RubyGems - dependabot-nuget - Versions diffs - 0.352.0 → 0.353.0 - Mend

dependabot-nuget 0.352.0 → 0.353.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (33) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 011bc96766fde7190676e83ac5f6fb5a227ad6a8efa644010309df485732231c
-  data.tar.gz: 0fe5b3850138fcc5c1c2bef7bc180e17b4137851b34d7d096474561d211f15f4
+  metadata.gz: 7abf57af01e4a8a8aec9fb9d1979e6104a5059e057b4001bd53fa25e32c9a891
+  data.tar.gz: 6b983c64fbd42200d023004d03f039a68ca8a4b8dace9a63efaea0328f9dd572
 SHA512:
-  metadata.gz: a549a494e8b71d2441455b71a7b48076d20ce0051fcbd02da7762b02e311b155a0affd5810b4af67279fb61d1db63a010d2e0f7798608b4a66e8ac5c02ae9611
-  data.tar.gz: a62dbf38f60ecefbe4dac4ffc32564caecf35c4b80e70e5555d49ef0ac4677767613977f75ee5838f470fe2bf55aca0d25074919325f96b683dbdd975eac08d5
+  metadata.gz: bcc2466108e839493cb8146b2dcae4079c257956f8eaf0f2181f6d24ae9cdb2fe8b20bea620d5530a33f4a62b2ac3a31bc17d80def3049e51b4ae8969d8d626d
+  data.tar.gz: d4bbc768c4c02cc017a4e066d885fb66b5c7dd00fa5c60b22605a5bf078cfceac52bfa98cc798018aa5a5fe0e3a290b7c38f6fc72d9718527da8b9409967d6d4

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/DiscoveryWorker.cs CHANGED Viewed

@@ -252,52 +252,26 @@ public partial class DiscoveryWorker : IDiscoveryWorker
                         filesToExpand.Push(projectPath);
                     }
                 }
-                if (experimentsManager.UseSingleRestore)
+                else if (extension == ".proj")
                 {
-                    // projects get shunted directly to the result because regular discovery handles it from there
-                    switch (extension)
+                    var foundProjects = ExpandItemGroupFilesFromProject(candidateEntryPoint, "ProjectFile", "ProjectReference");
+                    foreach (var foundProject in foundProjects)
                     {
-                        case ".proj":
-                        case ".csproj":
-                        case ".fbproj":
-                        case ".fsproj":
-                            expandedProjects.Add(candidateEntryPoint);
-                            break;
-                        default:
-                            // unsupported project
-                            break;
+                        filesToExpand.Push(foundProject);
                     }
                 }
-                else
+                // projects get shunted directly to the result because regular discovery handles it from there
+                switch (extension)
                 {
-                    if (extension == ".proj")
-                    {
-                        IEnumerable<string> foundProjects = ExpandItemGroupFilesFromProject(candidateEntryPoint, "ProjectFile", "ProjectReference");
-                        foreach (string foundProject in foundProjects)
-                        {
-                            filesToExpand.Push(foundProject);
-                        }
-                    }
-                    else
-                    {
-                        switch (extension)
-                        {
-                            case ".csproj":
-                            case ".fsproj":
-                            case ".vbproj":
-                                // keep this project and check for references
-                                expandedProjects.Add(candidateEntryPoint);
-                                IEnumerable<string> referencedProjects = ExpandItemGroupFilesFromProject(candidateEntryPoint, "ProjectReference");
-                                foreach (string referencedProject in referencedProjects)
-                                {
-                                    filesToExpand.Push(referencedProject);
-                                }
-                                break;
-                            default:
-                                continue;
-                        }
-                    }
+                    case ".csproj":
+                    case ".vbproj":
+                    case ".fsproj":
+                        expandedProjects.Add(candidateEntryPoint);
+                        break;
+                    default:
+                        // unsupported project
+                        break;
                 }
             }
         }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Discover/SdkProjectDiscovery.cs CHANGED Viewed

