forked from NuGet/NuGet.Client
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Directory.Packages.props
207 lines (189 loc) · 16.3 KB
/
Directory.Packages.props
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
<Project>
<PropertyGroup>
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
<MicrosoftCodeAnalysisPublicApiAnalyzersVersion Condition="'$(MicrosoftCodeAnalysisPublicApiAnalyzersVersion)' == ''">3.3.4</MicrosoftCodeAnalysisPublicApiAnalyzersVersion>
<NewtonsoftJsonPackageVersion Condition="'$(NewtonsoftJsonPackageVersion)' == ''">13.0.3</NewtonsoftJsonPackageVersion>
<SystemFormatsAsn1PackageVersion Condition="'$(SystemFormatsAsn1PackageVersion)' == ''">8.0.1</SystemFormatsAsn1PackageVersion>
<SystemTextJsonVersion Condition="'$(SystemTextJsonVersion)' == ''">8.0.4</SystemTextJsonVersion>
<SystemPackagesVersion Condition="'$(SystemPackagesVersion)' == ''">4.3.0</SystemPackagesVersion>
<SystemCommandLineVersion Condition="'$(SystemCommandLineVersion)' == ''">2.0.0-beta4.23307.1</SystemCommandLineVersion>
<MSTestPackageVersion>3.4.3</MSTestPackageVersion>
</PropertyGroup>
<!-- MSBuild has vulnerable dependencies Microsoft.IO.Redist and System.Security.Cryptography.Xml. When it's upgraded, try removing pinned packages-->
<PropertyGroup>
<!-- Default MSBuild version -->
<MicrosoftBuildVersion Condition="'$(MicrosoftBuildVersion)' == ''">17.10.4</MicrosoftBuildVersion>
<!-- The last package version of MSBuild that works with netcoreapp3.1 or netstandard2.0 is 16.8.0. Our assemblies are still compiled against MSBuild assembly version 15.1.0.0 which will work with all versions -->
<MicrosoftBuildVersion Condition="'$(TargetFramework)' == 'netcoreapp3.1' Or '$(TargetFramework)' == 'netstandard2.0'">16.8.0</MicrosoftBuildVersion>
<!-- The last package version of MSBuild that works with net5.0 is 16.11.0. Our assemblies are still compiled against MSBuild assembly version 15.1.0.0 which will work with all versions -->
<MicrosoftBuildVersion Condition="'$(TargetFramework)' == 'netcoreapp5.0'">16.11.0</MicrosoftBuildVersion>
</PropertyGroup>
<!-- Overridden by source build to ensure the same version is used across products, do not remove these properties -->
<!-- For each property in this group, there is an appropriate package dependency in eng/Version.Details.xml -->
<!-- All .NET package dependencies have to use proper version property names -->
<PropertyGroup>
<MicrosoftExtensionsFileProvidersAbstractionsPackageVersion Condition="'$(MicrosoftExtensionsFileProvidersAbstractionsPackageVersion)' == ''">6.0.0</MicrosoftExtensionsFileProvidersAbstractionsPackageVersion>
<MicrosoftExtensionsFileSystemGlobbingPackageVersion Condition="'$(MicrosoftExtensionsFileSystemGlobbingPackageVersion)' == ''">6.0.0</MicrosoftExtensionsFileSystemGlobbingPackageVersion>
<MicrosoftWebXdtPackageVersion Condition="'$(MicrosoftWebXdtPackageVersion)' == ''">3.0.0</MicrosoftWebXdtPackageVersion>
<SystemComponentModelCompositionPackageVersion Condition="'$(SystemComponentModelCompositionPackageVersion)' == ''">4.5.0</SystemComponentModelCompositionPackageVersion>
<SystemSecurityCryptographyPkcsVersion Condition="'$(SystemSecurityCryptographyPkcsVersion)' == ''">6.0.4</SystemSecurityCryptographyPkcsVersion>
