Fix NuGet app/web.config assembly binding redirect updates

[rhyskoedijk]

What are you trying to accomplish?

Fix issues #2225 and #8738.

Support for .NET Framework assembly binding redirects doesn't work as expected because the required changes to app.config/web.config are missing from the dependency update pull request. Without these config changes, runtime errors occur in the projects due to the mismatched assembly versions.

Changes:

• If NuGetUpdater.Core modifies the assembly binding redirects in app.config or web.config files, the file changes are now included in the [dependency update] pull request. Previously these files were ignored.
• If app.config or web.config has a <?xml ... ?> declaration, it is now preserved when NuGetUpdater.Core modifies the config file. Previously the declaration was removed when the config file was updated.
• Assembly binding redirect PublicKeyToken attributes are now compared case-insensitive to prevent existing redirects from being duplicated if there is a case mismatch between tools (e.g. NuGet.exe vs Visual Studio).
• Assembly binding redirects parsed from config files are stored in a lookup instead of a dictionary in order to prevent throwing a "item with same key has already been added" exception when multiple redirects are defined in config for the same assembly.
• Duplicate assembly binding redirects are removed from config on update, matching the behavior of NuGet.exe.

Anything you want to highlight for special attention from reviewers?

Some C# unreferenced code was removed (for clarity).

How will you know you've accomplished your goal?

Dependabot will commit app.config / web.config changes when updating .NET Framework projects that use manual assembly binding redirects.

Reproduction repository:
https://github.com/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test
(Visual Studio .NET Framework 4.8 Web API template project, with a few package changes to reproduce the problem)

Dry-run command:

bin/docker-dev-shell nuget --rebuild
bin/dry-run.rb nuget rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test --dir="/" --dep="Microsoft.IdentityModel.Protocols.OpenIdConnect"

Dry-run output pre change:

running NuGet updater:
/opt/nuget/NuGetUpdater/NuGetUpdater.Cli update --repo-root /home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test --solution-or-project /home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test/WebApplication2/WebApplication2.csproj --dependency Microsoft.IdentityModel.Protocols.OpenIdConnect --new-version 7.6.2 --previous-version 7.5.2 --verbose
  No dotnet-tools.json file found.
  No global.json file found.
Running for project file [WebApplication2/WebApplication2.csproj]
Updating project [/home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test/WebApplication2/WebApplication2.csproj]
  Found packages.config; running with NuGet.exe
    Using packages directory [..\packages] for project [/home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test/WebApplication2/WebApplication2.csproj].
    Finding MSBuild...
    Running NuGet.exe with args: update /home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test/WebApplication2/packages.config -Id Microsoft.IdentityModel.Protocols.OpenIdConnect -Version 7.6.2 -RepositoryPath /home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test/WebApplication2/..\packages -NonInteractive -MSBuildPath /usr/local/dotnet/current/sdk/8.0.300
    Result: 0
    Output:
Using Msbuild from '/usr/local/dotnet/current/sdk/8.0.300'.
Feeds used:
  https://api.nuget.org/v3/index.json



Attempting to gather dependency information for multiple packages with respect to project '/home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test/WebApplication2/WebApplication2.csproj', targeting '.NETFramework,Version=v4.8.1'
Gathering dependency information took 19.8 sec
Attempting to resolve dependencies for multiple packages.
Resolving dependency information took 0 ms
Resolving actions install multiple packages
Retrieving package 'Microsoft.Bcl.AsyncInterfaces 8.0.0' from 'nuget.org'.
Retrieving package 'Microsoft.IdentityModel.Abstractions 7.6.2' from 'nuget.org'.
Retrieving package 'Microsoft.IdentityModel.JsonWebTokens 7.6.2' from 'nuget.org'.
Retrieving package 'Microsoft.IdentityModel.Logging 7.6.2' from 'nuget.org'.
Retrieving package 'Microsoft.IdentityModel.Protocols 7.6.2' from 'nuget.org'.
Retrieving package 'Microsoft.IdentityModel.Protocols.OpenIdConnect 7.6.2' from 'nuget.org'.
Retrieving package 'Microsoft.IdentityModel.Tokens 7.6.2' from 'nuget.org'.
Retrieving package 'System.Buffers 4.5.1' from 'nuget.org'.
Retrieving package 'System.IdentityModel.Tokens.Jwt 7.6.2' from 'nuget.org'.
Retrieving package 'System.Memory 4.5.5' from 'nuget.org'.
Retrieving package 'System.Numerics.Vectors 4.5.0' from 'nuget.org'.
Retrieving package 'System.Runtime.CompilerServices.Unsafe 6.0.0' from 'nuget.org'.
Retrieving package 'System.Text.Encodings.Web 8.0.0' from 'nuget.org'.
Retrieving package 'System.Text.Json 8.0.3' from 'nuget.org'.
Retrieving package 'System.Threading.Tasks.Extensions 4.5.4' from 'nuget.org'.
Retrieving package 'System.ValueTuple 4.5.0' from 'nuget.org'.
WARNING: Package 'Microsoft.IdentityModel.Abstractions.7.6.2' already exists in project 'WebApplication2'
Successfully installed 'Microsoft.IdentityModel.Abstractions 7.6.2' to WebApplication2
WARNING: Package 'Microsoft.IdentityModel.Logging.7.6.2' already exists in project 'WebApplication2'
Successfully installed 'Microsoft.IdentityModel.Logging 7.6.2' to WebApplication2
WARNING: Package 'System.Buffers.4.5.1' already exists in project 'WebApplication2'
Successfully installed 'System.Buffers 4.5.1' to WebApplication2
WARNING: Package 'System.Numerics.Vectors.4.5.0' already exists in project 'WebApplication2'
Successfully installed 'System.Numerics.Vectors 4.5.0' to WebApplication2
WARNING: Package 'System.Runtime.CompilerServices.Unsafe.6.0.0' already exists in project 'WebApplication2'
Successfully installed 'System.Runtime.CompilerServices.Unsafe 6.0.0' to WebApplication2
WARNING: Package 'System.Memory.4.5.5' already exists in project 'WebApplication2'
Successfully installed 'System.Memory 4.5.5' to WebApplication2
WARNING: Package 'System.Text.Encodings.Web.8.0.0' already exists in project 'WebApplication2'
Successfully installed 'System.Text.Encodings.Web 8.0.0' to WebApplication2
WARNING: Package 'System.Threading.Tasks.Extensions.4.5.4' already exists in project 'WebApplication2'
Successfully installed 'System.Threading.Tasks.Extensions 4.5.4' to WebApplication2
WARNING: Package 'Microsoft.Bcl.AsyncInterfaces.8.0.0' already exists in project 'WebApplication2'
Successfully installed 'Microsoft.Bcl.AsyncInterfaces 8.0.0' to WebApplication2
WARNING: Package 'System.ValueTuple.4.5.0' already exists in project 'WebApplication2'
Successfully installed 'System.ValueTuple 4.5.0' to WebApplication2
WARNING: Package 'System.Text.Json.8.0.3' already exists in project 'WebApplication2'
Successfully installed 'System.Text.Json 8.0.3' to WebApplication2
WARNING: Package 'Microsoft.IdentityModel.Tokens.7.6.2' already exists in project 'WebApplication2'
Successfully installed 'Microsoft.IdentityModel.Tokens 7.6.2' to WebApplication2
WARNING: Package 'Microsoft.IdentityModel.JsonWebTokens.7.6.2' already exists in project 'WebApplication2'
Successfully installed 'Microsoft.IdentityModel.JsonWebTokens 7.6.2' to WebApplication2
WARNING: Package 'Microsoft.IdentityModel.Protocols.7.6.2' already exists in project 'WebApplication2'
Successfully installed 'Microsoft.IdentityModel.Protocols 7.6.2' to WebApplication2
WARNING: Package 'System.IdentityModel.Tokens.Jwt.7.6.2' already exists in project 'WebApplication2'
Successfully installed 'System.IdentityModel.Tokens.Jwt 7.6.2' to WebApplication2
Adding package 'Microsoft.IdentityModel.Protocols.OpenIdConnect.7.6.2' to folder '/home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test/WebApplication2/..\packages'
Added package 'Microsoft.IdentityModel.Protocols.OpenIdConnect.7.6.2' to folder '/home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test/WebApplication2/..\packages'
Added package 'Microsoft.IdentityModel.Protocols.OpenIdConnect.7.6.2' to 'packages.config'
Successfully installed 'Microsoft.IdentityModel.Protocols.OpenIdConnect 7.6.2' to WebApplication2
Executing nuget actions took 123 ms

    Writing project file back to disk
  Running for SDK-style project
    Package [Microsoft.IdentityModel.Protocols.OpenIdConnect] Does not exist as a dependency in [/home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test/WebApplication2/WebApplication2.csproj].
Update complete.
Fixing mismatched Windows line endings for [WebApplication2/WebApplication2.csproj].
Adding BOM to [WebApplication2/WebApplication2.csproj].
The contents of file [WebApplication2/WebApplication2.csproj] were updated.
Fixing mismatched Windows line endings for [WebApplication2/packages.config].
The contents of file [WebApplication2/packages.config] were updated.
🌍 --> GET https://api.nuget.org/v3-flatcontainer/microsoft.identitymodel.protocols.openidconnect/7.6.2/microsoft.identitymodel.protocols.openidconnect.nuspec
🌍 <-- 200 https://api.nuget.org/v3-flatcontainer/microsoft.identitymodel.protocols.openidconnect/7.6.2/microsoft.identitymodel.protocols.openidconnect.nuspec
🌍 --> GET https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet.git/info/refs?service=git-upload-pack
🌍 <-- 200 https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet.git/info/refs?service=git-upload-pack
🌍 --> GET https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet.git/info/refs?service=git-upload-pack
🌍 <-- 200 https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet.git/info/refs?service=git-upload-pack
 => bump microsoft.identitymodel.protocols.openidconnect from 7.5.2 to 7.6.2

    ± WebApplication2/WebApplication2.csproj
    ~~~
    --- /tmp/original20240629-747-e2ffta        2024-06-29 14:16:56.192595390 +0000
    +++ /tmp/updated20240629-747-9eshvw 2024-06-29 14:16:56.196595370 +0000
    @@ -64,8 +64,9 @@
         <Reference Include="Microsoft.IdentityModel.Protocols, Version=7.6.2.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
           <HintPath>..\packages\Microsoft.IdentityModel.Protocols.7.6.2\lib\net472\Microsoft.IdentityModel.Protocols.dll</HintPath>
         </Reference>
    -    <Reference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=7.5.2.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
    -      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.OpenIdConnect.7.5.2\lib\net472\Microsoft.IdentityModel.Protocols.OpenIdConnect.dll</HintPath>
    +    <Reference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=7.6.2.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
    +      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.OpenIdConnect.7.6.2\lib\net472\Microsoft.IdentityModel.Protocols.OpenIdConnect.dll</HintPath>
    +      <Private>True</Private>
         </Reference>
         <Reference Include="Microsoft.IdentityModel.Tokens, Version=7.6.2.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
           <HintPath>..\packages\Microsoft.IdentityModel.Tokens.7.6.2\lib\net472\Microsoft.IdentityModel.Tokens.dll</HintPath>
    ~~~
    4 insertions (+), 3 deletions (-)

