Packages: update to remove CVE dependencies

This bumps *testing* (not the core package) to net8.0 for an easier time maintaining and updates packages outside StackExchange.Redis except for `Microsoft.Bcl.AsyncInterfaces`. `Microsoft.Bcl.AsyncInterfaces` was bumped from 5.0.0 to 6.0.0 due to deprecation warnings, still maintaining widest compatibility we can.

Author: NickCraver

Directory.Packages.props

@@ -1,30 +1,32 @@
 <Project>
   <ItemGroup>
     <!-- Packages we depend on for StackExchange.Redis, upgrades can create binding redirect pain! -->
-    <PackageVersion Include="Microsoft.Bcl.AsyncInterfaces" Version="5.0.0" />
+    <PackageVersion Include="Microsoft.Bcl.AsyncInterfaces" Version="6.0.0" />
+    <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="6.0.0" />
     <PackageVersion Include="Pipelines.Sockets.Unofficial" Version="2.2.8" />
     <PackageVersion Include="System.Diagnostics.PerformanceCounter" Version="5.0.0" />
     <PackageVersion Include="System.Threading.Channels" Version="5.0.0" />
     <PackageVersion Include="System.Runtime.InteropServices.RuntimeInformation" Version="4.3.0" />
     <PackageVersion Include="System.IO.Compression" Version="4.3.0" />
 
     <!-- Packages only used in the solution, upgrade at will -->
-    <PackageVersion Include="BenchmarkDotNet" Version="0.13.1" />
+    <PackageVersion Include="BenchmarkDotNet" Version="0.14.0" />
     <PackageVersion Include="GitHubActionsTestLogger" Version="2.4.1" />
     <PackageVersion Include="Microsoft.CodeAnalysis.PublicApiAnalyzers" Version="3.3.4" />
-    <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="6.0.0" />
-    <PackageVersion Include="Microsoft.NETFramework.ReferenceAssemblies" Version="1.0.2" />
-    <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
+    <PackageVersion Include="Microsoft.NETFramework.ReferenceAssemblies" Version="1.0.3" />
+    <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
     <PackageVersion Include="Microsoft.SourceLink.GitHub" Version="8.0.0" />
-    <PackageVersion Include="Nerdbank.GitVersioning" Version="3.6.141" />
+    <PackageVersion Include="Nerdbank.GitVersioning" Version="3.6.146" />
     <PackageVersion Include="Newtonsoft.Json" Version="13.0.3" />
-    <PackageVersion Include="NSubstitute" Version="5.1.0" />
+    <PackageVersion Include="NSubstitute" Version="5.3.0" />
     <PackageVersion Include="StackExchange.Redis" Version="2.6.96" />
     <PackageVersion Include="StyleCop.Analyzers" Version="1.2.0-beta.556" />
+    <PackageVersion Include="System.Collections.Immutable" Version="9.0.0" />
+    <PackageVersion Include="System.Reflection.Metadata" Version="9.0.0" />    
     <!-- For binding redirect testing, main package gets this transitively -->
-    <PackageVersion Include="System.IO.Pipelines" Version="5.0.1" />
-    <PackageVersion Include="System.Runtime.Caching" Version="5.0.0" />
-    <PackageVersion Include="xunit" Version="2.9.0" />
+    <PackageVersion Include="System.IO.Pipelines" Version="9.0.0" />
+    <PackageVersion Include="System.Runtime.Caching" Version="9.0.0" />
+    <PackageVersion Include="xunit" Version="2.9.2" />
     <PackageVersion Include="xunit.runner.visualstudio" Version="2.8.2" />
   </ItemGroup>
 </Project>

tests/BasicTest/BasicTest.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <Description>StackExchange.Redis.BasicTest .NET Core</Description>
-    <TargetFrameworks>net472;net6.0</TargetFrameworks>
+    <TargetFrameworks>net472;net8.0</TargetFrameworks>
     <AssemblyName>BasicTest</AssemblyName>
     <OutputType>Exe</OutputType>
     <PackageId>BasicTest</PackageId>
@@ -11,6 +11,9 @@
 
