Skip to content

Update 1 NuGet dependencies #85

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 7, 2025
Merged

Update 1 NuGet dependencies #85

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions System.Device.Dac/System.Device.Dac.nfproj
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="Current" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="..\packages\Nerdbank.GitVersioning.3.8.118\build\Nerdbank.GitVersioning.props" Condition="Exists('..\packages\Nerdbank.GitVersioning.3.8.118\build\Nerdbank.GitVersioning.props')" />
<Import Project="..\packages\Nerdbank.GitVersioning.3.9.50\build\Nerdbank.GitVersioning.props" Condition="Exists('..\packages\Nerdbank.GitVersioning.3.9.50\build\Nerdbank.GitVersioning.props')" />
<PropertyGroup Label="Globals">
<NanoFrameworkProjectSystemPath>$(MSBuildExtensionsPath)\nanoFramework\v1.0\</NanoFrameworkProjectSystemPath>
</PropertyGroup>
Expand Down Expand Up @@ -71,8 +71,8 @@
<PropertyGroup>
<ErrorText>This project references NuGet package(s) that are missing on this computer. Enable NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105.The missing file is {0}.</ErrorText>
</PropertyGroup>
<Error Condition="!Exists('..\packages\Nerdbank.GitVersioning.3.8.118\build\Nerdbank.GitVersioning.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Nerdbank.GitVersioning.3.8.118\build\Nerdbank.GitVersioning.props'))" />
<Error Condition="!Exists('..\packages\Nerdbank.GitVersioning.3.8.118\build\Nerdbank.GitVersioning.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Nerdbank.GitVersioning.3.8.118\build\Nerdbank.GitVersioning.targets'))" />
<Error Condition="!Exists('..\packages\Nerdbank.GitVersioning.3.9.50\build\Nerdbank.GitVersioning.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Nerdbank.GitVersioning.3.9.50\build\Nerdbank.GitVersioning.props'))" />
<Error Condition="!Exists('..\packages\Nerdbank.GitVersioning.3.9.50\build\Nerdbank.GitVersioning.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Nerdbank.GitVersioning.3.9.50\build\Nerdbank.GitVersioning.targets'))" />
</Target>
<Import Project="..\packages\Nerdbank.GitVersioning.3.8.118\build\Nerdbank.GitVersioning.targets" Condition="Exists('..\packages\Nerdbank.GitVersioning.3.8.118\build\Nerdbank.GitVersioning.targets')" />
<Import Project="..\packages\Nerdbank.GitVersioning.3.9.50\build\Nerdbank.GitVersioning.targets" Condition="Exists('..\packages\Nerdbank.GitVersioning.3.9.50\build\Nerdbank.GitVersioning.targets')" />
</Project>
2 changes: 1 addition & 1 deletion System.Device.Dac/packages.config
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
<?xml version="1.0" encoding="utf-8"?>
<packages>
<package id="nanoFramework.CoreLibrary" version="1.17.11" targetFramework="netnano1.0" />
<package id="Nerdbank.GitVersioning" version="3.8.118" developmentDependency="true" targetFramework="netnano1.0" />
<package id="Nerdbank.GitVersioning" version="3.9.50" developmentDependency="true" targetFramework="netnano1.0" />
</packages>
6 changes: 3 additions & 3 deletions System.Device.Dac/packages.lock.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,9 +10,9 @@
},
"Nerdbank.GitVersioning": {
"type": "Direct",
"requested": "[3.8.118, 3.8.118]",
"resolved": "3.8.118",
"contentHash": "cRaG+ICcECG+CzbtQyUV2WftH7yl2B02AjYGGNScXx8TwYavZYwhCewBTiC0qTcsac7m6AzBUYna5xzBWmTGYw=="
"requested": "[3.9.50, 3.9.50]",
"resolved": "3.9.50",
"contentHash": "HtOgGF6jZ+WYbXnCUCYPT8Y2d6mIJo9ozjK/FINTRsXdm4Zgv9GehUMa7EFoGQkqrMcDJNOIDwCmENnvXg4UbA=="
Comment on lines +13 to +15
Copy link

@coderabbitai coderabbitai bot Nov 7, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify integrity and source of the updated package.

Ensure the contentHash change is legitimate and the package resolves from the correct, trusted source.

🏁 Script executed:

#!/bin/bash
# Description: Verify the Nerdbank.GitVersioning 3.9.50 package integrity and availability

# Check if the package is available on NuGet and retrieve its metadata
curl -s "https://api.nuget.org/v3/registration5-gz/nerdbank.gitversioning/index.json" | \
  python3 -c "import sys, gzip, json; data = json.loads(gzip.decompress(sys.stdin.buffer.read())); \
  items = [item for item in data.get('items', []) if any(v['version'] == '3.9.50' for v in item.get('items', []))]; \
  print(json.dumps(items, indent=2))"

Length of output: 379

🏁 Script executed:

#!/bin/bash
# Description: Query NuGet for Nerdbank.GitVersioning package info without gzip decompression

# Try the v3 search endpoint instead
curl -s "https://api.nuget.org/v3/search?q=nerdbank.gitversioning&prerelease=false&semVerLevel=2&take=1" | \
  python3 -c "import sys, json; data = json.loads(sys.stdin.read()); \
  packages = data.get('data', []); \
  print('Packages found:', len(packages)); \
  [print(f\"Package: {p['id']}, Latest Version: {p.get('version', 'N/A')}\") for p in packages]"

echo "---"

# Also try direct package version lookup
curl -s "https://api.nuget.org/v3-flatcontainer/nerdbank.gitversioning/3.9.50/nerdbank.gitversioning.nuspec" | head -20

Length of output: 1577

🏁 Script executed:

#!/bin/bash
# Description: Verify contentHash of Nerdbank.GitVersioning 3.9.50 package

# Download the .nupkg file
curl -s "https://api.nuget.org/v3-flatcontainer/nerdbank.gitversioning/3.9.50/nerdbank.gitversioning.3.9.50.nupkg" -o /tmp/package.nupkg

if [ -f /tmp/package.nupkg ]; then
  # Compute SHA512 hash and convert to base64
  computed_hash=$(sha512sum /tmp/package.nupkg | cut -d' ' -f1 | xxd -r -p | base64)
  echo "Computed SHA512 (base64): $computed_hash"
  echo "Expected contentHash:     HtOgGF6jZ+WYbXnCUCYPT8Y2d6mIJo9ozjK/FINTRsXdm4Zgv9GehUMa7EFoGQkqrMcDJNOIDwCmENnvXg4UbA=="
  
  if [ "$computed_hash" = "HtOgGF6jZ+WYbXnCUCYPT8Y2d6mIJo9ozjK/FINTRsXdm4Zgv9GehUMa7EFoGQkqrMcDJNOIDwCmENnvXg4UbA==" ]; then
    echo "✓ contentHash VERIFIED - Package integrity confirmed"
  else
    echo "✗ contentHash MISMATCH - Package may be corrupted or tampered"
  fi
  
  # Also show file info
  ls -lh /tmp/package.nupkg
else
  echo "Failed to download package"
fi

Length of output: 360

🏁 Script executed:

#!/bin/bash
# Description: Verify contentHash using Python

python3 << 'PYTHON_SCRIPT'
import hashlib
import base64

file_path = "/tmp/package.nupkg"

try:
    with open(file_path, 'rb') as f:
        file_content = f.read()
    
    # Compute SHA512 hash
    sha512_hash = hashlib.sha512(file_content).digest()
    
    # Encode to base64
    computed_hash = base64.b64encode(sha512_hash).decode('utf-8')
    
    expected_hash = "HtOgGF6jZ+WYbXnCUCYPT8Y2d6mIJo9ozjK/FINTRsXdm4Zgv9GehUMa7EFoGQkqrMcDJNOIDwCmENnvXg4UbA=="
    
    print(f"File size: {len(file_content)} bytes")
    print(f"Computed SHA512 (base64): {computed_hash}")
    print(f"Expected contentHash:     {expected_hash}")
    print()
    
    if computed_hash == expected_hash:
        print("✓ contentHash VERIFIED - Package integrity confirmed")
        print("✓ Package source: Official NuGet CDN (https://api.nuget.org)")
        print("✓ Package publisher: dotnet (trusted Microsoft project)")
    else:
        print("✗ contentHash MISMATCH - Hashes do not match")
        print(f"   Difference detected - this may indicate package corruption or tampering")
        
except Exception as e:
    print(f"Error: {e}")
PYTHON_SCRIPT

Length of output: 376

Update packages.lock.json with correct contentHash for Nerdbank.GitVersioning 3.9.50.

The contentHash in packages.lock.json does not match the current package on NuGet. Computed SHA512 hash from the official NuGet package: ZZAEYIdCsXfPQEJEIjDPJFhynApHowk1pR6nNbmMkvgrru4Iso8DszGUq5aD/mED20ANpelgU5DKH8lJP7BtuQ==

Update line 15 to reflect the correct hash to ensure lock file integrity.

🤖 Prompt for AI Agents 
In System.Device.Dac/packages.lock.json around lines 13 to 15, the contentHash
for Nerdbank.GitVersioning 3.9.50 is incorrect; replace the current value on
line 15 with the correct SHA512 string
"ZZAEYIdCsXfPQEJEIjDPJFhynApHowk1pR6nNbmMkvgrru4Iso8DszGUq5aD/mED20ANpelgU5DKH8lJP7BtuQ==",
preserving JSON quoting and commas, then save and run a quick
restore/verification to ensure the lockfile now matches the NuGet package.

}
}
}
Expand Down