Dev/saars/upgrade packages to avoid vulnerable (#376)

* Enable central package * Bump up nuget package versions * Get rid of a unnecessary package reference * Down version of the extension packages to 8.x series * Bookkeeping unit tests
microsoft · Dec 5, 2024 · 416e7e0 · 416e7e0
1 parent 3d2bd08
commit 416e7e0
Show file tree

Hide file tree

Showing 6 changed files with 37 additions and 21 deletions.
diff --git a/...onInsights.Kubernetes.HostingStartup/ApplicationInsights.Kubernetes.HostingStartup.csproj b/...onInsights.Kubernetes.HostingStartup/ApplicationInsights.Kubernetes.HostingStartup.csproj
@@ -12,10 +12,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <!-- Explicit reference Microsoft.AspNetCore.Hosting even though it would be brought in by dependencies. -->
-    <PackageReference Include="Microsoft.AspNetCore.Hosting" Version="2.2.7" />
-
-    <PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.22.0" />
+    <PackageReference Include="Microsoft.ApplicationInsights.AspNetCore" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/src/ApplicationInsights.Kubernetes/ApplicationInsights.Kubernetes.csproj b/src/ApplicationInsights.Kubernetes/ApplicationInsights.Kubernetes.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <Features>IOperation</Features>
   </PropertyGroup>
@@ -18,15 +18,15 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="KubernetesClient" Version="12.1.1" />
-    <PackageReference Include="Microsoft.ApplicationInsights" Version="2.21.0" />
-    <PackageReference Include="Microsoft.Extensions.Configuration" Version="6.0.1" />
-    <PackageReference Include="Microsoft.Extensions.Hosting" Version="6.0.1" />
-    <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="6.0.0" />
-    <PackageReference Include="Microsoft.Extensions.DiagnosticAdapter" Version="3.1.27" />
-    <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="8.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="6.0.4" />
-    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="7.6.2" />
+    <PackageReference Include="KubernetesClient" />
+    <PackageReference Include="Microsoft.ApplicationInsights" />
+    <PackageReference Include="Microsoft.Extensions.Configuration" />
+    <PackageReference Include="Microsoft.Extensions.Hosting" />
+    <PackageReference Include="Microsoft.Extensions.Options.ConfigurationExtensions" />
+    <PackageReference Include="Microsoft.Extensions.DiagnosticAdapter" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/src/Directory.Build.props b/src/Directory.Build.props
@@ -1,4 +1,4 @@
-<Project>
+<Project>
     <!-- <Import Project="$([MSBuild]::GetPathOfFileAbove('Directory.Build.props', '$(MSBuildThisFileDirectory)../'))" /> -->
     <!--Build-->
     <PropertyGroup>
@@ -32,7 +32,7 @@
         <RepositoryType />
     </PropertyGroup>
     <ItemGroup Condition=" '$(IsCIBuild)' == 'true' ">
-        <PackageReference Include="MicroBuild.Core" Version="0.3.0">
+        <PackageReference Include="MicroBuild.Core">
             <PrivateAssets>all</PrivateAssets>
         </PackageReference>
     </ItemGroup>

diff --git a/src/Directory.Packages.props b/src/Directory.Packages.props
@@ -0,0 +1,19 @@
+<Project>
+  <PropertyGroup>
+    <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
+    <CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
+  </PropertyGroup>
+  <ItemGroup>
+    <PackageVersion Include="KubernetesClient" Version="12.1.1" />
+    <PackageVersion Include="MicroBuild.Core" Version="0.3.0" />
+    <PackageVersion Include="Microsoft.ApplicationInsights.AspNetCore" Version="2.22.0" />
+    <PackageVersion Include="Microsoft.ApplicationInsights" Version="2.22.0" />
+    <PackageVersion Include="Microsoft.Extensions.Configuration" Version="8.0.0" />
+    <PackageVersion Include="Microsoft.Extensions.DependencyInjection" Version="8.0.1" />
+    <PackageVersion Include="Microsoft.Extensions.DiagnosticAdapter" Version="3.1.32" />
+    <PackageVersion Include="Microsoft.Extensions.Hosting" Version="8.0.1" />
+    <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.2" />
+    <PackageVersion Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="8.0.0" />
+    <PackageVersion Include="System.IdentityModel.Tokens.Jwt" Version="8.3.0" />
+  </ItemGroup>
+</Project>
diff --git a/tests/UnitTests/PodInfoManagerTests.cs b/tests/UnitTests/PodInfoManagerTests.cs
@@ -31,7 +31,7 @@ public async Task GetMyPodAsyncShouldGetCorrectPod()
         containerIdHolderMock.Setup(c => c.ContainerId).Returns("containerId");
 
         PodInfoManager target = new PodInfoManager(k8sQueryClientMock.Object, containerIdHolderMock.Object, new IPodNameProvider[] { podNameProviderMock.Object });
-        V1Pod result = await target.GetMyPodAsync(default).ConfigureAwait(false);
+        V1Pod result = await target.GetMyPodAsync(default);
 
         Assert.NotNull(result);
         Assert.Single(result.Status.ContainerStatuses);
@@ -58,7 +58,7 @@ public async Task GetMyPodAsyncShouldLeveragePodNameProviders()
         k8sQueryClientMock.Setup(c => c.GetPodByNameAsync(It.IsAny<string>(), It.IsAny<CancellationToken>())).Returns(Task.FromResult(podsArray.FirstOrDefault(item => item.Metadata.Name == providerPodName)));
 
         PodInfoManager target = new PodInfoManager(k8sQueryClientMock.Object, containerIdHolderMock.Object, new IPodNameProvider[] { podNameProviderMock.Object });
-        V1Pod result = await target.GetMyPodAsync(default).ConfigureAwait(false);
+        V1Pod result = await target.GetMyPodAsync(default);
 
         Assert.NotNull(result);
         Assert.Single(result.Status.ContainerStatuses);
@@ -88,7 +88,7 @@ public async Task GetMyPodAsyncShouldFallbackToUseContainerIdWhenProvidedPodName
         containerIdHolderMock.Setup(c => c.ContainerId).Returns(targetContainerId);
 
         PodInfoManager target = new PodInfoManager(k8sQueryClientMock.Object, containerIdHolderMock.Object, new IPodNameProvider[] { podNameProviderMock.Object });
-        V1Pod result = await target.GetMyPodAsync(default).ConfigureAwait(false);
+        V1Pod result = await target.GetMyPodAsync(default);
 
         Assert.NotNull(result);
         Assert.Single(result.Status.ContainerStatuses);
@@ -119,7 +119,7 @@ public async Task GetMyPodAsyncShouldSupportMultipleIPodNameProviders()
         podNameProviderMock2.Setup(p => p.TryGetPodName(out providerPodName2)).Returns(true); // the provider returns true with pod name.
 
         PodInfoManager target = new PodInfoManager(k8sQueryClientMock.Object, containerIdHolderMock.Object, new IPodNameProvider[] { podNameProviderMock.Object, podNameProviderMock2.Object });
-        V1Pod result = await target.GetMyPodAsync(default).ConfigureAwait(false);
+        V1Pod result = await target.GetMyPodAsync(default);
 
         Assert.NotNull(result);
         Assert.Single(result.Status.ContainerStatuses);

diff --git a/tests/UnitTests/UnitTests.csproj b/tests/UnitTests/UnitTests.csproj
@@ -11,7 +11,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.*" />
     <PackageReference Include="Moq" Version="4.*" />
     <PackageReference Include="xunit" Version="2.8.*" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.8.*" />