Skip to content

Fix CG issue for Microsoft.IO.Redist #74653

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jaredpar merged 2 commits into from
Aug 8, 2024
Merged

Fix CG issue for Microsoft.IO.Redist #74653

jaredpar merged 2 commits into from
Aug 8, 2024

Conversation

@jaredpar
Copy link
Member

@jaredpar jaredpar commented Aug 5, 2024
edited
Loading

Move to a version with the appropriate fix

The explicit ref of Microsoft.IO.Redist is required because of dotnet/sdk#42608

@jaredpar jaredpar requested a review from a team as a code owner August 5, 2024 22:16
@ghost ghost added Area-Infrastructure untriaged Issues and PRs which have not yet been triaged by a lead labels Aug 5, 2024
@jaredpar jaredpar enabled auto-merge (squash) August 5, 2024 22:19
This was referenced Aug 6, 2024
Closed
Open
jaredpar added a commit to dotnet/razor that referenced this pull request Aug 7, 2024
@jaredpar
Move to central package pinning
06b9bd1 
This should make it much easier for us to respond to CG alerts in the
future. All that will need to be done is add an entry in
Directory.Packages.props and it will automatically impact all consumers
of it.

Consider this example in Roslyn for how to respond to a CG issue

dotnet/roslyn#74653
@jaredpar jaredpar mentioned this pull request Aug 7, 2024
Merged
@jaredpar
Fix CG issue for Microsoft.IO.Redist
de10517 
Move to a version with the appropriate fix
@jaredpar jaredpar requested a review from a team as a code owner August 7, 2024 23:32
333fred
333fred reviewed Aug 7, 2024
View reviewed changes
...Workspaces/Core/MSBuild.BuildHost/Microsoft.CodeAnalysis.Workspaces.MSBuild.BuildHost.csproj
<PackageReference Include="System.CommandLine" />
<PackageReference Include="System.Collections.Immutable" />
<PackageReference Include="Newtonsoft.Json" />
<PackageReference Include="Microsoft.IO.Redist" Condition="'$(TargetFrameworkIdentifier)' != '.NETCoreApp'" />
Copy link
Member

@333fred 333fred Aug 7, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Womp

Copy link
Member Author

@jaredpar jaredpar Aug 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep.

Copy link
Member

@ericstj ericstj Aug 8, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's busted you have to do this, you want all of MSBuild to be Exclude="Runtime"

I wonder if instead of referencing the packages for MSBuild which bring in it's entire NuGet graph, you could just reference the API it exposes. As reference assemblies. cc @baronfel

@jaredpar jaredpar merged commit d1fe9e9 into dotnet:main Aug 8, 2024
@dotnet-policy-service dotnet-policy-service bot added this to the Next milestone Aug 8, 2024
@jaredpar jaredpar deleted the cg branch August 8, 2024 02:46
@dotnet-bot dotnet-bot mentioned this pull request Aug 9, 2024
Closed
jaredpar added a commit to dotnet/razor that referenced this pull request Aug 9, 2024
@jaredpar
Move to central package pinning (#10716)
cd1f82b 
* Move to central package pinning

This should make it much easier for us to respond to CG alerts in the
future. All that will need to be done is add an entry in
Directory.Packages.props and it will automatically impact all consumers
of it.

Consider this example in Roslyn for how to respond to a CG issue

dotnet/roslyn#74653
@dotnet-bot dotnet-bot mentioned this pull request Aug 10, 2024
Closed
@dibarbet dibarbet modified the milestones: Next, 17.12 P2 Aug 26, 2024
@dotnet-bot dotnet-bot mentioned this pull request Aug 28, 2024
Closed
JoeRobich added a commit that referenced this pull request Nov 13, 2025
@JoeRobich
Fix CG issue for Microsoft.IO.Redist
6a1155e 
Backport of #74653
@JoeRobich JoeRobich mentioned this pull request Nov 13, 2025
Merged
JoeRobich added a commit that referenced this pull request Nov 13, 2025
@JoeRobich
Fix CG issue for Microsoft.IO.Redist
9893df7 
Backport of #74653
This was referenced Nov 13, 2025
Merged
Merged
JoeRobich added a commit that referenced this pull request Nov 14, 2025
@JoeRobich
Remove MSBuild dependencies from BuidlHost deps.json (#80959)
5d109e0 
basically a backport of #74653, #75561, #78118, and #74261. With an
Arcade update to boot.
JoeRobich added a commit that referenced this pull request Nov 14, 2025
@JoeRobich
Fix CG issue for Microsoft.IO.Redist (#81223)
48c165c 
Backport of #74653
JoeRobich added a commit that referenced this pull request Nov 14, 2025
@JoeRobich
Remove MSBuild dependencies from BuidlHost deps.json (#80957)
4f58abc 
basically a backport of #74653, #75561, #71584, and #78118 .
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@333fred 333fred 333fred approved these changes

@ericstj ericstj ericstj left review comments

@jasonmalinowski jasonmalinowski jasonmalinowski approved these changes

@Cosifne Cosifne Cosifne approved these changes

Assignees

No one assigned

Labels

Area-Infrastructure untriaged Issues and PRs which have not yet been triaged by a lead

Projects

None yet

Milestone

17.12 P2

Development

Successfully merging this pull request may close these issues.

6 participants

@jaredpar @jasonmalinowski @333fred @ericstj @Cosifne @dibarbet