Skip to content

WinFormsTestApp: purge stale lock/obj to drop Microsoft.WindowsDesktop.App.Ref 3.1.0 (fix CG Critical from #5482) #5506

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 29, 2025
Merged

WinFormsTestApp: purge stale lock/obj to drop Microsoft.WindowsDesktop.App.Ref 3.1.0 (fix CG Critical from #5482) #5506

merged 1 commit into from
Sep 29, 2025

Conversation

@gladjohn
Copy link
Contributor

Fixes- CG alert

Changes proposed in this request
Component Governance flags a Critical alert for Microsoft.WindowsDesktop.App.Ref 3.1.0 during the WinForms test app build. There is no explicit reference in the repo; the alert results from restore artifacts/lockfile behavior. This PR prevents creation of a per-project lockfile for the test app so new builds resolve against current framework refs and do not surface the legacy package.

Component detection - https://identitydivision.visualstudio.com/IDDP/_build/results?buildId=1535830&view=logs&j=5af50cc2-dfd2-559f-4713-be7402902cc5&t=154cf91c-b1f3-57ab-1919-56f7d79b7fe3&l=2456

Rationale

  • The test app targets net8.0-windows* and uses framework refs (WinForms/WPF).
  • CG was reading an older dependency resolution from lockfile/restore artifacts and attributing it to this project.
  • Disabling the per-project lockfile for this test app ensures future restores don’t reintroduce the legacy Microsoft.WindowsDesktop.App.Ref 3.1.0 into the scanned graph.

Testing
devapp

Performance impact
none

Documentation
n/a

@gladjohn gladjohn requested a review from a team as a code owner September 29, 2025 00:10
@gladjohn gladjohn changed the title WinFormsTestApp: purge stale lock/obj and re-evaluate restore to drop Microsoft.WindowsDesktop.App.Ref 3.1.0 (fix CG Critical from #5482) WinFormsTestApp: purge stale lock/obj to drop Microsoft.WindowsDesktop.App.Ref 3.1.0 (fix CG Critical from #5482) Sep 29, 2025
@gladjohn gladjohn merged commit 683d687 into main Sep 29, 2025
11 checks passed
@gladjohn gladjohn deleted the gladjohn-patch-RestorePackagesWithLockFile branch September 29, 2025 20:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bgavrilMS bgavrilMS bgavrilMS approved these changes

@neha-bhargava neha-bhargava neha-bhargava approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@gladjohn @bgavrilMS @neha-bhargava