Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Build updates in preparation for .net 9 #1597

Merged
merged 5 commits into from
Sep 19, 2024
Merged

Build updates in preparation for .net 9 #1597

merged 5 commits into from
Sep 19, 2024

Conversation

josephdecock
Copy link
Member

@josephdecock josephdecock commented Sep 18, 2024
edited
Loading

This PR prepares the repo for .net 9.

Note that this only affects our development hosts and test projects, not any published package's dependency. All our current packages have no transitive security vulnerabilities as of now.

  • Update Serilog to 8.0.2. This pulls in the right version of System.Text.Json in most cases.
  • Pin versions of Azure.Identity (1.11.4), System.Formats.Asn1 (8.0.1), Microsoft.Data.SqlClient (5.1.6) and System.Text.Json. These are depended on by EF and Sql client packages, and there's no update to those packages available that wouldn't give us a vulnerable version. Hopefully someday those packages will update such that this is no longer needed.
  • Rename ClientModel. The new System.ClientModel library is a new dependency that we get from updating Azure.Identity, and its namespace name conflicts with our existing class name. There's no good way to resolve the ambiguity, short of just renaming the model. We need to do the same in the templates. (Rename ClientModel (conflicts with System.ClientModel namespace) #1683)
  • Convert CsQuery to AngleSharp in test projects. These are libraries for doing DOM manipulation in C#. CsQuery is no longer maintained, and it has some messy dependencies. AngleSharp is an easy replacement.

@josephdecock
Update host dependencies past transitive security vulnerabilities
043bd4c 
- Update Serilog to 8.0.2. This is needed for a transitive update for System.Text.Json.
- Pin versions of Azure.Identity (1.11.4), System.Formats.Asn1 (8.0.1), and Microsoft.Data.SqlClient (5.1.6). These are depended on by EF and Sql client packages, and there's no update to those packages available that wouldn't give us a vulnerable version. Hopefully someday those packages will update such that this is no longer needed.
@josephdecock
Copy link
Member Author

Huh, looks like some weird issue with the migrations that I didn't run locally...

@josephdecock
Rename ClientModel
11d7756 
The new System.ClientModel library is a dependency that we get from EF, and its namespace name conflicts with our existing class name. There's no good way to resolve the ambiguity, short of just renaming the model. We need to do the same in the templates. (https://github.com/DuendeSoftware/IdentityServer.Templates/issues/56)
@josephdecock
Pin transitive dependencies to avoid vulnerabilities in test projects
c979626 
Pin versions of Azure.Identity (1.11.4), System.Formats.Asn1 (8.0.1), and Microsoft.Data.SqlClient (5.1.6). These are depended on by EF and Sql client packages, and there's no update to those packages available that wouldn't give us a vulnerable version. Hopefully someday those packages will update such that this is no longer needed.
@josephdecock
Convert CsQuery to AngleSharp in test projects
0f04d85 
These are libraries for doing DOM manipulation in C#. CsQuery is no longer maintained, and it has some messy dependencies. AngleSharp is an easy replacement.
@josephdecock
Using async Task instead of async void in tests
1ed73c9
@josephdecock josephdecock changed the title Update host dependencies past transitive security vulnerabilities Update internal dependencies past transitive security vulnerabilities Sep 19, 2024
@josephdecock josephdecock changed the title Update internal dependencies past transitive security vulnerabilities Build updates in preparation for .net 9 Sep 19, 2024
@leastprivilege leastprivilege requested review from leastprivilege and removed request for damianh September 19, 2024 06:21
@leastprivilege leastprivilege merged commit f01e45f into main Sep 19, 2024
5 checks passed
@leastprivilege leastprivilege deleted the joe/host-updates branch September 19, 2024 06:22
@josephdecock josephdecock linked an issue Dec 9, 2024 that may be closed by this pull request
.NET 9 Support #1593
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@leastprivilege leastprivilege leastprivilege approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

.NET 9 Support
2 participants
@josephdecock @leastprivilege