dependabot-nuget 0.268.0 → 0.270.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3dbd572d869f156e22c4020848387b9b54611ad236c08be6b3ca4cce3e5e7ebc
-  data.tar.gz: f9578fc6352ff07629255fdd1bb2032cda9b0109090507fc39eed9e1b369a68d
+  metadata.gz: 690337cc223bbf06e50f9f66fff955f966931bbc4368fe4d5849efb386c4a123
+  data.tar.gz: bce0d34b0c79064c99a511b88b8087f5d287ff7fef85aa01bb32b6d3b824a7d4
 SHA512:
-  metadata.gz: 8c91cd7ef8d66d4aa48de704d70d41087ad8b6f867946f1cf59038a22f22d06febb5227e637d339fe93ec8fa5c086f8d410e16d00c3f70a4c8c348993de01c28
-  data.tar.gz: 161deea8269b8c3fe00013ef83da37e96ddedf9518e9463bdf952034a03ef00be0fac713495b4706ccbcb3d08d072aec700b7921dcbf01506e8e4d432c4fc634
+  metadata.gz: 431e6a7b442ce8a7430882a125ccebe3b77b54dfc68698aa5c6279be0cde427a924c3faafceb0b1414d2e0feff35ad43e29e31aa410b11ea3bf451ac5cbf5288
+  data.tar.gz: 805297f077777b6cc7f8fdccbe46a37909b008bd7a09abfc86816ad3cdfda1da837b8fa49f8c4086e5910c27f61bc2179b4b550d84e26cabc378d34201aee4f5

data/helpers/lib/NuGetUpdater/NuGetUpdater.Cli.Test/EntryPointTests.Update.cs

@@ -407,6 +407,7 @@ public partial class EntryPointTests
                 try
                 {
                     await MockNuGetPackagesInDirectory(packages, path);
+
                     var args = getArgs(path);
                     var result = await Program.Main(args);
                     if (result != 0)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/AnalyzeWorker.cs

@@ -255,6 +255,12 @@ public partial class AnalyzeWorker
         CancellationToken cancellationToken)
     {
         var versions = versionResult.GetVersions();
+        if (versions.Length == 0)
+        {
+            // if absolutely nothing was found, then we can't update
+            return null;
+        }
+
         var orderedVersions = findLowestVersion
             ? versions.OrderBy(v => v) // If we are fixing a vulnerability, then we want the lowest version that is safe.
             : versions.OrderByDescending(v => v); // If we are just updating versions, then we want the highest version possible.

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/CompatabilityChecker.cs

@@ -84,24 +84,27 @@ internal static class CompatibilityChecker
         var reader = new NuspecReader(nuspecStream);
 
         var isDevDependency = reader.GetDevelopmentDependency();
+        var tfms = new HashSet<NuGetFramework>();
+        var dependencyGroups = reader.GetDependencyGroups().ToArray();
 
-        var tfms = reader.GetDependencyGroups()
-            .Select(d => d.TargetFramework)
-            .ToImmutableArray();
-        if (tfms.Length == 0)
+        foreach (var d in dependencyGroups)
         {
-            // If the nuspec doesn't have any dependency groups,
-            // try to get the TargetFramework from files in the lib folder.
             var libItems = (await readers.ContentReader.GetLibItemsAsync(cancellationToken)).ToList();
-            if (libItems.Count == 0)
+
+            foreach (var item in libItems)
             {
-                // If there is no lib folder in this package, then assume it is a dev dependency.
-                isDevDependency = true;
+                tfms.Add(item.TargetFramework);
             }
 
-            tfms = libItems.Select(item => item.TargetFramework)
-                .Distinct()
-                .ToImmutableArray();
+            if (!d.TargetFramework.IsAny)
+            {
+                tfms.Add(d.TargetFramework);
+            }
+        }
+
+        if (!tfms.Any())
+        {
+            tfms.Add(NuGetFramework.AnyFramework);
         }
 