@@ -5,7 +5,9 @@ using System.Xml.XPath;
 using Microsoft.Build.Logging.StructuredLogger;
+using NuGet;
 using NuGet.Frameworks;
+using NuGet.Versioning;
 using NuGetUpdater.Core.Utilities;
@@ -58,7 +60,7 @@ internal static class SdkProjectDiscovery
     [
         "Restore",
         "ResolveProjectReferences",
-        "ResolvePackageAssets"
+        "GenerateBuildDependencyFile"
     ];
     public static async Task<ImmutableArray<ProjectDiscoveryResult>> DiscoverAsync(string repoRootPath, string workspacePath, string startingProjectPath, ExperimentsManager experimentsManager, ILogger logger)
@@ -88,6 +90,9 @@ internal static class SdkProjectDiscovery
         Dictionary<string, Dictionary<string, Dictionary<string, string>>> explicitPackageVersionsPerProject = new(PathComparer.Instance);
         //    projectPath,               tfm,       packageName, packageVersion
+        Dictionary<string, int> packageReferenceElementCounts = new(PathComparer.Instance);
+        //    projectPath, count of `<PackageReference>` elements
         Dictionary<string, Dictionary<string, Dictionary<string, string>>> packagesReplacedBySdkPerProject = new(PathComparer.Instance);
         //    projectPath                tfm        packageName  packageVersion
@@ -106,47 +111,49 @@ internal static class SdkProjectDiscovery
         Dictionary<string, HashSet<string>> additionalFiles = new(PathComparer.Instance);
         //    projectPath  additionalFiles
-        var requiresManualPackageResolution = false;
-        var discoveredTfms = experimentsManager.UseSingleRestore
-            ? ["unused-for-single-restore"] // we need to ensure we do the following just once because it'll restore all relevant projects
-            : await MSBuildHelper.GetTargetFrameworkValuesFromProject(repoRootPath, startingProjectPath, logger);
-        foreach (var discoveredTfm in discoveredTfms)
+        // due to how MSBuild handles multi-TFM projects with target platforms we may need to process each TFM separately
+        // we detect that by determining if there are multiple target frameworks specified and if any of them have a platform suffix (e.g., `-windows`, `-android`, etc)
+        var projectTfms = await MSBuildHelper.GetProjectTargetFrameworksAsync(startingProjectPath, logger);
+        var requiresIndividualRestores = projectTfms.Any(tfm => tfm.Contains('-'));
+        if (!requiresIndividualRestores)
+        {
+            projectTfms = [string.Empty]; // a single restore can handle everything, but we need to loop at least once and an empty TFM is our signal to not specify anything
+        }
+        foreach (var tfm in projectTfms)
         {
+            var isSingleTfmRestore = !string.IsNullOrEmpty(tfm);
             // create a binlog
             var binLogPath = Path.Combine(Path.GetTempPath(), $"msbuild_{Guid.NewGuid():d}.binlog");
             try
             {
-                // the built-in target `GenerateBuildDependencyFile` forces resolution of all NuGet packages, but doesn't invoke a full build
+                // when using single restore, we can directly invoke the relevant targets
+                var args = new List<string>() { "msbuild", startingProjectPath };
+                var targets = await MSBuildHelper.GetProjectTargetsAsync(startingProjectPath, logger);
+                var useDirectRestore = SingleRestoreTargetNames.All(targets.Contains);
+                if (useDirectRestore || isSingleTfmRestore)
+                {
+                    // directly call the required targets
+                    args.Add($"/t:{string.Join(",", SingleRestoreTargetNames)}");
+                }
+                else
+                {
+                    // delegate to the inner build and call those targets
+                    args.Add("/t:Build");
+                    args.Add($"/p:InnerTargets=\"{string.Join(";", SingleRestoreTargetNames)}\"");
+                }
+                // inject various props and targets to help with discovery
                 var dependencyDiscoveryTargetingPacksPropsPath = MSBuildHelper.GetFileFromRuntimeDirectory("DependencyDiscoveryTargetingPacks.props");
                 var dependencyDiscoveryTargetsPath = MSBuildHelper.GetFileFromRuntimeDirectory("DependencyDiscovery.targets");
-                var args = new List<string>()
-                {
-                    "build",
-                    startingProjectPath,
-                    "/t:_DiscoverDependencies",
-                    $"/p:TargetFramework={discoveredTfm}",
-                    $"/p:CustomBeforeMicrosoftCommonProps={dependencyDiscoveryTargetingPacksPropsPath}",
-                    $"/p:CustomAfterMicrosoftCommonCrossTargetingTargets={dependencyDiscoveryTargetsPath}",
-                    $"/p:CustomAfterMicrosoftCommonTargets={dependencyDiscoveryTargetsPath}",
-                };
-                if (experimentsManager.UseSingleRestore)
+                args.Add($"/p:CustomBeforeMicrosoftCommonProps={dependencyDiscoveryTargetingPacksPropsPath}");
+                args.Add($"/p:CustomAfterMicrosoftCommonCrossTargetingTargets={dependencyDiscoveryTargetsPath}");
+                args.Add($"/p:CustomAfterMicrosoftCommonTargets={dependencyDiscoveryTargetsPath}");
+                if (isSingleTfmRestore)
                 {
-                    // when using single restore, we can directly invoke the relevant targets
-                    args = ["msbuild", startingProjectPath];
-                    var targets = await MSBuildHelper.GetProjectTargetsAsync(startingProjectPath, logger);
-                    var useDirectRestore = SingleRestoreTargetNames.All(targets.Contains);
-                    if (useDirectRestore)
-                    {
-                        // directly call the required targets
-                        args.Add($"/t:{string.Join(",", SingleRestoreTargetNames)}");
-                    }
-                    else
-                    {
-                        // delegate to the inner build and call those targets
-                        args.Add("/t:Build");
-                        args.Add($"/p:InnerTargets=\"{string.Join(";", SingleRestoreTargetNames)}\"");
-                    }
+                    args.Add($"/p:TargetFramework={tfm}");
                 }
                 // if using CPM and a project also sets TreatWarningsAsErrors to true, this can cause discovery to fail; explicitly don't allow that
@@ -166,11 +173,6 @@ internal static class SdkProjectDiscovery
                 }
                 MSBuildHelper.ThrowOnError(stdOut);
-                if (stdOut.Contains("_DependencyDiscovery_LegacyProjects::UseTemporaryProject"))
-                {
-                    // special case - legacy project with <PackageReference> elements; this requires extra handling below
-                    requiresManualPackageResolution = true;
-                }
                 if (exitCode != 0)
                 {
                     // log error, but still try to resolve what we can
@@ -200,8 +202,8 @@ internal static class SdkProjectDiscovery
                                     // props and targets files might have been imported from these, but they're not to be considered as dependency files
