From 324ab11a77dadcad13a99e96b5def139a7c0e4d3 Mon Sep 17 00:00:00 2001
From: "internalautomation[bot]"
 <85681268+internalautomation[bot]@users.noreply.github.com>
Date: Wed, 4 Dec 2024 16:57:35 -0500
Subject: [PATCH] GitHubSync update - master (#567)

* GitHubSync update - master

* Update packages to prevent transitive CVE

* Update Fody

---------

Co-authored-by: internalautomation[bot] <85681268+internalautomation[bot]@users.noreply.github.com>
Co-authored-by: Brandon Ording <bording@gmail.com>
---
 .github/dependabot.yml                        |  5 ++
 ...ion.MessageProperty.AcceptanceTests.csproj |  2 +-
 src/Directory.Build.props                     |  4 +-
 src/Directory.Build.targets                   |  4 +-
 ...rviceBus.Encryption.MessageProperty.csproj |  9 ++-
 ...us.Encryption.MessageProperty.Tests.csproj |  1 -
 src/msbuild/AutomaticVersionRanges.targets    | 42 ++++++++++++++
 src/msbuild/ConvertToVersionRange.cs          | 57 +++++++++++++++++++
 8 files changed, 114 insertions(+), 10 deletions(-)
 create mode 100644 src/msbuild/AutomaticVersionRanges.targets
 create mode 100644 src/msbuild/ConvertToVersionRange.cs

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 8a261a2..bc1175f 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -1,7 +1,12 @@
 version: 2
+registries:
+  particular-packages:
+    type: nuget-feed
+    url: https://f.feedz.io/particular-software/packages/nuget/index.json
 updates:
 - package-ecosystem: nuget
   directory: "/src"
+  registries: "*"
   schedule:
     interval: daily
   open-pull-requests-limit: 1000
diff --git a/src/AcceptanceTests/NServiceBus.Encryption.MessageProperty.AcceptanceTests.csproj b/src/AcceptanceTests/NServiceBus.Encryption.MessageProperty.AcceptanceTests.csproj
index eaa5e23..5bfc696 100644
--- a/src/AcceptanceTests/NServiceBus.Encryption.MessageProperty.AcceptanceTests.csproj
+++ b/src/AcceptanceTests/NServiceBus.Encryption.MessageProperty.AcceptanceTests.csproj
@@ -11,7 +11,7 @@
   <ItemGroup>
     <PackageReference Include="GitHubActionsTestLogger" Version="2.4.1" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
-    <PackageReference Include="NServiceBus.AcceptanceTesting" Version="9.2.2" />
+    <PackageReference Include="NServiceBus.AcceptanceTesting" Version="9.2.3" />
     <PackageReference Include="NUnit" Version="4.2.2" />
     <PackageReference Include="NUnit.Analyzers" Version="4.4.0" />
     <PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />
diff --git a/src/Directory.Build.props b/src/Directory.Build.props
index 7e3a698..4b7369c 100644
--- a/src/Directory.Build.props
+++ b/src/Directory.Build.props
@@ -7,10 +7,10 @@
     <EnableNETAnalyzers>true</EnableNETAnalyzers>
     <AnalysisLevel Condition="'$(AnalysisLevel)' == ''">5.0</AnalysisLevel>
     <EnforceCodeStyleInBuild>true</EnforceCodeStyleInBuild>
-    <!-- NuGetAuditMode set to 'all' for tool projects in Directory.Build.targets, other project types default to 'direct' -->
     <NuGetAuditLevel>low</NuGetAuditLevel>
+    <NuGetAuditMode Condition="'$(NuGetAuditMode)' == ''">all</NuGetAuditMode>
     <!-- To lock the version of Particular.Analyzers, for example, in a release branch, set this property in Custom.Build.props -->
-    <ParticularAnalyzersVersion Condition="'$(ParticularAnalyzersVersion)' == ''">2.1.2</ParticularAnalyzersVersion>
+    <ParticularAnalyzersVersion Condition="'$(ParticularAnalyzersVersion)' == ''">2.1.3</ParticularAnalyzersVersion>
     <NServiceBusKey>0024000004800000940000000602000000240000525341310004000001000100dde965e6172e019ac82c2639ffe494dd2e7dd16347c34762a05732b492e110f2e4e2e1b5ef2d85c848ccfb671ee20a47c8d1376276708dc30a90ff1121b647ba3b7259a6bc383b2034938ef0e275b58b920375ac605076178123693c6c4f1331661a62eba28c249386855637780e3ff5f23a6d854700eaa6803ef48907513b92</NServiceBusKey>
     <NServiceBusTestsKey>00240000048000009400000006020000002400005253413100040000010001007f16e21368ff041183fab592d9e8ed37e7be355e93323147a1d29983d6e591b04282e4da0c9e18bd901e112c0033925eb7d7872c2f1706655891c5c9d57297994f707d16ee9a8f40d978f064ee1ffc73c0db3f4712691b23bf596f75130f4ec978cf78757ec034625a5f27e6bb50c618931ea49f6f628fd74271c32959efb1c5</NServiceBusTestsKey>
   </PropertyGroup>
diff --git a/src/Directory.Build.targets b/src/Directory.Build.targets
index d47a6af..9896640 100644
--- a/src/Directory.Build.targets
+++ b/src/Directory.Build.targets
@@ -1,7 +1,5 @@
 <Project>
 