         // The interfaces we given are not disposable but the underlying type can be.
@@ -109,7 +112,7 @@ internal static class CompatibilityChecker
         (readers.CoreReader as IDisposable)?.Dispose();
         (readers.ContentReader as IDisposable)?.Dispose();
 
-        return (isDevDependency, tfms);
+        return (isDevDependency, tfms.ToImmutableArray());
     }
 
     internal static PackageReaders ReadPackage(string tempPackagePath)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/Requirement.cs

@@ -116,7 +116,14 @@ public class IndividualRequirement : Requirement
             : [requirement[..(splitIndex + 1)].Trim(), requirement[(splitIndex + 1)..].Trim()];
 
         var op = parts.Length == 1 ? "=" : parts[0];
-        var version = NuGetVersion.Parse(parts[^1]);
+        var versionString = parts[^1];
+
+        // allow for single character wildcards; may be asterisk (NuGet-style: 1.*) or a single letter (alternate style: 1.x)
+        var versionParts = versionString.Split('.');
+        var recreatedVersionParts = versionParts.Select(vp => vp.Length == 1 && (vp == "*" || char.IsAsciiLetter(vp[0])) ? "0" : vp).ToArray();
+
+        var rebuiltVersionString = string.Join(".", recreatedVersionParts);
+        var version = NuGetVersion.Parse(rebuiltVersionString);
 
         return new IndividualRequirement(op, version);
     }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Updater/SdkPackageUpdater.cs

@@ -24,6 +24,7 @@ internal static class SdkPackageUpdater
 
         // Get the set of all top-level dependencies in the current project
         var topLevelDependencies = MSBuildHelper.GetTopLevelPackageDependencyInfos(buildFiles).ToArray();
+
         if (!await DoesDependencyRequireUpdateAsync(repoRootPath, projectPath, tfms, topLevelDependencies, dependencyName, newDependencyVersion, logger))
         {
             return;
@@ -306,6 +307,7 @@ internal static class SdkPackageUpdater
         IDictionary<string, string> peerDependencies,
         Logger logger)
     {
+
         var result = TryUpdateDependencyVersion(buildFiles, dependencyName, previousDependencyVersion, newDependencyVersion, logger);
         if (result == UpdateResult.NotFound)
         {
@@ -324,7 +326,20 @@ internal static class SdkPackageUpdater
         {
             foreach (string tfm in targetFrameworks)
             {
-                Dependency[]? resolvedDependencies = await MSBuildHelper.ResolveDependencyConflicts(repoRootPath, projectFile.Path, tfm, updatedTopLevelDependencies, logger);
+                if (MSBuildHelper.UseNewDependencySolver())
+                {
+                    // Find the index of the dependency we are updating and revert it to the previous version
+                    int dependencyIndex = Array.FindIndex(updatedTopLevelDependencies, d => string.Equals(d.Name, dependencyName, StringComparison.OrdinalIgnoreCase));
+                    if (dependencyIndex != -1)
+                    {
+                        var originalDependency = updatedTopLevelDependencies[dependencyIndex];
+                        updatedTopLevelDependencies[dependencyIndex] = originalDependency with { Version = previousDependencyVersion };
+                    }
+
+                }
+                Dependency[] update = [new Dependency(dependencyName, newDependencyVersion, DependencyType.PackageReference)];
+                Dependency[]? resolvedDependencies = await MSBuildHelper.ResolveDependencyConflicts(repoRootPath, projectFile.Path, tfm, updatedTopLevelDependencies, update, logger);
+
                 if (resolvedDependencies is null)
                 {
                     logger.Log($"    Unable to resolve dependency conflicts for {projectFile.Path}.");
@@ -345,7 +360,7 @@ internal static class SdkPackageUpdater
                     continue;
                 }
 
-                // update all other dependencies
+                // update all dependencies
                 foreach (Dependency resolvedDependency in resolvedDependencies
                                                           .Where(d => !d.Name.Equals(dependencyName, StringComparison.OrdinalIgnoreCase))
                                                           .Where(d => d.Version is not null))