                                     var forbiddenDirectories = new[]
                                         {
-                                            GetPropertyValueFromProjectEvaluation(projectEvaluation, "BaseIntermediateOutputPath"), // e.g., "obj/"
-                                            GetPropertyValueFromProjectEvaluation(projectEvaluation, "BaseOutputPath"), // e.g., "bin/"
+                                        GetPropertyValueFromProjectEvaluation(projectEvaluation, "BaseIntermediateOutputPath"), // e.g., "obj/"
+                                        GetPropertyValueFromProjectEvaluation(projectEvaluation, "BaseOutputPath"), // e.g., "bin/"
                                         }
                                         .Where(p => !string.IsNullOrEmpty(p))
                                         .Select(p => Path.Combine(Path.GetDirectoryName(projectEvaluation.ProjectFile)!, p!))
@@ -220,7 +222,7 @@ internal static class SdkProjectDiscovery
                             }
                             break;
                         case NamedNode namedNode when namedNode is AddItem or RemoveItem:
-                            ProcessResolvedPackageReference(namedNode, packagesPerProject, topLevelPackagesPerProject, explicitPackageVersionsPerProject);
+                            ProcessResolvedPackageReference(namedNode, packagesPerProject, topLevelPackagesPerProject, explicitPackageVersionsPerProject, packageReferenceElementCounts);
                             if (namedNode is AddItem addItem)
                             {
@@ -369,6 +371,23 @@ internal static class SdkProjectDiscovery
             }
         }
+        var requiresManualPackageResolution = false;
+        foreach (var projectPath in resolvedProperties.Keys)
+        {
+            var projectProperties = resolvedProperties[projectPath];
+            var isProjectLegacy = !projectProperties.ContainsKey("NETCoreSdkVersion"); // legacy projects don't contain this property
+            if (isProjectLegacy)
+            {
+                // if any TFM had any explicit packages defined, we need to do manual package resolution
+                if (explicitPackageVersionsPerProject.TryGetValue(projectPath, out var projectTfmRefs) &&
+                    projectTfmRefs.Values.Any(v => v.Count > 0))
+                {
+                    requiresManualPackageResolution = true;
+                    break;
+                }
+            }
+        }
         if (requiresManualPackageResolution)
         {
             // we were able to collect all <PackageReference> elements, but no transitive dependencies were resolved
@@ -376,7 +395,6 @@ internal static class SdkProjectDiscovery
             packagesPerProject = await RebuildPackagesPerProject(
                 repoRootPath,
                 startingProjectPath,
-                discoveredTfms,
                 packagesPerProject,
                 explicitPackageVersionsPerProject,
                 experimentsManager,
@@ -601,13 +619,18 @@ internal static class SdkProjectDiscovery
     private static async Task<Dictionary<string, Dictionary<string, Dictionary<string, string>>>> RebuildPackagesPerProject(
         string repoRootPath,
         string projectPath,
-        ImmutableArray<string> targetFrameworks,
         Dictionary<string, Dictionary<string, Dictionary<string, string>>> packagesPerProject,
         Dictionary<string, Dictionary<string, Dictionary<string, string>>> explicitPackageVersionsPerProject,
         ExperimentsManager experimentsManager,
         ILogger logger
     )
     {
+        // the secondary keys of these are TFMs
+        var targetFrameworks = packagesPerProject.Values.SelectMany(p => p.Keys)
+            .Concat(explicitPackageVersionsPerProject.Values.SelectMany(p => p.Keys))
+            .Distinct(StringComparer.OrdinalIgnoreCase)
+            .OrderBy(tfm => tfm)
+            .ToImmutableArray();
         var tempDirectory = Directory.CreateTempSubdirectory("legacy-package-reference-resolution_");
         try
         {
@@ -651,7 +674,8 @@ internal static class SdkProjectDiscovery
         NamedNode node,
         Dictionary<string, Dictionary<string, Dictionary<string, string>>> packagesPerProject, // projectPath -> tfm -> (packageName, packageVersion)
         Dictionary<string, Dictionary<string, HashSet<string>>> topLevelPackagesPerProject, // projectPath -> tfm -> packageName
-        Dictionary<string, Dictionary<string, Dictionary<string, string>>> packageVersionsPerProject // projectPath -> tfm -> (packageName, packageVersion)
+        Dictionary<string, Dictionary<string, Dictionary<string, string>>> packageVersionsPerProject, // projectPath -> tfm -> (packageName, packageVersion)
+        Dictionary<string, int> packageReferenceElementCounts // projectPath -> count of `<PackageReference>` elements
     )
     {
         var doRemoveOperation = node is RemoveItem;
@@ -670,7 +694,11 @@ internal static class SdkProjectDiscovery
                         continue;
                     }
-                    var tfm = GetPropertyValueFromProjectEvaluation(projectEvaluation, "TargetFramework");
+                    // count instances of `<PackageReference>`
+                    //var packageReferenceElements = packageReferenceElementCounts.GetOrAdd(projectEvaluation.ProjectFile, () => 0);
+                    //packageReferenceElementCounts[projectEvaluation.ProjectFile] = packageReferenceElements + 1;
+                    var tfm = GetTargetFrameworkFromProjectEvaluation(projectEvaluation);
                     if (tfm is not null)
                     {
                         var topLevelPackages = topLevelPackagesPerProject.GetOrAdd(projectEvaluation.ProjectFile, () => new(StringComparer.OrdinalIgnoreCase));
@@ -838,4 +866,32 @@ internal static class SdkProjectDiscovery
         return property.Value;
     }
+    private static string? GetTargetFrameworkFromProjectEvaluation(ProjectEvaluation projectEvaluation)
+    {
+        // try direct access of SDK-style property
+        var tfm = GetPropertyValueFromProjectEvaluation(projectEvaluation, "TargetFramework");
+        if (tfm is null)
+        {
+            // fall back to legacy properties
+            var frameworkMoniker = GetPropertyValueFromProjectEvaluation(projectEvaluation, "TargetFrameworkMoniker");
+            if (frameworkMoniker is not null)
+            {
+                var platformMoniker = GetPropertyValueFromProjectEvaluation(projectEvaluation, "TargetPlatformMoniker");
+                try
+                {
+                    var framework = string.IsNullOrEmpty(platformMoniker)
+                        ? NuGetFramework.Parse(frameworkMoniker)
+                        : NuGetFramework.ParseComponents(frameworkMoniker, platformMoniker);
+                    tfm = framework.GetShortFolderName();
+                }
+                catch
+                {
+                    // if unable to parse, retain null
+                }
+            }
+        }
+        return tfm;
+    }
 }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/ExperimentsManager.cs CHANGED Viewed

@@ -8,14 +8,12 @@ namespace NuGetUpdater.Core;
 public record ExperimentsManager
 {
     public bool GenerateSimplePrBody { get; init; } = false;
-    public bool UseSingleRestore { get; init; } = false;
     public Dictionary<string, object> ToDictionary()
     {
         return new()
         {
             ["nuget_generate_simple_pr_body"] = GenerateSimplePrBody,
-            ["nuget_use_single_restore"] = UseSingleRestore,
         };
     }
@@ -24,7 +22,6 @@ public record ExperimentsManager
         return new ExperimentsManager()
         {
             GenerateSimplePrBody = IsEnabled(experiments, "nuget_generate_simple_pr_body"),
-            UseSingleRestore = IsEnabled(experiments, "nuget_use_single_restore"),
         };
     }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/DependencyGroup.cs CHANGED Viewed

@@ -13,15 +13,24 @@ public record DependencyGroup
     //   "patterns" => string[] where each element is a wildcard name pattern
     //   "exclude-patterns"=> string[] where each element is a wildcard name pattern
     //   "dependency-type" => production|development // not used for nuget?
+    //   "update-types" => string[] where each element is one of major|minor|patch
     public Dictionary<string, object> Rules { get; init; } = new();
     public GroupMatcher GetGroupMatcher() => GroupMatcher.FromRules(Rules);
 }
+public enum GroupUpdateType
+{
+    Major,
+    Minor,
+    Patch,
+}
 public class GroupMatcher
 {
     public ImmutableArray<string> Patterns { get; init; } = ImmutableArray<string>.Empty;
     public ImmutableArray<string> ExcludePatterns { get; init; } = ImmutableArray<string>.Empty;
+    public ImmutableArray<GroupUpdateType> UpdateTypes { get; init; } = ImmutableArray<GroupUpdateType>.Empty;
     public bool IsMatch(string dependencyName)
     {
@@ -35,11 +44,21 @@ public class GroupMatcher
     {
         var patterns = GetStringArray(rules, "patterns", ["*"]); // default to matching everything unless explicitly excluded
         var excludePatterns = GetStringArray(rules, "exclude-patterns", []);
+        var updateTypes = GetStringArray(rules, "update-types", ["major", "minor", "patch"]) // default to everything unless explicitly specified
+            .Select(s => s.ToLowerInvariant() switch
+            {
+                "major" => GroupUpdateType.Major,
+                "minor" => GroupUpdateType.Minor,
+                "patch" => GroupUpdateType.Patch,
+                _ => throw new InvalidOperationException($"Unknown update type: {s}"),
+            })
+            .ToImmutableArray();
         return new GroupMatcher()
         {
             Patterns = patterns,
             ExcludePatterns = excludePatterns,
+            UpdateTypes = updateTypes,
         };
     }