    ± WebApplication2/packages.config
    ~~~
    --- /tmp/original20240629-747-ncr1fz        2024-06-29 14:16:56.197595365 +0000
    +++ /tmp/updated20240629-747-mvqxni 2024-06-29 14:16:56.197595365 +0000
    @@ -18,7 +18,7 @@
       <package id="Microsoft.IdentityModel.JsonWebTokens" version="7.6.2" targetFramework="net481" />
       <package id="Microsoft.IdentityModel.Logging" version="7.6.2" targetFramework="net481" />
       <package id="Microsoft.IdentityModel.Protocols" version="7.6.2" targetFramework="net481" />
    -  <package id="Microsoft.IdentityModel.Protocols.OpenIdConnect" version="7.5.2" targetFramework="net481" />
    +  <package id="Microsoft.IdentityModel.Protocols.OpenIdConnect" version="7.6.2" targetFramework="net481" />
       <package id="Microsoft.IdentityModel.Tokens" version="7.6.2" targetFramework="net481" />
       <package id="Microsoft.Web.Infrastructure" version="2.0.0" targetFramework="net481" />
       <package id="Modernizr" version="2.8.3" targetFramework="net481" />
    ~~~
    2 insertions (+), 2 deletions (-)

Dry-run output post change:

running NuGet updater:
/opt/nuget/NuGetUpdater/NuGetUpdater.Cli update --repo-root /home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test --solution-or-project /home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test/WebApplication2/WebApplication2.csproj --dependency Microsoft.IdentityModel.Protocols.OpenIdConnect --new-version 7.6.2 --previous-version 7.5.2 --verbose
  No dotnet-tools.json file found.
  No global.json file found.
Running for project file [WebApplication2/WebApplication2.csproj]
Updating project [/home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test/WebApplication2/WebApplication2.csproj]
  Found packages.config; running with NuGet.exe
    Using packages directory [..\packages] for project [/home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test/WebApplication2/WebApplication2.csproj].
    Finding MSBuild...
    Running NuGet.exe with args: update /home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test/WebApplication2/packages.config -Id Microsoft.IdentityModel.Protocols.OpenIdConnect -Version 7.6.2 -RepositoryPath /home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test/WebApplication2/..\packages -NonInteractive -MSBuildPath /usr/local/dotnet/current/sdk/8.0.300
    Result: 0
    Output:
Using Msbuild from '/usr/local/dotnet/current/sdk/8.0.300'.
Feeds used:
  https://api.nuget.org/v3/index.json



