Skip to content

Commit

Permalink
[repo] Enable NugetAudit - finalize (#2079)
Browse files Browse the repository at this point in the history
  • Loading branch information
Kielek authored Sep 18, 2024
1 parent 18c5a26 commit 378a1a3
Show file tree
Hide file tree
Showing 9 changed files with 31 additions and 6 deletions.
2 changes: 1 addition & 1 deletion build/Common.nonprod.props
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,7 @@
<SupportedNetTargets>net8.0;net6.0</SupportedNetTargets>
<XUnitRunnerVisualStudioPkgVer>[2.8.2,3.0)</XUnitRunnerVisualStudioPkgVer>
<XUnitPkgVer>[2.9.0,3.0)</XUnitPkgVer>
<WiremockNetPkgVer>[1.6.1,2.0)</WiremockNetPkgVer>
<WiremockNetPkgVer>[1.6.3,2.0)</WiremockNetPkgVer>
</PropertyGroup>

<ItemGroup Condition="'$(IsTestProject)' == 'true'">
Expand Down
3 changes: 1 addition & 2 deletions build/Common.props
Original file line number Diff line number Diff line change
Expand Up @@ -14,8 +14,7 @@
<Nullable>enable</Nullable>
<ImplicitUsings>enable</ImplicitUsings>
<NuGetAudit>true</NuGetAudit>
<!-- NuGetAuditMode will be uncommented in the future PR when all issues will be fixed. -->
<!--<NuGetAuditMode>all</NuGetAuditMode>-->
<NuGetAuditMode>all</NuGetAuditMode>
<NuGetAuditLevel>low</NuGetAuditLevel>
</PropertyGroup>

Expand Down
4 changes: 3 additions & 1 deletion examples/wcf/client-core/Examples.Wcf.Client.DotNet.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -9,8 +9,10 @@
<PackageReference Include="System.ServiceModel.Http" Version="4.7.0" />
<PackageReference Include="System.ServiceModel.NetTcp" Version="4.7.0" />
<PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="8.0.0" />
<PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="8.0.0" />
<PackageReference Include="Microsoft.Extensions.Configuration.Binder" Version="8.0.2" />
<PackageReference Include="OpenTelemetry.Exporter.Zipkin" Version="$(OpenTelemetryCoreLatestVersion)" />
<!-- System.Text.Json is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-hh2w-p6rv-4g7w -->
<PackageReference Include="System.Text.Json" Version="8.0.4" />
</ItemGroup>

<ItemGroup>
Expand Down
11 changes: 9 additions & 2 deletions examples/wcf/shared/Examples.Wcf.Shared.csproj
Original file line number Diff line number Diff line change
Expand Up @@ -2,16 +2,23 @@

<PropertyGroup>
<!-- OmniSharp/VS Code requires TargetFrameworks to be in descending order for IntelliSense and analysis. -->
<TargetFrameworks>netstandard2.0;net462</TargetFrameworks>
<TargetFrameworks>net8.0;net462</TargetFrameworks>
</PropertyGroup>

<ItemGroup Condition="'$(TargetFramework)' == 'net462'">
<Reference Include="System.ServiceModel" />
<Reference Include="System.ServiceModel.Web" />
</ItemGroup>

<ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.0'">
<ItemGroup Condition="'$(TargetFramework)' == 'net8.0'">
<PackageReference Include="System.ServiceModel.Primitives" Version="4.7.0" />
</ItemGroup>

<ItemGroup>
<!-- System.Security.Cryptography.Xml is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-rxg9-xrhp-64gj -->
<PackageReference Include="System.Security.Cryptography.Xml" Version="4.7.1" />
<!-- System.Drawing.Common is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-rxg9-xrhp-64gj -->
<PackageReference Include="System.Drawing.Common" Version="4.7.3" />
</ItemGroup>

</Project>
Original file line number Diff line number Diff line change
Expand Up @@ -13,6 +13,11 @@
<Compile Include="$(RepoRoot)\src\Shared\PropertyFetcher.AOT.cs" Link="Includes\PropertyFetcher.AOT.cs" />
</ItemGroup>

<ItemGroup>
<!-- System.Private.Uri is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-5f2m-466j-3848 -->
<PackageReference Include="System.Private.Uri" Version="4.3.2" />
</ItemGroup>

<ItemGroup>
<!--
When adding projects here please also update the verify-aot-compat job in
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@
<PackageReference Include="StrongNamer" Version="0.2.5" />
<PackageReference Include="OpenTelemetry.Exporter.InMemory" Version="$(OpenTelemetryExporterInMemoryLatestPreReleasePkgVer)" />
<PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="$(OTelSdkVersion)" />
<!-- System.Text.RegularExpressions is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-cmhx-cq75-c4mj -->
<PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
<!-- System.Net.Http is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-7jgj-8wvc-jh57 -->
<PackageReference Include="System.Net.Http" Version="4.3.4" />
</ItemGroup>

<ItemGroup>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,10 @@
<PackageReference Include="Microsoft.Extensions.Hosting" Version="$(MicrosoftExtensionsHostingPkgVer)" />
<PackageReference Include="OpenTelemetry.Extensions.Hosting" Version="$(OpenTelemetryCoreLatestVersion)" />
<PackageReference Include="OpenTelemetry.Exporter.InMemory" Version="$(OpenTelemetryCoreLatestVersion)" />
<!-- System.Text.Json is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-hh2w-p6rv-4g7w -->
<PackageReference Include="System.Text.Json" Version="8.0.4" />
<!-- System.Drawing.Common is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-rxg9-xrhp-64gj -->
<PackageReference Include="System.Drawing.Common" Version="4.7.3" />
</ItemGroup>

<ItemGroup>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,8 @@
<ItemGroup Condition="'$(TargetFramework)' != 'net462'">
<PackageReference Include="System.ServiceModel.Http" Version="4.7.0" />
<PackageReference Include="System.ServiceModel.NetTcp" Version="4.7.0" />
<!-- System.Drawing.Common is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-rxg9-xrhp-64gj -->
<PackageReference Include="System.Drawing.Common" Version="4.7.3" />
</ItemGroup>

<ItemGroup>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@

<ItemGroup>
<PackageReference Include="Wiremock.Net" Version="$(WiremockNetPkgVer)" />
<!-- System.Text.RegularExpressions is indirect reference. It is needed to upgrade it directly to avoid https://github.com/advisories/GHSA-cmhx-cq75-c4mj -->
<PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
</ItemGroup>

<ItemGroup>
Expand Down

0 comments on commit 378a1a3

Please sign in to comment.