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/Job.cs CHANGED Viewed

@@ -42,7 +42,7 @@ public sealed record Job
     public int MaxUpdaterRunTime { get; init; } = 0;
     public Cooldown? Cooldown { get; init; } = null;
-    public ImmutableArray<string> GetAllDirectories()
+    public ImmutableArray<string> GetRawDirectories()
     {
         var builder = ImmutableArray.CreateBuilder<string>();
         if (Source.Directory is not null)
@@ -59,6 +59,27 @@ public sealed record Job
         return builder.ToImmutable();
     }
+    public ImmutableArray<string> GetAllDirectories(string repoRoot)
+    {
+        // where possible we want to maintain the order of the specified directories, so we have to manually handle each one
+        var seenDirectories = new HashSet<string>(StringComparer.OrdinalIgnoreCase);
+        var rawDirectories = GetRawDirectories();
+        var result = new List<string>();
+        foreach (var directory in rawDirectories)
+        {
+            var expandedDirectories = PathHelper.GetMatchingDirectoriesUnder(repoRoot, directory, caseSensitive: false);
+            foreach (var expanded in expandedDirectories)
+            {
+                if (seenDirectories.Add(expanded))
+                {
+                    result.Add(expanded);
+                }
+            }
+        }
+        return [.. result];
+    }
     public ImmutableArray<DependencyGroup> GetRelevantDependencyGroups()
     {
         var appliesToKey = SecurityUpdatesOnly ? "security-updates" : "version-updates";
@@ -121,7 +142,7 @@ public sealed record Job
         }
         var version = NuGetVersion.Parse(dependency.Version);
-        var dependencyInfo = RunWorker.GetDependencyInfo(this, dependency, allowCooldown: false);
+        var dependencyInfo = RunWorker.GetDependencyInfo(this, dependency, groupMatchers: [], allowCooldown: false);
         var isVulnerable = dependencyInfo.Vulnerabilities.Any(v => v.IsVulnerable(version));
         bool IsAllowed(AllowedUpdate allowedUpdate)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/JobErrorBase.cs CHANGED Viewed

@@ -73,13 +73,15 @@ public abstract record JobErrorBase : MessageBase
             case InvalidDataException invalidData when invalidData.Message == "Central Directory corrupt.":
                 return new PrivateSourceBadResponse(NuGetContext.GetPackageSourceUrls(currentDirectory), invalidData.Message);
             case InvalidProjectFileException invalidProjectFile:
-                return new DependencyFileNotParseable(invalidProjectFile.ProjectFile);
+                return new DependencyFileNotParseable(Path.GetRelativePath(currentDirectory, invalidProjectFile.ProjectFile).NormalizePathToUnix());
+            case IOException ioException when ioException.Message.Contains("No space left on device", StringComparison.OrdinalIgnoreCase):
+                return new OutOfDisk();
             case MissingFileException missingFile:
                 return new DependencyFileNotFound(missingFile.FilePath, missingFile.Message);
             case PrivateSourceTimedOutException timeout:
                 return new PrivateSourceTimedOut(timeout.Url);
             case UnparseableFileException unparseableFile:
-                return new DependencyFileNotParseable(unparseableFile.FilePath, unparseableFile.Message);
+                return new DependencyFileNotParseable(Path.GetRelativePath(currentDirectory, unparseableFile.FilePath).NormalizePathToUnix(), unparseableFile.Message);
             case UpdateNotPossibleException updateNotPossible:
                 return new UpdateNotPossible(updateNotPossible.Dependencies);
             default:

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/ApiModel/OutOfDisk.cs ADDED Viewed

@@ -0,0 +1,9 @@
+namespace NuGetUpdater.Core.Run.ApiModel;
+public record OutOfDisk : JobErrorBase
+{
+    public OutOfDisk()
+        : base("out_of_disk")
+    {
+    }
+}

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/IApiHandler.cs CHANGED Viewed

@@ -30,7 +30,17 @@ public static class IApiHandlerExtensions
         }
     }
-    public static Task UpdateDependencyList(this IApiHandler handler, UpdatedDependencyList updatedDependencyList) => handler.PostAsJson("update_dependency_list", updatedDependencyList);
+    public static async Task UpdateDependencyList(this IApiHandler handler, UpdatedDependencyList updatedDependencyList)
+    {
+        if (updatedDependencyList.Dependencies.Length == 0 && updatedDependencyList.DependencyFiles.Length == 0)
+        {
+            // directory wildcard expansion can lead to empty directories; don't report those
+            return;
+        }
+        await handler.PostAsJson("update_dependency_list", updatedDependencyList);
+    }
     public static Task IncrementMetric(this IApiHandler handler, IncrementMetric incrementMetric) => handler.PostAsJson("increment_metric", incrementMetric);
     public static Task CreatePullRequest(this IApiHandler handler, CreatePullRequest createPullRequest) => handler.PostAsJson("create_pull_request", createPullRequest);
     public static Task ClosePullRequest(this IApiHandler handler, ClosePullRequest closePullRequest) => handler.PostAsJson("close_pull_request", closePullRequest);

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/RunWorker.cs CHANGED Viewed