<!-- System.Security.Cryptography.Xml is a dependency of Microsoft.Build.Tasks.Core. This property can be probably removed when MSBuild is updated to a newer version. -->
<SystemSecurityCryptographyXmlVersion Condition="'$(SystemSecurityCryptographyXmlVersion)' == ''">8.0.1</SystemSecurityCryptographyXmlVersion>
</PropertyGroup>
<ItemGroup>
<PackageVersion Include="FluentAssertions" Version="6.12.0" />
<PackageVersion Include="ILMerge" Version="3.0.41" />
<PackageVersion Include="Lucene.Net" Version="3.0.3" />
<PackageVersion Include="Microsoft.Build" Version="$(MicrosoftBuildVersion)" />
<PackageVersion Include="Microsoft.Build.Artifacts" Version="4.2.0" />
<PackageVersion Include="Microsoft.Build.Framework" Version="$(MicrosoftBuildVersion)" />
<PackageVersion Include="Microsoft.Build.Locator" Version="1.5.5" />
<PackageVersion Include="Microsoft.Build.Tasks.Core" Version="$(MicrosoftBuildVersion)" />
<PackageVersion Include="Microsoft.Build.Utilities.Core" Version="$(MicrosoftBuildVersion)" />
<PackageVersion Include="Microsoft.CodeAnalysis" Version="4.3.1" />
<PackageVersion Include="Microsoft.CodeAnalysis.Common" Version="4.3.1" />
<PackageVersion Include="Microsoft.CodeAnalysis.CSharp" Version="4.3.1" />
<PackageVersion Include="Microsoft.CodeAnalysis.Features" Version="4.3.1" />
<PackageVersion Include="Microsoft.CodeAnalysis.Workspaces.Common" Version="4.3.1" />
<PackageVersion Include="Microsoft.CSharp" Version="$(SystemPackagesVersion)" />
<PackageVersion Include="Microsoft.DataAI.NuGetRecommender.Contracts" Version="2.1.0" />
<PackageVersion Include="Microsoft.DotNet.Build.Tasks.Feed" Version="6.0.0-beta.20528.5" />
<PackageVersion Include="Microsoft.DotNet.Maestro.Tasks" Version="1.1.0-beta.24415.2" />
<PackageVersion Include="Microsoft.Extensions.CommandLineUtils.Sources" Version="3.0.0-preview6.19253.5" />
<PackageVersion Include="Microsoft.Extensions.FileProviders.Abstractions" Version="$(MicrosoftExtensionsFileProvidersAbstractionsPackageVersion)" />
<PackageVersion Include="Microsoft.Extensions.FileSystemGlobbing" Version="$(MicrosoftExtensionsFileSystemGlobbingPackageVersion)" />
<PackageVersion Include="Microsoft.Internal.VisualStudio.Shell.Framework" Version="17.10.40173" />
<PackageVersion Include="Microsoft.NET.StringTools" Version="$(MicrosoftBuildVersion)" />
<PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
<PackageVersion Include="Microsoft.PowerShell.3.ReferenceAssemblies" Version="1.0.0" />
<!-- Microsoft.TeamFoundationServer.ExtendedClient has vulnerable dependencies Microsoft.IdentityModel.JsonWebTokens and System.IdentityModel.Tokens.Jwt . When it's upgraded, try removing the pinned packages -->
<PackageVersion Include="Microsoft.TeamFoundationServer.ExtendedClient" Version="16.153.0" />
<PackageVersion Include="Microsoft.Test.Apex.VisualStudio" Version="17.11.35005.70" />
<PackageVersion Include="Microsoft.TestPlatform.Portable" Version="17.1.0" />
<PackageVersion Include="Microsoft.VisualStudio.LanguageServices" Version="4.3.1" />
<PackageVersion Include="Microsoft.VisualStudio.ProjectSystem" Version="17.4.221-pre" />
<PackageVersion Include="Microsoft.VisualStudio.ProjectSystem.Managed" Version="17.2.0-beta1-20502-01" />
<PackageVersion Include="Microsoft.VisualStudio.ProjectSystem.Managed.VS" Version="17.2.0-beta1-20502-01" />
<PackageVersion Include="Microsoft.VisualStudio.ProjectSystem.VS" Version="17.4.221-pre" />
<!-- Microsoft.VisualStudio.SDK has vulnerable dependencies System.Text.json and Microsoft.IO.Redist. When it's upgraded, try removing the pinned packages -->
<PackageVersion Include="Microsoft.VisualStudio.SDK" Version="17.10.40171" />
<PackageVersion Include="Microsoft.VisualStudio.Sdk.TestFramework.Xunit" Version="17.6.32" />
<PackageVersion Include="Microsoft.VisualStudio.Setup.Configuration.Interop" Version="3.4.2244" />
<PackageVersion Include="Microsoft.VisualStudio.TemplateWizardInterface" Version="17.10.40170" />
<PackageVersion Include="Microsoft.VisualStudio.VCProjectEngine" Version="17.10.40173" />
<PackageVersion Include="Microsoft.VisualStudio.Workspace.VSIntegration" Version="17.0.7-preview-0001-g5492e466a9" />
<PackageVersion Include="Microsoft.VSSDK.BuildTools" Version="17.0.1600" />
<PackageVersion Include="Microsoft.Web.Xdt" Version="$(MicrosoftWebXdtPackageVersion)" />
<PackageVersion Include="Moq" Version="4.18.1" />
<PackageVersion Include="MSTest.TestAdapter" Version="$(MSTestPackageVersion)" />
<PackageVersion Include="MSTest.TestFramework" Version="$(MSTestPackageVersion)" />
<PackageVersion Include="Newtonsoft.Json" Version="$(NewtonsoftJsonPackageVersion)" />
<PackageVersion Include="NuGet.Client.EndToEnd.TestData" Version="1.0.0" />
<PackageVersion Include="NuGet.Core" Version="2.14.0-rtm-832" />
<PackageVersion Include="NuGetValidator" version="2.1.1" />
<PackageVersion Include="SharpZipLib" Version="1.4.2" />
<PackageVersion Include="System.Collections" Version="$(SystemPackagesVersion)" />
<PackageVersion Include="System.CommandLine" Version="$(SystemCommandLineVersion)" />
<PackageVersion Include="System.ComponentModel.Composition" Version="$(SystemComponentModelCompositionPackageVersion)" />
<PackageVersion Include="System.Formats.Asn1" Version="$(SystemFormatsAsn1PackageVersion)" />
<PackageVersion Include="System.IO.FileSystem.Primitives" Version="$(SystemPackagesVersion)" />
<PackageVersion Include="System.Memory" Version="4.5.5" />
<PackageVersion Include="System.Resources.ResourceManager" Version="$(SystemPackagesVersion)" />
<PackageVersion Include="System.Runtime.Extensions" Version="$(SystemPackagesVersion)" />
<PackageVersion Include="System.Runtime.InteropServices" Version="$(SystemPackagesVersion)" />
<!-- System.Security.Cryptography.Pkcs has a vulnerable dependency System.Formats.Asn1. When it's upgraded, try removing the pinned packages -->
<PackageVersion Include="System.Security.Cryptography.Pkcs" Version="$(SystemSecurityCryptographyPkcsVersion)" />
<PackageVersion Include="System.Security.Cryptography.ProtectedData" Version="4.4.0" />
<PackageVersion Include="System.Security.Cryptography.Xml" Version="$(SystemSecurityCryptographyXmlVersion)" />
<PackageVersion Include="System.Text.Encoding.Extensions" Version="$(SystemPackagesVersion)" />
<PackageVersion Include="System.Text.Json" Version="$(SystemTextJsonVersion)" />
<PackageVersion Include="System.Threading" Version="$(SystemPackagesVersion)" />
<PackageVersion Include="System.Threading.Tasks" Version="$(SystemPackagesVersion)" />
<!--
The Microsoft.VisualStudio.SDK metapackage brings in System.Threading.Tasks.Dataflow 4.11.1 (assembly version 4.9.5.0).
However, our MSBuild integration tests use Microsoft.Build 16.8.0, which requires System.Threading.Tasks.Dataflow 4.9.0 (assembly version 4.9.3.0).
To resolve runtime assembly binding failures, we'll downgrade the package from 4.11.1 to 4.9.0.
-->
<PackageVersion Include="System.Threading.Tasks.Dataflow" Version="4.9.0" />
<PackageVersion Include="VsWebSite.Interop" Version="17.10.40173" />
<PackageVersion Include="xunit" Version="2.9.0" />
<PackageVersion Include="xunit.runner.visualstudio" Version="2.4.5" />
<PackageVersion Include="Xunit.StaFact" Version="1.1.11" />
</ItemGroup>
<!--
These PackageVersions are only used to resolve transitive packages with known vulnerabilities.
Once the packages depending on these packages are upgraded, these PackageVersions can be removed.
-->
<ItemGroup>
<PackageVersion Include="Microsoft.IO.Redist" Version="6.0.1" />
<PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="5.7.0" />
<PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="5.7.0" />
</ItemGroup>
<!--
Packages that provide NuGet's Visual Studio extensibility APIs should not depend on the Visual Studio SDK, to ensure
there are no circular references in case the VS SDK itself adds our package as a dependency. Everything else, however
should not add PackageReference on any package that is part of the VS SDK.
These individual package versions should be equal to or less than the package version within the VS SDK that our
customers use, otherwise they might get NU1605 or MSB3277 warnings.
-->
<ItemGroup Condition=" '$(MSBuildProjectFile)' == 'NuGet.VisualStudio.csproj' OR
'$(MSBuildProjectFile)' == 'NuGet.VisualStudio.Contracts.csproj' OR
'$(MSBuildProjectFile)' == 'NuGet.VisualStudio.Interop.csproj' OR
'$(MSBuildProjectFile)' == 'NuGet.SolutionRestoreManager.Interop.csproj'">
<PackageVersion Include="Microsoft.ServiceHub.Framework" Version="4.5.31" />
<PackageVersion Include="Microsoft.VisualStudio.ComponentModelHost" Version="17.10.191" />
<PackageVersion Update="Microsoft.VisualStudio.SDK" Version="" />
<!-- Microsoft.VisualStudio.Shell.15.0 has vulnerable dependencies System.Text.Json and Microsoft.IO.Redist. When it's upgraded, try removing the pinned packages -->
<PackageVersion Include="Microsoft.VisualStudio.Shell.15.0" Version="17.10.40173" />
</ItemGroup>
<ItemGroup>
<GlobalPackageReference Include="Microsoft.VisualStudioEng.MicroBuild.Core" version="1.0.0" Condition=" '$(DotNetBuildSourceOnly)' != 'true' " />
</ItemGroup>
<ItemGroup Condition=" '$(UsePublicApiAnalyzer)' == 'true' ">
<GlobalPackageReference Include="Microsoft.CodeAnalysis.PublicApiAnalyzers" Version="$(MicrosoftCodeAnalysisPublicApiAnalyzersVersion)" />
<None Remove="$(MSBuildProjectDirectory)\PublicAPI.Shipped.txt" />
<None Remove="$(MSBuildProjectDirectory)\PublicAPI.Unshipped.txt" />
<AdditionalFiles Include="$(MSBuildProjectDirectory)\PublicAPI.Shipped.txt" />
<AdditionalFiles Include="$(MSBuildProjectDirectory)\PublicAPI.Unshipped.txt" />
</ItemGroup>
<ItemGroup Condition=" '$(UsePublicApiAnalyzer)' == 'perTfm' ">
