build: Enable NugetAudit (#361)

Kielek · web-flow · commit 4a9a0942140b · 2025-04-23T17:44:35.000+01:00
Signed-off-by: Piotr Kiełkowicz &lt;pkiekowicz@splunk.com&gt;
diff --git a/build/Common.props b/build/Common.props
@@ -7,6 +7,9 @@
     <PropertyGroup>
         <LangVersion>latest</LangVersion>
         <EnforceCodeStyleInBuild>true</EnforceCodeStyleInBuild>
+        <NuGetAudit>true</NuGetAudit>
+        <NuGetAuditMode>all</NuGetAuditMode>
+        <NuGetAuditLevel>low</NuGetAuditLevel>
     </PropertyGroup>
 
     <PropertyGroup Condition="'$(Configuration)'=='Debug'">
diff --git a/build/Common.tests.props b/build/Common.tests.props
@@ -37,19 +37,25 @@
             <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
             <PrivateAssets>all</PrivateAssets>
         </PackageReference>
+
+        <!-- Fare and System.Text.RegularExpressions are referenced directly to avoid indirect vulnerable packages from AutoFixture -->
+        <PackageReference Include="Fare" Version="$(FareVer)" />
+        <PackageReference Include="System.Text.RegularExpressions" Version="$(SystemTextRegularExpressionsVer)" />
     </ItemGroup>
 
     <PropertyGroup Label="Package versions used in this repository">
         <!--
       Please sort alphabetically.
       Refer to https://docs.microsoft.com/nuget/concepts/package-versioning for semver syntax.
     -->
-        <AutoFixtureVer>[4.17.0]</AutoFixtureVer>
+        <AutoFixtureVer>[4.18.1]</AutoFixtureVer>
         <CoverletCollectorVer>[3.1.2]</CoverletCollectorVer>
+        <FareVer>[2.2.1]</FareVer>
         <GitHubActionsTestLoggerVer>[2.3.3]</GitHubActionsTestLoggerVer>
-        <MicrosoftNETTestSdkPkgVer>[17.3.2]</MicrosoftNETTestSdkPkgVer>
+        <MicrosoftNETTestSdkPkgVer>[17.13.0]</MicrosoftNETTestSdkPkgVer>
         <NSubstituteVer>[5.0.0]</NSubstituteVer>
-        <XUnitRunnerVisualStudioPkgVer>[2.4.3,3.0)</XUnitRunnerVisualStudioPkgVer>
-        <XUnitPkgVer>[2.4.1,3.0)</XUnitPkgVer>
+        <SystemTextRegularExpressionsVer>[4.3.1]</SystemTextRegularExpressionsVer>
+        <XUnitRunnerVisualStudioPkgVer>[2.8.2,3.0)</XUnitRunnerVisualStudioPkgVer>
+        <XUnitPkgVer>[2.9.3,3.0)</XUnitPkgVer>
     </PropertyGroup>
 </Project>
diff --git a/src/OpenFeature.Contrib.Providers.Flagd/Resolver/InProcess/InProcessResolver.cs b/src/OpenFeature.Contrib.Providers.Flagd/Resolver/InProcess/InProcessResolver.cs
@@ -54,7 +54,7 @@ public Task Init()
             return Task.Run(() =>
             {
                 var latch = new CountdownEvent(1);
-                _handleEventsThread = new Thread(() => HandleEvents(latch))
+                _handleEventsThread = new Thread(async () => await HandleEvents(latch))
                 {
                     IsBackground = true
                 };
@@ -101,7 +101,7 @@ public Task<ResolutionDetails<Value>> ResolveStructureValueAsync(string flagKey,
             return Task.FromResult(_evaluator.ResolveStructureValueAsync(flagKey, defaultValue, context));
         }
 