   <ItemGroup>
     <PackageReference Include="BenchmarkDotNet" />
+    <PackageReference Include="System.Collections.Immutable" />
+    <PackageReference Include="System.Reflection.Metadata" />
+    
     <ProjectReference Include="..\..\src\StackExchange.Redis\StackExchange.Redis.csproj" />
   </ItemGroup>
 

tests/BasicTestBaseline/BasicTestBaseline.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <Description>StackExchange.Redis.BasicTest .NET Core</Description>
-    <TargetFrameworks>net472;net6.0</TargetFrameworks>
+    <TargetFrameworks>net472;net8.0</TargetFrameworks>
     <AssemblyName>BasicTestBaseline</AssemblyName>
     <OutputType>Exe</OutputType>
     <PackageId>BasicTestBaseline</PackageId>
@@ -17,6 +17,8 @@
   <ItemGroup>
     <PackageReference Include="BenchmarkDotNet" />
     <PackageReference Include="StackExchange.Redis" />
+    <PackageReference Include="System.Collections.Immutable" />
+    <PackageReference Include="System.Reflection.Metadata" />
   </ItemGroup>
 
 </Project>

tests/ConsoleTest/ConsoleTest.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <OutputType>Exe</OutputType>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>

tests/ConsoleTestBaseline/ConsoleTestBaseline.csproj

@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
-    <TargetFramework>net6.0</TargetFramework>
+    <TargetFramework>net8.0</TargetFramework>
     <OutputType>Exe</OutputType>
     <ImplicitUsings>enable</ImplicitUsings>
     <Nullable>enable</Nullable>

tests/StackExchange.Redis.Tests/ConfigTests.cs

@@ -92,15 +92,15 @@ public void ExpectedFields()
     [Fact]
     public void SslProtocols_SingleValue()
     {
-        var options = ConfigurationOptions.Parse("myhost,sslProtocols=Tls11");
-        Assert.Equal(SslProtocols.Tls11, options.SslProtocols.GetValueOrDefault());
+        var options = ConfigurationOptions.Parse("myhost,sslProtocols=Tls12");
+        Assert.Equal(SslProtocols.Tls12, options.SslProtocols.GetValueOrDefault());
     }
 
     [Fact]
     public void SslProtocols_MultipleValues()
     {
-        var options = ConfigurationOptions.Parse("myhost,sslProtocols=Tls11|Tls12");
-        Assert.Equal(SslProtocols.Tls11 | SslProtocols.Tls12, options.SslProtocols.GetValueOrDefault());
+        var options = ConfigurationOptions.Parse("myhost,sslProtocols=Tls12|Tls13");
+        Assert.Equal(SslProtocols.Tls12 | SslProtocols.Tls13, options.SslProtocols.GetValueOrDefault());
     }
 
     [Theory]
@@ -121,9 +121,9 @@ public void SslProtocols_UsingIntegerValue()
         // The below scenario is for cases where the *targeted*
         // .NET framework version (e.g. .NET 4.0) doesn't define an enum value (e.g. Tls11)
         // but the OS has been patched with support
-        const int integerValue = (int)(SslProtocols.Tls11 | SslProtocols.Tls12);
+        const int integerValue = (int)(SslProtocols.Tls12 | SslProtocols.Tls13);
         var options = ConfigurationOptions.Parse("myhost,sslProtocols=" + integerValue);
-        Assert.Equal(SslProtocols.Tls11 | SslProtocols.Tls12, options.SslProtocols.GetValueOrDefault());
+        Assert.Equal(SslProtocols.Tls12 | SslProtocols.Tls13, options.SslProtocols.GetValueOrDefault());
     }
 
     [Fact]
@@ -203,7 +203,7 @@ public void ConfigurationOptionsIPv6Parsing(string configString, AddressFamily f
     public void CanParseAndFormatUnixDomainSocket()
     {
         const string ConfigString = "!/some/path,allowAdmin=True";
-#if NET472
+#if NETFRAMEWORK
         var ex = Assert.Throws<PlatformNotSupportedException>(() => ConfigurationOptions.Parse(ConfigString));
         Assert.Equal("Unix domain sockets require .NET Core 3 or above", ex.Message);
 #else
@@ -793,6 +793,6 @@ public void CheckHighIntegrity(bool? assigned, bool expected, string cs)
         Assert.Equal(cs, clone.ToString());
 
         var parsed = ConfigurationOptions.Parse(cs);
-        Assert.Equal(expected, options.HighIntegrity);
+        Assert.Equal(expected, parsed.HighIntegrity);
     }
 }