-  <PropertyGroup>
-    <NuGetAuditMode Condition="'$(PackAsTool)' == 'true'">all</NuGetAuditMode>
-  </PropertyGroup>
+  <Import Project="msbuild\AutomaticVersionRanges.targets" Condition="Exists('msbuild\AutomaticVersionRanges.targets')" />
 
 </Project>
diff --git a/src/MessageProperty/NServiceBus.Encryption.MessageProperty.csproj b/src/MessageProperty/NServiceBus.Encryption.MessageProperty.csproj
index aaf98ab..2318f57 100644
--- a/src/MessageProperty/NServiceBus.Encryption.MessageProperty.csproj
+++ b/src/MessageProperty/NServiceBus.Encryption.MessageProperty.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
@@ -8,8 +8,11 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="NServiceBus" Version="[9.0.0, 10.0.0)" />
-    <PackageReference Include="Fody" Version="6.8.1" PrivateAssets="All" />
+    <PackageReference Include="NServiceBus" Version="9.2.3" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <PackageReference Include="Fody" Version="6.9.1" PrivateAssets="All" />
     <PackageReference Include="Obsolete.Fody" Version="5.3.0" PrivateAssets="All" />
     <PackageReference Include="Particular.Packaging" Version="4.2.0" PrivateAssets="All" />
   </ItemGroup>
diff --git a/src/Tests/NServiceBus.Encryption.MessageProperty.Tests.csproj b/src/Tests/NServiceBus.Encryption.MessageProperty.Tests.csproj
index de11408..d1898af 100644
--- a/src/Tests/NServiceBus.Encryption.MessageProperty.Tests.csproj
+++ b/src/Tests/NServiceBus.Encryption.MessageProperty.Tests.csproj
@@ -13,7 +13,6 @@
   <ItemGroup>
     <PackageReference Include="GitHubActionsTestLogger" Version="2.4.1" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
-    <PackageReference Include="NServiceBus" Version="9.2.2" />
     <PackageReference Include="NUnit" Version="4.2.2" />
     <PackageReference Include="NUnit.Analyzers" Version="4.4.0" />
     <PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />
diff --git a/src/msbuild/AutomaticVersionRanges.targets b/src/msbuild/AutomaticVersionRanges.targets
new file mode 100644
index 0000000..9737210
--- /dev/null
+++ b/src/msbuild/AutomaticVersionRanges.targets
@@ -0,0 +1,42 @@
+<Project>
+
+  <PropertyGroup>
+    <AutomaticVersionRangesEnabled Condition="'$(AutomaticVersionRangesEnabled)' == '' And '$(Configuration)' == 'Debug'">false</AutomaticVersionRangesEnabled>
+    <AutomaticVersionRangesEnabled Condition="'$(AutomaticVersionRangesEnabled)' == '' And '$(IsPackable)' == 'false'">false</AutomaticVersionRangesEnabled>
+    <AutomaticVersionRangesEnabled Condition="'$(AutomaticVersionRangesEnabled)' == '' And '$(ManagePackageVersionsCentrally)' == 'true'">false</AutomaticVersionRangesEnabled>
+    <AutomaticVersionRangesEnabled Condition="'$(AutomaticVersionRangesEnabled)' == ''">true</AutomaticVersionRangesEnabled>
+  </PropertyGroup>
+
+  <UsingTask TaskName="ConvertToVersionRange" TaskFactory="RoslynCodeTaskFactory" AssemblyFile="$(MSBuildToolsPath)\Microsoft.Build.Tasks.Core.dll">
+    <Task>
+      <Code Source="$(MSBuildThisFileDirectory)ConvertToVersionRange.cs" />
+    </Task>
+  </UsingTask>
+
+  <Target Name="ConvertProjectReferenceVersionsToVersionRanges" AfterTargets="_GetProjectReferenceVersions" Condition="'$(AutomaticVersionRangesEnabled)' == 'true'">
+    <PropertyGroup>
+      <NumberOfProjectReferences>@(_ProjectReferencesWithVersions->Count())</NumberOfProjectReferences>
+    </PropertyGroup>
