Skip to content

[release/7.0] Bump a few package versions #14001

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
mmitche merged 1 commit into from
Sep 14, 2023
Merged

[release/7.0] Bump a few package versions #14001

mmitche merged 1 commit into from
Sep 14, 2023

Conversation

@dougbu
Copy link
Contributor

@dougbu dougbu commented Aug 30, 2023

To double check:

@dougbu
[release/7.0] Bump a few package versions
4348e88 
- small part of dotnet/dnceng#345
- bump Azure.Data.Tables to v12.8.1
- replace Microsoft.IdentityModel.Clients.ActiveDirectory with Microsoft.Identity.Client
  - part of dotnet/dnceng#629
- bump NuGet.* to v6.7.0
  - part of https://dev.azure.com/dnceng/internal/_workitems/edit/5127
  - part of https://dev.azure.com/dnceng/internal/_workitems/edit/5128
  - part of https://dev.azure.com/dnceng/internal/_workitems/edit/5129
  - part of https://dev.azure.com/dnceng/internal/_workitems/edit/5137
  - left both `$(NuGetVersioningVersion)` and `$(NuGetVersion)` to minimize disruption
    - see dotnet#12333 change in 'main' for a counter-example
  - react to deprecation of `ContentItemCollection.FindItemGroups(...)`
  - react to removal of `SignatureVerificationProviderFactory`
  - react to `VerifySignaturesResult` API changes (`Valid` to `IsValid`)
- bump NewtonSoft.Json to v13.0.3
- nits:
  - remove unused `$(...Version)` properties
  - remove a bit of dead code and unused `using`s in changed files
@dougbu dougbu requested review from a team, joeloff and mmitche August 30, 2023 20:49
@dougbu
Copy link
Contributor Author

dougbu commented Aug 30, 2023

see #14000 for a few comments in the changes

joeloff
joeloff reviewed Aug 30, 2023
View reviewed changes
src/SignCheck/Microsoft.SignCheck/Verification/NupkgVerifier.cs
}

// This method and SignatureVerificationResult.IsSigned are slightly misnamed. Signature validity is just as
// important as signature existence. The new VerifySignatureResult.IsSigned property would _not_ be correct
Copy link
Member

@joeloff joeloff Aug 30, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

IsSigned implies a valid signature, That's what the tool originally did. Did NuGet change their APIs? We never checked for the existence of a signature, we checked that the signature was valid. Anything else and it returned false so the file can be flagged.

The process of verifying it however is deferred to NuGet libraries

Copy link
Contributor Author

@dougbu dougbu Aug 30, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes and yes. this comment is just warning future Doug (or similar) not to use the new NuGet IsSigned property despite the name alignment. NuGet also changed Valid to IsValid, fortunately w/o changing semantics

@dougbu dougbu mentioned this pull request Aug 31, 2023
Merged
1 task
@mmitche mmitche merged commit 4f0cae0 into dotnet:release/7.0 Sep 14, 2023
@dougbu dougbu mentioned this pull request Sep 14, 2023
Merged
1 task
@dougbu dougbu deleted the dougbu/bump.versions/7.0 branch September 14, 2023 16:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@joeloff joeloff joeloff left review comments

@mmitche mmitche mmitche approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@dougbu @joeloff @mmitche