Fix CG issue for Microsoft.IO.Redist #74653
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
dotnet-issue-labeler
bot
added
Area-Infrastructure
untriaged
Cosifne
approved these changes
Aug 5, 2024
333fred
approved these changes
Aug 5, 2024
jaredpar
added a commit
to dotnet/razor
that referenced
this pull request
Aug 7, 2024
This should make it much easier for us to respond to CG alerts in the future. All that will need to be done is add an entry in Directory.Packages.props and it will automatically impact all consumers of it. Consider this example in Roslyn for how to respond to a CG issue dotnet/roslyn#74653
Move to a version with the appropriate fix
333fred
reviewed
Aug 7, 2024
| @@ -34,6 +34,7 @@ | |||
| <PackageReference Include="System.CommandLine" /> | |||
| <PackageReference Include="System.Collections.Immutable" /> | |||
| <PackageReference Include="Newtonsoft.Json" /> | |||
| <PackageReference Include="Microsoft.IO.Redist" Condition="'$(TargetFrameworkIdentifier)' != '.NETCoreApp'" /> | |||
There was a problem hiding this comment.
It's busted you have to do this, you want all of MSBuild to be Exclude="Runtime"
I wonder if instead of referencing the packages for MSBuild which bring in it's entire NuGet graph, you could just reference the API it exposes. As reference assemblies. cc @baronfel
jasonmalinowski
approved these changes
Aug 8, 2024
jaredpar
added a commit
to dotnet/razor
that referenced
this pull request
Aug 9, 2024
* Move to central package pinning This should make it much easier for us to respond to CG alerts in the future. All that will need to be done is add an entry in Directory.Packages.props and it will automatically impact all consumers of it. Consider this example in Roslyn for how to respond to a CG issue dotnet/roslyn#74653
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Move to a version with the appropriate fix
The explicit ref of Microsoft.IO.Redist is required because of dotnet/sdk#42608