Skip to content

Commit fa63f35

Browse files
jonpryorjonpryor
committed
[build] Update more NuGet package versions
Context: https://dev.azure.com/devdiv/DevDiv/_componentGovernance/112013/alert/2979569?typeId=6338203 [Component Governance][0] is a Microsoft internal tool which checks for known security issues in product dependencies. It is currently reporting a defect in Xamarin.Android because Java.Interop restores the `System.Net.Http` v4.1.0 NuGet package, which contains security vulnerability [CVE-2018-8292][1]: /s/xamarin-android/external/Java.Interop/packages/system.net.http/4.1.0/system.net.http.4.1.0.nupkg /s/xamarin-android/external/Java.Interop/packages/system.net.http/4.1.0/system.net.http.nuspec `System.Net.Http` v4.1.0 isn't actually *used* by Java.Interop or Xamarin.Android, it's just an implicit NuGet dependency of one of the various NuGet packages which Java.Interop relies on. The report is "noise". That said, we should still avoid "noise" when possible. Update most NuGet package versions within Java.Interop to the latest versions provided by `dotnet-public` or `dotnet-eng` (which may not be the latest versions on NuGet.org). Exceptions: * `Microsoft.Xml.SgmlReader` is not bumped, as the latest version introduced an ABI break. * `Microsoft.CodeAnalysis.FxCopAnalyzers` v3.3.2 deprecated the entire package, introducing additional warnings that I didn't want to deal with right now. * `protobuf-net` is still not updated, as the latest version causes unit test failures; see also PR #878. I've also moved most of the actual NuGet package version information into a set of MSBuild properties with a `NuGetPackageVersion` suffix, so that it will be easier to bump NuGet package versions in the future. [0]: https://docs.opensource.microsoft.com/tools/cg/ [1]: https://nvd.nist.gov/vuln/detail/CVE-2018-8292
1 parent b37a647 commit fa63f35

File tree

32 files changed

+123
-100
lines changed

32 files changed

+123
-100
lines changed

Directory.Build.props

Lines changed: 24 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -94,9 +94,32 @@
9494
<NoWarn>$(NoWarn);CA1307;CA1309;CA1310</NoWarn>
9595
</PropertyGroup>
9696

97+
<!-- NuGet Package Versions -->
98+
<PropertyGroup>
99+
<GitInfoNuGetPackageVersion>2.1.2</GitInfoNuGetPackageVersion>
100+
<HtmlAgilityPackNuGetPackageVersion>1.11.30</HtmlAgilityPackNuGetPackageVersion>
101+
<IronyNuGetPackageVersion>1.1.0</IronyNuGetPackageVersion>
102+
<MicrosoftBuildFrameworkNuGetPackageVersion>16.11.0</MicrosoftBuildFrameworkNuGetPackageVersion>
103+
<MicrosoftBuildUtilitiesCoreNuGetPackageVersion>16.11.0</MicrosoftBuildUtilitiesCoreNuGetPackageVersion>
104+
<MicrosoftCodeAnalysisCSharpNuGetPackageVersion>3.11.0</MicrosoftCodeAnalysisCSharpNuGetPackageVersion>
105+
<MicrosoftCodeAnalysisFxCopAnalyzersNuGetPackageVersion>3.3.0</MicrosoftCodeAnalysisFxCopAnalyzersNuGetPackageVersion>
106+
<MicrosoftNETFrameworkReferenceAssembliesNuGetPackageVersion>1.0.2</MicrosoftNETFrameworkReferenceAssembliesNuGetPackageVersion>
107+
<MicrosoftNETTestSdkNuGetPackageVersion>16.11.0</MicrosoftNETTestSdkNuGetPackageVersion>
108+
<MicrosoftXmlSgmlReaderNuGetPackageVersion>1.8.16</MicrosoftXmlSgmlReaderNuGetPackageVersion>
109+
<MonoCSharpNuGetPackageVersion>4.0.0.143</MonoCSharpNuGetPackageVersion>
110+
<MonoLinqExpressionsNuGetPackageVersion>2.0.0</MonoLinqExpressionsNuGetPackageVersion>
111+
<MonoOptionsNuGetPackageVersion>6.12.0.148</MonoOptionsNuGetPackageVersion>
112+
<MonoTerminalNuGetPackageVersion>5.4.2</MonoTerminalNuGetPackageVersion>
113+
<NUnit3TestAdapterNuGetPackageVersion>4.0.0</NUnit3TestAdapterNuGetPackageVersion>
114+
<NUnitConsoleRunnerNuGetPackageVersion>3.12.0</NUnitConsoleRunnerNuGetPackageVersion>
115+
<NunitNuGetPackageVersion>3.13.2</NunitNuGetPackageVersion>
116+
<ProtobufNetNuGetPackageVersion>2.4.4</ProtobufNetNuGetPackageVersion>
117+
<XliffTasksNuGetPackageVersion>1.0.0-beta.20420.1</XliffTasksNuGetPackageVersion>
118+
</PropertyGroup>
119+
97120
<!-- Add Roslyn analyzers NuGet to all projects -->
98121
<ItemGroup Condition=" '$(DisableRoslynAnalyzers)' != 'True' ">
99-
<PackageReference Include="Microsoft.CodeAnalysis.FxCopAnalyzers" Version="3.3.0">
122+
<PackageReference Include="Microsoft.CodeAnalysis.FxCopAnalyzers" Version="$(MicrosoftCodeAnalysisFxCopAnalyzersNuGetPackageVersion)">
100123
<PrivateAssets>all</PrivateAssets>
101124
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
102125
</PackageReference>

build-tools/Java.Interop.BootstrapTasks/Java.Interop.BootstrapTasks.csproj

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -7,8 +7,8 @@
77
</PropertyGroup>
88

99
<ItemGroup>
10-
<PackageReference Include="Microsoft.Build.Framework" Version="16.5.0" />
11-
<PackageReference Include="Microsoft.Build.Utilities.Core" Version="16.5.0" />
10+
<PackageReference Include="Microsoft.Build.Framework" Version="$(MicrosoftBuildFrameworkNuGetPackageVersion)" />
11+
<PackageReference Include="Microsoft.Build.Utilities.Core" Version="$(MicrosoftBuildUtilitiesCoreNuGetPackageVersion)" />
1212
</ItemGroup>
1313

1414
<ItemGroup>

build-tools/jnienv-gen/jnienv-gen.csproj

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,6 @@
1212
</PropertyGroup>
1313

1414
<ItemGroup>
15-
<PackageReference Include="Microsoft.NETFramework.ReferenceAssemblies" PrivateAssets="All" Version="1.0.0" />
15+
<PackageReference Include="Microsoft.NETFramework.ReferenceAssemblies" PrivateAssets="All" Version="$(MicrosoftNETFrameworkReferenceAssembliesNuGetPackageVersion)" />
1616
</ItemGroup>
1717
</Project>

build-tools/scripts/RunNUnitTests.targets

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -5,7 +5,7 @@
55
<_TopDir>$(MSBuildThisFileDirectory)..\..</_TopDir>
66
<_Runtime Condition=" '$(RUNTIME)' != '' ">$(RUNTIME)</_Runtime>
77
<_Runtime Condition=" '$(RUNTIME)' == '' And '$(OS)' != 'Windows_NT' ">mono --debug</_Runtime>
8-
<_NUnit>$(_Runtime) packages\nunit.consolerunner\3.11.1\tools\nunit3-console.exe</_NUnit>
8+
<_NUnit>$(_Runtime) packages\nunit.consolerunner\$(NUnitConsoleRunnerNuGetPackageVersion)\tools\nunit3-console.exe</_NUnit>
99
<_Run Condition=" '$(RUN)' != '' ">--run=&quot;$(RUN)&quot;</_Run>
1010
</PropertyGroup>
1111
<Import

build-tools/scripts/VersionInfo.targets

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
<GitThisAssembly>false</GitThisAssembly>
99
</PropertyGroup>
1010
<ItemGroup>
11-
<PackageReference Include="GitInfo" Version="2.1.2" PrivateAssets="all" />
11+
<PackageReference Include="GitInfo" PrivateAssets="all" Version="$(GitInfoNuGetPackageVersion)" />
1212
</ItemGroup>
1313

1414
<Target Name="GenerateVersionInfo"

samples/Hello/Hello.csproj

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@
1212
</PropertyGroup>
1313

1414
<ItemGroup>
15-
<PackageReference Include="Microsoft.NETFramework.ReferenceAssemblies" PrivateAssets="All" Version="1.0.0" />
15+
<PackageReference Include="Microsoft.NETFramework.ReferenceAssemblies" PrivateAssets="All" Version="$(MicrosoftNETFrameworkReferenceAssembliesNuGetPackageVersion)" />
1616
</ItemGroup>
1717

1818
<ItemGroup>

src/Java.Interop.Localization/Java.Interop.Localization.csproj

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
</PropertyGroup>
1212

1313
<ItemGroup>
14-
<PackageReference Include="XliffTasks" Version="1.0.0-beta.20420.1" />
14+
<PackageReference Include="XliffTasks" Version="$(XliffTasksNuGetPackageVersion)" />
1515
</ItemGroup>
1616

1717
<ItemGroup>

src/Java.Interop.Tools.JavaSource/Java.Interop.Tools.JavaSource.csproj

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,7 +15,7 @@
1515
<Compile Include="..\utils\NullableAttributes.cs" />
1616
</ItemGroup>
1717
<ItemGroup>
18-
<PackageReference Include="Irony" Version="1.1.0" />
18+
<PackageReference Include="Irony" Version="$(IronyNuGetPackageVersion)" />
1919
</ItemGroup>
2020
<ItemGroup>
2121
<ProjectReference Include="..\Xamarin.Android.Tools.ApiXmlAdjuster\Xamarin.Android.Tools.ApiXmlAdjuster.csproj" />

src/Xamarin.Android.Tools.AnnotationSupport/Xamarin.Android.Tools.AnnotationSupport.csproj

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99
</PropertyGroup>
1010

1111
<ItemGroup>
12-
<PackageReference Include="HtmlAgilityPack" Version="1.11.24" />
12+
<PackageReference Include="HtmlAgilityPack" Version="$(HtmlAgilityPackNuGetPackageVersion)" />
1313
</ItemGroup>
1414

1515
</Project>

src/Xamarin.Android.Tools.Bytecode/Xamarin.Android.Tools.Bytecode.csproj

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -11,7 +11,7 @@
1111
</PropertyGroup>
1212

1313
<ItemGroup>
14-
<PackageReference Include="protobuf-net" Version="2.4.4" />
14+
<PackageReference Include="protobuf-net" Version="$(ProtobufNetNuGetPackageVersion)" />
1515
</ItemGroup>
1616

1717
</Project>

0 commit comments

Comments
 (0)