Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
NuGetSupport: Stop assigning the resolved revision of packages
The resolved revision is not supposed to be assigned by the analyzer at all, but only by the downloader. That is because what counts is not to what a `revision` resolved to at the time of analysis, or what package metadata claims a `revision` resolves to, but what commit of the source code was really downloaded and scanned. This is especially important for moving revisions, like branch names, which could have pointed to something different at the time of analysis than at the time of downloading / scanning. Signed-off-by: Frank Viernau <frank.viernau@here.com>
- Loading branch information