResult.UpdatedDependencies))
+                        .ToArray();
-                updatedDependencies.AddRange(updatedDependenciesForThis);
-                updateOperationsPerformed.AddRange(patchedUpdateOperations);
-                foreach (var o in patchedUpdateOperations)
-                {
-                    logger.Info($"Update operation performed: {o.GetReport(includeFileNames: true)}");
+                    updatedDependencies.AddRange(updatedDependenciesForThis);
+                    updateOperationsPerformed.AddRange(patchedUpdateOperations);
+                    foreach (var o in patchedUpdateOperations)
+                    {
+                        logger.Info($"Update operation performed: {o.GetReport(includeFileNames: true)}");
+                    }
                 }
-            }
-            var updatedDependencyFiles = await tracker.StopTrackingAsync();
-            if (updateOperationsPerformed.Count > 0)
-            {
-                var commitMessage = PullRequestTextGenerator.GetPullRequestCommitMessage(job, [.. updateOperationsPerformed], null);
-                var prTitle = PullRequestTextGenerator.GetPullRequestTitle(job, [.. updateOperationsPerformed], null);
-                var prBody = await PullRequestTextGenerator.GetPullRequestBodyAsync(job, [.. updateOperationsPerformed], [.. updatedDependencies], experimentsManager);
-                await apiHandler.CreatePullRequest(new CreatePullRequest()
+                var updatedDependencyFiles = await tracker.StopTrackingAsync(restoreOriginalContents: true);
+                if (updateOperationsPerformed.Count > 0)
                 {
-                    Dependencies = [.. updatedDependencies],
-                    UpdatedDependencyFiles = [.. updatedDependencyFiles],
-                    BaseCommitSha = baseCommitSha,
-                    CommitMessage = commitMessage,
-                    PrTitle = prTitle,
-                    PrBody = prBody,
-                    DependencyGroup = null,
-                });
+                    var commitMessage = PullRequestTextGenerator.GetPullRequestCommitMessage(job, [.. updateOperationsPerformed], null);
+                    var prTitle = PullRequestTextGenerator.GetPullRequestTitle(job, [.. updateOperationsPerformed], null);
+                    var prBody = await PullRequestTextGenerator.GetPullRequestBodyAsync(job, [.. updateOperationsPerformed], [.. updatedDependencies], experimentsManager);
+                    await apiHandler.CreatePullRequest(new CreatePullRequest()
+                    {
+                        Dependencies = [.. updatedDependencies],
+                        UpdatedDependencyFiles = [.. updatedDependencyFiles],
+                        BaseCommitSha = baseCommitSha,
+                        CommitMessage = commitMessage,
+                        PrTitle = prTitle,
+                        PrBody = prBody,
+                        DependencyGroup = null,
+                    });
+                }
             }
         }
     }
+    internal static ImmutableArray<IGrouping<string, (string ProjectPath, Dependency Dependency)>> CollectUpdateOperationsByDependency(WorkspaceDiscoveryResult discoveryResult)
+    {
+        var updateOperationsToPerform = RunWorker.GetUpdateOperations(discoveryResult).ToArray();
+        var updateOperationsToPerformByDependency = updateOperationsToPerform
+            .GroupBy(o => $"{o.Dependency.Name}/{o.Dependency.Version}".ToLowerInvariant())
+            .ToImmutableArray();
+        return updateOperationsToPerformByDependency;
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/RefreshGroupUpdatePullRequestHandler.cs CHANGED Viewed

@@ -93,7 +93,7 @@ internal class RefreshGroupUpdatePullRequestHandler : IUpdateHandler
                 var dependencyName = dependencyGroupToUpdate.Key;
                 var relevantDependenciesToUpdate = dependencyGroupToUpdate.Value
                     .Where(o => !job.IsDependencyIgnoredByNameOnly(o.Dependency.Name))
-                    .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency)))
+                    .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency, allowCooldown: experimentsManager.EnableCooldown)))
                     .ToArray();
                 foreach (var (projectPath, dependency, dependencyInfo) in relevantDependenciesToUpdate)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/RefreshSecurityUpdatePullRequestHandler.cs CHANGED Viewed

@@ -82,7 +82,7 @@ internal class RefreshSecurityUpdatePullRequestHandler : IUpdateHandler
                 var dependencyName = dependencyGroupToUpdate.Key;
                 var vulnerableDependenciesToUpdate = dependencyGroupToUpdate.Value
                     .Where(o => !job.IsDependencyIgnoredByNameOnly(o.Dependency.Name))
-                    .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency)))
+                    .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency, allowCooldown: false)))
                     .Where(set => set.Item3.IsVulnerable)
                     .ToArray();

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/RefreshVersionUpdatePullRequestHandler.cs CHANGED Viewed

@@ -81,7 +81,7 @@ internal class RefreshVersionUpdatePullRequestHandler : IUpdateHandler
                 var dependencyName = dependencyUpdatesToPerform.Key;
                 var dependencyInfosToUpdate = dependencyUpdatesToPerform.Value
                     .Where(o => !job.IsDependencyIgnoredByNameOnly(o.Dependency.Name))
-                    .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency)))
+                    .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency, allowCooldown: experimentsManager.EnableCooldown)))
                     .ToArray();
                 foreach (var (projectPath, dependency, dependencyInfo) in dependencyInfosToUpdate)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/FileWriters/FileWriterWorker.cs CHANGED Viewed

@@ -38,13 +38,17 @@ public class FileWriterWorker
         var nonProjectUpdates = await ProcessNonProjectUpdatesAsync(repoContentsPath, initialProjectDirectory, dependencyName, oldDependencyVersion, newDependencyVersion);
         updateOperations.AddRange(nonProjectUpdates);
-        // then try packages.config updates
-        var packagesConfigUpdates = await ProcessPackagesConfigUpdatesAsync(repoContentsPath, projectPath, dependencyName, oldDependencyVersion, newDependencyVersion);
-        updateOperations.AddRange(packagesConfigUpdates);
+        var projectExtension = projectPath.Extension.ToLowerInvariant();
+        if (XmlFileWriter.SupportedProjectFileExtensions.Contains(projectExtension))
+        {
+            // then try packages.config updates
+            var packagesConfigUpdates = await ProcessPackagesConfigUpdatesAsync(repoContentsPath, projectPath, dependencyName, oldDependencyVersion, newDependencyVersion);
+            updateOperations.AddRange(packagesConfigUpdates);
-        // then try project updates
-        var packageReferenceUpdates = await ProcessPackageReferenceUpdatesAsync(repoContentsPath, initialProjectDirectory, projectPath, dependencyName, newDependencyVersion);
-        updateOperations.AddRange(packageReferenceUpdates);
+            // then try project updates
+            var packageReferenceUpdates = await ProcessPackageReferenceUpdatesAsync(repoContentsPath, initialProjectDirectory, projectPath, dependencyName, newDependencyVersion);
+            updateOperations.AddRange(packageReferenceUpdates);
+        }
         var normalizedUpdateOperations = UpdateOperationBase.NormalizeUpdateOperationCollection(repoContentsPath.FullName, updateOperations);
         return normalizedUpdateOperations;
@@ -250,7 +254,6 @@ public class FileWriterWorker
                 initialTopLevelDependencies,
                 desiredDependencies,
                 resolvedDependencies.Value,
-                new ExperimentsManager(),
                 _logger);
             var filteredUpdateOperations = computedUpdateOperations
                 .Where(op =>