-
Notifications
You must be signed in to change notification settings - Fork 177
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Update Dependencies and Suppress NU1603 (#1970)
## Why make this change? - Updates dependencies `SqlClient` and `Microsoft.AspNetCore.Authentication.JwtBearer` - Explicitly set version of and include transitive dependencies: `System.IdentityModel.Tokens.Jwt` and `Microsoft.IdentityModel.JsonWebTokens` - Suppress NU1603 when resolving dependencies from NuGet feed to prevent pipeline failures. - Allows pipeline to pull compatible dependency version from private feed even when dependency is not the exact lower bounded version. DAB project treats warnings as errors and in this case, NU1603 is emitted and should be ignored. - Background on issue: NuGet/Home#5764 Even though our feed may have version `6.10.1` of the relevant package which meets the expectations of `>=6.10.0`, NuGet is expects and considers the "ideal" match to be `6.10.0` because that is what the package was built and tested against. Newer versions may or may not work and allows build systems to be consistent (per linked NuGet issue thread). > ##[error]Core.csproj(0,0): Error NU1603: Microsoft.IdentityModel.Protocols 6.10.0 depends on Microsoft.IdentityModel.Tokens (>= 6.10.0) > but Microsoft.IdentityModel.Tokens 6.10.0 was not found. > An approximate best match of Microsoft.IdentityModel.Tokens 6.10.1 was resolved. ## What is this change? - Suppress `NU1603` warning in all csproj files. - Updates SqlClient dependency to version `5.1.4`. - Updates Microsoft.AspNetCore.Authentication.JwtBearer to version `6.0.26` - Updates System.IdentityModel.Tokens.Jwt and Microsoft.IdentityModel.JsonWebTokens to `6.35.0` explicitly even though transitive dependencies because latest SqlClient 5.1.4 references vulnerable 6.24.0 versions. Known issue in sqlclient dotnet/SqlClient#2294 and workaround is to explicitly define the dependencies/needed version. ## How was this tested? - [x] integration test: privately running the pipeline resolves expected dependencies without error. --------- Co-authored-by: neeraj-sharma2592 <neeraj.sharma2592@gmail.com>
- Loading branch information
1 parent
40dab94
commit f83188d
Showing
11 changed files
with
18 additions
and
5 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters