Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[release/9.0] Nominally upgrade Microsoft.Build.Framework to 17.8.3 #34636

Merged
merged 1 commit into from
Sep 9, 2024

Conversation

AndriySvyryd
Copy link
Member

No description provided.

@AndriySvyryd AndriySvyryd requested review from artl93, SamMonoRT and a team September 9, 2024 19:44
@SamMonoRT SamMonoRT requested a review from ericstj September 9, 2024 19:55
@roji
Copy link
Member

roji commented Sep 9, 2024

Thanks @AndriySvyryd, maybe do this for the analyzers package too, to not have problematic versions anywhere in it dependency graph?

@AndriySvyryd
Copy link
Member Author

@roji Can you be more specific? EFCore.Analyzers doesn't bring in Microsoft.Build.Framework or System.Drawing.Common

@AndriySvyryd AndriySvyryd merged commit f2d9534 into release/9.0 Sep 9, 2024
7 checks passed
@AndriySvyryd AndriySvyryd deleted the BuildMeACVE branch September 9, 2024 22:17
@roji
Copy link
Member

roji commented Sep 10, 2024

@roji Can you be more specific? EFCore.Analyzers doesn't bring in Microsoft.Build.Framework or System.Drawing.Common

Ah sorry... EFCore.Analyzers does depend on an older version of Microsoft.CodeAnalysis (4.8.0) and I thought that brought in transitive dependencies with security advisories, but that indeed doesn't seem to be the case.

@ericstj
Copy link
Member

ericstj commented Sep 11, 2024

This change needs to be made in main as well.

@ericstj ericstj mentioned this pull request Sep 11, 2024
@AndriySvyryd
Copy link
Member Author

@ericstj That's handled by #34621

@ericstj
Copy link
Member

ericstj commented Sep 12, 2024

Oh, interesting, you do codeflow differently in EFCore - understood. For runtime we make the change in main first then backport.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

6 participants