Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Framework package updates #1308

Merged
merged 2 commits into from
Nov 18, 2024
Merged

Conversation

ericstj
Copy link
Member

@ericstj ericstj commented Nov 18, 2024

Include non-implementation packages on .NETCore 2.x

Microsoft.NETCore.App contains only reference assemblies, but it was listed in CVEs, so should be excluded. The same is true for System.Private.Uri.
I did not include these previously because they weren't part of package overrides list, nor were they found through package comparisons - since conflict resolution doesn't need to do anything with non-implementation packages. They are important for CG though since they've been used in CVE reports.

Include framework packages for .NET 4.6.1

.NET 4.6.1 supports .NET Standard and has built in support for it that will win over nuget packages.
In .NET 4.6.1 - .NET 4.7.1 this comes from the Microsoft.NET.Build.Extensions component, after that it's built into the framework itself.

@grvillic

Microsoft.NETCore.App contains only reference assemblies, but it was listed in CVEs, so should be excluded.  The same is true for System.Private.Uri.

I did not include these previously because they weren't part of package overrides list, nor were they found through package comparisons - since conflict resolution doesn't need to do anything with non-implementation packages.  They are important for CG though since they've been used in CVE reports.
.NET 4.6.1 supports .NET Standard and has built in support for it that will win over nuget packages.

In .NET 4.6.1 - .NET 4.7.1 this comes from the Microsoft.NET.Build.Extensions component, after that it's built into the framework itself.
@ericstj ericstj requested a review from a team as a code owner November 18, 2024 22:00
@ericstj ericstj requested a review from FernandoRojo November 18, 2024 22:00
Copy link

codecov bot commented Nov 18, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 89.6%. Comparing base (7721f99) to head (4ce149c).
Report is 1 commits behind head on main.

Additional details and impacted files
@@           Coverage Diff           @@
##            main   #1308     +/-   ##
=======================================
- Coverage   89.6%   89.6%   -0.1%     
=======================================
  Files        378     379      +1     
  Lines      29960   29966      +6     
  Branches    1840    1840             
=======================================
+ Hits       26862   26867      +5     
  Misses      2707    2707             
- Partials     391     392      +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.


🚨 Try these New Features:

@grvillic grvillic merged commit 1a7b258 into microsoft:main Nov 18, 2024
20 of 23 checks passed
Copy link

github-actions bot commented Nov 18, 2024

👋 Hi! It looks like you modified some files in the Detectors folder.
You may need to bump the detector versions if any of the following scenarios apply:

  • The detector detects more or fewer components than before
  • The detector generates different parent/child graph relationships than before
  • The detector generates different devDependencies values than before

If none of the above scenarios apply, feel free to ignore this comment 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants