GitHubSync update - master (#694)

* GitHubSync update - master

* Update packages to prevent transitive CVE

* Cleanup

---------

Co-authored-by: internalautomation[bot] <85681268+internalautomation[bot]@users.noreply.github.com>
Co-authored-by: Brandon Ording <[email protected]>

.github/dependabot.yml

@@ -1,7 +1,12 @@
 version: 2
+registries:
+  particular-packages:
+    type: nuget-feed
+    url: https://f.feedz.io/particular-software/packages/nuget/index.json
 updates:
 - package-ecosystem: nuget
   directory: "/src"
+  registries: "*"
   schedule:
     interval: daily
   open-pull-requests-limit: 1000

src/Directory.Build.props

@@ -7,10 +7,10 @@
     <EnableNETAnalyzers>true</EnableNETAnalyzers>
     <AnalysisLevel Condition="'$(AnalysisLevel)' == ''">5.0</AnalysisLevel>
     <EnforceCodeStyleInBuild>true</EnforceCodeStyleInBuild>
-    <!-- NuGetAuditMode set to 'all' for tool projects in Directory.Build.targets, other project types default to 'direct' -->
     <NuGetAuditLevel>low</NuGetAuditLevel>
+    <NuGetAuditMode Condition="'$(NuGetAuditMode)' == ''">all</NuGetAuditMode>
     <!-- To lock the version of Particular.Analyzers, for example, in a release branch, set this property in Custom.Build.props -->
-    <ParticularAnalyzersVersion Condition="'$(ParticularAnalyzersVersion)' == ''">2.1.2</ParticularAnalyzersVersion>
+    <ParticularAnalyzersVersion Condition="'$(ParticularAnalyzersVersion)' == ''">2.1.3</ParticularAnalyzersVersion>
     <NServiceBusKey>0024000004800000940000000602000000240000525341310004000001000100dde965e6172e019ac82c2639ffe494dd2e7dd16347c34762a05732b492e110f2e4e2e1b5ef2d85c848ccfb671ee20a47c8d1376276708dc30a90ff1121b647ba3b7259a6bc383b2034938ef0e275b58b920375ac605076178123693c6c4f1331661a62eba28c249386855637780e3ff5f23a6d854700eaa6803ef48907513b92</NServiceBusKey>
     <NServiceBusTestsKey>00240000048000009400000006020000002400005253413100040000010001007f16e21368ff041183fab592d9e8ed37e7be355e93323147a1d29983d6e591b04282e4da0c9e18bd901e112c0033925eb7d7872c2f1706655891c5c9d57297994f707d16ee9a8f40d978f064ee1ffc73c0db3f4712691b23bf596f75130f4ec978cf78757ec034625a5f27e6bb50c618931ea49f6f628fd74271c32959efb1c5</NServiceBusTestsKey>
   </PropertyGroup>

src/Directory.Build.targets

@@ -1,7 +1,5 @@
 <Project>
 
-  <PropertyGroup>
-    <NuGetAuditMode Condition="'$(PackAsTool)' == 'true'">all</NuGetAuditMode>
-  </PropertyGroup>
+  <Import Project="msbuild\AutomaticVersionRanges.targets" Condition="Exists('msbuild\AutomaticVersionRanges.targets')" />
 
 </Project>

src/NServiceBus.Storage.MongoDB.AcceptanceTests/NServiceBus.Storage.MongoDB.AcceptanceTests.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
@@ -11,22 +11,10 @@
   <ItemGroup>
     <PackageReference Include="GitHubActionsTestLogger" Version="2.4.1" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
-    <PackageReference Include="MongoDB.Driver" Version="2.28.0" />
-    <PackageReference Include="NServiceBus.AcceptanceTests.Sources" Version="9.2.2" GeneratePathProperty="true" />
+    <PackageReference Include="NServiceBus.AcceptanceTests.Sources" Version="9.2.3" GeneratePathProperty="true" />
     <PackageReference Include="NUnit" Version="4.2.2" />
     <PackageReference Include="NUnit.Analyzers" Version="4.4.0" />
     <PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />
   </ItemGroup>
 
-  <ItemGroup Condition="'$(PkgNServiceBus_AcceptanceTests_Sources)' != ''">
-    <!--
-    TODO: The following two tests were not meant to be included in the sources. A fix has been merged to Core master and release-9.1 in:
-    - https://github.com/Particular/NServiceBus/pull/7121
-    - https://github.com/Particular/NServiceBus/pull/7122
-    The following two MSBuild elements can be removed once a version of the ATT source package is released
-    -->
-    <Compile Remove="$(PkgNServiceBus_AcceptanceTests_Sources)\**\Core\DependencyInjection\When_resolving_address_translator.cs" />
-    <Compile Remove="$(PkgNServiceBus_AcceptanceTests_Sources)\**\Core\OpenTelemetry\Metrics\When_retrying_messages.cs" />
-  </ItemGroup>
-
 </Project>

src/NServiceBus.Storage.MongoDB.NoTx.AcceptanceTests/NServiceBus.Storage.MongoDB.NoTx.AcceptanceTests.csproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFramework>net8.0</TargetFramework>
@@ -11,22 +11,10 @@
   <ItemGroup>
     <PackageReference Include="GitHubActionsTestLogger" Version="2.4.1" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
-    <PackageReference Include="MongoDB.Driver" Version="2.28.0" />
-    <PackageReference Include="NServiceBus.AcceptanceTests.Sources" Version="9.2.2" GeneratePathProperty="true" />
+    <PackageReference Include="NServiceBus.AcceptanceTests.Sources" Version="9.2.3" GeneratePathProperty="true" />
     <PackageReference Include="NUnit" Version="4.2.2" />
     <PackageReference Include="NUnit.Analyzers" Version="4.4.0" />
     <PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />
   </ItemGroup>
 
-  <ItemGroup Condition="'$(PkgNServiceBus_AcceptanceTests_Sources)' != ''">
-    <!--
-    TODO: The following two tests were not meant to be included in the sources. A fix has been merged to Core master and release-9.1 in:
-    - https://github.com/Particular/NServiceBus/pull/7121
-    - https://github.com/Particular/NServiceBus/pull/7122
-    The following two MSBuild elements can be removed once a version of the ATT source package is released
-    -->
-    <Compile Remove="$(PkgNServiceBus_AcceptanceTests_Sources)\**\Core\DependencyInjection\When_resolving_address_translator.cs" />
-    <Compile Remove="$(PkgNServiceBus_AcceptanceTests_Sources)\**\Core\OpenTelemetry\Metrics\When_retrying_messages.cs" />
-  </ItemGroup>
-
-</Project>
+ </Project>

src/NServiceBus.Storage.MongoDB.PersistenceTests/NServiceBus.Storage.MongoDB.PersistenceTests.csproj

@@ -11,8 +11,7 @@
   <ItemGroup>
     <PackageReference Include="GitHubActionsTestLogger" Version="2.4.1" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
-    <PackageReference Include="MongoDB.Driver" Version="2.28.0" />
-    <PackageReference Include="NServiceBus.PersistenceTests.Sources" Version="9.2.2" />
+    <PackageReference Include="NServiceBus.PersistenceTests.Sources" Version="9.2.3" />
     <PackageReference Include="NUnit" Version="4.2.2" />
     <PackageReference Include="NUnit.Analyzers" Version="4.4.0" />
     <PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />

src/NServiceBus.Storage.MongoDB.Tests/NServiceBus.Storage.MongoDB.Tests.csproj

@@ -11,8 +11,6 @@
   <ItemGroup>
     <PackageReference Include="GitHubActionsTestLogger" Version="2.4.1" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
-    <PackageReference Include="MongoDB.Driver" Version="2.28.0" />
-    <PackageReference Include="NServiceBus" Version="9.2.2" />
     <PackageReference Include="NUnit" Version="4.2.2" />
     <PackageReference Include="NUnit.Analyzers" Version="4.4.0" />
     <PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />

src/NServiceBus.Storage.MongoDB.TransactionalSession.AcceptanceTests/NServiceBus.Storage.MongoDB.TransactionalSession.AcceptanceTests.csproj

