Skip to content

Commit b55d484

Browse files
bergmaniabergmania
authored
Updated NuGet Packages for v13 (#17704)
* Update nuget packages * Cherry pick fixes from v15 * Fixed: Projects that use central package version management should not define the version on the PackageReference items but on the PackageVersion items * rollback update in tool
1 parent ed0058a commit b55d484

File tree

9 files changed

+63
-32
lines changed

9 files changed

+63
-32
lines changed

Directory.Packages.props

Lines changed: 30 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -12,28 +12,28 @@
1212
</ItemGroup>
1313
<!-- Microsoft packages -->
1414
<ItemGroup>
15-
<PackageVersion Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="8.0.8" />
16-
<PackageVersion Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="8.0.8" />
15+
<PackageVersion Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="8.0.11" />
16+
<PackageVersion Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="8.0.11" />
1717
<PackageVersion Include="Microsoft.CodeAnalysis.CSharp" Version="4.10.0" />
18-
<PackageVersion Include="Microsoft.Data.Sqlite" Version="8.0.8" />
19-
<PackageVersion Include="Microsoft.EntityFrameworkCore.Sqlite" Version="8.0.8" />
20-
<PackageVersion Include="Microsoft.EntityFrameworkCore.SqlServer" Version="8.0.8" />
21-
<PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.8" />
18+
<PackageVersion Include="Microsoft.Data.Sqlite" Version="8.0.11" />
19+
<PackageVersion Include="Microsoft.EntityFrameworkCore.Sqlite" Version="8.0.11" />
20+
<PackageVersion Include="Microsoft.EntityFrameworkCore.SqlServer" Version="8.0.11" />
21+
<PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="8.0.11" />
2222
<PackageVersion Include="Microsoft.Extensions.Caching.Abstractions" Version="8.0.0" />
2323
<PackageVersion Include="Microsoft.Extensions.Configuration.Abstractions" Version="8.0.0" />
2424
<PackageVersion Include="Microsoft.Extensions.Configuration.Json" Version="8.0.0" />
25-
<PackageVersion Include="Microsoft.Extensions.DependencyInjection" Version="8.0.0" />
26-
<PackageVersion Include="Microsoft.Extensions.FileProviders.Embedded" Version="8.0.8" />
25+
<PackageVersion Include="Microsoft.Extensions.DependencyInjection" Version="8.0.1" />
26+
<PackageVersion Include="Microsoft.Extensions.FileProviders.Embedded" Version="8.0.11" />
2727
<PackageVersion Include="Microsoft.Extensions.FileProviders.Physical" Version="8.0.0" />
2828
<PackageVersion Include="Microsoft.Extensions.Hosting.Abstractions" Version="8.0.0" />
29-
<PackageVersion Include="Microsoft.Extensions.Http" Version="8.0.0" />
30-
<PackageVersion Include="Microsoft.Extensions.Identity.Core" Version="8.0.8" />
31-
<PackageVersion Include="Microsoft.Extensions.Identity.Stores" Version="8.0.8" />
32-
<PackageVersion Include="Microsoft.Extensions.Logging" Version="8.0.0" />
29+
<PackageVersion Include="Microsoft.Extensions.Http" Version="8.0.1" />
30+
<PackageVersion Include="Microsoft.Extensions.Identity.Core" Version="8.0.11" />
31+
<PackageVersion Include="Microsoft.Extensions.Identity.Stores" Version="8.0.11" />
32+
<PackageVersion Include="Microsoft.Extensions.Logging" Version="8.0.1" />
3333
<PackageVersion Include="Microsoft.Extensions.Options" Version="8.0.2" />
3434
<PackageVersion Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="8.0.0" />
3535
<PackageVersion Include="Microsoft.Extensions.Options.DataAnnotations" Version="8.0.0" />
36-
<PackageVersion Include="System.Runtime.Caching" Version="8.0.0" />
36+
<PackageVersion Include="System.Runtime.Caching" Version="8.0.1" />
3737
</ItemGroup>
3838
<!-- Umbraco packages -->
3939
<ItemGroup>
@@ -45,13 +45,13 @@
4545
<PackageVersion Include="Asp.Versioning.Mvc" Version="7.1.1" />
4646
<PackageVersion Include="Asp.Versioning.Mvc.ApiExplorer" Version="7.1.0" />
4747
<PackageVersion Include="Dazinator.Extensions.FileProviders" Version="2.0.0" />
48-
<PackageVersion Include="Examine" Version="3.3.0" />
49-
<PackageVersion Include="Examine.Core" Version="3.3.0" />
50-
<PackageVersion Include="HtmlAgilityPack" Version="1.11.64" />
48+
<PackageVersion Include="Examine" Version="3.5.0" />
49+
<PackageVersion Include="Examine.Core" Version="3.5.0" />
50+
<PackageVersion Include="HtmlAgilityPack" Version="1.11.71" />
5151
<PackageVersion Include="K4os.Compression.LZ4" Version="1.3.8" />
52-
<PackageVersion Include="MailKit" Version="4.7.1.1" />
52+
<PackageVersion Include="MailKit" Version="4.8.0" />
5353
<PackageVersion Include="Markdown" Version="2.2.1" />
54-
<PackageVersion Include="MessagePack" Version="2.5.187" />
54+
<PackageVersion Include="MessagePack" Version="2.5.192" />
5555
<PackageVersion Include="MiniProfiler.AspNetCore.Mvc" Version="4.3.8" />
5656
<PackageVersion Include="MiniProfiler.Shared" Version="4.3.8" />
5757
<PackageVersion Include="ncrontab" Version="3.3.3" />
@@ -62,37 +62,40 @@
6262
<PackageVersion Include="OpenIddict.AspNetCore" Version="4.10.1" />
6363
<PackageVersion Include="OpenIddict.EntityFrameworkCore" Version="4.10.1" />
6464
<PackageVersion Include="Serilog" Version="3.1.1" />
65-
<PackageVersion Include="Serilog.AspNetCore" Version="8.0.2" />
65+
<PackageVersion Include="Serilog.AspNetCore" Version="8.0.3" />
6666
<PackageVersion Include="Serilog.Enrichers.Process" Version="2.0.2" />
6767
<PackageVersion Include="Serilog.Enrichers.Thread" Version="3.1.0" />
6868
<PackageVersion Include="Serilog.Expressions" Version="4.0.0" />
6969
<PackageVersion Include="Serilog.Extensions.Hosting" Version="8.0.0" />
7070
<PackageVersion Include="Serilog.Formatting.Compact" Version="2.0.0" />
7171
<PackageVersion Include="Serilog.Formatting.Compact.Reader" Version="3.0.0" />
72-
<PackageVersion Include="Serilog.Settings.Configuration" Version="8.0.2" />
72+
<PackageVersion Include="Serilog.Settings.Configuration" Version="8.0.4" />
7373
<PackageVersion Include="Serilog.Sinks.Async" Version="1.5.0" />
7474
<PackageVersion Include="Serilog.Sinks.File" Version="5.0.0" />
7575
<PackageVersion Include="Serilog.Sinks.Map" Version="1.0.2" />
76-
<PackageVersion Include="SixLabors.ImageSharp" Version="3.1.5" />
76+
<PackageVersion Include="SixLabors.ImageSharp" Version="3.1.6" />
7777
<PackageVersion Include="SixLabors.ImageSharp.Web" Version="3.1.3" />
7878
<PackageVersion Include="Smidge.InMemory" Version="4.4.0" />
79-
<PackageVersion Include="Smidge.Nuglify" Version="4.4.0" />
80-
<PackageVersion Include="Swashbuckle.AspNetCore" Version="6.7.1" />
79+
<PackageVersion Include="Smidge.Nuglify" Version="4.5.1" />
80+
<PackageVersion Include="Swashbuckle.AspNetCore" Version="6.9.0" />
8181
</ItemGroup>
8282
<!-- Transitive pinned versions (only required because our direct dependencies have vulnerable versions of transitive dependencies) -->
8383
<ItemGroup>
8484
<!-- Both Microsoft.EntityFrameworkCore.SqlServer and NPoco.SqlServer bring in a vulnerable version of Azure.Identity -->
85-
<PackageVersion Include="Azure.Identity" Version="1.12.0" />
85+
<PackageVersion Include="Azure.Identity" Version="1.13.1" />
8686
<!-- Dazinator.Extensions.FileProviders brings in a vulnerable version of System.Net.Http -->
8787
<PackageVersion Include="System.Net.Http" Version="4.3.4" />
8888
<!-- Examine brings in a vulnerable version of System.Security.Cryptography.Xml -->
89-
<PackageVersion Include="System.Security.Cryptography.Xml" Version="8.0.1" />
89+
<PackageVersion Include="System.Security.Cryptography.Xml" Version="8.0.2" />
9090
<!-- Both Dazinator.Extensions.FileProviders and MiniProfiler.AspNetCore.Mvc bring in a vulnerable version of System.Text.RegularExpressions -->
9191
<PackageVersion Include="System.Text.RegularExpressions" Version="4.3.1" />
9292
<!-- Both OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer bring in a vulnerable version of Microsoft.IdentityModel.JsonWebTokens -->
9393
<PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="7.7.1" />
94-
9594
<!-- Both OpenIddict.AspNetCore, Microsoft.EntityFrameworkCore.* bring in a vulnerable version of Microsoft.Extensions.Caching.Memory -->
9695
<PackageVersion Include="Microsoft.Extensions.Caching.Memory" Version="8.0.1" />
96+
<!-- Both Azure.Identity, Microsoft.EntityFrameworkCore.SqlServer,NPoco.SqlServer, and more bring in a vulnerable version of System.Text.Json -->
97+
<PackageVersion Include="System.Text.Json" Version="8.0.5" />
98+
<!-- Both Microsoft.EntityFrameworkCore.SqlServer and NPoco.SqlServer bring in a vulnerable version of Microsoft.Data.SqlClient -->
99+
<PackageVersion Include="Microsoft.Data.SqlClient" Version="5.2.2" />
97100
</ItemGroup>
98-
</Project>
101+
</Project>

