msbuild
msbuild copied to clipboard
dotnet
[17.11] Fix component governance alerts
Fixes CVE-2024-38081, CVE-2024-38095
Context
Some of our dependencies contains vulnerabilities.
Changes Made
I backported changes we already have in main branch - updated Microsoft.IO.Redist package version and pinned System.Formats.Asn1 package version.
Testing
Existing unit test.
Notes
Started backporting to 17.10: https://github.com/dotnet/msbuild/actions/runs/10812203541
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}
@MichalPavlik an error occurred while backporting to 17.10, please check the run log for details!
Error: @MichalPavlik is not a repo collaborator, backporting is not allowed. If you're a collaborator please make sure your dotnet team membership visibility is set to Public on https://github.com/orgs/dotnet/people?query=MichalPavlik
Started backporting to vs17.10: https://github.com/dotnet/msbuild/actions/runs/10812210758
@MichalPavlik an error occurred while backporting to vs17.10, please check the run log for details!
Error: @MichalPavlik is not a repo collaborator, backporting is not allowed. If you're a collaborator please make sure your dotnet team membership visibility is set to Public on https://github.com/orgs/dotnet/people?query=MichalPavlik
Started backporting to vs17.10: https://github.com/dotnet/msbuild/actions/runs/10812234827
@MichalPavlik backporting to vs17.10 failed, the patch most likely resulted in conflicts:
$ git am --3way --empty=keep --ignore-whitespace --keep-non-patch changes.patch
Applying: Resolves CG alerts
Using index info to reconstruct a base tree...
M eng/SourceBuildPrebuiltBaseline.xml
M eng/Version.Details.xml
M eng/Versions.props
M src/MSBuild/app.amd64.config
M src/MSBuild/app.config
Falling back to patching base and 3-way merge...
Auto-merging src/MSBuild/app.config
Auto-merging src/MSBuild/app.amd64.config
Auto-merging eng/Versions.props
CONFLICT (content): Merge conflict in eng/Versions.props
Auto-merging eng/Version.Details.xml
Auto-merging eng/SourceBuildPrebuiltBaseline.xml
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
hint: When you have resolved this problem, run "git am --continue".
hint: If you prefer to skip this patch, run "git am --skip" instead.
hint: To restore the original branch and stop patching, run "git am --abort".
hint: Disable this message with "git config advice.mergeConflict false"
Patch failed at 0001 Resolves CG alerts
Error: The process '/usr/bin/git' failed with exit code 128
Please backport manually!
@MichalPavlik an error occurred while backporting to vs17.10, please check the run log for details!
Error: git am failed, most likely due to a merge conflict.