[automated] Merge branch 'vs18.0' => 'main'#12685
Merged
JanProvaznik merged 38 commits intomainfrom Oct 21, 2025
Merged
Conversation
This pull request updates the following dependencies [marker]: <> (Begin:5f9c9524-456b-43ca-a978-063daaf53c38) ## From https://github.com/dotnet/arcade - **Subscription**: [5f9c9524-456b-43ca-a978-063daaf53c38](https://maestro.dot.net/subscriptions?search=5f9c9524-456b-43ca-a978-063daaf53c38) - **Build**: [20250905.3](https://dev.azure.com/dnceng/internal/_build/results?buildId=2787027) ([282118](https://maestro.dot.net/channel/3885/github:dotnet:arcade/build/282118)) - **Date Produced**: September 5, 2025 2:36:46 PM UTC - **Commit**: [09625cb3b98ebe646a63dfea19a0c0127e88459a](dotnet/arcade@09625cb) - **Branch**: [release/8.0](https://github.com/dotnet/arcade/tree/release/8.0) [DependencyUpdate]: <> (Begin) - **Updates**: - From [8.0.0-beta.25427.4 to 8.0.0-beta.25455.3][1] - Microsoft.DotNet.Arcade.Sdk - Microsoft.DotNet.XUnitExtensions [1]: dotnet/arcade@6e78cc9...09625cb [DependencyUpdate]: <> (End) - **Updates to .NET SDKs:** - Updates tools.dotnet to 8.0.119 [marker]: <> (End:5f9c9524-456b-43ca-a978-063daaf53c38) --------- Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com> Co-authored-by: Gang Wang <v-gaw@microsoft.com>
This pull request updates the following dependencies [marker]: <> (Begin:aca86521-13b3-4d28-a005-127af3b681e5) ## From https://github.com/dotnet/arcade - **Subscription**: [aca86521-13b3-4d28-a005-127af3b681e5](https://maestro.dot.net/subscriptions?search=aca86521-13b3-4d28-a005-127af3b681e5) - **Build**: [20250905.3](https://dev.azure.com/dnceng/internal/_build/results?buildId=2787027) ([282118](https://maestro.dot.net/channel/3885/github:dotnet:arcade/build/282118)) - **Date Produced**: September 5, 2025 2:36:46 PM UTC - **Commit**: [09625cb3b98ebe646a63dfea19a0c0127e88459a](dotnet/arcade@09625cb) - **Branch**: [release/8.0](https://github.com/dotnet/arcade/tree/release/8.0) [DependencyUpdate]: <> (Begin) - **Updates**: - From [8.0.0-beta.25427.4 to 8.0.0-beta.25455.3][1] - Microsoft.SourceBuild.Intermediate.arcade - Microsoft.DotNet.Arcade.Sdk - Microsoft.DotNet.XUnitExtensions [1]: dotnet/arcade@6e78cc9...09625cb [DependencyUpdate]: <> (End) [marker]: <> (End:aca86521-13b3-4d28-a005-127af3b681e5) --------- Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com> Co-authored-by: Gang Wang <v-gaw@microsoft.com>
This pull request updates the following dependencies [marker]: <> (Begin:42961865-e7dd-40be-a923-7af2e4664f80) ## From https://github.com/dotnet/arcade - **Subscription**: [42961865-e7dd-40be-a923-7af2e4664f80](https://maestro.dot.net/subscriptions?search=42961865-e7dd-40be-a923-7af2e4664f80) - **Build**: [20250905.3](https://dev.azure.com/dnceng/internal/_build/results?buildId=2787027) ([282118](https://maestro.dot.net/channel/3885/github:dotnet:arcade/build/282118)) - **Date Produced**: September 5, 2025 2:36:46 PM UTC - **Commit**: [09625cb3b98ebe646a63dfea19a0c0127e88459a](dotnet/arcade@09625cb) - **Branch**: [release/8.0](https://github.com/dotnet/arcade/tree/release/8.0) [DependencyUpdate]: <> (Begin) - **Updates**: - From [8.0.0-beta.25427.4 to 8.0.0-beta.25455.3][1] - Microsoft.SourceBuild.Intermediate.arcade - Microsoft.DotNet.Arcade.Sdk - Microsoft.DotNet.XUnitExtensions [1]: dotnet/arcade@6e78cc9...09625cb [DependencyUpdate]: <> (End) [marker]: <> (End:42961865-e7dd-40be-a923-7af2e4664f80) --------- Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com> Co-authored-by: Gang Wang <v-gaw@microsoft.com>
…bdirectory on every build Recreate temp on linux using CreateTempSubdirectory on every build ---- #### AI description (iteration 1) #### PR Classification Bug fix addressing a Linux-specific temporary folder security vulnerability. #### PR Summary This pull request enhances security in MSBuild on Linux by replacing the manual temporary folder creation logic with a reliable call to CreateTempSubdirectory, ensuring a unique and correctly set up temp folder on every build. - `src/Shared/TempFileUtilities.cs`: On Linux, the temp folder is now recreated via Directory.CreateTempSubdirectory instead of custom mkdir/chmod logic. - `src/Shared/TempFileUtilities.cs`: