Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement central package versioning #393

Merged
merged 5 commits into from
Nov 19, 2024
Merged

Implement central package versioning #393

merged 5 commits into from
Nov 19, 2024

Conversation

plave0
Copy link
Contributor

@plave0 plave0 commented Nov 18, 2024
edited
Loading

Many dependencies are shared between projects. Central package management (CPM) prevents discrepancies of dependency versions between projects and reduces the duplication of version information across projects.

Previously, versions of transitive dependencies which have been marked as vulnerable have been overwritten to safe versions. CPM enables us to overwrite versions of vulnerable transitive dependencies in a centralized manner, which makes maintaining them easier. This change also enables us to exclude information about overwritten transitive dependencies from each individual project, which reduces clutter in project files.

Remove unused NuGet projects.

After implementing CPM, NuGet projects (all projects under the nuproj directory, except SF.ActorsServices.Internal) started causing warning on build. Since they are no longer in use, and it is not planned to use them in the future, they have been deleted form the repository.

Update versions of ASP.NET Core NuGet packages

Update the following packages:

  • Microsoft.AspNetCore.Diagnostics has been downgraded to version 2.1.1.
  • Microsoft.AspNetCore.Hosting has been downgraded to version 2.1.1.
  • Microsoft.AspNetCore.HttpsPolicy has been downgraded to version 2.1.1.
  • Microsoft.AspNetCore.Mvc has been downgraded to version 2.1.3.
  • Microsoft.AspNetCore.Server.HttpSys has been downgraded to version 2.1.12.

These packages have been downgraded in order to reflect the support policy of NuGet based ASP.NET Core 2.1 packages which are being used for building our .NET Framework 4.6 packages (https://dotnet.microsoft.com/en-us/platform/support/policy/dotnet-core).

@plave0
Implement central package versioning
f2e27bf
@plave0
Disable unused NuGet projects
01c9d44 
NuGet projects which package SDK binaries are no
longer in use and have been disabled. SF.AspNetCore.Internal
is the only one left in use and it has been left enabled.
@plave0
Downgrade AspNetCore NuGet packages
0755832 
Downgrading package versions to match support policy
of package based .NET Core.
@plave0
Removing unused NuGet packages
be4d4d5 
NuGet projects which generate NuGet packages are no
longer in use and have been deleted. SF.AspNetCore.Internal
is the only one left in use and it has been left enabled.
@plave0 plave0 self-assigned this Nov 18, 2024
@plave0 plave0 marked this pull request as ready for review November 18, 2024 17:06
olegsych
olegsych approved these changes Nov 18, 2024
View reviewed changes
Directory.Packages.props Show resolved Hide resolved
@plave0 plave0 changed the title Implementing central package versioning Implement central package versioning Nov 19, 2024
@plave0 plave0 merged commit dc01a62 into develop Nov 19, 2024
2 checks passed
@plave0 plave0 deleted the user/pavleiri/implementCentralPackageVersioning branch November 19, 2024 10:57
@plave0 plave0 restored the user/pavleiri/implementCentralPackageVersioning branch November 19, 2024 11:05
@plave0 plave0 deleted the user/pavleiri/implementCentralPackageVersioning branch November 19, 2024 11:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gobradovic gobradovic gobradovic approved these changes

@olegsych olegsych olegsych approved these changes

Assignees

@plave0 plave0

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@plave0 @olegsych @gobradovic