@@ -157,7 +157,7 @@ public class RunWorker
         }
     }
-    internal static DependencyInfo GetDependencyInfo(Job job, Dependency dependency, bool allowCooldown)
+    internal static DependencyInfo GetDependencyInfo(Job job, Dependency dependency, IEnumerable<GroupMatcher> groupMatchers, bool allowCooldown)
     {
         var dependencyVersion = NuGetVersion.Parse(dependency.Version!);
         var securityAdvisories = job.SecurityAdvisories.Where(s => s.DependencyName.Equals(dependency.Name, StringComparison.OrdinalIgnoreCase)).ToArray();
@@ -178,8 +178,29 @@ public class RunWorker
         var ignoredUpdateTypes = job.IgnoreConditions
             .Where(c => FileSystemName.MatchesSimpleExpression(c.DependencyName, dependency.Name))
             .SelectMany(c => c.UpdateTypes ?? [])
-            .Distinct()
-            .ToImmutableArray();
+            .ToHashSet();
+        // if an update type isn't explicitly allowed by a group matcher, add it to the ignored set
+        foreach (var groupMatcher in groupMatchers)
+        {
+            if (groupMatcher.IsMatch(dependency.Name))
+            {
+                // group update types defaults to everything, so if it's not allowed then it's to be ignored
+                var allowedUpdateTypes = new HashSet<GroupUpdateType>(groupMatcher.UpdateTypes);
+                if (!allowedUpdateTypes.Contains(GroupUpdateType.Major))
+                {
+                    ignoredUpdateTypes.Add(ConditionUpdateType.SemVerMajor);
+                }
+                if (!allowedUpdateTypes.Contains(GroupUpdateType.Minor))
+                {
+                    ignoredUpdateTypes.Add(ConditionUpdateType.SemVerMinor);
+                }
+                if (!allowedUpdateTypes.Contains(GroupUpdateType.Patch))
+                {
+                    ignoredUpdateTypes.Add(ConditionUpdateType.SemVerPatch);
+                }
+            }
+        }
         // while it would be nice to lift the cooldown options into the IgnoredUpdateTypes field, we don't know the
         // publish date of the packages, so we have to pass along the whole object for the version finder to sort out
@@ -193,7 +214,7 @@ public class RunWorker
             IsVulnerable = isVulnerable,
             IgnoredVersions = ignoredVersions,
             Vulnerabilities = vulnerabilities,
-            IgnoredUpdateTypes = ignoredUpdateTypes,
+            IgnoredUpdateTypes = [.. ignoredUpdateTypes.OrderBy(t => t)],
             Cooldown = includeCooldown ? job.Cooldown : null,
         };
         return dependencyInfo;

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/CreateSecurityUpdatePullRequestHandler.cs CHANGED Viewed

@@ -31,7 +31,7 @@ internal class CreateSecurityUpdatePullRequestHandler : IUpdateHandler
     {
         var repoContentsPath = caseInsensitiveRepoContentsPath ?? originalRepoContentsPath;
         var jobDependencies = job.Dependencies.ToHashSet(StringComparer.OrdinalIgnoreCase);
-        foreach (var directory in job.GetAllDirectories())
+        foreach (var directory in job.GetAllDirectories(repoContentsPath.FullName))
         {
             var discoveryResult = await discoveryWorker.RunAsync(repoContentsPath.FullName, directory);
             logger.ReportDiscovery(discoveryResult);
@@ -67,7 +67,7 @@ internal class CreateSecurityUpdatePullRequestHandler : IUpdateHandler
             {
                 var dependencyName = dependencyGroupToUpdate.Key;
                 var vulnerableCandidateDependenciesToUpdate = dependencyGroupToUpdate.Value
-                    .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency, allowCooldown: false)))
+                    .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency, groupMatchers: [], allowCooldown: false)))
                     .Where(set => set.Item3.IsVulnerable)
                     .ToArray();
                 var vulnerableDependenciesToUpdate = vulnerableCandidateDependenciesToUpdate

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/GroupUpdateAllVersionsHandler.cs CHANGED Viewed

