Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update dependencies to prevent exposure to transitive vulnerabilities #2605

Merged
merged 12 commits into from
Nov 22, 2024
Merged

Update dependencies to prevent exposure to transitive vulnerabilities #2605

Show file tree
Hide file tree
Changes from 4 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
af5523d
GitHubSync update - release-6.2
internalautomation[bot] Oct 30, 2024
d1e2dbc
Fixes
tamararivera Nov 8, 2024
95232a4
Fixes obsolete and not used dependency
tamararivera Nov 8, 2024
3debb27
Bumps versions
tamararivera Nov 8, 2024
946819e
Clean up PolySharp package reference
bording Nov 22, 2024
f074396
Go back to original BitFaster.Caching version
bording Nov 22, 2024
a260e60
Update Microsoft.NET.Test.Sdk
bording Nov 22, 2024
b7f0c16
Update Particular.Approvals
bording Nov 22, 2024
09a56c4
Update Fody
bording Nov 22, 2024
d9f2f75
Remove unneeded package reference
bording Nov 22, 2024
9323ea4
Sort package references
bording Nov 22, 2024
278c6ff
Remove net7.0 target and set RollForward instead
bording Nov 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions src/CommandLine/NServiceBus.Transports.SQS.CommandLine.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -17,9 +17,9 @@
<PackageReference Include="AWSSDK.S3" Version="3.7.103.21" />
<PackageReference Include="AWSSDK.SimpleNotificationService" Version="3.7.101.20" />
<PackageReference Include="AWSSDK.SQS" Version="3.7.100.83" />
<PackageReference Include="BitFaster.Caching" Version="2.1.1" />
<PackageReference Include="BitFaster.Caching" Version="2.5.2" />
<PackageReference Include="McMaster.Extensions.CommandLineUtils" Version="4.0.2" />
<PackageReference Include="Particular.Packaging" Version="2.3.0" PrivateAssets="All" />
<PackageReference Include="Particular.Packaging" Version="4.2.0" PrivateAssets="All" />
</ItemGroup>

</Project>
8 changes: 2 additions & 6 deletions src/CommandLineTests/NServiceBus.Transports.SQS.CommandLine.Tests.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,10 @@
</ItemGroup>

<ItemGroup>
<PackageReference Include="AWSSDK.S3" Version="3.7.103.21" />
<PackageReference Include="AWSSDK.SimpleNotificationService" Version="3.7.101.20" />
<PackageReference Include="AWSSDK.SQS" Version="3.7.100.83" />
<PackageReference Include="BitFaster.Caching" Version="2.1.1" />
<PackageReference Include="GitHubActionsTestLogger" Version="2.3.3" />
<PackageReference Include="GitHubActionsTestLogger" Version="2.4.1" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
<PackageReference Include="NUnit" Version="3.14.0" />
<PackageReference Include="NUnit3TestAdapter" Version="4.5.0" />
<PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />
</ItemGroup>

<ItemGroup>
Expand Down
4 changes: 2 additions & 2 deletions src/Directory.Build.props
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,10 +7,10 @@
<EnableNETAnalyzers>true</EnableNETAnalyzers>
<AnalysisLevel Condition="'$(AnalysisLevel)' == ''">5.0</AnalysisLevel>
<EnforceCodeStyleInBuild>true</EnforceCodeStyleInBuild>
<!-- NuGetAuditMode set to 'all' for tool projects in Directory.Build.targets, other project types default to 'direct' -->
<NuGetAuditLevel>low</NuGetAuditLevel>
<NuGetAuditMode Condition="'$(NuGetAuditMode)' == ''">all</NuGetAuditMode>
<!-- To lock the version of Particular.Analyzers, for example, in a release branch, set this property in Custom.Build.props -->
<ParticularAnalyzersVersion Condition="'$(ParticularAnalyzersVersion)' == ''">2.1.2</ParticularAnalyzersVersion>
<ParticularAnalyzersVersion Condition="'$(ParticularAnalyzersVersion)' == ''">2.1.3</ParticularAnalyzersVersion>
<NServiceBusKey>0024000004800000940000000602000000240000525341310004000001000100dde965e6172e019ac82c2639ffe494dd2e7dd16347c34762a05732b492e110f2e4e2e1b5ef2d85c848ccfb671ee20a47c8d1376276708dc30a90ff1121b647ba3b7259a6bc383b2034938ef0e275b58b920375ac605076178123693c6c4f1331661a62eba28c249386855637780e3ff5f23a6d854700eaa6803ef48907513b92</NServiceBusKey>
<NServiceBusTestsKey>00240000048000009400000006020000002400005253413100040000010001007f16e21368ff041183fab592d9e8ed37e7be355e93323147a1d29983d6e591b04282e4da0c9e18bd901e112c0033925eb7d7872c2f1706655891c5c9d57297994f707d16ee9a8f40d978f064ee1ffc73c0db3f4712691b23bf596f75130f4ec978cf78757ec034625a5f27e6bb50c618931ea49f6f628fd74271c32959efb1c5</NServiceBusTestsKey>
</PropertyGroup>
Expand Down
4 changes: 1 addition & 3 deletions src/Directory.Build.targets
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,7 +1,5 @@
<Project>

<PropertyGroup>
<NuGetAuditMode Condition="'$(PackAsTool)' == 'true'">all</NuGetAuditMode>
</PropertyGroup>
<Import Project="msbuild\AutomaticVersionRanges.targets" Condition="Exists('msbuild\AutomaticVersionRanges.targets')" />

</Project>
2 changes: 1 addition & 1 deletion src/NServiceBus.Transport.SQS.AcceptanceTests/Installers/ServerWithInstallersDisabled.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ public virtual async Task<EndpointConfiguration> GetConfiguration(RunDescriptor
await configurationBuilderCustomization(builder).ConfigureAwait(false);

// scan types at the end so that all types used by the configuration have been loaded into the AppDomain
builder.TypesToIncludeInScan(endpointConfiguration.GetTypesScopedByTestClass());
builder.ScanTypesForTest(endpointConfiguration);

return builder;
}
Expand Down
10 changes: 3 additions & 7 deletions ...ServiceBus.Transport.SQS.AcceptanceTests/NServiceBus.Transport.SQS.AcceptanceTests.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,11 @@
</ItemGroup>

<ItemGroup>
<PackageReference Include="AWSSDK.S3" Version="3.7.103.21" />
<PackageReference Include="AWSSDK.SQS" Version="3.7.100.83" />
<PackageReference Include="AWSSDK.SimpleNotificationService" Version="3.7.101.20" />
<PackageReference Include="BitFaster.Caching" Version="2.1.1" />
<PackageReference Include="GitHubActionsTestLogger" Version="2.3.3" />
<PackageReference Include="NServiceBus.AcceptanceTests.Sources" Version="8.0.3" GeneratePathProperty="true" />
<PackageReference Include="GitHubActionsTestLogger" Version="2.4.1" />
<PackageReference Include="NServiceBus.AcceptanceTests.Sources" Version="8.2.4" GeneratePathProperty="true" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
<PackageReference Include="NUnit" Version="3.14.0" />
<PackageReference Include="NUnit3TestAdapter" Version="4.5.0" />
<PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />
<PackageReference Include="NServiceBus.Newtonsoft.Json" Version="3.0.0" />
</ItemGroup>

Expand Down
1 change: 0 additions & 1 deletion src/NServiceBus.Transport.SQS.Tests/InputQueuePumpTests.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,6 @@ namespace NServiceBus.Transport.SQS.Tests
using Amazon.SQS.Model;
using NUnit.Framework;
using Settings;
using SimpleJson;

[TestFixture]
public class InputQueuePumpTests
Expand Down
14 changes: 5 additions & 9 deletions src/NServiceBus.Transport.SQS.Tests/NServiceBus.Transport.SQS.Tests.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,17 +11,13 @@
</ItemGroup>

<ItemGroup>
<PackageReference Include="AWSSDK.S3" Version="3.7.103.21" />
<PackageReference Include="AWSSDK.SimpleNotificationService" Version="3.7.101.20" />
<PackageReference Include="AWSSDK.SQS" Version="3.7.100.83" />
<PackageReference Include="BitFaster.Caching" Version="2.1.1" />
<PackageReference Include="GitHubActionsTestLogger" Version="2.3.3" />
<PackageReference Include="GitHubActionsTestLogger" Version="2.4.1" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
<PackageReference Include="NUnit" Version="3.14.0" />
<PackageReference Include="NServiceBus" Version="8.0.3" />
<PackageReference Include="NUnit3TestAdapter" Version="4.5.0" />
<PackageReference Include="Particular.Approvals" Version="0.3.0" />
<PackageReference Include="PublicApiGenerator" Version="10.3.0" />
<PackageReference Include="NServiceBus" Version="8.2.4" />
<PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />
<PackageReference Include="Particular.Approvals" Version="1.0.0" />
<PackageReference Include="PublicApiGenerator" Version="11.1.0" />
</ItemGroup>