Removed the unused `userRWX` constant, cleaning up the code. <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot --> ---- #### AI description (iteration 2) #### PR Classification This pull request is a security fix that updates the temporary folder creation mechanism on Linux. #### PR Summary The PR replaces the insecure native mkdir/chmod approach with a safer Directory.CreateTempSubdirectory method for Linux, ensuring that the temporary folder is freshly created on every build and addressing the risk of malicious folder creation. - **`src/Shared/TempFileUtilities.cs`**: Replaces the complex mkdir/chmod logic with a call to Directory.CreateTempSubdirectory for Linux and removes the obsolete userRWX constant. - **`eng/Versions.props`**: Increments the version prefix to reflect the update. Related work items: #2541147
…directory on every build Recreate temp on linux using CreateTempSubdirectory on every build ---- #### AI description (iteration 1) #### PR Classification This pull request implements a security bug fix by revising the temporary folder creation mechanism on Linux. #### PR Summary The changes modify the creation of the MSBuild temporary folder to use .NET’s built-in Directory.CreateTempSubdirectory method on Linux, ensuring a new subdirectory is recreated on every build. This approach removes the custom native permission logic and fallback routines, thereby mitigating the risk of malicious folder creation. - `src/Shared/TempFileUtilities.cs`: On Linux, the manual mkdir/chmod logic is replaced with Directory.CreateTempSubdirectory using a fixed prefix. - `src/Shared/TempFileUtilities.cs`: For other platforms, the temporary path is now combined with the new folder prefix with explicit directory creation. - `src/Shared/TempFileUtilities.cs`: The custom permission constant (`userRWX`) is removed in favor of secure, built-in directory handling. <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot --> ---- #### AI description (iteration 2) #### PR Classification This pull request is a security fix addressing a vulnerability in the MSBuild temporary folder creation on Linux. #### PR Summary This pull request mitigates a security issue by revising the Linux temporary folder creation process to use a secure subdirectory creation method. - **`src/Shared/TempFileUtilities.cs`**: Refactored the Linux branch to create a temporary folder with `Directory.CreateTempSubdirectory` using a designated prefix, removing unsafe custom permission checks. - **`eng/Versions.props`**: Updated the version prefix from 17.8.42 to 17.8.43. Related work items: #2541147
…bdirectory on every build Recreate temp on linux using CreateTempSubdirectory on every build ---- #### AI description (iteration 1) #### PR Classification Security bug fix addressing the temporary folder creation issue on Linux. #### PR Summary This pull request secures the temporary directory creation in `src/Shared/TempFileUtilities.cs` by replacing the manual folder creation and permission checks with a call to `Directory.CreateTempSubdirectory` on Linux, thereby mitigating the risk of unauthorized temp folder creation. It directly addresses the linked [Security] work item by eliminating the potential for malicious actor intervention. - `src/Shared/TempFileUtilities.cs`: Uses `Directory.CreateTempSubdirectory` to create a unique, secure temp folder on Linux. - `src/Shared/TempFileUtilities.cs`: Removes outdated manual permission and folder collision handling logic. <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot --> ---- #### AI description (iteration 2) #### PR Classification Security bug fix that addresses a vulnerability in temporary folder creation on Linux. #### PR Summary This pull request enhances security by reworking the Linux temporary folder creation in MSBuild to generate a fresh subdirectory on every build using `Directory.CreateTempSubdirectory`. - `src/Shared/TempFileUtilities.cs`: Replaced the custom folder creation and permission logic with a secure, native subdirectory creation method and removed the obsolete `userRWX` constant. - `eng/Versions.props`: Bumped the version prefix from 17.11.47 to 17.11.48. Related work items: #2541147