Attempting to gather dependency information for multiple packages with respect to project '/home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test/WebApplication2/WebApplication2.csproj', targeting '.NETFramework,Version=v4.8.1'
Gathering dependency information took 19.26 sec
Attempting to resolve dependencies for multiple packages.
Resolving dependency information took 0 ms
Resolving actions install multiple packages
Retrieving package 'Microsoft.Bcl.AsyncInterfaces 8.0.0' from 'nuget.org'.
Retrieving package 'Microsoft.IdentityModel.Abstractions 7.6.2' from 'nuget.org'.
Retrieving package 'Microsoft.IdentityModel.JsonWebTokens 7.6.2' from 'nuget.org'.
Retrieving package 'Microsoft.IdentityModel.Logging 7.6.2' from 'nuget.org'.
Retrieving package 'Microsoft.IdentityModel.Protocols 7.6.2' from 'nuget.org'.
Retrieving package 'Microsoft.IdentityModel.Protocols.OpenIdConnect 7.6.2' from 'nuget.org'.
Retrieving package 'Microsoft.IdentityModel.Tokens 7.6.2' from 'nuget.org'.
Retrieving package 'System.Buffers 4.5.1' from 'nuget.org'.
Retrieving package 'System.IdentityModel.Tokens.Jwt 7.6.2' from 'nuget.org'.
Retrieving package 'System.Memory 4.5.5' from 'nuget.org'.
Retrieving package 'System.Numerics.Vectors 4.5.0' from 'nuget.org'.
Retrieving package 'System.Runtime.CompilerServices.Unsafe 6.0.0' from 'nuget.org'.
Retrieving package 'System.Text.Encodings.Web 8.0.0' from 'nuget.org'.
Retrieving package 'System.Text.Json 8.0.3' from 'nuget.org'.
Retrieving package 'System.Threading.Tasks.Extensions 4.5.4' from 'nuget.org'.
Retrieving package 'System.ValueTuple 4.5.0' from 'nuget.org'.
WARNING: Package 'Microsoft.IdentityModel.Abstractions.7.6.2' already exists in project 'WebApplication2'
Successfully installed 'Microsoft.IdentityModel.Abstractions 7.6.2' to WebApplication2
WARNING: Package 'Microsoft.IdentityModel.Logging.7.6.2' already exists in project 'WebApplication2'
Successfully installed 'Microsoft.IdentityModel.Logging 7.6.2' to WebApplication2
WARNING: Package 'System.Buffers.4.5.1' already exists in project 'WebApplication2'
Successfully installed 'System.Buffers 4.5.1' to WebApplication2
WARNING: Package 'System.Numerics.Vectors.4.5.0' already exists in project 'WebApplication2'
Successfully installed 'System.Numerics.Vectors 4.5.0' to WebApplication2
WARNING: Package 'System.Runtime.CompilerServices.Unsafe.6.0.0' already exists in project 'WebApplication2'
Successfully installed 'System.Runtime.CompilerServices.Unsafe 6.0.0' to WebApplication2
WARNING: Package 'System.Memory.4.5.5' already exists in project 'WebApplication2'
Successfully installed 'System.Memory 4.5.5' to WebApplication2
WARNING: Package 'System.Text.Encodings.Web.8.0.0' already exists in project 'WebApplication2'
Successfully installed 'System.Text.Encodings.Web 8.0.0' to WebApplication2
WARNING: Package 'System.Threading.Tasks.Extensions.4.5.4' already exists in project 'WebApplication2'
Successfully installed 'System.Threading.Tasks.Extensions 4.5.4' to WebApplication2
WARNING: Package 'Microsoft.Bcl.AsyncInterfaces.8.0.0' already exists in project 'WebApplication2'
Successfully installed 'Microsoft.Bcl.AsyncInterfaces 8.0.0' to WebApplication2
WARNING: Package 'System.ValueTuple.4.5.0' already exists in project 'WebApplication2'
Successfully installed 'System.ValueTuple 4.5.0' to WebApplication2
WARNING: Package 'System.Text.Json.8.0.3' already exists in project 'WebApplication2'
Successfully installed 'System.Text.Json 8.0.3' to WebApplication2
WARNING: Package 'Microsoft.IdentityModel.Tokens.7.6.2' already exists in project 'WebApplication2'
Successfully installed 'Microsoft.IdentityModel.Tokens 7.6.2' to WebApplication2
WARNING: Package 'Microsoft.IdentityModel.JsonWebTokens.7.6.2' already exists in project 'WebApplication2'
Successfully installed 'Microsoft.IdentityModel.JsonWebTokens 7.6.2' to WebApplication2
WARNING: Package 'Microsoft.IdentityModel.Protocols.7.6.2' already exists in project 'WebApplication2'
Successfully installed 'Microsoft.IdentityModel.Protocols 7.6.2' to WebApplication2
WARNING: Package 'System.IdentityModel.Tokens.Jwt.7.6.2' already exists in project 'WebApplication2'
Successfully installed 'System.IdentityModel.Tokens.Jwt 7.6.2' to WebApplication2
Adding package 'Microsoft.IdentityModel.Protocols.OpenIdConnect.7.6.2' to folder '/home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test/WebApplication2/..\packages'
Added package 'Microsoft.IdentityModel.Protocols.OpenIdConnect.7.6.2' to folder '/home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test/WebApplication2/..\packages'
Added package 'Microsoft.IdentityModel.Protocols.OpenIdConnect.7.6.2' to 'packages.config'
Successfully installed 'Microsoft.IdentityModel.Protocols.OpenIdConnect 7.6.2' to WebApplication2
Executing nuget actions took 122 ms

    Writing project file back to disk
  Running for SDK-style project
    Package [Microsoft.IdentityModel.Protocols.OpenIdConnect] Does not exist as a dependency in [/home/dependabot/tmp/rhyskoedijk/dependabot-nuget-webconfig-assembly-binding-test/WebApplication2/WebApplication2.csproj].
Update complete.
Fixing mismatched Windows line endings for [WebApplication2/WebApplication2.csproj].
Adding BOM to [WebApplication2/WebApplication2.csproj].
The contents of file [WebApplication2/WebApplication2.csproj] were updated.
Fixing mismatched Windows line endings for [WebApplication2/packages.config].
The contents of file [WebApplication2/packages.config] were updated.
Fixing mismatched Windows line endings for [WebApplication2/Web.config].
Adding BOM to [WebApplication2/Web.config].
The contents of file [WebApplication2/Web.config] were updated.
🌍 --> GET https://api.nuget.org/v3-flatcontainer/microsoft.identitymodel.protocols.openidconnect/7.6.2/microsoft.identitymodel.protocols.openidconnect.nuspec
🌍 <-- 200 https://api.nuget.org/v3-flatcontainer/microsoft.identitymodel.protocols.openidconnect/7.6.2/microsoft.identitymodel.protocols.openidconnect.nuspec
🌍 --> GET https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet.git/info/refs?service=git-upload-pack
🌍 <-- 200 https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet.git/info/refs?service=git-upload-pack
🌍 --> GET https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet.git/info/refs?service=git-upload-pack
🌍 <-- 200 https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet.git/info/refs?service=git-upload-pack
 => bump microsoft.identitymodel.protocols.openidconnect from 7.5.2 to 7.6.2

    ± WebApplication2/WebApplication2.csproj
    ~~~
    --- /tmp/original20240629-1352-w5j6vv       2024-06-29 14:18:25.296162648 +0000
    +++ /tmp/updated20240629-1352-3mxkuy        2024-06-29 14:18:25.297162643 +0000
    @@ -64,8 +64,9 @@
         <Reference Include="Microsoft.IdentityModel.Protocols, Version=7.6.2.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
           <HintPath>..\packages\Microsoft.IdentityModel.Protocols.7.6.2\lib\net472\Microsoft.IdentityModel.Protocols.dll</HintPath>
         </Reference>
    -    <Reference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=7.5.2.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
    -      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.OpenIdConnect.7.5.2\lib\net472\Microsoft.IdentityModel.Protocols.OpenIdConnect.dll</HintPath>
    +    <Reference Include="Microsoft.IdentityModel.Protocols.OpenIdConnect, Version=7.6.2.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35">
    +      <HintPath>..\packages\Microsoft.IdentityModel.Protocols.OpenIdConnect.7.6.2\lib\net472\Microsoft.IdentityModel.Protocols.OpenIdConnect.dll</HintPath>
    +      <Private>True</Private>
         </Reference>
         <Reference Include="Microsoft.IdentityModel.Tokens, Version=7.6.2.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
           <HintPath>..\packages\Microsoft.IdentityModel.Tokens.7.6.2\lib\net472\Microsoft.IdentityModel.Tokens.dll</HintPath>
    ~~~
    4 insertions (+), 3 deletions (-)

    ± WebApplication2/packages.config
    ~~~
    --- /tmp/original20240629-1352-zv5gyt       2024-06-29 14:18:25.299162634 +0000
    +++ /tmp/updated20240629-1352-o1zoz8        2024-06-29 14:18:25.299162634 +0000
    @@ -18,7 +18,7 @@
       <package id="Microsoft.IdentityModel.JsonWebTokens" version="7.6.2" targetFramework="net481" />
       <package id="Microsoft.IdentityModel.Logging" version="7.6.2" targetFramework="net481" />
       <package id="Microsoft.IdentityModel.Protocols" version="7.6.2" targetFramework="net481" />
    -  <package id="Microsoft.IdentityModel.Protocols.OpenIdConnect" version="7.5.2" targetFramework="net481" />
    +  <package id="Microsoft.IdentityModel.Protocols.OpenIdConnect" version="7.6.2" targetFramework="net481" />
       <package id="Microsoft.IdentityModel.Tokens" version="7.6.2" targetFramework="net481" />
       <package id="Microsoft.Web.Infrastructure" version="2.0.0" targetFramework="net481" />
       <package id="Modernizr" version="2.8.3" targetFramework="net481" />
    ~~~
    2 insertions (+), 2 deletions (-)

    ± WebApplication2/Web.config
    ~~~
    --- /tmp/original20240629-1352-vjkmjb       2024-06-29 14:18:25.300162629 +0000
    +++ /tmp/updated20240629-1352-wym6o7        2024-06-29 14:18:25.300162629 +0000
    @@ -17,8 +17,8 @@
       <runtime>
         <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">
           <dependentAssembly>
    -        <assemblyIdentity name="Microsoft.IdentityModel.Protocols.OpenIdConnect" publicKeyToken="31BF3856AD364E35" culture="neutral"/>
    -        <bindingRedirect oldVersion="0.0.0.0-7.5.2.0" newVersion="7.5.2.0"/>
    +        <assemblyIdentity name="Microsoft.IdentityModel.Protocols.OpenIdConnect" publicKeyToken="31BF3856AD364E35" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-7.6.2.0" newVersion="7.6.2.0" />
           </dependentAssembly>
           <dependentAssembly>
             <assemblyIdentity name="Antlr3.Runtime" publicKeyToken="eb42632606e9261f" />
    @@ -42,15 +42,107 @@
           </dependentAssembly>
           <dependentAssembly>
             <assemblyIdentity name="System.Web.Helpers" publicKeyToken="31bf3856ad364e35" />
    -        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
    +        <bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
           </dependentAssembly>
           <dependentAssembly>
             <assemblyIdentity name="System.Web.WebPages" publicKeyToken="31bf3856ad364e35" />
    -        <bindingRedirect oldVersion="1.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
    +        <bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
           </dependentAssembly>
           <dependentAssembly>
             <assemblyIdentity name="System.Web.Mvc" publicKeyToken="31bf3856ad364e35" />
    -        <bindingRedirect oldVersion="1.0.0.0-5.3.0.0" newVersion="5.3.0.0" />
    +        <bindingRedirect oldVersion="0.0.0.0-5.3.0.0" newVersion="5.3.0.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="Microsoft.Bcl.AsyncInterfaces" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-8.0.0.0" newVersion="8.0.0.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="Microsoft.CodeDom.Providers.DotNetCompilerPlatform" publicKeyToken="31bf3856ad364e35" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-4.1.0.0" newVersion="4.1.0.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="Microsoft.IdentityModel.Abstractions" publicKeyToken="31bf3856ad364e35" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-7.6.2.0" newVersion="7.6.2.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="Microsoft.IdentityModel.JsonWebTokens" publicKeyToken="31bf3856ad364e35" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-7.6.2.0" newVersion="7.6.2.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="Microsoft.IdentityModel.Logging" publicKeyToken="31bf3856ad364e35" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-7.6.2.0" newVersion="7.6.2.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="Microsoft.IdentityModel.Protocols" publicKeyToken="31bf3856ad364e35" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-7.6.2.0" newVersion="7.6.2.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="Microsoft.IdentityModel.Tokens" publicKeyToken="31bf3856ad364e35" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-7.6.2.0" newVersion="7.6.2.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="Newtonsoft.Json.Bson" publicKeyToken="30ad4fe6b2a6aeed" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-1.0.0.0" newVersion="1.0.0.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="System.Buffers" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="System.IdentityModel.Tokens.Jwt" publicKeyToken="31bf3856ad364e35" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-7.6.2.0" newVersion="7.6.2.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="System.Memory" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-4.0.1.2" newVersion="4.0.1.2" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="System.Net.Http.Formatting" publicKeyToken="31bf3856ad364e35" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="System.Numerics.Vectors" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-4.1.4.0" newVersion="4.1.4.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="System.Text.Encodings.Web" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-8.0.0.0" newVersion="8.0.0.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="System.Text.Json" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-8.0.0.3" newVersion="8.0.0.3" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="System.Threading.Tasks.Extensions" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-4.2.0.1" newVersion="4.2.0.1" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="System.ValueTuple" publicKeyToken="cc7b13ffcd2ddd51" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-4.0.3.0" newVersion="4.0.3.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="System.Web.Http" publicKeyToken="31bf3856ad364e35" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-5.3.0.0" newVersion="5.3.0.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="System.Web.Http.WebHost" publicKeyToken="31bf3856ad364e35" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-5.3.0.0" newVersion="5.3.0.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="System.Web.Razor" publicKeyToken="31bf3856ad364e35" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="System.Web.WebPages.Deployment" publicKeyToken="31bf3856ad364e35" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
    +      </dependentAssembly>
    +      <dependentAssembly>
    +        <assemblyIdentity name="System.Web.WebPages.Razor" publicKeyToken="31bf3856ad364e35" culture="neutral" />
    +        <bindingRedirect oldVersion="0.0.0.0-3.0.0.0" newVersion="3.0.0.0" />
           </dependentAssembly>
         </assemblyBinding>
       </runtime>
    ~~~
    98 insertions (+), 6 deletions (-)