-        private async void HandleEvents(CountdownEvent latch)
+        private async Task HandleEvents(CountdownEvent latch)
         {
             CancellationToken token = _cancellationTokenSource.Token;
             while (!token.IsCancellationRequested)
diff --git a/test/OpenFeature.Contrib.Hooks.Otel.Test/MetricsHookTest.cs b/test/OpenFeature.Contrib.Hooks.Otel.Test/MetricsHookTest.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Threading.Tasks;
 using OpenFeature.Model;
 using OpenTelemetry;
 using OpenTelemetry.Metrics;
@@ -26,7 +27,7 @@ public MetricsHookTest()
         }
 
         [Fact]
-        public async void After_Test()
+        public async Task After_Test()
         {
             // Arrange
             const string metricName = "feature_flag.evaluation_success_total";
@@ -50,7 +51,7 @@ public async void After_Test()
         }
 
         [Fact]
-        public async void Error_Test()
+        public async Task Error_Test()
         {
             // Arrange
             const string metricName = "feature_flag.evaluation_error_total";
@@ -74,7 +75,7 @@ public async void Error_Test()
         }
 
         [Fact]
-        public async void Finally_Test()
+        public async Task Finally_Test()
         {
             // Arrange
             const string metricName = "feature_flag.evaluation_active_count";
@@ -98,7 +99,7 @@ public async void Finally_Test()
         }
 
         [Fact]
-        public async void Before_Test()
+        public async Task Before_Test()
         {
 
             // Arrange
diff --git a/test/OpenFeature.Contrib.Hooks.Otel.Test/TracingHookTest.cs b/test/OpenFeature.Contrib.Hooks.Otel.Test/TracingHookTest.cs
@@ -58,21 +58,9 @@ public void TestAfter()
 
             var tagsEnum = ev.Tags.GetEnumerator();
 
-            Assert.True(
-                Enumerable.Contains<KeyValuePair<string, object>>(
-                    ev.Tags, new KeyValuePair<string, object>("feature_flag.key", "my-flag")
-                )
-            );
-            Assert.True(
-                Enumerable.Contains<KeyValuePair<string, object>>(
-                    ev.Tags, new KeyValuePair<string, object>("feature_flag.variant", "default")
-                )
-            );
-            Assert.True(
-                Enumerable.Contains<KeyValuePair<string, object>>(
-                    ev.Tags, new KeyValuePair<string, object>("feature_flag.provider_name", "my-provider")
-                )
-            );
+            Assert.Contains(new KeyValuePair<string, object>("feature_flag.key", "my-flag"), ev.Tags);
+            Assert.Contains(new KeyValuePair<string, object>("feature_flag.variant", "default"), ev.Tags);
+            Assert.Contains(new KeyValuePair<string, object>("feature_flag.provider_name", "my-provider"), ev.Tags);
         }
 
         [Fact]
@@ -150,11 +138,7 @@ public void TestError()
 
             Assert.Equal("exception", ev.Name);
 
-            Assert.True(
-                Enumerable.Contains<KeyValuePair<string, object>>(
-                    ev.Tags, new KeyValuePair<string, object>("exception.message", "unexpected error")
-                )
-            );
+            Assert.Contains(new KeyValuePair<string, object>("exception.message", "unexpected error"), ev.Tags);
         }
 
         [Fact]
diff --git a/test/OpenFeature.Contrib.Providers.ConfigCat.Test/ConfigCatProviderTest.cs b/test/OpenFeature.Contrib.Providers.ConfigCat.Test/ConfigCatProviderTest.cs
@@ -56,7 +56,7 @@ public class ConfigCatProviderTest
 
         [Theory]
         [AutoData]
-        public async void CreateConfigCatProvider_WithSdkKey_CreatesProviderInstanceSuccessfully(string sdkKey)
+        public async Task CreateConfigCatProvider_WithSdkKey_CreatesProviderInstanceSuccessfully(string sdkKey)
         {
             var configCatProvider =
                 new ConfigCatProvider(sdkKey, options => { options.FlagOverrides = BuildFlagOverrides(); });
diff --git a/test/OpenFeature.Contrib.Providers.ConfigCat.Test/OpenFeature.Contrib.Providers.ConfigCat.Test.csproj b/test/OpenFeature.Contrib.Providers.ConfigCat.Test/OpenFeature.Contrib.Providers.ConfigCat.Test.csproj
@@ -1,7 +1,7 @@
 <Project Sdk="Microsoft.NET.Sdk">
 