…bdirectory on every build Recreate temp on linux using CreateTempSubdirectory on every build ---- #### AI description (iteration 2) #### PR Classification This PR is a security fix addressing vulnerabilities in temporary folder creation on Linux. #### PR Summary The PR revises the MSBuild temporary folder creation by replacing custom mkdir/chmod logic with a secure API call to Directory.CreateTempSubdirectory on Linux, mitigating risks of malicious folder pre-creation. It also bumps the package version. - `src/Shared/TempFileUtilities.cs`: Replaces custom Linux temp folder creation logic with a call to Directory.CreateTempSubdirectory and adjusts the fallback branch. - `src/Shared/TempFileUtilities.cs`: Removes the obsolete userRWX constant. - `eng/Versions.props`: Updates the version prefix from 17.12.49 to 17.12.50. <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot --> Related work items: #2541147
…bdirectory on every build Recreate temp on linux using CreateTempSubdirectory on every build ---- #### AI description (iteration 1) #### PR Classification Security bug fix that improves the creation of the temporary folder on Linux to prevent potential malicious folder hijacking. #### PR Summary This PR replaces the custom logic for creating and validating the MSBuild temporary folder on Linux with the built-in Directory.CreateTempSubdirectory method, ensuring a fresh and securely generated temp directory on every build. - `src/Shared/TempFileUtilities.cs`: Updated the Linux branch in the CreateFolderUnderTemp method to use Directory.CreateTempSubdirectory instead of manually handling mkdir/chmod and username concatenation. - `src/Shared/TempFileUtilities.cs`: Removed the custom permission logic and the unused `userRWX` constant, simplifying the directory creation for non-Linux platforms. <!-- GitOpsUserAgent=GitOps.Apps.Server.pullrequestcopilot --> ---- #### AI description (iteration 2) #### PR Classification This pull request is a security bug fix addressing a vulnerability in how MSBuild creates its temporary folder on Linux. #### PR Summary The PR improves the security of temp folder creation by replacing custom mkdir/chmod logic with the built-in `Directory.CreateTempSubdirectory` on Linux, ensuring a uniquely created directory for each build. Additionally, it removes redundant permission code in `TempFileUtilities.cs` and bumps the version in `eng/Versions.props` from 17.14.27 to 17.14.28. - `src/Shared/TempFileUtilities.cs`: Replaces manual Linux temp folder creation with `Directory.CreateTempSubdirectory` and eliminates outdated permission checks. - `eng/Versions.props`: Updates the version prefix to signal the new release. Related work items: #2541147
Merging tag v17.8.43 into vs17.8 branch
Merging tag v17.10.46 into vs17.10 branch
Merging tag v17.12.50 into vs17.12 branch
Merging tag v17.14.28 into vs17.14 branch
Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com> Co-authored-by: Gang Wang <v-gaw@microsoft.com> Co-authored-by: Jan Provazník <janprovaznik@microsoft.com>
Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com> Co-authored-by: Gang Wang <v-gaw@microsoft.com> Co-authored-by: Jan Provazník <janprovaznik@microsoft.com>
Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com> Co-authored-by: Gang Wang <v-gaw@microsoft.com> Co-authored-by: Jan Provazník <janprovaznik@microsoft.com>
Co-authored-by: Jan Provazník <janprovaznik@microsoft.com>
> [!NOTE] > This is a codeflow update. It may contain both source code changes from [the VMR](https://github.com/dotnet/dotnet) as well as dependency updates. Learn more [here](https://github.com/dotnet/dotnet/tree/main/docs/Codeflow-PRs.md). This pull request brings the following source code changes [marker]: <> (Begin:0ca9ffca-5797-48b7-89c1-0247660753a9) ## From https://github.com/dotnet/dotnet - **Subscription**: [0ca9ffca-5797-48b7-89c1-0247660753a9](https://maestro.dot.net/subscriptions?search=0ca9ffca-5797-48b7-89c1-0247660753a9) - **Build**: [20251019.2](https://dev.azure.com/dnceng/internal/_build/results?buildId=2819732) ([287756](https://maestro.dot.net/channel/5173/github:dotnet:dotnet/build/287756)) - **Date