dependabot-nuget 0.379.0 → 0.381.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 6a30c97332d1fca64d5fc48d192b55802ef9000a40aa3eb283b165c347ebe64d
-  data.tar.gz: 63eaedf049ff81f75b1e4c0cdc2ea42601d0a01a3f68fab8b8577ecc8f2d4b8e
+  metadata.gz: e7b5e7ecbcdfec1745579022fa1120f674bc82f492d1ea4eca4c2dea429558a2
+  data.tar.gz: a41a8ebdd8d8301739d30b922971bd3492be935aec49c6fe09a2f1d97deb6b98
 SHA512:
-  metadata.gz: 5522815d4c5abbe6cd19a15a62eddd9d81b25e15b4facbe4ca6ffd01246ece451ce6887f3289bbd30139877a565c5edc56eb20c187ae69e69d2970911ef0a614
-  data.tar.gz: 052c7aa235636a4eab5db8b7149ee81ee7cc576e8dff81049e3345ca4774ac68ad04f30b23c8d0bbbf29d5bdc9cd27b8b1f50bcdd3a27e59f8778f387bec0060
+  metadata.gz: f669096630ab540383c4e8e4d5de53cc10c85700bfef3171f57fbb30dfade61a17e14fbbb0e9d845d7a83410ce0452d22c4bd32ccaf2eec4c05c14253591d983
+  data.tar.gz: 899acdbff1b55fda3bd97c2b1591c282dcd659b872ce46ef8901b69430bb74e1188c2fb4211e1b6dc402918fe5e497048eaa17442fa553f753a678f5fec5f593

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/DiscoveryWorker.cs

@@ -276,7 +276,16 @@ public partial class DiscoveryWorker : IDiscoveryWorker
                 else if (extension == ".slnx")
                 {
                     logger.Info($"    Expanding solution: {candidateEntryPoint}:");
-                    SolutionModel solution = await SolutionSerializers.SlnXml.OpenAsync(candidateEntryPoint, CancellationToken.None);
+                    SolutionModel solution;
+                    try
+                    {
+                        solution = await SolutionSerializers.SlnXml.OpenAsync(candidateEntryPoint, CancellationToken.None);
+                    }
+                    catch (SolutionException ex)
+                    {
+                        throw new UnparseableFileException(ex.Message, candidateEntryPoint);
+                    }
+
                     string solutionPath = Path.GetDirectoryName(candidateEntryPoint) ?? string.Empty;
 
                     foreach (SolutionProjectModel project in solution.SolutionProjects)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/GlobalJsonDiscovery.cs

@@ -1,5 +1,7 @@
 using System.Collections.Immutable;
 
+using NuGet.Versioning;
+
 namespace NuGetUpdater.Core.Discover;
 
 internal static class GlobalJsonDiscovery
@@ -16,15 +18,28 @@ internal static class GlobalJsonDiscovery
 
         logger.Info($"  Discovered [{globalJsonFile.RelativePath}] file.");
 
-        var dependencies = BuildFile.GetDependencies(globalJsonFile)
+        var allDependencies = BuildFile.GetDependencies(globalJsonFile)
             .OrderBy(d => d.Name)
             .ToImmutableArray();
 
+        var dependencies = ImmutableArray.CreateBuilder<Dependency>();
+        foreach (var dependency in allDependencies)
+        {
+            if (NuGetVersion.TryParse(dependency.Version, out _))
+            {
+                dependencies.Add(dependency);
+            }
+            else
+            {
+                logger.Warn($"  Dependency '{dependency.Name}' has an unparseable version: '{dependency.Version}' and will be ignored.");
+            }
+        }
+
         return new()
         {
             FilePath = globalJsonFile.RelativePath,
             IsSuccess = !globalJsonFile.FailedToParse,
-            Dependencies = dependencies,
+            Dependencies = dependencies.ToImmutable(),
         };
     }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/SdkProjectDiscovery.cs

@@ -207,6 +207,7 @@ internal static class SdkProjectDiscovery
                 }
 
                 MSBuildHelper.ThrowOnError(stdOut);
+                MSBuildHelper.ThrowOnError(stdErr);
                 if (exitCode != 0)
                 {
                     // log error, but still try to resolve what we can
@@ -215,6 +216,11 @@ internal static class SdkProjectDiscovery
 
                 if (!File.Exists(binLogPath))
                 {
+                    if (stdErr.Contains("A compatible .NET SDK was not found."))
+                    {
+                        throw new Exception("Missing SDK, check global.json locations vs. job directories.");
+                    }
+
                     throw new FileNotFoundException("Dependency discovery didn't produce a log file.");
                 }
 
@@ -826,7 +832,13 @@ internal static class SdkProjectDiscovery
             var tempProjectPath = await MSBuildHelper.CreateTempProjectAsync(tempDirectory, repoRootPath, projectPath, targetFrameworks, topLevelDependencies, logger);
             var tempProjectDirectory = Path.GetDirectoryName(tempProjectPath)!;
             var rediscoveredDependencies = await DiscoverAsync(tempProjectDirectory, tempProjectDirectory, tempProjectPath, experimentsManager, logger);
-            var rediscoveredDependenciesForThisProject = rediscoveredDependencies.Single(); // we started with a single temp project, this will be the only result
+            var tempProjectFileName = Path.GetFileName(tempProjectPath);
+            var rediscoveredDependenciesForThisProject = rediscoveredDependencies.FirstOrDefault(r => PathComparer.Instance.Equals(r.FilePath, tempProjectFileName));
+            if (rediscoveredDependenciesForThisProject is null)
+            {
+                logger.Warn($"Unable to rediscover packages for legacy project {projectPath}; using original package set.");
+                return packagesPerProject;
+            }
 
             // re-build packagesPerProject
             var rebuiltPackagesPerProject = packagesPerProject.ToDictionary(PathComparer.Instance); // shallow copy

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Utilities/MSBuildHelper.cs

@@ -670,6 +670,7 @@ internal static partial class MSBuildHelper
         ThrowOnUnparseableFile(output);
         ThrowOnMultipleProjectsForPackagesConfig(output);
         ThrowOnCircularDependency(output);
+        ThrowOnInvalidIcuPackage(output);
     }
 
     private static void ThrowOnUnauthenticatedFeed(string stdout)
@@ -821,6 +822,14 @@ internal static partial class MSBuildHelper
         }
     }
 
+    private static void ThrowOnInvalidIcuPackage(string output)
+    {
+        if (output.Contains("Couldn't find a valid ICU package installed on the system."))
+        {
+            throw new Exception("Couldn't find a valid ICU package installed on the system. Likely EOL SDK.");
+        }
+    }
+
     internal static bool TryGetGlobalJsonPath(string repoRootPath, string workspacePath, [NotNullWhen(returnValue: true)] out string? globalJsonPath)
     {
         globalJsonPath = PathHelper.GetFileInDirectoryOrParent(workspacePath, repoRootPath, "global.json", caseSensitive: false);

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.GlobalJson.cs

@@ -103,5 +103,36 @@ public partial class DiscoveryWorkerTests
                 }
             );
         }
+
+        [Fact]
+        public async Task FiltersDependenciesWithUnparseableVersions()
+        {
+            await TestDiscoveryAsync(
+                packages: [],
+                workspacePath: "",
+                files: [
+                    ("global.json", """
+                        {
+                          "sdk": {
+                            "version": "2.2.104"
+                          },
+                          "msbuild-sdks": {
+                            "Microsoft.Build.Traversal": "not-a-version"
+                          }
+                        }
+                        """),
+                ],
+                expectedResult: new()
+                {
+                    Path = "",
+                    GlobalJson = new()
+                    {
+                        FilePath = "global.json",
+                        ExpectedDependencyCount = 0,
+                    },
+                    ExpectedProjectCount = 0,
+                }
+            );
+        }
     }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Discover/DiscoveryWorkerTests.PackagesConfig.cs

