Skip to content

[build] Update Microsoft.* NuGet package versions #1055

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Oct 27, 2022
Merged

[build] Update Microsoft.* NuGet package versions #1055

merged 1 commit into from
Oct 27, 2022

Conversation

@jonpryor
Copy link
Contributor

@jonpryor jonpryor commented Oct 27, 2022
edited
Loading

[build] Update Microsoft.* NuGet package versions

Context: c936d09
Context: https://devdiv.visualstudio.com/DevDiv/_componentGovernance/112825/alert/7082457?typeId=12393424

Component Governance is a Microsoft internal tool which checks
for known security issues in product dependencies. It is currently
reporting a defect in Java.Interop because of Newtonsoft.Json 9.0.1
and GHSA-5crp-9r3c-p9vr. This is a tad odd because Java.Interop
does not use Newtonsoft.Json.

Apparently the Microsoft.NET.Test.Sdk 16.11.0 package pulls in
Newtonsoft.Json 9.0.1 when $(TargetFramework)=UAP10.0, which is
also something that Java.Interop does not use.

Regardless! Take this as a reminder and opportunity to update some
NuGet packages. Update all of the Microsoft.* NuGet packages
except Microsoft.Xml.SgmlReader; as mentioned in c936d09, newer
versions of that package have an API break, which prevent us from
trivially bumping the dependency.

Most other Microsoft.* NuGet packages are updated to the latest
non-preview versions listed on NuGet.org and available on
dotnet-public.

Microsoft.NET.Test.Sdk is updated to the preview version
17.5.0-preview-20221003-04, because the current stable 17.3.2
version still references Newtonsoft.Json 9.0.1 for UAP10.0! 🙃

I have also sorted the Microsoft.* entries in
Directory.Build.targets.

One oddity: updating the Microsoft.NET.Test.Sdk NuGet package to
anything after 17.4.0-preview-20220726-02 results in a CS0017!

samples/Hello-Java.Base/Program.cs(15,22):
error CS0017: Program has more than one entry point defined.
Compile with /main to specify the type that contains the entry point.

This is because Hello-Java.Base.csproj references
TestJVM.csproj, which references Microsoft.NET.Test.Sdk, and
more recent versions of the Microsoft.NET.Test.Sdk package contain
buildTransitive/netcoreapp3.1/Microsoft.NET.Test.Sdk.Program.cs,
which contains a Main() method!

[Microsoft.VisualStudio.TestPlatform.TestSDKAutoGeneratedCode]                  
class AutoGeneratedProgram {static void Main(string[] args){}}

I am not at all sure why this was done.

Prevent the CS0017 by setting the $(StartupObject) MSBuild
property to Hello.App.

@jonpryor
[build] Update Microsoft.* NuGet package versions
fa66d8a 
Context: c936d09
Context: https://devdiv.visualstudio.com/DevDiv/_componentGovernance/112825/alert/7082457?typeId=12393424

[Component Governance][0] is a Microsoft internal tool which checks
for known security issues in product dependencies.  It is currently
reporting a defect in Java.Interop because of Newtonsoft.Json 9.0.1
and [GHSA-5crp-9r3c-p9vr][1].  This is a tad odd because Java.Interop
*does not use* Newtonsoft.Json.

Apparently the [Microsoft.NET.Test.Sdk 16.11.0 package][2] pulls in
Newtonsoft.Json 9.0.1 when `$(TargetFramework)`=UAP10.0, which is
also something that Java.Interop does not use.

Regardless!  Take this as a reminder and opportunity to update some
NuGet packages.  Update all of the `Microsoft.*` NuGet packages
*except* `Microsoft.Xml.SgmlReader`; as mentioned in c936d09, newer
versions of that package have an API break, which prevent us from
trivially bumping the dependency.

Most other `Microsoft.*` NuGet packages are updated to the latest
*non-preview* versions listed on NuGet.org and available on
[dotnet-public][3].

