dependabot · abdulapopoola · Sep 25, 2024 · May 6, 2024 · May 6, 2024 · May 6, 2024
@@ -29,3 +29,5 @@ coverage/
 # Ignore spoom coverage report
 spoom_data/
 spoom_report.html
+# Ignore VSCode C# Dev Kit
+**/.mono/**/values.xml
@@ -0,0 +1,27 @@
+namespace NuGetUpdater.Core;
+
+internal static class LockFileUpdater
+{
+    public static async Task UpdateLockFileAsync(
+        string repoRootPath,
+        string projectPath,
+        Logger logger)
+    {
+        var lockPath = Path.Combine(Path.GetDirectoryName(projectPath), "packages.lock.json");
+        logger.Log($"  Running for lock file");
+        if (!File.Exists(lockPath))
+        {
+            logger.Log($"    File [{Path.GetRelativePath(repoRootPath, lockPath)}] does not exist.");
+            return;
+        }
+
+        var (exitCode, stdout, stderr) = await ProcessEx.RunAsync("dotnet", $"restore --force-evaluate {projectPath}");
+        if (exitCode != 0)
+        {
+            logger.Log($"    Lock file update failed.\nSTDOUT:\n{stdout}\nSTDERR:\n{stderr}");
+            return;
+        }
+
+        logger.Log($"    Saved [{Path.GetRelativePath(repoRootPath, lockPath)}].");
+    }
+}
@@ -141,5 +141,11 @@ private async Task RunUpdaterAsync(
 
         // Some repos use a mix of packages.config and PackageReference
         await SdkPackageUpdater.UpdateDependencyAsync(repoRootPath, projectPath, dependencyName, previousDependencyVersion, newDependencyVersion, isTransitive, _logger);
+
+        // Update lock file if exists
+        if (File.Exists(Path.Combine(Path.GetDirectoryName(projectPath), "packages.lock.json")))
+        {
+            await LockFileUpdater.UpdateLockFileAsync(repoRootPath, projectPath, _logger);
+        }
     }
 }
@@ -50,20 +50,22 @@ def initialize(source:, credentials:, repo_contents_path: nil, options: {})
         @fetched_files = T.let({}, T::Hash[String, T::Array[Dependabot::DependencyFile]])
         @nuget_config_files = T.let(nil, T.nilable(T::Array[Dependabot::DependencyFile]))
         @packages_config_files = T.let(nil, T.nilable(T::Array[Dependabot::DependencyFile]))
+        @packages_lock_files = T.let(nil, T.nilable(T::Array[Dependabot::DependencyFile]))
       end
 
       sig { override.returns(T::Array[DependencyFile]) }
       def fetch_files
-        fetched_files = []
-        fetched_files += project_files
-        fetched_files += directory_build_files
-        fetched_files += imported_property_files
-
-        fetched_files += packages_config_files
-        fetched_files += nuget_config_files
-        fetched_files << global_json if global_json
-        fetched_files << dotnet_tools_json if dotnet_tools_json
-        fetched_files << packages_props if packages_props
+        fetched_files = [
+          *project_files,
+          *directory_build_files,
+          *imported_property_files,
+          *packages_config_files,
+          *nuget_config_files,
+          *packages_lock_files,
+          global_json,
+          dotnet_tools_json,
+          packages_props
+        ].compact
 
         # dedup files based on their absolute path
         fetched_files = fetched_files.uniq do |fetched_file|
@@ -246,6 +248,21 @@ def nuget_config_files
         @nuget_config_files
       end
 
+      sig { returns(T::Array[Dependabot::DependencyFile]) }
+      def packages_lock_files
+        return @packages_lock_files if @packages_lock_files
+
+        candidate_paths =
+          [*project_files.map { |f| File.dirname(f.name) }, "."].uniq
+
+        @packages_lock_files =
+          candidate_paths.filter_map do |dir|
+            file = repo_contents(dir: dir)
+                   .find { |f| f.name.casecmp("packages.lock.json").zero? }
+            fetch_file_from_host(File.join(dir, file.name)) if file
+          end
+      end
+
       sig do
         params(
           project_file: Dependabot::DependencyFile,