<GlobalPackageReference Include="Microsoft.CodeAnalysis.PublicApiAnalyzers" Version="$(MicrosoftCodeAnalysisPublicApiAnalyzersVersion)" />
<None Remove="$(MSBuildProjectDirectory)\PublicAPI\$(TargetFramework)\PublicAPI.Shipped.txt" />
<None Remove="$(MSBuildProjectDirectory)\PublicAPI\$(TargetFramework)\PublicAPI.Unshipped.txt" />
<AdditionalFiles Include="$(MSBuildProjectDirectory)\PublicAPI\$(TargetFramework)\PublicAPI.Shipped.txt" />
<AdditionalFiles Include="$(MSBuildProjectDirectory)\PublicAPI\$(TargetFramework)\PublicAPI.Unshipped.txt" />
</ItemGroup>
<ItemGroup Condition="'$(Shipping)' == 'true' AND '$(SkipAnalyzers)' != 'true' AND '$(DotNetBuildSourceOnly)' != 'true'">
<GlobalPackageReference Include="Microsoft.CodeAnalysis.BannedApiAnalyzers" Version="3.3.3" />
<AdditionalFiles Include="$(MSBuildThisFileDirectory)build\BannedSymbols.txt" Condition="'$(TestProject)' != 'true'" />
</ItemGroup>
<!-- DotNetBuildSourceOnly can only use packages that are open source -->
<Target Name="CheckSourceBuildPackageReferences" AfterTargets="CollectPackageReferences" Condition=" '$(DotNetBuildSourceOnly)' == 'true' ">
<ItemGroup>
<_allowBuildFromSourcePackage Remove="@(_allowBuildFromSourcePackage)" />
<_sourceBuildUnexpectedPackage Remove="@(_sourceBuildUnexpectedPackage)" />
<_allowBuildFromSourcePackage Include="@(PackageReference)" Condition=" '%(PackageReference.IsImplicitlyDefined)' == 'true' " />
<_allowBuildFromSourcePackage Include="Microsoft.Build.Framework" />
<_allowBuildFromSourcePackage Include="Microsoft.Build.Tasks.Core" />
<_allowBuildFromSourcePackage Include="Microsoft.Build.Utilities.Core" />
<_allowBuildFromSourcePackage Include="Microsoft.Build" />
<_allowBuildFromSourcePackage Include="Microsoft.CSharp" />
<_allowBuildFromSourcePackage Include="Microsoft.DotNet.Build.Tasks.Feed" />
<_allowBuildFromSourcePackage Include="Microsoft.Extensions.CommandLineUtils.Sources" />
<_allowBuildFromSourcePackage Include="Microsoft.Extensions.FileProviders.Abstractions" />
<_allowBuildFromSourcePackage Include="Microsoft.Extensions.FileSystemGlobbing" />
<_allowBuildFromSourcePackage Include="Microsoft.Web.Xdt" />
<_allowBuildFromSourcePackage Include="Newtonsoft.Json" />
<_allowBuildFromSourcePackage Include="System.CommandLine" />
<_allowBuildFromSourcePackage Include="System.ComponentModel.Composition" />
<_allowBuildFromSourcePackage Include="System.Formats.Asn1" />
<_allowBuildFromSourcePackage Include="System.Security.Cryptography.Cng" />
<_allowBuildFromSourcePackage Include="System.Security.Cryptography.Pkcs" />
<_allowBuildFromSourcePackage Include="System.Security.Cryptography.ProtectedData" />
<_allowBuildFromSourcePackage Include="System.Security.Cryptography.Xml" />
<_allowBuildFromSourcePackage Include="System.Text.Json" />
<_sourceBuildUnexpectedPackage Include="@(PackageReference)" Exclude="@(_allowBuildFromSourcePackage)" />
</ItemGroup>
<Error Text="Found @(_sourceBuildUnexpectedPackage->Count()) PackageReferences not on DotNetBuildSourceOnly allow list: '@(_sourceBuildUnexpectedPackage)'" Condition=" '@(_sourceBuildUnexpectedPackage)' != '' " />
</Target>
</Project>