dependabot-nuget 0.364.0 → 0.366.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 94732507b9e39fd955f1b69f16af42d962b37f6c3bd35e9450efb831a74a40fa
-  data.tar.gz: 22aa7bb6d046d06992357ce3cbe491bfcf8d2456803d634a3bb7a0c90cad827f
+  metadata.gz: e0aedc20fa2f1df16323aca062c9c44c6eea43e7765b723de4e95a140684876d
+  data.tar.gz: e4b9b5783a76aeb9a28c8af0ade2db202eeb93112a4d49a940860541a433c2fa
 SHA512:
-  metadata.gz: '092697c49645cf8d2a2f037625478de9c79c303e52655a9bae5b89e8e81639ad17418bc60bbf408882dc5a8b204b8d1269d34159598a0137cfd621d236e882ec'
-  data.tar.gz: eaa62dceed3b5c6c3a6065e255e5e315f565947e41b21f48c7033075550d6896b185342c3e557e072947c5f1d4d623bc84c404bb4b65c44ec6ba893fa810bbd4
+  metadata.gz: 2ac6071c674f86aaf2822d46bb9510d4ae8a9914bea75856864a50087e0aacc4eb36087e3d9403fcba55acc0ad88ae477d289e8134e27958ade18307cd278fe6
+  data.tar.gz: 6c0ec49e96823dc4d6dc110ba9aef051031a9adba875242f087eaf8f1484ac49abf59a25e69e72a2f04457398aa32ef3de539c456ced39f677b0b4561ff9185f

data/helpers/lib/NuGetUpdater/Directory.Packages.props

@@ -35,10 +35,10 @@
     <PackageVersion Include="System.Formats.Asn1" Version="10.0.3" />
     <PackageVersion Include="System.Security.Cryptography.Pkcs" Version="10.0.3" />
     <PackageVersion Include="System.Security.Cryptography.ProtectedData" Version="9.0.11" />
-    <PackageVersion Include="System.Text.Json" Version="9.0.11" />
+    <PackageVersion Include="System.Text.Json" Version="10.0.3" />
     <PackageVersion Include="System.Text.RegularExpressions" Version="4.3.1" />
     <PackageVersion Include="System.Threading.Tasks.Dataflow" Version="10.0.3" />
-    <PackageVersion Include="xunit.v3" Version="3.0.0" />
+    <PackageVersion Include="xunit.v3" Version="3.2.2" />
     <PackageVersion Include="xunit.runner.visualstudio" Version="3.1.5" />
   </ItemGroup>
 </Project>

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/NuGetContext.cs

@@ -111,6 +111,11 @@ internal record NuGetContext : IDisposable
                 // if anything goes wrong here, the package source obviously doesn't contain the requested package
                 continue;
             }
+            catch (InvalidDataException)
+            {
+                // this usually means the feed returns an unexpected 404 when paging results; nothing we can do about it here
+                continue;
+            }
 
             var downloadResource = await sourceRepository.GetResourceAsync<DownloadResource>(cancellationToken);
             using var downloadResult = await downloadResource.GetDownloadResourceResultAsync(packageIdentity, PackageDownloadContext, globalPackagesFolder, Logger, cancellationToken);

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/VersionFinder.cs

@@ -141,6 +141,11 @@ internal static class VersionFinder
                 // if anything goes wrong here, the package source obviously doesn't contain the requested package
                 continue;
             }
+            catch (InvalidDataException)
+            {
+                // this usually means the feed returns an unexpected 404 when paging results; nothing we can do about it here
+                continue;
+            }
             catch (JsonReaderException ex)
             {
                 // unable to parse server response

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/DependencyGroup.cs

@@ -2,6 +2,8 @@ using System.Collections.Immutable;
 using System.IO.Enumeration;
 using System.Text.Json;
 
+using NuGet.Versioning;
+
 namespace NuGetUpdater.Core.Run.ApiModel;
 
 public record DependencyGroup
@@ -40,6 +42,32 @@ public class GroupMatcher
         return isMatch;
     }
 
+    public bool IsAllowedByVersion(NuGetVersion oldVersion, NuGetVersion newVersion)
+    {
+        var isMajorBump = newVersion.Major > oldVersion.Major;
+        var isMinorBump = newVersion.Major == oldVersion.Major && newVersion.Minor > oldVersion.Minor;
+        var isPatchBump = newVersion.Major == oldVersion.Major && newVersion.Minor == oldVersion.Minor && newVersion.Patch > oldVersion.Patch;
+
+        var allowedUpdateTypes = new HashSet<GroupUpdateType>(UpdateTypes);
+
+        if (isMajorBump && allowedUpdateTypes.Contains(GroupUpdateType.Major))
+        {
+            return true;
+        }
+
+        if (isMinorBump && allowedUpdateTypes.Contains(GroupUpdateType.Minor))
+        {
+            return true;
+        }
+
+        if (isPatchBump && allowedUpdateTypes.Contains(GroupUpdateType.Patch))
+        {
+            return true;
+        }
+
+        return false;
+    }
+
     public static GroupMatcher FromRules(Dictionary<string, object> rules)
     {
         var patterns = GetStringArray(rules, "patterns", ["*"]); // default to matching everything unless explicitly excluded

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/CreateSecurityUpdatePullRequestHandler.cs

@@ -157,7 +157,7 @@ internal class CreateSecurityUpdatePullRequestHandler : IUpdateHandler
                 }
             }
 
-            if (updatedDependencyFiles.Length > 0)
+            if (updateOperationsPerformed.Count > 0 && updatedDependencyFiles.Length > 0)
             {
                 var commitMessage = PullRequestTextGenerator.GetPullRequestCommitMessage(job, [.. updateOperationsPerformed], null);
                 var prTitle = PullRequestTextGenerator.GetPullRequestTitle(job, [.. updateOperationsPerformed], null);

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/GroupUpdateAllVersionsHandler.cs

@@ -1,5 +1,8 @@
 using System.Collections.Immutable;
 
+using NuGet.Versioning;
+
+using NuGetUpdater.Core.Analyze;
 using NuGetUpdater.Core.Discover;
 using NuGetUpdater.Core.Run.ApiModel;
 using NuGetUpdater.Core.Updater;
@@ -106,6 +109,13 @@ internal class GroupUpdateAllVersionsHandler : IUpdateHandler
                         continue;
                     }
 
+                    var isUpdateAllowed = groupMatcher.IsAllowedByVersion(NuGetVersion.Parse(dependency.Version!), NuGetVersion.Parse(analysisResult.UpdatedVersion));
+                    if (!isUpdateAllowed)
+                    {
+                        logger.Info($"Dependency {dependency.Name} skipped for group {group.Name} because update type was not allowed.");
+                        continue;
+                    }
+
                     var projectDiscovery = discoveryResult.GetProjectDiscoveryFromPath(projectPath);
                     var updaterResult = await updaterWorker.RunAsync(repoContentsPath.FullName, projectPath, dependency.Name, dependency.Version!, analysisResult.UpdatedVersion, dependency.IsTransitive);
                     if (updaterResult.Error is not null)
@@ -204,15 +214,6 @@ internal class GroupUpdateAllVersionsHandler : IUpdateHandler
                         continue;
                     }
 
-                    var matchingGroups = job.DependencyGroups
-                        .Where(group => group.GetGroupMatcher().IsMatch(dependency.Name))
-                        .ToImmutableArray();
-                    if (matchingGroups.Length > 0)
-                    {
-                        logger.Info($"Dependency {dependency.Name} skipped for ungrouped updates because it's a member of the following groups: {string.Join(", ", matchingGroups.Select(group => group.Name))}");
-                        continue;
-                    }
-
                     var dependencyInfo = RunWorker.GetDependencyInfo(job, dependency, groupMatchers: [], allowCooldown: true);
                     var analysisResult = await analyzeWorker.RunAsync(repoContentsPath.FullName, discoveryResult, dependencyInfo);
                     if (analysisResult.Error is not null)
@@ -228,6 +229,12 @@ internal class GroupUpdateAllVersionsHandler : IUpdateHandler
                         continue;
                     }
 