   <ItemGroup>
-    <PackageReference Include="AutoFixture.Xunit2" Version="4.17.0" />
+    <PackageReference Include="AutoFixture.Xunit2" Version="4.18.1" />
     <ProjectReference Include="..\..\src\OpenFeature.Contrib.Providers.ConfigCat\OpenFeature.Contrib.Providers.ConfigCat.csproj" />
   </ItemGroup>
 
diff --git a/test/OpenFeature.Contrib.Providers.EnvVar.Test/OpenFeature.Contrib.Providers.EnvVar.Test.csproj b/test/OpenFeature.Contrib.Providers.EnvVar.Test/OpenFeature.Contrib.Providers.EnvVar.Test.csproj
@@ -1,7 +1,7 @@
 ﻿<Project Sdk="Microsoft.NET.Sdk">
 
     <ItemGroup>
-      <PackageReference Include="AutoFixture.Xunit2" Version="4.17.0" />
+      <PackageReference Include="AutoFixture.Xunit2" Version="4.18.1" />
       <ProjectReference Include="..\..\src\OpenFeature.Contrib.Providers.EnvVar\OpenFeature.Contrib.Providers.EnvVar.csproj" />
     </ItemGroup>
     
diff --git a/test/OpenFeature.Contrib.Providers.Flagd.E2e.Test/Steps/FlagdStepDefinitionBase.cs b/test/OpenFeature.Contrib.Providers.Flagd.E2e.Test/Steps/FlagdStepDefinitionBase.cs
@@ -94,7 +94,7 @@ public void WhenAZero_ValueBooleanFlagWithKeyIsEvaluatedWithDefaultValue(string
         }
 
         [Then(@"the resolved boolean zero-value should be ""(.*)""")]
-        public async void ThenTheResolvedBooleanZero_ValueShouldBe(string expectedValue)
+        public async Task ThenTheResolvedBooleanZero_ValueShouldBe(string expectedValue)
         {
             Assert.Equal(bool.Parse(expectedValue), await booleanZeroValue);
         }
@@ -183,7 +183,7 @@ public void WhenAContextContainingAKeyWithValue(string key, long val) // we have
         }
 
         [Then(@"the returned value should be ""(.*)""")]
-        public async void ThenTheReturnedValueShouldBe(string expectedValue)
+        public async Task ThenTheReturnedValueShouldBe(string expectedValue)
         {
             var details = await client.GetStringDetailsAsync(stringFlagKey, stringDefaultValue, evaluationContext);
             Assert.Equal(expectedValue, details.Value);
diff --git a/test/OpenFeature.Contrib.Providers.Flagd.Test/CacheTest.cs b/test/OpenFeature.Contrib.Providers.Flagd.Test/CacheTest.cs
@@ -1,3 +1,4 @@
+using System.Threading.Tasks;
 using Xunit;
 
 namespace OpenFeature.Contrib.Providers.Flagd.Test
@@ -17,23 +18,19 @@ public void TestCacheSetGet()
             Assert.Equal("my-value", value);
         }
         [Fact]
-        public void TestCacheCapacity()
+        public async Task TestCacheCapacity()
         {
             int capacity = 5;
             var cache = new LRUCache<string, string>(capacity);
 
-            var tasks = new System.Collections.Generic.List<System.Threading.Tasks.Task>();
+            var tasks = new System.Collections.Generic.List<Task>(capacity);
 
             for (int i = 0; i < capacity; i++)
             {
                 cache.Add($"key-{i}", $"value-{i}");
             }
 