src/Umbraco.Cms.Persistence.EFCore.SqlServer/Umbraco.Cms.Persistence.EFCore.SqlServer.csproj

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,11 @@
77
<ItemGroup>
88
<!-- Take top-level depedendency on Azure.Identity, because Microsoft.EntityFrameworkCore.SqlServer depends on a vulnerable version -->
99
<PackageReference Include="Azure.Identity" />
10+
<!-- Both Azure.Identity, Microsoft.EntityFrameworkCore.SqlServer,NPoco.SqlServer, and more bring in a vulnerable version of System.Text.Json -->
11+
<PackageReference Include="System.Text.Json" />
12+
<!-- Both Microsoft.EntityFrameworkCore.SqlServer and NPoco.SqlServer bring in a vulnerable version of Microsoft.Data.SqlClient -->
13+
<PackageReference Include="Microsoft.Data.SqlClient" />
14+
1015
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" />
1116

1217
<!-- Both OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer bring in a vulnerable version of Microsoft.IdentityModel.JsonWebTokens -->

src/Umbraco.Cms.Persistence.EFCore/Locking/SqlServerEFCoreDistributedLockingMechanism.cs

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -170,7 +170,9 @@ private void ObtainWriteLock()
170170
"A transaction with minimum ReadCommitted isolation level is required.");
171171
}
172172

173+
#pragma warning disable EF1002
173174
var rowsAffected = await dbContext.Database.ExecuteSqlRawAsync(@$"SET LOCK_TIMEOUT {(int)_timeout.TotalMilliseconds};UPDATE umbracoLock WITH (REPEATABLEREAD) SET value = (CASE WHEN (value=1) THEN -1 ELSE 1 END) WHERE id={LockId}");
175+
#pragma warning restore EF1002
174176

175177
if (rowsAffected == 0)
176178
{

src/Umbraco.Cms.Persistence.EFCore/Umbraco.Cms.Persistence.EFCore.csproj

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,10 @@
1010

1111
<!-- Take top-level depedendency on Microsoft.Extensions.Caching.Memory, because Microsoft.EntityFrameworkCore.* depends on a vulnerable version -->
1212
<PackageReference Include="Microsoft.Extensions.Caching.Memory" />
13+
<!-- Both Azure.Identity, Microsoft.EntityFrameworkCore.SqlServer,NPoco.SqlServer, and more bring in a vulnerable version of System.Text.Json -->
14+
<PackageReference Include="System.Text.Json" />
15+
<!-- Both Microsoft.EntityFrameworkCore.SqlServer and NPoco.SqlServer bring in a vulnerable version of Microsoft.Data.SqlClient -->
16+
<PackageReference Include="Microsoft.Data.SqlClient" />
1317