`Microsoft.NET.Test.Sdk` is updated to the *preview* version
17.5.0-preview-20221003-04, because the [current stable 17.3.2][4]
version *still* references Newtonsoft.Json 9.0.1 for UAP10.0! 🙃

I have also sorted the `Microsoft.*` entries in
`Directory.Build.targets`.

One oddity: updating the `Microsoft.NET.Test.Sdk` NuGet package to
anything after 17.4.0-preview-20220726-02 results in a CS0017!

	samples/Hello-Java.Base/Program.cs(15,22):
	error CS0017: Program has more than one entry point defined.
	Compile with /main to specify the type that contains the entry point.

This is because `Hello-Java.Base.csproj` references
`TestJVM.csproj`, which references `Microsoft.NET.Test.Sdk`, and
more recent versions of the `Microsoft.NET.Test.Sdk` package contain
`buildTransitive/netcoreapp3.1/Microsoft.NET.Test.Sdk.Program.cs`,
which contains a `Main()` method!

	[Microsoft.VisualStudio.TestPlatform.TestSDKAutoGeneratedCode]
	class AutoGeneratedProgram {static void Main(string[] args){}}

I am not at all sure why this was done.

Prevent the CS0017 by setting the [`$(StartupObject)`][5] MSBuild
property to `Hello.App`.

[0]: https://docs.opensource.microsoft.com/tools/cg/
[1]: GHSA-5crp-9r3c-p9vr
[2]: https://www.nuget.org/packages/Microsoft.NET.Test.Sdk/16.11.0
[3]: https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet-public/nuget/v3/index.json
[4]: https://www.fuget.org/packages/Microsoft.NET.Test.Sdk/17.3.2
[5]: https://learn.microsoft.com/en-us/visualstudio/msbuild/common-msbuild-project-properties?view=vs-2022
@jonpryor jonpryor force-pushed the jonp-use-Microsoft.NET.Test.Sdk-17.3.2 branch from fdc2220 to fa66d8a Compare October 27, 2022 21:05
@jonpryor
Copy link
Contributor Author

jonpryor commented Oct 27, 2022

Related: microsoft/vstest#4098

@jonpryor jonpryor merged commit 5318261 into dotnet:main Oct 27, 2022
jonpryor pushed a commit to dotnet/android that referenced this pull request Nov 1, 2022
@dependabot @jpobst
Bump to xamarin/Java.Interop/main@5318261 (#7502)
6573c37 
Fixes: dotnet/java-interop#1034
Fixes: dotnet/java-interop#1051

Context: 938b2cb

Changes: dotnet/java-interop@e1ee4b1...5318261

  * dotnet/java-interop@53182615: [build] Update Microsoft.* NuGet package versions (dotnet/java-interop#1055)
  * dotnet/java-interop@8e18c909: [generator] Avoid C#11 delegate cache overhead. (dotnet/java-interop#1053)
  * dotnet/java-interop@2d8b6d24: [generator] More AttributeTargets on SupportedOSPlatformAttribute (dotnet/java-interop#1054)
  * dotnet/java-interop@7dfbab67: [generator] Add [SupportedOSPlatform] to bound constant fields (dotnet/java-interop#1038)
  * dotnet/java-interop@1720628a: [generator] Mark generated .cs files as generated (dotnet/java-interop#1052)
  * dotnet/java-interop@f498fcf5: [Java.Interop] Avoid some method group conversions (dotnet/java-interop#1050)
  * dotnet/java-interop@16e1ecd4: [build] Use $(VSINSTALLDIR), not $(VSINSTALLROOT) (dotnet/java-interop#1048)
  * dotnet/java-interop@8e4c7d20: [Hello-Core] Add "low level" sample. (dotnet/java-interop#1047)

Additionally, remove `$(LangVersion)`=10 from `Mono.Android.csproj`,
which was a hack to work around a size regression due to delegate
caching in C# 11; see also 938b2cb, dotnet/java-interop@8e18c909.

Co-authored-by: Jonathan Pobst <[email protected]>
@github-actions github-actions bot locked and limited conversation to collaborators Apr 12, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@jonpryor