tests/StackExchange.Redis.Tests/SSLTests.cs

@@ -7,10 +7,12 @@
 using System.Net;
 using System.Net.Security;
 using System.Reflection;
+using System.Runtime.InteropServices;
 using System.Security.Authentication;
 using System.Security.Cryptography.X509Certificates;
 using System.Text;
 using System.Threading.Tasks;
+using NSubstitute.Exceptions;
 using StackExchange.Redis.Tests.Helpers;
 using Xunit;
 using Xunit.Abstractions;
@@ -182,34 +184,35 @@ public async Task ConnectToSSLServer(bool useSsl, bool specifyHost)
     [InlineData(SslProtocols.Ssl3 | SslProtocols.Tls12 | SslProtocols.Tls13, true)]
     [InlineData(SslProtocols.Ssl2, false, TlsCipherSuite.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384, TlsCipherSuite.TLS_AES_256_GCM_SHA384)]
 #pragma warning restore CS0618 // Type or member is obsolete
+    [System.Diagnostics.CodeAnalysis.SuppressMessage("Interoperability", "CA1416:Validate platform compatibility", Justification = "Yes, we know.")]
     public async Task ConnectSslClientAuthenticationOptions(SslProtocols protocols, bool expectSuccess, params TlsCipherSuite[] tlsCipherSuites)
     {
         Fixture.SkipIfNoServer();
 
-        var config = new ConfigurationOptions()
+        try
         {
-            EndPoints = { TestConfig.Current.SslServerAndPort },
-            AllowAdmin = true,
-            ConnectRetry = 1,
-            SyncTimeout = Debugger.IsAttached ? int.MaxValue : 5000,
-            Ssl = true,
-            SslClientAuthenticationOptions = host => new SslClientAuthenticationOptions()
+            var config = new ConfigurationOptions()
             {
-                TargetHost = host,
-                CertificateRevocationCheckMode = X509RevocationMode.NoCheck,
-                EnabledSslProtocols = protocols,
-                CipherSuitesPolicy = tlsCipherSuites?.Length > 0 ? new CipherSuitesPolicy(tlsCipherSuites) : null,
-                RemoteCertificateValidationCallback = (sender, cert, chain, errors) =>
+                EndPoints = { TestConfig.Current.SslServerAndPort },
+                AllowAdmin = true,
+                ConnectRetry = 1,
+                SyncTimeout = Debugger.IsAttached ? int.MaxValue : 5000,
+                Ssl = true,
+                SslClientAuthenticationOptions = host => new SslClientAuthenticationOptions()
                 {
-                    Log("  Errors: " + errors);
-                    Log("  Cert issued to: " + cert?.Subject);
-                    return true;
+                    TargetHost = host,
+                    CertificateRevocationCheckMode = X509RevocationMode.NoCheck,
+                    EnabledSslProtocols = protocols,
+                    CipherSuitesPolicy = tlsCipherSuites?.Length > 0 ? new CipherSuitesPolicy(tlsCipherSuites) : null,
+                    RemoteCertificateValidationCallback = (sender, cert, chain, errors) =>
+                    {
+                        Log("  Errors: " + errors);
+                        Log("  Cert issued to: " + cert?.Subject);
+                        return true;
+                    },
                 },
-            },
-        };
+            };
 
-        try
-        {
             if (expectSuccess)
             {
                 using var conn = await ConnectionMultiplexer.ConnectAsync(config, Writer);
@@ -376,12 +379,12 @@ public void SSLHostInferredFromEndpoints()
             },
             Ssl = true,
         };
-        Assert.True(options.SslHost == "mycache.rediscache.windows.net");
+        Assert.Equal("mycache.rediscache.windows.net", options.SslHost);
         options = new ConfigurationOptions()
         {
             EndPoints = { { "121.23.23.45", 15000 } },
         };
-        Assert.True(options.SslHost == null);
+        Assert.Null(options.SslHost);
     }
 
     private void Check(string name, object? x, object? y)
@@ -528,7 +531,7 @@ public void SSLParseViaConfig_Issue883_ConfigString()
     [Fact]
     public void ConfigObject_Issue1407_ToStringIncludesSslProtocols()
     {
-        const SslProtocols sslProtocols = SslProtocols.Tls12 | SslProtocols.Tls;
+        const SslProtocols sslProtocols = SslProtocols.Tls12 | SslProtocols.Tls13;
         var sourceOptions = new ConfigurationOptions
         {
             AbortOnConnectFail = false,