-            var e = tasks.GetEnumerator();
-            while (e.MoveNext())
-            {
-                e.Current.Wait();
-            }
+            await Task.WhenAll(tasks);
 
             string value;
             // verify that we can retrieve all items
@@ -55,29 +52,25 @@ public void TestCacheCapacity()
         }
 
         [Fact]
-        public void TestCacheCapacityMultiThreaded()
+        public async Task TestCacheCapacityMultiThreaded()
         {
             int capacity = 5;
             var cache = new LRUCache<string, string>(capacity);
 
-            var tasks = new System.Collections.Generic.List<System.Threading.Tasks.Task>();
+            var tasks = new System.Collections.Generic.List<Task>(capacity);
 
             var counter = 0;
             for (int i = 0; i < capacity; i++)
             {
-                tasks.Add(System.Threading.Tasks.Task.Run(() =>
+                tasks.Add(Task.Run(() =>
                 {
                     var id = System.Threading.Interlocked.Increment(ref counter);
                     cache.Add($"key-{id}", $"value-{id}");
                 }));
                 //cache.Add($"key-{i}", $"value-{i}");
             }
 
-            var e = tasks.GetEnumerator();
-            while (e.MoveNext())
-            {
-                e.Current.Wait();
-            }
+            await Task.WhenAll(tasks);
 
             string value;
             // verify that we can retrieve all items
diff --git a/test/OpenFeature.Contrib.Providers.Flagd.Test/FlagdProviderTest.cs b/test/OpenFeature.Contrib.Providers.Flagd.Test/FlagdProviderTest.cs
diff --git a/test/OpenFeature.Contrib.Providers.Flagd.Test/Utils.cs b/test/OpenFeature.Contrib.Providers.Flagd.Test/Utils.cs
diff --git a/test/OpenFeature.Contrib.Providers.GOFeatureFlag.Test/GoFeatureFlagProviderTest.cs b/test/OpenFeature.Contrib.Providers.GOFeatureFlag.Test/GoFeatureFlagProviderTest.cs
diff --git a/test/OpenFeature.Contrib.Providers.Statsig.Test/OpenFeature.Contrib.Providers.Statsig.Test.csproj b/test/OpenFeature.Contrib.Providers.Statsig.Test/OpenFeature.Contrib.Providers.Statsig.Test.csproj
diff --git a/test/OpenFeature.Contrib.Providers.Statsig.Test/StatsigProviderTest.cs b/test/OpenFeature.Contrib.Providers.Statsig.Test/StatsigProviderTest.cs

