report no new version if a given package doesn't exist on any feed (#…

…10354) Co-authored-by: AbdulFattaah Popoola <abdulapopoola@github.com>
dependabot · Aug 2, 2024 · aaa818d · aaa818d
1 parent d30384e
commit aaa818d
Show file tree

Hide file tree

Showing 2 changed files with 46 additions and 0 deletions.
diff --git a/nuget/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Analyze/AnalyzeWorkerTests.cs b/nuget/helpers/lib/NuGetUpdater/NuGetUpdater.Core.Test/Analyze/AnalyzeWorkerTests.cs
@@ -264,6 +264,46 @@ await TestAnalyzeAsync(
 
     [Fact]
     public async Task ReturnsUpToDate_ForMissingDependency()
+    {
+        await TestAnalyzeAsync(
+            packages:
+            [
+                // no packages listed
+            ],
+            discovery: new()
+            {
+                Path = "/",
+                Projects = [
+                    new()
+                    {
+                        FilePath = "./project.csproj",
+                        TargetFrameworks = ["net8.0"],
+                        Dependencies = [
+                            new("Some.Package", "1.0.0", DependencyType.PackageReference), // this was found in the source, but doesn't exist in any feed
+                        ],
+                    },
+                ],
+            },
+            dependencyInfo: new()
+            {
+                Name = "Some.Package",
+                Version = "1.0.0",
+                IgnoredVersions = [],
+                IsVulnerable = false,
+                Vulnerabilities = [],
+            },
+            expectedResult: new()
+            {
+                UpdatedVersion = "1.0.0",
+                CanUpdate = false,
+                VersionComesFromMultiDependencyProperty = false,
+                UpdatedDependencies = [],
+            }
+        );
+    }
+
+    [Fact]
+    public async Task ReturnsUpToDate_ForIgnoredRequirements()
     {
         await TestAnalyzeAsync(
             packages:

diff --git a/nuget/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/AnalyzeWorker.cs b/nuget/helpers/lib/NuGetUpdater/NuGetUpdater.Core/Analyze/AnalyzeWorker.cs
@@ -255,6 +255,12 @@ internal static async Task<T> DeserializeJsonFileAsync<T>(string path, string fi
         CancellationToken cancellationToken)
     {
         var versions = versionResult.GetVersions();
+        if (versions.Length == 0)
+        {
+            // if absolutely nothing was found, then we can't update
+            return null;
+        }
+
         var orderedVersions = findLowestVersion
             ? versions.OrderBy(v => v) // If we are fixing a vulnerability, then we want the lowest version that is safe.
             : versions.OrderByDescending(v => v); // If we are just updating versions, then we want the highest version possible.