@@ -13,9 +13,7 @@
   <ItemGroup>
     <PackageReference Include="GitHubActionsTestLogger" Version="2.4.1" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
-    <PackageReference Include="MongoDB.Driver" Version="2.28.0" />
-    <PackageReference Include="NServiceBus.AcceptanceTesting" Version="9.2.2" />
-    <PackageReference Include="NServiceBus.TransactionalSession" Version="3.2.0" />
+    <PackageReference Include="NServiceBus.AcceptanceTesting" Version="9.2.3" />
     <PackageReference Include="NUnit" Version="4.2.2" />
     <PackageReference Include="NUnit.Analyzers" Version="4.4.0" />
     <PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />

src/NServiceBus.Storage.MongoDB.TransactionalSession.Tests/NServiceBus.Storage.MongoDB.TransactionalSession.Tests.csproj

@@ -17,9 +17,6 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="MongoDB.Driver" Version="2.28.0" />
-    <PackageReference Include="NServiceBus" Version="9.2.2" />
-    <PackageReference Include="NServiceBus.TransactionalSession" Version="3.2.0" />
     <PackageReference Include="Particular.Approvals" Version="2.0.0" />
     <PackageReference Include="PublicApiGenerator" Version="11.3.0" />
   </ItemGroup>

src/NServiceBus.Storage.MongoDB.TransactionalSession/NServiceBus.Storage.MongoDB.TransactionalSession.csproj

@@ -12,7 +12,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="NServiceBus.TransactionalSession" Version="[3.0.0, 4.0.0)" />
+    <PackageReference Include="NServiceBus.TransactionalSession" Version="3.2.0" />
     <PackageReference Include="Particular.Packaging" Version="4.2.0" PrivateAssets="All" />
   </ItemGroup>
 

src/NServiceBus.Storage.MongoDB/NServiceBus.Storage.MongoDB.csproj

@@ -5,8 +5,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="MongoDB.Driver" Version="[2.28.0, 3.0.0)" />
-    <PackageReference Include="NServiceBus" Version="[9.0.0, 10.0.0)" />
+    <PackageReference Include="MongoDB.Driver" Version="2.28.0" />
+    <PackageReference Include="NServiceBus" Version="9.2.3" />
     <PackageReference Include="Particular.Packaging" Version="4.2.0" PrivateAssets="All" />
   </ItemGroup>
 