</Project>
12 changes: 4 additions & 8 deletions src/NServiceBus.Transport.SQS.TransportTests/NServiceBus.Transport.SQS.TransportTests.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,15 +12,11 @@
</ItemGroup>

<ItemGroup>
<PackageReference Include="AWSSDK.S3" Version="3.7.103.21" />
<PackageReference Include="AWSSDK.SimpleNotificationService" Version="3.7.101.20" />
<PackageReference Include="AWSSDK.SQS" Version="3.7.100.83" />
<PackageReference Include="BitFaster.Caching" Version="2.1.1" />
<PackageReference Include="GitHubActionsTestLogger" Version="2.3.3" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.9.0" />
<PackageReference Include="NServiceBus.TransportTests.Sources" Version="8.0.3" GeneratePathProperty="true" />
<PackageReference Include="GitHubActionsTestLogger" Version="2.4.1" />
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.1" />
<PackageReference Include="NServiceBus.TransportTests.Sources" Version="8.2.4" GeneratePathProperty="true" />
<PackageReference Include="NUnit" Version="3.14.0" />
<PackageReference Include="NUnit3TestAdapter" Version="4.5.0" />
<PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />
</ItemGroup>

<ItemGroup>
Expand Down
16 changes: 7 additions & 9 deletions src/NServiceBus.Transport.SQS/NServiceBus.Transport.SQS.csproj
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,20 +12,18 @@
</PropertyGroup>

<ItemGroup>
<PackageReference Include="AWSSDK.S3" Version="[3.7.103.2, 3.8.0)" />
<PackageReference Include="AWSSDK.SimpleNotificationService" Version="[3.7.101.3 , 3.8.0)" />
<PackageReference Include="AWSSDK.SQS" Version="[3.7.100.67, 3.8.0)" />
<PackageReference Include="BitFaster.Caching" Version="[2.1.1, 3.0.0)" />
<PackageReference Include="NServiceBus" Version="[8.0.0, 9.0.0)" />
<PackageReference Include="Fody" Version="6.6.4" PrivateAssets="All" />
<PackageReference Include="AWSSDK.S3" Version="3.7.103.21" />
<PackageReference Include="AWSSDK.SimpleNotificationService" Version="3.7.101.20" />
<PackageReference Include="AWSSDK.SQS" Version="3.7.100.83" />
<PackageReference Include="BitFaster.Caching" Version="2.5.2" />
<PackageReference Include="NServiceBus" Version="8.2.4" />
<PackageReference Include="Fody" Version="6.8.2" PrivateAssets="All" />
<PackageReference Include="Obsolete.Fody" Version="5.3.0" PrivateAssets="All" />
<PackageReference Include="Particular.Packaging" Version="2.3.0" PrivateAssets="All" />
<PackageReference Include="Particular.Packaging" Version="4.2.0" PrivateAssets="All" />
<PackageReference Include="PolySharp" Version="1.12.1">
<PrivateAssets>all</PrivateAssets>
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
</PackageReference>
<!-- Updated from 7.0.2 but unreleased in 6.2.0 -->
<PackageReference Include="System.Text.Json" Version="8.0.5" />
</ItemGroup>

<ItemGroup>
Expand Down
42 changes: 42 additions & 0 deletions src/msbuild/AutomaticVersionRanges.targets
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
<Project>

<PropertyGroup>
<AutomaticVersionRangesEnabled Condition="'$(AutomaticVersionRangesEnabled)' == '' And '$(Configuration)' == 'Debug'">false</AutomaticVersionRangesEnabled>
<AutomaticVersionRangesEnabled Condition="'$(AutomaticVersionRangesEnabled)' == '' And '$(IsPackable)' == 'false'">false</AutomaticVersionRangesEnabled>
<AutomaticVersionRangesEnabled Condition="'$(AutomaticVersionRangesEnabled)' == '' And '$(ManagePackageVersionsCentrally)' == 'true'">false</AutomaticVersionRangesEnabled>
<AutomaticVersionRangesEnabled Condition="'$(AutomaticVersionRangesEnabled)' == ''">true</AutomaticVersionRangesEnabled>
</PropertyGroup>

<UsingTask TaskName="ConvertToVersionRange" TaskFactory="RoslynCodeTaskFactory" AssemblyFile="$(MSBuildToolsPath)\Microsoft.Build.Tasks.Core.dll">
<Task>
<Code Source="$(MSBuildThisFileDirectory)ConvertToVersionRange.cs" />
</Task>
</UsingTask>

<Target Name="ConvertProjectReferenceVersionsToVersionRanges" AfterTargets="_GetProjectReferenceVersions" Condition="'$(AutomaticVersionRangesEnabled)' == 'true'">
<PropertyGroup>
<NumberOfProjectReferences>@(_ProjectReferencesWithVersions->Count())</NumberOfProjectReferences>
</PropertyGroup>
<ConvertToVersionRange Condition="$(NumberOfProjectReferences) &gt; 0" References="@(_ProjectReferencesWithVersions)" VersionProperty="ProjectVersion">
<Output TaskParameter="ReferencesWithVersionRanges" ItemName="_ProjectReferencesWithVersionRanges" />
</ConvertToVersionRange>
<ItemGroup Condition="$(NumberOfProjectReferences) &gt; 0">
<_ProjectReferencesWithVersions Remove="@(_ProjectReferencesWithVersions)" />
<_ProjectReferencesWithVersions Include="@(_ProjectReferencesWithVersionRanges)" />
</ItemGroup>
</Target>

<Target Name="ConvertPackageReferenceVersionsToVersionRanges" BeforeTargets="CollectPackageReferences" Condition="'$(AutomaticVersionRangesEnabled)' == 'true'">
<PropertyGroup>
<NumberOfPackageReferences>@(PackageReference->Count())</NumberOfPackageReferences>
</PropertyGroup>
<ConvertToVersionRange Condition="$(NumberOfPackageReferences) &gt; 0" References="@(PackageReference)" VersionProperty="Version">
<Output TaskParameter="ReferencesWithVersionRanges" ItemName="_PackageReferencesWithVersionRanges" />
</ConvertToVersionRange>
<ItemGroup Condition="$(NumberOfPackageReferences) &gt; 0">
<PackageReference Remove="@(PackageReference)" />
<PackageReference Include="@(_PackageReferencesWithVersionRanges)" />
</ItemGroup>
</Target>

</Project>
57 changes: 57 additions & 0 deletions src/msbuild/ConvertToVersionRange.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,57 @@
using System;
using System.Text.RegularExpressions;
using Microsoft.Build.Framework;
using Microsoft.Build.Utilities;

public class ConvertToVersionRange : Task
{
[Required]
public ITaskItem[] References { get; set; } = [];

[Required]
public string VersionProperty { get; set; } = string.Empty;

[Output]
public ITaskItem[] ReferencesWithVersionRanges { get; private set; } = [];

public override bool Execute()
{
var success = true;

foreach (var reference in References)
{
var automaticVersionRange = reference.GetMetadata("AutomaticVersionRange");

if (automaticVersionRange.Equals("false", StringComparison.OrdinalIgnoreCase))
{
continue;
}

var privateAssets = reference.GetMetadata("PrivateAssets");

if (privateAssets.Equals("All", StringComparison.OrdinalIgnoreCase))
{
continue;
}

var version = reference.GetMetadata(VersionProperty);
var match = Regex.Match(version, @"^\d+");

if (match.Value.Equals(string.Empty, StringComparison.Ordinal))
{
Log.LogError("Reference '{0}' with version '{1}' is not valid for automatic version range conversion. Fix the version or exclude the reference from conversion by setting 'AutomaticVersionRange=\"false\"' on the reference.", reference.ItemSpec, version);
success = false;
continue;
}

var nextMajor = Convert.ToInt32(match.Value) + 1;

var versionRange = $"[{version}, {nextMajor}.0.0)";
reference.SetMetadata(VersionProperty, versionRange);
}

ReferencesWithVersionRanges = References;

return success;
}
}
Loading