@@ -56,7 +56,7 @@ internal class GroupUpdateAllVersionsHandler : IUpdateHandler
             var updateOperationsPerformed = new List<UpdateOperationBase>();
             var updatedDependencies = new List<ReportedDependency>();
             var allUpdatedDependencyFiles = ImmutableArray.Create<DependencyFile>();
-            foreach (var directory in job.GetAllDirectories())
+            foreach (var directory in job.GetAllDirectories(repoContentsPath.FullName))
             {
                 var discoveryResult = await discoveryWorker.RunAsync(repoContentsPath.FullName, directory);
                 logger.ReportDiscovery(discoveryResult);
@@ -91,7 +91,7 @@ internal class GroupUpdateAllVersionsHandler : IUpdateHandler
                         continue;
                     }
-                    var dependencyInfo = RunWorker.GetDependencyInfo(job, dependency, allowCooldown: true);
+                    var dependencyInfo = RunWorker.GetDependencyInfo(job, dependency, groupMatchers: [groupMatcher], allowCooldown: true);
                     var analysisResult = await analyzeWorker.RunAsync(repoContentsPath.FullName, discoveryResult, dependencyInfo);
                     if (analysisResult.Error is not null)
                     {
@@ -169,7 +169,7 @@ internal class GroupUpdateAllVersionsHandler : IUpdateHandler
     private async Task RunUngroupedDependencyUpdates(Job job, DirectoryInfo originalRepoContentsPath, DirectoryInfo? caseInsensitiveRepoContentsPath, string baseCommitSha, IDiscoveryWorker discoveryWorker, IAnalyzeWorker analyzeWorker, IUpdaterWorker updaterWorker, IApiHandler apiHandler, ExperimentsManager experimentsManager, ILogger logger)
     {
         var repoContentsPath = caseInsensitiveRepoContentsPath ?? originalRepoContentsPath;
-        foreach (var directory in job.GetAllDirectories())
+        foreach (var directory in job.GetAllDirectories(repoContentsPath.FullName))
         {
             var discoveryResult = await discoveryWorker.RunAsync(repoContentsPath.FullName, directory);
             logger.ReportDiscovery(discoveryResult);
@@ -213,7 +213,7 @@ internal class GroupUpdateAllVersionsHandler : IUpdateHandler
                         continue;
                     }
-                    var dependencyInfo = RunWorker.GetDependencyInfo(job, dependency, allowCooldown: true);
+                    var dependencyInfo = RunWorker.GetDependencyInfo(job, dependency, groupMatchers: [], allowCooldown: true);
                     var analysisResult = await analyzeWorker.RunAsync(repoContentsPath.FullName, discoveryResult, dependencyInfo);
                     if (analysisResult.Error is not null)
                     {

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/RefreshGroupUpdatePullRequestHandler.cs CHANGED Viewed

@@ -21,7 +21,7 @@ internal class RefreshGroupUpdatePullRequestHandler : IUpdateHandler
             return false;
         }
-        if (job.GetAllDirectories().Length > 1)
+        if (job.GetRawDirectories().Length > 1)
         {
             return true;
         }
@@ -62,7 +62,7 @@ internal class RefreshGroupUpdatePullRequestHandler : IUpdateHandler
         var groupMatcher = group.GetGroupMatcher();
         var jobDependencies = job.Dependencies.ToHashSet(StringComparer.OrdinalIgnoreCase);
-        foreach (var directory in job.GetAllDirectories())
+        foreach (var directory in job.GetAllDirectories(repoContentsPath.FullName))
         {
             var discoveryResult = await discoveryWorker.RunAsync(repoContentsPath.FullName, directory);
             logger.ReportDiscovery(discoveryResult);
@@ -93,7 +93,7 @@ internal class RefreshGroupUpdatePullRequestHandler : IUpdateHandler
                 var dependencyName = dependencyGroupToUpdate.Key;
                 var relevantDependenciesToUpdate = dependencyGroupToUpdate.Value
                     .Where(o => !job.IsDependencyIgnoredByNameOnly(o.Dependency.Name))
-                    .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency, allowCooldown: true)))
+                    .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency, groupMatchers: [groupMatcher], allowCooldown: true)))
                     .ToArray();
                 foreach (var (projectPath, dependency, dependencyInfo) in relevantDependenciesToUpdate)

data/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Run/UpdateHandlers/RefreshSecurityUpdatePullRequestHandler.cs CHANGED Viewed

@@ -30,7 +30,7 @@ internal class RefreshSecurityUpdatePullRequestHandler : IUpdateHandler
     {
         var repoContentsPath = caseInsensitiveRepoContentsPath ?? originalRepoContentsPath;
         var jobDependencies = job.Dependencies.ToHashSet(StringComparer.OrdinalIgnoreCase);
-        foreach (var directory in job.GetAllDirectories())
+        foreach (var directory in job.GetAllDirectories(repoContentsPath.FullName))
         {
             var discoveryResult = await discoveryWorker.RunAsync(repoContentsPath.FullName, directory);
             logger.ReportDiscovery(discoveryResult);
@@ -82,7 +82,7 @@ internal class RefreshSecurityUpdatePullRequestHandler : IUpdateHandler
                 var dependencyName = dependencyGroupToUpdate.Key;
                 var vulnerableDependenciesToUpdate = dependencyGroupToUpdate.Value
                     .Where(o => !job.IsDependencyIgnoredByNameOnly(o.Dependency.Name))
-                    .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency, allowCooldown: false)))
+                    .Select(o => (o.ProjectPath, o.Dependency, RunWorker.GetDependencyInfo(job, o.Dependency, groupMatchers: [], allowCooldown: false)))
                     .Where(set => set.Item3.IsVulnerable)
                     .ToArray();