tests/StackExchange.Redis.Tests/ServerSnapshotTests.cs

@@ -1,4 +1,5 @@
 using System;
+using System.Diagnostics.CodeAnalysis;
 using System.Linq;
 using System.Runtime.Serialization;
 using Xunit;
@@ -9,9 +10,11 @@ namespace StackExchange.Redis.Tests;
 public class ServerSnapshotTests
 {
     [Fact]
-    [System.Diagnostics.CodeAnalysis.SuppressMessage("Assertions", "xUnit2012:Do not use boolean check to check if a value exists in a collection", Justification = "Explicit testing")]
-    [System.Diagnostics.CodeAnalysis.SuppressMessage("Assertions", "xUnit2013:Do not use equality check to check for collection size.", Justification = "Explicit testing")]
-    [System.Diagnostics.CodeAnalysis.SuppressMessage("Assertions", "xUnit2029:Do not use Empty() to check if a value does not exist in a collection", Justification = "Explicit testing")]
+    [SuppressMessage("Assertions", "xUnit2012:Do not use boolean check to check if a value exists in a collection", Justification = "Explicit testing")]
+    [SuppressMessage("Assertions", "xUnit2013:Do not use equality check to check for collection size.", Justification = "Explicit testing")]
+    [SuppressMessage("Assertions", "xUnit2029:Do not use Empty() to check if a value does not exist in a collection", Justification = "Explicit testing")]
+    [SuppressMessage("Performance", "CA1829:Use Length/Count property instead of Count() when available", Justification = "Explicit testing")]
+    [SuppressMessage("Performance", "CA1860:Avoid using 'Enumerable.Any()' extension method", Justification = "Explicit testing")]
     public void EmptyBehaviour()
     {
         var snapshot = ServerSnapshot.Empty;
@@ -52,14 +55,19 @@ public void EmptyBehaviour()
     [InlineData(5, 0)]
     [InlineData(5, 3)]
     [InlineData(5, 5)]
-    [System.Diagnostics.CodeAnalysis.SuppressMessage("Assertions", "xUnit2012:Do not use boolean check to check if a value exists in a collection", Justification = "Explicit testing")]
-    [System.Diagnostics.CodeAnalysis.SuppressMessage("Assertions", "xUnit2029:Do not use Empty() to check if a value does not exist in a collection", Justification = "Explicit testing")]
+    [SuppressMessage("Assertions", "xUnit2012:Do not use boolean check to check if a value exists in a collection", Justification = "Explicit testing")]
+    [SuppressMessage("Assertions", "xUnit2029:Do not use Empty() to check if a value does not exist in a collection", Justification = "Explicit testing")]
+    [SuppressMessage("Assertions", "xUnit2030:Do not use Assert.NotEmpty to check if a value exists in a collection", Justification = "Explicit testing")]
+    [SuppressMessage("Performance", "CA1829:Use Length/Count property instead of Count() when available", Justification = "Explicit testing")]
+    [SuppressMessage("Performance", "CA1860:Avoid using 'Enumerable.Any()' extension method", Justification = "Explicit testing")]
     public void NonEmptyBehaviour(int count, int replicaCount)
     {
         var snapshot = ServerSnapshot.Empty;
         for (int i = 0; i < count; i++)
         {
+#pragma warning disable SYSLIB0050 // Type or member is obsolete
             var dummy = (ServerEndPoint)FormatterServices.GetSafeUninitializedObject(typeof(ServerEndPoint));
+#pragma warning restore SYSLIB0050 // Type or member is obsolete
             dummy.IsReplica = i < replicaCount;
             snapshot = snapshot.Add(dummy);
         }

tests/StackExchange.Redis.Tests/StackExchange.Redis.Tests.csproj

@@ -1,6 +1,6 @@
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
-    <TargetFrameworks>net472;net6.0</TargetFrameworks>
+    <TargetFrameworks>net481;net8.0</TargetFrameworks>
     <AssemblyName>StackExchange.Redis.Tests</AssemblyName>
     <GenerateRuntimeConfigurationFiles>true</GenerateRuntimeConfigurationFiles>
     <SignAssembly>true</SignAssembly>

toys/TestConsole/TestConsole.csproj

@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <OutputType>Exe</OutputType>
-    <TargetFrameworks>net6.0;net472</TargetFrameworks>
+    <TargetFrameworks>net8.0;net472</TargetFrameworks>
     <DefineConstants>SEV2</DefineConstants>
     <AutoGenerateBindingRedirects>true</AutoGenerateBindingRedirects>
   </PropertyGroup>