bump NuGet.Protocol to fix a vulnerability

Inok · Dec 6, 2023 · f5bdaf7 · f5bdaf7
1 parent 4b42ffc
commit f5bdaf7
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 6 deletions.
diff --git a/src/Promote.NuGet.Feeds/Promote.NuGet.Feeds.csproj b/src/Promote.NuGet.Feeds/Promote.NuGet.Feeds.csproj
@@ -2,7 +2,7 @@
     <ItemGroup>
         <PackageReference Include="CSharpFunctionalExtensions" Version="2.34.0" />
         <PackageReference Include="JetBrains.Annotations" Version="2022.1.0" />
-        <PackageReference Include="NuGet.Protocol" Version="6.3.0" />
+        <PackageReference Include="NuGet.Protocol" Version="6.8.0" />
     </ItemGroup>
 
 </Project>
diff --git a/src/Promote.NuGet/Promote.NuGet.csproj b/src/Promote.NuGet/Promote.NuGet.csproj
@@ -9,7 +9,7 @@
     <ItemGroup>
         <PackageReference Include="Humanizer.Core" Version="2.14.1" />
         <PackageReference Include="JetBrains.Annotations" Version="2022.1.0" />
-        <PackageReference Include="NuGet.Protocol" Version="6.3.0" />
+        <PackageReference Include="NuGet.Protocol" Version="6.8.0" />
         <PackageReference Include="Spectre.Console" Version="0.45.0" />
         <PackageReference Include="Spectre.Console.Analyzer" Version="0.45.0">
           <PrivateAssets>all</PrivateAssets>

diff --git a/src/Promote.NuGet/Promote/SinglePackage/PromoteSinglePackage.cs b/src/Promote.NuGet/Promote/SinglePackage/PromoteSinglePackage.cs
@@ -53,9 +53,10 @@ public override async Task<int> ExecuteAsync(CommandContext context, PromoteSing
         return 0;
     }
 
-    private async Task<Result<PackageIdentity>> CreatePackageIdentity(INuGetRepository repository,
-                                                                              PromoteSinglePackageSettings promoteSettings,
-                                                                              CancellationToken cancellationToken)
+    private async Task<Result<PackageIdentity>> CreatePackageIdentity(
+        INuGetRepository repository,
+        PromoteSinglePackageSettings promoteSettings,
+        CancellationToken cancellationToken)
     {
         if (!promoteSettings.IsLatestVersion)
         {

diff --git a/src/Promote.NuGet/Promote/SinglePackage/PromoteSinglePackageSettings.cs b/src/Promote.NuGet/Promote/SinglePackage/PromoteSinglePackageSettings.cs
@@ -1,4 +1,5 @@
 using System.ComponentModel;
+using System.Diagnostics.CodeAnalysis;
 using NuGet.Versioning;
 using Spectre.Console;
 using Spectre.Console.Cli;
@@ -17,6 +18,7 @@ internal sealed class PromoteSinglePackageSettings : PromoteSettings
     [CommandOption("-v|--version")]
     public string? Version { get; init; }
 
+    [MemberNotNullWhen(false, nameof(Version))]
     public bool IsLatestVersion => string.IsNullOrEmpty(Version) || string.Equals(Version, EXPLICIT_LATEST_VERSION_STRING, StringComparison.OrdinalIgnoreCase);
 
     public override ValidationResult Validate()

diff --git a/tests/Promote.NuGet.Tests/Promote/FromFile/PackageDescriptorParserTests.cs b/tests/Promote.NuGet.Tests/Promote/FromFile/PackageDescriptorParserTests.cs
@@ -10,7 +10,7 @@ namespace Promote.NuGet.Tests.Promote.FromFile;
 public class PackageDescriptorParserTests
 {
     [TestCase("PackageName 1.2.3", "PackageName", "[1.2.3]")]
-    public void Parse_space_separated_package_descriptor(string input, string id, string? versionRange)
+    public void Parse_space_separated_package_descriptor(string input, string id, string versionRange)
     {
         var expected = new PackageDependency(id, VersionRange.Parse(versionRange));