sonatype-nexus-community
netcore (.csproj style) fails to process versions on separate lines
All of our .csproj files include each PackageReference's include version on a separate line:
Running devaudit on a project set up this way fails to find the version associated with the package:
PS C:\Test> devaudit.exe netcore -n -f ".\Test.csproj" -d 19:03:05<01> [AUDIT] [INFO] Using .NET Core package source configuration file .\Test.csproj. 19:03:05<01> [HOST] [INFO] Using OSS Index as default package vulnerabilities data source for .NET Core package source. 19:03:05<01> [HOST] [DEBUG] Using existing file cache at C:\Users\cfunston\AppData\Roaming\OSSIndex\cache. 19:03:05<01> [AUDIT] [STATUS] Scanning .NET Core packages. 19:03:05<03> [AUDIT] [INFO] Reading packages from .NET Core C# .csproj file. 19:03:05<03> [AUDIT] [WARNING] 2 package(s) do not have a version specified and will not be audited: Newtonsoft.Json,Microsoft.CSharp. 19:03:05<01> [AUDIT] [ERROR] Error in GetFrameworks method in GetPackages task. Caller: Audit Line: 143 File: D:\a\1\s\DevAudit.AuditLibrary\Targets\PackageSource.cs 19:03:05<01> [AUDIT] [ERROR] Exception occurred. Caller: Audit Line: 143 File: D:\a\1\s\DevAudit.AuditLibrary\Targets\PackageSource.cs
Not a big deal, but this is still a valid PackageReference block so it should be supported. I'll switch all of our .csproj layouts to move the Version into the same line as the PackageReference to fix.