Produced**: October 19, 2025 10:36:45 PM UTC - **Commit**: [d499f9cdfd5b7b7bb291f95a3c14417d5edc969f](dotnet/dotnet@d499f9c) - **Commit Diff**: [e72b5bb...d499f9c](dotnet/dotnet@e72b5bb...d499f9c) - **Branch**: [release/10.0.1xx](https://github.com/dotnet/dotnet/tree/release/10.0.1xx) [marker]: <> (End:0ca9ffca-5797-48b7-89c1-0247660753a9) [marker]: <> (Start:Footer:CodeFlow PR) ## Associated changes in source repos - dotnet/arcade@a4c9a07...e8ca693 - dotnet/aspnetcore@8d29610...7387de9 - dotnet/diagnostics@46edddd...297a926 - dotnet/efcore@3c78edc...456f972 - dotnet/fsharp@8d12fd3...2cb9ee0 - NuGet/NuGet.Client@28eeb09...5514d93 - dotnet/razor@909624c...967dc4f - dotnet/roslyn@7831533...739dc0e - dotnet/runtime@e04af3c...7f46a7e - dotnet/sdk@b7b9812...0235c63 - dotnet/source-build-reference-packages@fdb961b...2beeb91 - dotnet/sourcelink@9b949ee...307eb51 - dotnet/symreader@26c6c31...ee968d4 - dotnet/templating@fcc5f29...e3fa684 - microsoft/vstest@e3d46be...b7e8733 - dotnet/windowsdesktop@e2dc1b2...b7aa786 - dotnet/wpf@a94c8eb...8409237 [marker]: <> (End:Footer:CodeFlow PR) --------- Co-authored-by: dotnet-maestro[bot] <dotnet-maestro[bot]@users.noreply.github.com>
I detected changes in the vs17.14 branch which have not been merged yet to vs18.0. I'm a robot and am configured to help you automatically keep vs18.0 up to date, so I've opened this PR. This PR merges commits made on vs17.14 by the following committers: * @rainersigwald * @JanProvaznik ## Instructions for merging from UI This PR will not be auto-merged. When pull request checks pass, complete this PR by creating a merge commit, *not* a squash or rebase commit. <img alt="merge button instructions" src="https://i.imgur.com/GepcNJV.png" width="300" /> If this repo does not allow creating merge commits from the GitHub UI, use command line instructions. ## Instructions for merging via command line Run these commands to merge this pull request from the command line. ``` sh git fetch git checkout vs17.14 git pull --ff-only git checkout vs18.0 git pull --ff-only git merge --no-ff vs17.14 # If there are merge conflicts, resolve them and then run git merge --continue to complete the merge # Pushing the changes to the PR branch will re-trigger PR validation. git push https://github.com/dotnet/msbuild HEAD:merge/vs17.14-to-vs18.0 ``` <details> <summary>or if you are using SSH</summary> ``` git push git@github.com:dotnet/msbuild HEAD:merge/vs17.14-to-vs18.0 ``` </details> After PR checks are complete push the branch ``` git push ``` ## Instructions for resolving conflicts :warning: If there are merge conflicts, you will need to resolve them manually before merging. You can do this [using GitHub][resolve-github] or using the [command line][resolve-cli]. [resolve-github]: https://help.github.com/articles/resolving-a-merge-conflict-on-github/ [resolve-cli]: https://help.github.com/articles/resolving-a-merge-conflict-using-the-command-line/ ## Instructions for updating this pull request Contributors to this repo have permission update this pull request by pushing to the branch 'merge/vs17.14-to-vs18.0'. This can be done to resolve conflicts or make other changes to this pull request before it is merged. The provided examples assume that the remote is named 'origin'. If you have a different remote name, please replace 'origin' with the name of your remote. ``` git fetch git checkout -b merge/vs17.14-to-vs18.0 origin/vs18.0 git pull https://github.com/dotnet/msbuild merge/vs17.14-to-vs18.0 (make changes) git commit -m "Updated PR with my changes" git push https://github.com/dotnet/msbuild HEAD:merge/vs17.14-to-vs18.0 ``` <details> <summary>or if you are using SSH</summary> ``` git fetch git checkout -b merge/vs17.14-to-vs18.0 origin/vs18.0 git pull git@github.com:dotnet/msbuild merge/vs17.14-to-vs18.0 (make changes) git commit -m "Updated PR with my changes" git push git@github.com:dotnet/msbuild HEAD:merge/vs17.14-to-vs18.0 ``` </details> Contact .NET Core Engineering (dotnet/dnceng) if you have questions or issues. Also, if this PR was generated incorrectly, help us fix it. See https://github.com/dotnet/arcade/blob/main/.github/workflows/scripts/inter-branch-merge.ps1.