+                    var isSkipped = IsUngroupedDependencySkipped(dependency, analysisResult, job.DependencyGroups, logger);
+                    if (isSkipped)
+                    {
+                        continue;
+                    }
+
                     var projectDiscovery = discoveryResult.GetProjectDiscoveryFromPath(projectPath);
                     var updaterResult = await updaterWorker.RunAsync(repoContentsPath.FullName, projectPath, dependency.Name, dependency.Version!, analysisResult.UpdatedVersion, dependency.IsTransitive);
                     if (updaterResult.Error is not null)
@@ -293,4 +300,29 @@ internal class GroupUpdateAllVersionsHandler : IUpdateHandler
             .ToImmutableArray();
         return updateOperationsToPerformByDependency;
     }
+
+    internal static bool IsUngroupedDependencySkipped(Dependency dependency, AnalysisResult dependencyAnalysis, ImmutableArray<DependencyGroup> dependencyGroups, ILogger logger)
+    {
+        var matcherGroups = dependencyGroups
+            .Select(group => (group.Name, Matcher: group.GetGroupMatcher()))
+            .Where(pair => pair.Matcher.IsMatch(dependency.Name))
+            .ToImmutableArray();
+        if (matcherGroups.Length > 0)
+        {
+            // update matches a group by name
+            // if any group allows the proposed version range, then it's not allowed in an ungrouped update
+            var oldVersion = NuGetVersion.Parse(dependency.Version!);
+            var newVersion = NuGetVersion.Parse(dependencyAnalysis.UpdatedVersion);
+            var matcherGroupsAllowingVersionRange = matcherGroups
+                .Where(pair => pair.Matcher.IsAllowedByVersion(oldVersion, newVersion))
+                .ToImmutableArray();
+            if (matcherGroupsAllowingVersionRange.Length > 0)
+            {
+                logger.Info($"Dependency {dependency.Name} skipped for ungrouped updates because it's a member of the following groups: {string.Join(", ", matcherGroupsAllowingVersionRange.Select(pair => pair.Name))}");
+                return true;
+            }
+        }
+
+        return false;
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs

@@ -728,6 +728,7 @@ internal static partial class MSBuildHelper
         {
             new Regex(@"\nAn error occurred while reading file '(?<FilePath>[^']+)': (?<Message>[^\n]*)\n"),
             new Regex(@"NuGet\.Config is not valid XML\. Path: '(?<FilePath>[^']+)'\.\n\s*(?<Message>[^\n]*)(\n|$)"),
+            new Regex(@"Error parsing packages\.config file at (?<FilePath>[^:]+): (?<Message>[^\n]*)\n"),
         };
         var match = patterns.Select(p => p.Match(output)).Where(m => m.Success).FirstOrDefault();
         if (match is not null)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Analyze/AnalyzeWorkerTests.cs

@@ -1446,4 +1446,62 @@ public partial class AnalyzeWorkerTests : AnalyzeWorkerTestBase
         Assert.Equal("< 1.0.1", dependencyInfo.IgnoredVersions.Single().ToString());
         Assert.Empty(dependencyInfo.Vulnerabilities);
     }
+
+    [Fact]
+    public async Task MisbehavingNuGetFeedDoesNotTakeDownURLDiscovery()
+    {
+        using var http = TestHttpServer.CreateTestStringServer(url =>
+        {
+            var uri = new Uri(url, UriKind.Absolute);
+            var baseUrl = $"{uri.Scheme}://{uri.Host}:{uri.Port}";
+            return uri.PathAndQuery switch
+            {
+                "/index.json" => (200, $$"""
+                    {
+                        "version": "3.0.0",
+                        "resources": [
+                            {
+                                "@id": "{{baseUrl}}/download",
+                                "@type": "PackageBaseAddress/3.0.0"
+                            },
+                            {
+                                "@id": "{{baseUrl}}/registrations",
+                                "@type": "RegistrationsBaseUrl"
+                            }
+                        ]
+                    }
+                    """),
+                // registration index returns a range with @id but no inlined items;
+                // this causes the URL specified in @id to be queried but if that isn't present, the NuGet libraries will eventually throw
+                "/registrations/some.package/index.json" => (200, $$"""
+                    {
+                        "count": 1,
+                        "items": [
+                            {
+                                "@id": "{{baseUrl}}/registrations/some.package/page1.json",
+                                "lower": "1.0.0",
+                                "upper": "2.0.0"
+                            }
+                        ]
+                    }
+                    """),
+                _ => (404, "")
+            };
+        });
+        var feedUrl = $"{http.BaseUrl.TrimEnd('/')}/index.json";
+        using var tempDir = await TemporaryDirectory.CreateWithContentsAsync(
+            ("NuGet.Config", $"""
+                <configuration>
+                  <packageSources>
+                    <clear />
+                    <add key="private_feed" value="{feedUrl}" allowInsecureConnections="true" />
+                  </packageSources>
+                </configuration>
+                """)
+        );
+
+        var context = new NuGetContext(tempDir.DirectoryPath);
+        var infoUrl = await context.GetPackageInfoUrlAsync("some.package", "1.0.0", CancellationToken.None);
+        Assert.Null(infoUrl);
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Analyze/VersionFinderTests.cs

@@ -458,4 +458,73 @@ public class VersionFinderTests : TestBase
         var actual = versions.Select(v => v.ToString()).ToArray();
         AssertEx.Equal(expected, actual);
     }
+
+    [Fact]
+    public async Task MisbehavingNuGetFeedDoesNotPreventFindingVersions()
+    {
+        using var http = TestHttpServer.CreateTestStringServer(url =>
+        {
+            var uri = new Uri(url, UriKind.Absolute);
+            var baseUrl = $"{uri.Scheme}://{uri.Host}:{uri.Port}";
+            return uri.PathAndQuery switch
+            {
+                "/index.json" => (200, $$"""
+                    {
+                        "version": "3.0.0",
+                        "resources": [
+                            {
+                                "@id": "{{baseUrl}}/download",
+                                "@type": "PackageBaseAddress/3.0.0"
+                            },
+                            {
+                                "@id": "{{baseUrl}}/registrations",
+                                "@type": "RegistrationsBaseUrl"
+                            }
+                        ]
+                    }
+                    """),
+                // registration index returns a range with @id but no inlined items;
+                // this causes the URL specified in @id to be queried but if that isn't present, the NuGet libraries will eventually throw
+                "/registrations/some.package/index.json" => (200, $$"""
+                    {
+                        "count": 1,
+                        "items": [
+                            {
+                                "@id": "{{baseUrl}}/registrations/some.package/page1.json",
+                                "lower": "1.0.0",
+                                "upper": "2.0.0"
+                            }
+                        ]
+                    }
+                    """),
+                _ => (404, "")
+            };
+        });
+        var feedUrl = $"{http.BaseUrl.TrimEnd('/')}/index.json";
+        using var tempDir = await TemporaryDirectory.CreateWithContentsAsync(
+            ("NuGet.Config", $"""
+                <configuration>
+                  <packageSources>
+                    <clear />
+                    <add key="private_feed" value="{feedUrl}" allowInsecureConnections="true" />
+                  </packageSources>
+                </configuration>
+                """)
+        );
+
+        var context = new NuGetContext(tempDir.DirectoryPath);
+
+        var projectTfm = NuGetFramework.Parse("net9.0");
+        var dependencyInfo = new DependencyInfo()
+        {
+            Name = "Some.Package",
+            Version = "1.0.0",
+            IsVulnerable = false,
+        };
+        var currentVersion = NuGetVersion.Parse(dependencyInfo.Version);
+        var versionsResult = await VersionFinder.GetVersionsAsync([projectTfm], dependencyInfo, currentVersion, DateTime.Now, context, new TestLogger(), CancellationToken.None);
+        Assert.NotNull(versionsResult);
+        var versions = versionsResult.GetVersions();
+        Assert.Empty(versions);
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/UpdateHandlers/CreateSecurityUpdatePullRequestHandlerTests.cs

@@ -763,4 +763,97 @@ public class CreateSecurityUpdatePullRequestHandlerTests : UpdateHandlersTestsBa
             ]
         );
     }
+
+    [Fact]
+    public async Task ErrantFileUpdatesDoNotCauseCallToCreatePullRequest()
+    {
+        // if an external tool inadvertently updates files on disk without reporting any update operations, don't try
+        // to create a PR
+        await TestAsync(
+            job: new Job()
+            {
+                Dependencies = ["Some.Dependency"],
+                SecurityAdvisories = [new() { DependencyName = "Some.Dependency", AffectedVersions = [Requirement.Parse("= 1.0.0")] }],
+                SecurityUpdatesOnly = true,
+                Source = CreateJobSource("/src"),
+            },
+            files: [
+                ("src/project.csproj", "initial project contents"),
+                ("src/packages.config", "initial packages contents"),
+            ],
+            discoveryWorker: TestDiscoveryWorker.FromResults(
+                ("/src", new WorkspaceDiscoveryResult()
+                {
+                    Path = "/src",
+                    Projects = [
+                        new()
+                        {
+                            FilePath = "project.csproj",
+                            Dependencies = [
+                                new("Some.Dependency", "1.0.0", DependencyType.PackageReference, TargetFrameworks: ["net9.0"]),
+                            ],
+                            ImportedFiles = [],
+                            AdditionalFiles = ["packages.config"],
+                        }
+                    ],
+                })
+            ),
+            analyzeWorker: new TestAnalyzeWorker(async input =>
+            {
+                var repoRoot = input.Item1;
+                var discovery = input.Item2;
+                var dependencyInfo = input.Item3;
+                if (dependencyInfo.Name != "Some.Dependency")
+                {
+                    throw new NotImplementedException($"Test didn't expect to update dependency {dependencyInfo.Name}");
+                }
+
+                // no update possible but a file was touched on disk
+                var projectPath = Path.Join(repoRoot, discovery.Path, discovery.Projects.Single().FilePath);
+                var packagesConfigPath = Path.Join(Path.GetDirectoryName(projectPath), "packages.config");
+                await File.WriteAllTextAsync(packagesConfigPath, "updated packages contents");
+
+                return new AnalysisResult()
+                {
+                    CanUpdate = false,
+                    UpdatedVersion = "1.0.0",
+                    UpdatedDependencies = [],
+                };
+            }),
+            updaterWorker: new TestUpdaterWorker(async input =>
+            {
+                return new UpdateOperationResult()
+                {
+                    UpdateOperations = [],
+                };
+            }),
+            expectedUpdateHandler: CreateSecurityUpdatePullRequestHandler.Instance,
+            expectedApiMessages: [
+                new UpdatedDependencyList()
+                {
+                    Dependencies = [
+                        new()
+                        {
+                            Name = "Some.Dependency",
+                            Version = "1.0.0",
+                            Requirements = [
+                                new() { Requirement = "1.0.0", File = "/src/project.csproj", Groups = ["dependencies"] },
+                            ],
+                        },
+                    ],
+                    DependencyFiles = ["/src/packages.config", "/src/project.csproj"],
+                },
+                new IncrementMetric()
+                {
+                    Metric = "updater.started",
+                    Tags = new()
+                    {
+                        ["operation"] = "create_security_pr",
+                    }
+                },
+                new SecurityUpdateNotFound("Some.Dependency", "1.0.0"),
+                new MarkAsProcessed("TEST-COMMIT-SHA"),
+            ]
+        );
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Run/UpdateHandlers/GroupUpdateAllVersionsHandlerTests.cs

@@ -1370,4 +1370,150 @@ public class GroupUpdateAllVersionsHandlerTests : UpdateHandlersTestsBase
             ]
         );
     }
+
+    [Fact]
+    public async Task UngroupedPullRequestCanBeCreatedIfGroupAppliesToNonMatchedTypes()
+    {
+        // group only applies to minor and patch updates, but a major update is requested and gets generated separately
+        await TestAsync(
+            job: new Job()
+            {
+                Source = CreateJobSource("/src"),
+                DependencyGroups = [new()
+                {
+                    Name = "test-group",
+                    Rules = new()
+                    {
+                        ["patterns"] = new[] { "Some.Dependency" },
+                        ["update-types"] = new[] { "minor", "patch" }
+                    },
+                }]
+            },
+            files: [
+                ("src/project.csproj", "initial contents"),
+            ],
+            discoveryWorker: TestDiscoveryWorker.FromResults(
+                ("/src", new WorkspaceDiscoveryResult()
+                {
+                    Path = "/src",
+                    Projects = [
+                        new()
+                        {
+                            FilePath = "project.csproj",
+                            Dependencies = [
+                                new("Some.Dependency", "1.0.0", DependencyType.PackageReference, TargetFrameworks: ["net9.0"]),
+                            ],
+                            ImportedFiles = [],
+                            AdditionalFiles = [],
+                        }
+                    ],
+                })
+            ),
+            analyzeWorker: new TestAnalyzeWorker(input =>
+            {
+                var repoRoot = input.Item1;
+                var discovery = input.Item2;
+                var dependencyInfo = input.Item3;
+                var newVersion = dependencyInfo.Name switch
+                {
+                    "Some.Dependency" => "2.0.0",
+                    _ => throw new NotImplementedException($"Test didn't expect to update dependency {dependencyInfo.Name}"),
+                };
+                return Task.FromResult(new AnalysisResult()
+                {
+                    CanUpdate = true,
+                    UpdatedVersion = newVersion,
+                    UpdatedDependencies = [],
+                });
+            }),
+            updaterWorker: new TestUpdaterWorker(async input =>
+            {
+                var repoRoot = input.Item1;
+                var workspacePath = input.Item2;
+                var dependencyName = input.Item3;
+                var previousVersion = input.Item4;
+                var newVersion = input.Item5;
+                var isTransitive = input.Item6;
+
+                await File.WriteAllTextAsync(Path.Join(repoRoot, workspacePath), "updated contents");
+
+                return new UpdateOperationResult()
+                {
+                    UpdateOperations = [new DirectUpdate() { DependencyName = dependencyName, NewVersion = NuGetVersion.Parse(newVersion), UpdatedFiles = [workspacePath] }],
+                };
+            }),
+            expectedUpdateHandler: GroupUpdateAllVersionsHandler.Instance,
+            expectedApiMessages: [
+                new IncrementMetric()
+                {
+                    Metric = "updater.started",
+                    Tags = new()
+                    {
+                        ["operation"] = "group_update_all_versions",
+                    }
+                },
+                // discovery from group updater
+                new UpdatedDependencyList()
+                {
+                    Dependencies = [
+                        new()
+                        {
+                            Name = "Some.Dependency",
+                            Version = "1.0.0",
+                            Requirements = [
+                                new() { Requirement = "1.0.0", File = "/src/project.csproj", Groups = ["dependencies"] },
+                            ],
+                        },
+                    ],
+                    DependencyFiles = ["/src/project.csproj"],
+                },
+                // discovery from ungrouped updater
+                new UpdatedDependencyList()
+                {
+                    Dependencies = [
+                        new()
+                        {
+                            Name = "Some.Dependency",
+                            Version = "1.0.0",
+                            Requirements = [
+                                new() { Requirement = "1.0.0", File = "/src/project.csproj", Groups = ["dependencies"] },
+                            ],
+                        },
+                    ],
+                    DependencyFiles = ["/src/project.csproj"],
+                },
+                new CreatePullRequest()
+                {
+                    Dependencies = [
+                        new()
+                        {
+                            Name = "Some.Dependency",
+                            Version = "2.0.0",
+                            Requirements = [
+                                new() { Requirement = "2.0.0", File = "/src/project.csproj", Groups = ["dependencies"], Source = new() { SourceUrl = null } },
+                            ],
+                            PreviousVersion = "1.0.0",
+                            PreviousRequirements = [
+                                new() { Requirement = "1.0.0", File = "/src/project.csproj", Groups = ["dependencies"] },
+                            ],
+                        },
+                    ],
+                    UpdatedDependencyFiles = [
+                        new()
+                        {
+                            Directory = "/src",
+                            Name = "project.csproj",
+                            Content = "updated contents",
+                        },
+                    ],
+                    BaseCommitSha = "TEST-COMMIT-SHA",
+                    CommitMessage = EndToEndTests.TestPullRequestCommitMessage,
+                    PrTitle = EndToEndTests.TestPullRequestTitle,
+                    PrBody = EndToEndTests.TestPullRequestBody,
+                    DependencyGroup = null,
+                },
+                new MarkAsProcessed("TEST-COMMIT-SHA"),
+            ]
+        );
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs

@@ -634,5 +634,17 @@ public class MSBuildHelperTests : TestBase
             // expectedError
             new UnknownError(new Exception("Multiple project files found for single packages.config"), "TEST-JOB-ID"),
         ];
+
+        yield return
+        [
+            // output
+            """
+            Error parsing packages.config file at /path/to/packages.config: Unexpected XML declaration. The XML declaration must be the first node in the document, and no whitespace characters are allowed to appear before it. Line 1, position 5.
+
+            ^^^ this blank line is necessary to force a newline at the end of the output
+            """,
+            // expectedError
+            new DependencyFileNotParseable("/path/to/packages.config", "Unexpected XML declaration. The XML declaration must be the first node in the document, and no whitespace characters are allowed to appear before it. Line 1, position 5.")
+        ];
     }
 }

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-nuget
 version: !ruby/object:Gem::Version
-  version: 0.364.0
+  version: 0.366.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.364.0
+        version: 0.366.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.364.0
+        version: 0.366.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -553,7 +553,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.364.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.366.0
 rdoc_options: []
 require_paths:
 - lib