src/msbuild/AutomaticVersionRanges.targets

@@ -0,0 +1,42 @@
+<Project>
+
+  <PropertyGroup>
+    <AutomaticVersionRangesEnabled Condition="'$(AutomaticVersionRangesEnabled)' == '' And '$(Configuration)' == 'Debug'">false</AutomaticVersionRangesEnabled>
+    <AutomaticVersionRangesEnabled Condition="'$(AutomaticVersionRangesEnabled)' == '' And '$(IsPackable)' == 'false'">false</AutomaticVersionRangesEnabled>
+    <AutomaticVersionRangesEnabled Condition="'$(AutomaticVersionRangesEnabled)' == '' And '$(ManagePackageVersionsCentrally)' == 'true'">false</AutomaticVersionRangesEnabled>
+    <AutomaticVersionRangesEnabled Condition="'$(AutomaticVersionRangesEnabled)' == ''">true</AutomaticVersionRangesEnabled>
+  </PropertyGroup>
+
+  <UsingTask TaskName="ConvertToVersionRange" TaskFactory="RoslynCodeTaskFactory" AssemblyFile="$(MSBuildToolsPath)\Microsoft.Build.Tasks.Core.dll">
+    <Task>
+      <Code Source="$(MSBuildThisFileDirectory)ConvertToVersionRange.cs" />
+    </Task>
+  </UsingTask>
+
+  <Target Name="ConvertProjectReferenceVersionsToVersionRanges" AfterTargets="_GetProjectReferenceVersions" Condition="'$(AutomaticVersionRangesEnabled)' == 'true'">
+    <PropertyGroup>
+      <NumberOfProjectReferences>@(_ProjectReferencesWithVersions->Count())</NumberOfProjectReferences>
+    </PropertyGroup>
+    <ConvertToVersionRange Condition="$(NumberOfProjectReferences) &gt; 0" References="@(_ProjectReferencesWithVersions)" VersionProperty="ProjectVersion">
+      <Output TaskParameter="ReferencesWithVersionRanges" ItemName="_ProjectReferencesWithVersionRanges" />
+    </ConvertToVersionRange>
+    <ItemGroup Condition="$(NumberOfProjectReferences) &gt; 0">
+      <_ProjectReferencesWithVersions Remove="@(_ProjectReferencesWithVersions)" />
+      <_ProjectReferencesWithVersions Include="@(_ProjectReferencesWithVersionRanges)" />
+    </ItemGroup>
+  </Target>
+
+  <Target Name="ConvertPackageReferenceVersionsToVersionRanges" BeforeTargets="CollectPackageReferences" Condition="'$(AutomaticVersionRangesEnabled)' == 'true'">
+    <PropertyGroup>
+      <NumberOfPackageReferences>@(PackageReference->Count())</NumberOfPackageReferences>
+    </PropertyGroup>
+    <ConvertToVersionRange Condition="$(NumberOfPackageReferences) &gt; 0" References="@(PackageReference)" VersionProperty="Version">
+      <Output TaskParameter="ReferencesWithVersionRanges" ItemName="_PackageReferencesWithVersionRanges" />
+    </ConvertToVersionRange>
+    <ItemGroup Condition="$(NumberOfPackageReferences) &gt; 0">
+      <PackageReference Remove="@(PackageReference)" />
+      <PackageReference Include="@(_PackageReferencesWithVersionRanges)" />
+    </ItemGroup>
+  </Target>
+
+</Project>

src/msbuild/ConvertToVersionRange.cs

@@ -0,0 +1,57 @@
+using System;
+using System.Text.RegularExpressions;
+using Microsoft.Build.Framework;
+using Microsoft.Build.Utilities;
+
+public class ConvertToVersionRange : Task
+{
+    [Required]
+    public ITaskItem[] References { get; set; } = [];
+
+    [Required]
+    public string VersionProperty { get; set; } = string.Empty;
+
+    [Output]
+    public ITaskItem[] ReferencesWithVersionRanges { get; private set; } = [];
+
+    public override bool Execute()
+    {
+        var success = true;
+
+        foreach (var reference in References)
+        {
+            var automaticVersionRange = reference.GetMetadata("AutomaticVersionRange");
+
+            if (automaticVersionRange.Equals("false", StringComparison.OrdinalIgnoreCase))
+            {
+                continue;
+            }
+
+            var privateAssets = reference.GetMetadata("PrivateAssets");
+
+            if (privateAssets.Equals("All", StringComparison.OrdinalIgnoreCase))
+            {
+                continue;
+            }
+
+            var version = reference.GetMetadata(VersionProperty);
+            var match = Regex.Match(version, @"^\d+");
+
+            if (match.Value.Equals(string.Empty, StringComparison.Ordinal))
+            {
+                Log.LogError("Reference '{0}' with version '{1}' is not valid for automatic version range conversion. Fix the version or exclude the reference from conversion by setting 'AutomaticVersionRange=\"false\"' on the reference.", reference.ItemSpec, version);
+                success = false;
+                continue;
+            }
+
+            var nextMajor = Convert.ToInt32(match.Value) + 1;
+
+            var versionRange = $"[{version}, {nextMajor}.0.0)";
+            reference.SetMetadata(VersionProperty, versionRange);
+        }
+
+        ReferencesWithVersionRanges = References;
+
+        return success;
+    }
+}