Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use transitive pinning and update dependencies #16566

Merged
merged 1 commit into from
Aug 15, 2024
Merged

Use transitive pinning and update dependencies #16566

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions Directory.Packages.props
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,6 +6,7 @@

<PropertyGroup>
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
<CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
<!-- Special case - this property is used by a DotNetCliToolReference -->
<DotNetXunitVersion>2.3.0</DotNetXunitVersion>
</PropertyGroup>
Expand Down Expand Up @@ -93,6 +94,40 @@
<PackageVersion Include="ZString" Version="2.6.0" />
</ItemGroup>

<!-- These versions are used for tansitive dependency forced upgrades only. For instance when a package reference a vulnerable version. -->
<!-- To list all vulnerable direct references run 'dotnet list package -vulnerable' -->
<!-- To list all vulnerable transitive references run 'dotnet list package -vulnerable -include-transitive' -->
<!-- The dependency graphs are generated using 'dotnet nuget why <.sln> <package id>' -->
<ItemGroup>
<!--
MiniProfiler.AspNetCore.Mvc (v4.3.8)
└─ MiniProfiler.AspNetCore (v4.3.8)
└─ MiniProfiler.Shared (v4.3.8)
└─ System.Data.Common (v4.3.0)
└─ System.Text.RegularExpressions (v4.3.0)
-->
<PackageVersion Include="System.Text.RegularExpressions" Version="4.3.1" />

<!--
Azure.Extensions.AspNetCore.DataProtection.Blobs (v1.3.4)
└─ Microsoft.AspNetCore.DataProtection (v3.1.32)
└─ System.Security.Cryptography.Xml (v4.7.1)
└─ System.Security.Permissions (v4.7.0)
└─ System.Windows.Extensions (v4.7.0)
└─ System.Drawing.Common (v4.7.0)
-->
<PackageVersion Include="System.Drawing.Common" Version="4.7.2" />

<!--
Microsoft.AspNetCore.DataProtection.StackExchangeRedis (v8.0.8)
└─ Microsoft.AspNetCore.DataProtection (v8.0.8)
└─ System.Security.Cryptography.Xml (v8.0.1)
└─ System.Security.Cryptography.Pkcs (v8.0.0)
└─ System.Formats.Asn1 (v8.0.0)
-->
<PackageVersion Include="System.Formats.Asn1" Version="8.0.1" />
</ItemGroup>

<!-- These versions are used for the NuGet packages that are dependent on the current TFM -->
<!-- Versions are preset for the default TFM (there may be no TFM in an evaluation phase) -->
<PropertyGroup>
Expand Down
Loading