…odes (#12644) ### Context When a path to dotnet.exe or MSBuild.dll contains spaces, it's incorrectly escaped and causes errors like this: Could not execute because the specified command or file was not found. * You intended to execute a .NET program, but dotnet-C:\Program does not exist. The path gets truncated at the space character, causing the process launch to fail. The important notice – it’s a critical scenario for the feature dogfooding , since dotnet.exe usually is placed in “Program Files” (path with spaces). It wasn’t caught during the development because the change required coordination with SDK and the default private SDK was in a path without spaces, unlike `C:\Program Files`. ### Changes Made Added proper escaping for the msbuild.dll path to ensure it works correctly even when the path contains spaces. ### Regression No, it’s a bug in the new feature ### Risks No risks, minimal well-boxed change ### Testing UT + manual ### Notes This logic is taken from #12630
Contributor
Author
|
This pull request has been updated. This PR merges commits made on vs18.0 by the following committers: |
Member
|
Blocked by #12642. |
…in custom task (#12642) ### Context Currently, in order to have Runtime="Net" executed out-of-proc, you must explicitly specify TaskFactory="TaskHostFactory" in the UsingTask element. ### Changes Made Added runtime mismatch validation when Runtime is explicitly specified to omit TaskFactory specification in UsingTask. ### Regression No ### Risks Low — validation logic only affects cases where Runtime is explicitly set. ### Testing Added a dedicated test. --------- Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Co-authored-by: Rainer Sigwald <raines@microsoft.com> Co-authored-by: Chet Husk <chusk3@gmail.com>
Contributor
Author
|
This pull request has been updated. This PR merges commits made on vs18.0 by the following committers: |
YuliiaKovalova
approved these changes
Oct 21, 2025
This was referenced Oct 21, 2025
This was referenced Feb 23, 2026
Merged
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I detected changes in the vs18.0 branch which have not been merged yet to main. I'm a robot and am configured to help you automatically keep main up to date, so I've opened this PR.
This PR merges commits made on vs18.0 by the following committers:
Instructions for merging from UI
This PR will not be auto-merged. When pull request checks pass, complete this PR by creating a merge commit, not a squash or rebase commit.
If this repo does not allow creating merge commits from the GitHub UI, use command line instructions.
Instructions for merging via command line
Run these commands to merge this pull request from the command line.
or if you are using SSH
After PR checks are complete push the branch
Instructions for resolving conflicts
Instructions for updating this pull request
Contributors to this repo have permission update this pull request by pushing to the branch 'merge/vs18.0-to-main'. This can be done to resolve conflicts or make other changes to this pull request before it is merged.
The provided examples assume that the remote is named 'origin'. If you have a different remote name, please replace 'origin' with the name of your remote.
or if you are using SSH
Contact .NET Core Engineering (dotnet/dnceng) if you have questions or issues.
Also, if this PR was generated incorrectly, help us fix it. See https://github.com/dotnet/arcade/blob/main/.github/workflows/scripts/inter-branch-merge.ps1.