@@ -271,5 +271,85 @@ public partial class DiscoveryWorkerTests
                 }
             );
         }
+        [Fact]
+        public async Task LegacyProjectWithIncompatibleCPMPackagesDoesNotCrash()
+        {
+            // A legacy packages.config project in a repo with CPM enabled.
+            // The CPM Directory.Packages.props defines a package that only supports net8.0,
+            // which is incompatible with the project's net48 TFM. This previously caused
+            // RebuildPackagesPerProject to crash with "Sequence contains no elements" when
+            // the temp project restore failed and DiscoverAsync returned empty results.
+            await TestDiscoveryAsync(
+                packages:
+                [
+                    MockNuGetPackage.CreateSimplePackage("PackageReferencedThroughLegacyMechanism", "1.0.0", "net48"),
+                    MockNuGetPackage.CreateSimplePackage("PackageOnlyCompatibleWithNet8", "2.0.0", "net8.0"),
+                ],
+                workspacePath: "src",
+                files: [
+                    ("Directory.Build.props", """
+                        <Project>
+                          <ItemGroup>
+                            <PackageReference Include="PackageOnlyCompatibleWithNet8" />
+                          </ItemGroup>
+                        </Project>
+                    """),
+                    ("Directory.Build.targets", "<Project />"),
+                    ("Directory.Packages.props", """
+                        <Project>
+                          <PropertyGroup>
+                            <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
+                          </PropertyGroup>
+                          <ItemGroup>
+                            <PackageVersion Include="PackageOnlyCompatibleWithNet8" Version="2.0.0" />
+                          </ItemGroup>
+                        </Project>
+                        """),
+                    ("src/myproj.csproj", """
+                        <Project ToolsVersion="15.0" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
+                          <Import Project="$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props" Condition="Exists('$(MSBuildExtensionsPath)\$(MSBuildToolsVersion)\Microsoft.Common.props')" />
+                          <PropertyGroup>
+                            <TargetFrameworkVersion>v4.8</TargetFrameworkVersion>
+                          </PropertyGroup>
+                          <ItemGroup>
+                            <None Include="packages.config" />
+                          </ItemGroup>
+                          <ItemGroup>
+                            <Reference Include="PackageReferencedThroughLegacyMechanism">
+                              <HintPath>packages\PackageReferencedThroughLegacyMechanism.1.0.0\lib\net48\PackageReferencedThroughLegacyMechanism.dll</HintPath>
+                              <Private>True</Private>
+                            </Reference>
+                          </ItemGroup>
+                          <Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
+                        </Project>
+                        """),
+                    ("src/packages.config", """
+                        <?xml version="1.0" encoding="utf-8"?>
+                        <packages>
+                          <package id="PackageReferencedThroughLegacyMechanism" version="1.0.0" targetFramework="net48" />
+                        </packages>
+                        """),
+                ],
+                expectedResult: new()
+                {
+                    Path = "src",
+                    Projects = [
+                        new()
+                        {
+                            FilePath = "myproj.csproj",
+                            TargetFrameworks = ["net48"],
+                            Dependencies = [
+                                new("PackageReferencedThroughLegacyMechanism", "1.0.0", DependencyType.PackagesConfig, TargetFrameworks: ["net48"]),
+                            ],
+                            ReferencedProjectPaths = [],
+                            ImportedFiles = [],
+                            AdditionalFiles = [
+                                "packages.config"
+                            ],
+                        }
+                    ],
+                }
+            );
+        }
     }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Utilities/MSBuildHelperTests.cs

@@ -654,5 +654,13 @@ public class MSBuildHelperTests : TestBase
             // expectedError
             new UnknownError(new Exception("Circular dependency detected"), "TEST-JOB-ID"),
         ];
+
+        yield return
+        [
+            // output
+            "Couldn't find a valid ICU package installed on the system. Set the configuration flag System.Globalization.Invariant to true if you want to run with no globalization support.",
+            // expectedError
+            new UnknownError(new Exception("Couldn't find a valid ICU package installed on the system. Likely EOL SDK."), "TEST-JOB-ID"),
+        ];
     }
 }

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: dependabot-nuget
 version: !ruby/object:Gem::Version
-  version: 0.379.0
+  version: 0.381.0
 platform: ruby
 authors:
 - Dependabot
@@ -15,14 +15,14 @@ dependencies:
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.379.0
+        version: 0.381.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - '='
       - !ruby/object:Gem::Version
-        version: 0.379.0
+        version: 0.381.0
 - !ruby/object:Gem::Dependency
   name: debug
   requirement: !ruby/object:Gem::Requirement
@@ -579,7 +579,7 @@ licenses:
 - MIT
 metadata:
   bug_tracker_uri: https://github.com/dependabot/dependabot-core/issues
-  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.379.0
+  changelog_uri: https://github.com/dependabot/dependabot-core/releases/tag/v0.381.0
 rdoc_options: []
 require_paths:
 - lib