Original file line number	Diff line number	Diff line change
`@@ -54,7 +54,7 @@ public Task Init()`
`54`	`54`	`return Task.Run(() =>`
`55`	`55`	`{`
`56`	`56`	`var latch = new CountdownEvent(1);`
`57`		`- _handleEventsThread = new Thread(() => HandleEvents(latch))`
	`57`	`+ _handleEventsThread = new Thread(async () => await HandleEvents(latch))`
`58`	`58`	`{`
`59`	`59`	`IsBackground = true`
`60`	`60`	`};`
`@@ -101,7 +101,7 @@ public Task<ResolutionDetails<Value>> ResolveStructureValueAsync(string flagKey,`
`101`	`101`	`return Task.FromResult(_evaluator.ResolveStructureValueAsync(flagKey, defaultValue, context));`
`102`	`102`	`}`
`103`	`103`
`104`		`- private async void HandleEvents(CountdownEvent latch)`
	`104`	`+ private async Task HandleEvents(CountdownEvent latch)`
`105`	`105`	`{`
`106`	`106`	`CancellationToken token = _cancellationTokenSource.Token;`
`107`	`107`	`while (!token.IsCancellationRequested)`
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`using System;`
`2`	`2`	`using System.Collections.Generic;`
`3`	`3`	`using System.Linq;`
	`4`	`+using System.Threading.Tasks;`
`4`	`5`	`using OpenFeature.Model;`
`5`	`6`	`using OpenTelemetry;`
`6`	`7`	`using OpenTelemetry.Metrics;`
`@@ -26,7 +27,7 @@ public MetricsHookTest()`
`26`	`27`	`}`
`27`	`28`
`28`	`29`	`[Fact]`
`29`		`- public async void After_Test()`
	`30`	`+ public async Task After_Test()`
`30`	`31`	`{`
`31`	`32`	`// Arrange`
`32`	`33`	`const string metricName = "feature_flag.evaluation_success_total";`
`@@ -50,7 +51,7 @@ public async void After_Test()`
`50`	`51`	`}`
`51`	`52`
`52`	`53`	`[Fact]`
`53`		`- public async void Error_Test()`
	`54`	`+ public async Task Error_Test()`
`54`	`55`	`{`
`55`	`56`	`// Arrange`
`56`	`57`	`const string metricName = "feature_flag.evaluation_error_total";`
`@@ -74,7 +75,7 @@ public async void Error_Test()`
`74`	`75`	`}`
`75`	`76`
`76`	`77`	`[Fact]`
`77`		`- public async void Finally_Test()`
	`78`	`+ public async Task Finally_Test()`
`78`	`79`	`{`
`79`	`80`	`// Arrange`
`80`	`81`	`const string metricName = "feature_flag.evaluation_active_count";`
`@@ -98,7 +99,7 @@ public async void Finally_Test()`
`98`	`99`	`}`
`99`	`100`
`100`	`101`	`[Fact]`
`101`		`- public async void Before_Test()`
	`102`	`+ public async Task Before_Test()`
`102`	`103`	`{`
`103`	`104`
`104`	`105`	`// Arrange`
Original file line number	Diff line number	Diff line change
`@@ -56,7 +56,7 @@ public class ConfigCatProviderTest`
`56`	`56`
`57`	`57`	`[Theory]`
`58`	`58`	`[AutoData]`
`59`		`- public async void CreateConfigCatProvider_WithSdkKey_CreatesProviderInstanceSuccessfully(string sdkKey)`
	`59`	`+ public async Task CreateConfigCatProvider_WithSdkKey_CreatesProviderInstanceSuccessfully(string sdkKey)`
`60`	`60`	`{`
`61`	`61`	`var configCatProvider =`
`62`	`62`	`new ConfigCatProvider(sdkKey, options => { options.FlagOverrides = BuildFlagOverrides(); });`
Original file line number	Diff line number	Diff line change
`@@ -94,7 +94,7 @@ public void WhenAZero_ValueBooleanFlagWithKeyIsEvaluatedWithDefaultValue(string`
`94`	`94`	`}`
`95`	`95`
`96`	`96`	`[Then(@"the resolved boolean zero-value should be ""(.*)""")]`
`97`		`- public async void ThenTheResolvedBooleanZero_ValueShouldBe(string expectedValue)`
	`97`	`+ public async Task ThenTheResolvedBooleanZero_ValueShouldBe(string expectedValue)`
`98`	`98`	`{`
`99`	`99`	`Assert.Equal(bool.Parse(expectedValue), await booleanZeroValue);`
`100`	`100`	`}`
`@@ -183,7 +183,7 @@ public void WhenAContextContainingAKeyWithValue(string key, long val) // we have`
`183`	`183`	`}`
`184`	`184`
`185`	`185`	`[Then(@"the returned value should be ""(.*)""")]`
`186`		`- public async void ThenTheReturnedValueShouldBe(string expectedValue)`
	`186`	`+ public async Task ThenTheReturnedValueShouldBe(string expectedValue)`
`187`	`187`	`{`
`188`	`188`	`var details = await client.GetStringDetailsAsync(stringFlagKey, stringDefaultValue, evaluationContext);`
`189`	`189`	`Assert.Equal(expectedValue, details.Value);`