Checklist

• I have run the complete test suite to ensure all tests and linters pass.
• I have thoroughly tested my code changes to ensure they work as expected, including adding additional tests for new functionality.
• I have written clear and descriptive commit messages.
• I have provided a detailed description of the changes in the pull request, including the problem it addresses, how it fixes the problem, and any relevant details about the implementation.
• I have ensured that the code is well-documented and easy to understand.

[brettfo]

Thank you for the contribution! Could you add some unit tests in the C# code to verify the new behavior?

[rhyskoedijk]

@brettfo I've added three unit tests for the logic changes; is there anything else you want me to do here or anything I can do to help get this accepted?

[rhyskoedijk]

EDIT: Sorry, it was a linting error; fixed now.

@brettfo I've just merged main in to this branch to resolve the merge conflicts from some of the recent NuGet changes but now the CI workflow tests are failing and I'm unable to reproduce the error. Are you able to give me any pointers on what I've done wrong here? I must be missing something obvious, just not sure what.

The CI workflow is throwing a "Central Directory corrupt" error, seems like the mock nuget packages are not being written to the tmp folder. This seems to work when I run it locally, so I'm not sure where to start looking to debug this.

CI workflow:

       Starting test execution, please wait...
       A total of 1 test files matched the specified pattern.
       [xUnit.net 00:00:28.55]     NuGetUpdater.Cli.Test.EntryPointTests+Analyze.FindsUpdatedPackageAndReturnsTheCorrectData [FAIL]
         Failed NuGetUpdater.Cli.Test.EntryPointTests+Analyze.FindsUpdatedPackageAndReturnsTheCorrectData [94 ms]
         Error Message:
          System.Exception : Program exited with code 1.
       Output:

       Starting analysis of Some.Package...
         Determining multi-dependency property.
         Finding updated version.
       Unhandled exception: System.IO.InvalidDataException: Central Directory corrupt.
        ---> System.IO.IOException: Invalid argument : '/tmp/.dependabot/packages/Some.Package.1.0.0.nupkg'
          at System.IO.Strategies.FileStreamHelpers.ThrowInvalidArgument(SafeFileHandle handle)
          at System.IO.Strategies.OSFileStreamStrategy.Seek(Int64 offset, SeekOrigin origin)
          at System.IO.Strategies.BufferedFileStreamStrategy.Seek(Int64 offset, SeekOrigin origin)
          at System.IO.Compression.ZipArchive.ReadEndOfCentralDirectory()

Local machine:

[brettfo]

@rhyskoedijk I've seen the "Central Directory corrupt" error a bit recently. The good news is that re-running that CI step usually fixes it. The bad news is that I have no idea what's going on. It seems to be the same test, but I can't figure out what's happening. I even set that test to run in a loop locally and it got to 400 iterations with no failure, so it must be something about the VM it's running in.

[abdulapopoola]

Thanks so much @rhyskoedijk !