1418
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" />
1519
<PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" />

src/Umbraco.Cms.Persistence.SqlServer/Umbraco.Cms.Persistence.SqlServer.csproj

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,11 @@
77
<ItemGroup>
88
<!-- Take top-level depedendency on Azure.Identity, because NPoco.SqlServer depends on a vulnerable version -->
99
<PackageReference Include="Azure.Identity" />
10+
<!-- Both Azure.Identity, Microsoft.EntityFrameworkCore.SqlServer,NPoco.SqlServer, and more bring in a vulnerable version of System.Text.Json -->
11+
<PackageReference Include="System.Text.Json" />
12+
<!-- Both Microsoft.EntityFrameworkCore.SqlServer and NPoco.SqlServer bring in a vulnerable version of Microsoft.Data.SqlClient -->
13+
<PackageReference Include="Microsoft.Data.SqlClient" />
14+
1015
<PackageReference Include="NPoco.SqlServer" />
1116

1217
<!-- Both OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer bring in a vulnerable version of Microsoft.IdentityModel.JsonWebTokens -->

src/Umbraco.Infrastructure/Umbraco.Infrastructure.csproj

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -37,6 +37,12 @@
3737
<PackageReference Include="Serilog.Sinks.Async" />
3838
<PackageReference Include="Serilog.Sinks.File" />
3939
<PackageReference Include="Serilog.Sinks.Map" />
40+
41+
<!-- Both Azure.Identity, Microsoft.EntityFrameworkCore.SqlServer,NPoco.SqlServer, and more bring in a vulnerable version of System.Text.Json -->
42+
<PackageReference Include="System.Text.Json" />
43+
44+
<!-- Both Dazinator.Extensions.FileProviders and MiniProfiler.AspNetCore.Mvc bring in a vulnerable version of System.Text.RegularExpressions -->
45+
<PackageReference Include="System.Text.RegularExpressions" />
4046
</ItemGroup>
4147

4248
<ItemGroup>

src/Umbraco.Web.Common/Umbraco.Web.Common.csproj

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,8 @@
2626
<PackageReference Include="System.Text.RegularExpressions" />
2727
<!-- Both OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer bring in a vulnerable version of Microsoft.IdentityModel.JsonWebTokens -->
2828
<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens"/>
29+
<!-- Both Azure.Identity, Microsoft.EntityFrameworkCore.SqlServer,NPoco.SqlServer, and more bring in a vulnerable version of System.Text.Json -->
30+
<PackageReference Include="System.Text.Json" />
2931
</ItemGroup>
3032

3133
<ItemGroup>

tests/Directory.Packages.props

Lines changed: 4 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -5,19 +5,19 @@
55
<ItemGroup>
66
<!-- Microsoft packages -->
77
<PackageVersion Include="BenchmarkDotNet" Version="0.14.0" />
8-
<PackageVersion Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.8" />
8+
<PackageVersion Include="Microsoft.AspNetCore.Mvc.Testing" Version="8.0.11" />
99
<PackageVersion Include="Microsoft.Extensions.Logging.Debug" Version="8.0.0" />
1010
<PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
1111
<PackageVersion Include="System.Data.DataSetExtensions" Version="4.5.0" />
12-
<PackageVersion Include="System.Data.Odbc" Version="8.0.0" />
13-
<PackageVersion Include="System.Data.OleDb" Version="8.0.0" />
12+
<PackageVersion Include="System.Data.Odbc" Version="8.0.1" />
13+
<PackageVersion Include="System.Data.OleDb" Version="8.0.1" />
1414
<PackageVersion Include="System.Reflection.Emit" Version="4.7.0" />
1515
</ItemGroup>
1616
<ItemGroup>
1717
<!-- Third-party packages -->
1818
<PackageVersion Include="AutoFixture.AutoMoq" Version="4.18.1" />
1919
<PackageVersion Include="AutoFixture.NUnit3" Version="4.18.1" />
20-
<PackageVersion Include="Bogus" Version="34.0.2" />
20+
<PackageVersion Include="Bogus" Version="35.6.1" />
2121
<PackageVersion Include="Moq" Version="4.18.4" />
2222
<PackageVersion Include="NUnit" Version="3.14.0" />
2323
<PackageVersion Include="NUnit3TestAdapter" Version="4.5.0" PrivateAssets="all" />

tests/Umbraco.Tests.Integration/Testing/UmbracoIntegrationTest.cs

Lines changed: 5 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -81,7 +81,11 @@ public void Setup()
8181
}
8282

8383
[TearDown]
84-
public void TearDownAsync() => _host.StopAsync();
84+
public void TearDownAsync()
85+
{
86+
_host.StopAsync();
87+
Services.DisposeIfDisposable();
88+
}
8589

8690
/// <summary>
8791
/// Create the Generic Host and execute startup ConfigureServices/Configure calls

0 commit comments

Comments
 (0)