+    <ConvertToVersionRange Condition="$(NumberOfProjectReferences) &gt; 0" References="@(_ProjectReferencesWithVersions)" VersionProperty="ProjectVersion">
+      <Output TaskParameter="ReferencesWithVersionRanges" ItemName="_ProjectReferencesWithVersionRanges" />
+    </ConvertToVersionRange>
+    <ItemGroup Condition="$(NumberOfProjectReferences) &gt; 0">
+      <_ProjectReferencesWithVersions Remove="@(_ProjectReferencesWithVersions)" />
+      <_ProjectReferencesWithVersions Include="@(_ProjectReferencesWithVersionRanges)" />
+    </ItemGroup>
+  </Target>
+
+  <Target Name="ConvertPackageReferenceVersionsToVersionRanges" BeforeTargets="CollectPackageReferences" Condition="'$(AutomaticVersionRangesEnabled)' == 'true'">
+    <PropertyGroup>
+      <NumberOfPackageReferences>@(PackageReference->Count())</NumberOfPackageReferences>
+    </PropertyGroup>
+    <ConvertToVersionRange Condition="$(NumberOfPackageReferences) &gt; 0" References="@(PackageReference)" VersionProperty="Version">
+      <Output TaskParameter="ReferencesWithVersionRanges" ItemName="_PackageReferencesWithVersionRanges" />
+    </ConvertToVersionRange>
+    <ItemGroup Condition="$(NumberOfPackageReferences) &gt; 0">
+      <PackageReference Remove="@(PackageReference)" />
+      <PackageReference Include="@(_PackageReferencesWithVersionRanges)" />
+    </ItemGroup>
+  </Target>
+
+</Project>
diff --git a/src/msbuild/ConvertToVersionRange.cs b/src/msbuild/ConvertToVersionRange.cs
new file mode 100644
index 0000000..d918478
--- /dev/null
+++ b/src/msbuild/ConvertToVersionRange.cs
@@ -0,0 +1,57 @@
+using System;
+using System.Text.RegularExpressions;
+using Microsoft.Build.Framework;
+using Microsoft.Build.Utilities;
+
+public class ConvertToVersionRange : Task
+{
+    [Required]
+    public ITaskItem[] References { get; set; } = [];
+
+    [Required]
+    public string VersionProperty { get; set; } = string.Empty;
+
+    [Output]
+    public ITaskItem[] ReferencesWithVersionRanges { get; private set; } = [];
+
+    public override bool Execute()
+    {
+        var success = true;
+
+        foreach (var reference in References)
+        {
+            var automaticVersionRange = reference.GetMetadata("AutomaticVersionRange");
+
+            if (automaticVersionRange.Equals("false", StringComparison.OrdinalIgnoreCase))
+            {
+                continue;
+            }
+
+            var privateAssets = reference.GetMetadata("PrivateAssets");
+
+            if (privateAssets.Equals("All", StringComparison.OrdinalIgnoreCase))
+            {
+                continue;
+            }
+
+            var version = reference.GetMetadata(VersionProperty);
+            var match = Regex.Match(version, @"^\d+");
+
+            if (match.Value.Equals(string.Empty, StringComparison.Ordinal))
+            {
+                Log.LogError("Reference '{0}' with version '{1}' is not valid for automatic version range conversion. Fix the version or exclude the reference from conversion by setting 'AutomaticVersionRange=\"false\"' on the reference.", reference.ItemSpec, version);
+                success = false;
+                continue;
+            }
+
+            var nextMajor = Convert.ToInt32(match.Value) + 1;
+
+            var versionRange = $"[{version}, {nextMajor}.0.0)";
+            reference.SetMetadata(VersionProperty, versionRange);
+        }
+
+        ReferencesWithVersionRanges = References;
+
+        return success;
+    }
+}