8000 update CPS package version by LittleLittleCloud · Pull Request #9663 · dotnet/project-system · GitHub
[go: up one dir, main page]
Skip to content

update CPS package version #9663

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
May 28, 2025
Merged

update CPS package version #9663

merged 4 commits into from
May 28, 2025

Conversation

LittleLittleCloud
Copy link
Contributor
@LittleLittleCloud LittleLittleCloud commented May 27, 2025
edited
Loading

Update CPS package version to the latest so we can consume IFileWatcherService from there instead of creating our own file watch server in LaunchSettingsProvider

Related issue:

@LittleLittleCloud LittleLittleCloud requested a review from a team as a code owner May 27, 2025 18:26
@LittleLittleCloud
Copy link
Contributor Author

/azp run

@azure-pipelines Azure Pipelines
Copy link
Azure Pipelines successfully started running 1 pipeline(s).

drewnoakes
drewnoakes reviewed May 27, 2025
View reviewed changes
eng/imports/HostAgnostic.props
<!-- Pin MessagePack to a patched version with security vulnerable fix -->
<PackageReference Include="MessagePack" />
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can we remove this pin now, if we get a good version via a transitive reference? This was only added to work around such an issue.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since MessagePack is bound in devenv.exe.config, it would be better to pin the specific package version so it's not surprisingly updated?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There are quite a few packages that we depend upon indirectly. We generally only add these pins when we need to (for component governance issues) and try to remove them again once things settle. It reduces the number of package updates we have to manually define in PRs like. Not a big deal though.

@LittleLittleCloud
Copy link
Contributor Author

/azp run

@azure-pipelines Azure Pipelines
Copy link
Azure Pipelines successfully started running 1 pipeline(s).

@LittleLittleCloud LittleLittleCloud merged commit 1ceeb00 into main 7DF5 May 28, 2025
5 checks passed
@LittleLittleCloud LittleLittleCloud deleted the u/xiaoyun/updateCPS branch May 28, 2025 05:35
@dotnet-policy-service dotnet-policy-service bot added this to the 17.14 milestone May 28, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@drewnoakes drewnoakes drewnoakes approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
17.14
Development

Successfully merging this pull request may close these issues.
2 participants
@LittleLittleCloud @drewnoakes
0