Fix msbuild parser allowing missing versions
#1559
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This change updates the `msbuild` lockfile parser so that it will not allow for missing names and or versions. Before this change, a `*.csproj` file parsed as a lockfile (e.g., with type of `msbuild`) would show entries with missing name or version as an empty string. This causes analysis failures when submitting to the API since a valid package descriptor requires a non-empty `version` field. Dependency management in NuGet's "Central Package Management" (CPM) allows for `*.csproj` files containing `PackageReference` elements without a `Version` attribute. Those versions will be included, along with the fully transitive set, in the `packages.lock.json` lockfile generated by NuGet. When both files are present in the same directory, the changes in this patch will correctly parse both. For more about CPM, see this reference: https://devblogs.microsoft.com/nuget/introducing-central-package-management/ The `sample.csproj` test fixture was updated to include an entry with neither a name or version and another entry with a name but no version.
cd-work
approved these changes
Dec 20, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This change updates the
msbuildlockfile parser so that it will not allow for missing names and or versions. Before this change, a*.csprojfile parsed as a lockfile (e.g., with type ofmsbuild) would show entries with missing name or version as an empty string. This causes analysis failures when submitting to the API since a valid package descriptor requires a non-emptyversionfield.Dependency management in NuGet's "Central Package Management" (CPM) allows for
*.csprojfiles containingPackageReferenceelements without aVersionattribute. Those versions will be included, along with the fully transitive set, in thepackages.lock.jsonlockfile generated by NuGet. When both files are present in the same directory, the changes in this patch will correctly parse both. For more about CPM, see this reference:https://devblogs.microsoft.com/nuget/introducing-central-package-management/
The
sample.csprojtest fixture was updated to include an entry with neither a name or version and another entry with a name but no version.