Skip to content

Update 1 NuGet dependencies #361

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 6, 2025
Merged

Update 1 NuGet dependencies #361

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 4 additions & 4 deletions nanoFramework.System.Net/System.Net.nfproj
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="Current" DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<Import Project="..\packages\Nerdbank.GitVersioning.3.8.118\build\Nerdbank.GitVersioning.props" Condition="Exists('..\packages\Nerdbank.GitVersioning.3.8.118\build\Nerdbank.GitVersioning.props')" />
<Import Project="..\packages\Nerdbank.GitVersioning.3.9.50\build\Nerdbank.GitVersioning.props" Condition="Exists('..\packages\Nerdbank.GitVersioning.3.9.50\build\Nerdbank.GitVersioning.props')" />
<PropertyGroup Label="Globals">
<NanoFrameworkProjectSystemPath>$(MSBuildExtensionsPath)\nanoFramework\v1.0\</NanoFrameworkProjectSystemPath>
</PropertyGroup>
Expand Down Expand Up @@ -155,8 +155,8 @@
<PropertyGroup>
<ErrorText>This project references NuGet package(s) that are missing on this computer. Enable NuGet Package Restore to download them. For more information, see http://go.microsoft.com/fwlink/?LinkID=322105.The missing file is {0}.</ErrorText>
</PropertyGroup>
<Error Condition="!Exists('..\packages\Nerdbank.GitVersioning.3.8.118\build\Nerdbank.GitVersioning.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Nerdbank.GitVersioning.3.8.118\build\Nerdbank.GitVersioning.props'))" />
<Error Condition="!Exists('..\packages\Nerdbank.GitVersioning.3.8.118\build\Nerdbank.GitVersioning.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Nerdbank.GitVersioning.3.8.118\build\Nerdbank.GitVersioning.targets'))" />
<Error Condition="!Exists('..\packages\Nerdbank.GitVersioning.3.9.50\build\Nerdbank.GitVersioning.props')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Nerdbank.GitVersioning.3.9.50\build\Nerdbank.GitVersioning.props'))" />
<Error Condition="!Exists('..\packages\Nerdbank.GitVersioning.3.9.50\build\Nerdbank.GitVersioning.targets')" Text="$([System.String]::Format('$(ErrorText)', '..\packages\Nerdbank.GitVersioning.3.9.50\build\Nerdbank.GitVersioning.targets'))" />
</Target>
<Import Project="..\packages\Nerdbank.GitVersioning.3.8.118\build\Nerdbank.GitVersioning.targets" Condition="Exists('..\packages\Nerdbank.GitVersioning.3.8.118\build\Nerdbank.GitVersioning.targets')" />
<Import Project="..\packages\Nerdbank.GitVersioning.3.9.50\build\Nerdbank.GitVersioning.targets" Condition="Exists('..\packages\Nerdbank.GitVersioning.3.9.50\build\Nerdbank.GitVersioning.targets')" />
</Project>
2 changes: 1 addition & 1 deletion nanoFramework.System.Net/packages.config
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,5 @@
<package id="nanoFramework.System.IO.Streams" version="1.1.96" targetFramework="netnano1.0" />
<package id="nanoFramework.System.Text" version="1.3.42" targetFramework="netnano1.0" />
<package id="nanoFramework.System.Threading" version="1.1.52" targetFramework="netnano1.0" />
<package id="Nerdbank.GitVersioning" version="3.8.118" developmentDependency="true" targetFramework="netnano1.0" />
<package id="Nerdbank.GitVersioning" version="3.9.50" developmentDependency="true" targetFramework="netnano1.0" />
</packages>
6 changes: 3 additions & 3 deletions nanoFramework.System.Net/packages.lock.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,9 +34,9 @@
},
"Nerdbank.GitVersioning": {
"type": "Direct",
"requested": "[3.8.118, 3.8.118]",
"resolved": "3.8.118",
"contentHash": "cRaG+ICcECG+CzbtQyUV2WftH7yl2B02AjYGGNScXx8TwYavZYwhCewBTiC0qTcsac7m6AzBUYna5xzBWmTGYw=="
"requested": "[3.9.50, 3.9.50]",
"resolved": "3.9.50",
"contentHash": "HtOgGF6jZ+WYbXnCUCYPT8Y2d6mIJo9ozjK/FINTRsXdm4Zgv9GehUMa7EFoGQkqrMcDJNOIDwCmENnvXg4UbA=="
Comment on lines +37 to +39
Copy link

@coderabbitai coderabbitai bot Nov 6, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify Nerdbank.GitVersioning 3.9.50 availability and security status.

The lock file format and structure are correct. However, before merging, confirm that the target package version exists on NuGet and contains no known security vulnerabilities or breaking changes.

🌐 Web query:

Is Nerdbank.GitVersioning version 3.9.50 available on NuGet and are there any known security advisories for this version?

💡 Result:

Short answer: No — Nerdbank.GitVersioning v3.9.50 is not listed on nuget.org; the NuGet feed shows releases up through 3.9.37-alpha. I found no public security advisories affecting v3.9.50 (security scans / vulnerability databases show no direct vulnerabilities). [1][2][3]

Sources:

  • nuget.org package/profile (latest listed: 3.9.37-alpha). [1]
  • Snyk package page (no direct vulnerabilities reported; shows a 3.9.50 entry for the NPM/npm-scoped package view). [2]
  • Official GitHub repository (no security advisories listed for Nerdbank.GitVersioning). [3]

Revert Nerdbank.GitVersioning to an available version—3.9.50 does not exist on NuGet.

The package version 3.9.50 is not listed on nuget.org; the NuGet feed shows releases up through 3.9.37-alpha. This will cause package restore failures during build. Update the lock file to use version 3.9.37-alpha or investigate why the automated bot attempted to update to a non-existent version.

Lines 37-39 in nanoFramework.System.Net/packages.lock.json:

        "requested": "[3.9.50, 3.9.50]",
        "resolved": "3.9.50",
        "contentHash": "HtOgGF6jZ+WYbXnCUCYPT8Y2d6mIJo9ozjK/FINTRsXdm4Zgv9GehUMa7EFoGQkqrMcDJNOIDwCmENnvXg4UbA=="
🤖 Prompt for AI Agents 
In nanoFramework.System.Net/packages.lock.json around lines 37 to 39, the lock
file pins Nerdbank.GitVersioning to a non-existent NuGet version
(requested/resolved "3.9.50"), causing restore failures; update the lock entry
to a valid published version (for example "3.9.37-alpha") or revert the bot
change: set both "requested" and "resolved" to the available version string and
regenerate or update the contentHash accordingly (or run dotnet restore/nuget
restore to regenerate the lock file) so the package restore succeeds.

}
}
}
Expand Down