mirror of
https://github.com/VSadov/Satori.git
synced 2025-06-08 03:27:04 +09:00
Experimenting with dotnet runtime.
9305d7f71d
* Enable NuGet Audit and fix issues (#107639) * Enable NuGet Audit and fix issues Microsoft.NET.HostModel can reference the live builds of the packages it depends on. These will be deployed by the SDK. Most other audit alerts were due to tasks pulling in old dependencies that aren't even used by the task. Avoid these by cherry-picking just the assemblies needed by the tasks and provided by MSBuild / SDK. This prevents NuGet from downloading the package closure with the vulnerable packages. We don't need those packages since the tasks aren't responsible for deploying them. A better solution in the future would be a targeting pack for MSBuild and the .NET SDK - so that components that contribute to these hosts have a surface area they can target without taking on responsibility for servicing. There is once case where we have a test that references NuGet.* packages which also bring in stale dependencies that overlap with framework assemblies. Avoid these by cherry-picking the NuGet packages in the same way. * Fix package path on linux * Only use live JSON from HostModel SDK pins S.R.M and a few others, so don't make them upgrade yet. * Add a couple missing assembly references * Refactor tasks dependencies Consolidate representation of msbuild-provided task dependencies * Fix audit warnings in tests * Remove MetadataLoadContext from WasmAppBuilder package * Update Analyzer.Testing packages * Reduce exposure of Microsoft.Build.Tasks.Core * Fix audit warnings that only occur on browser * Update Asn1 used by linker analyzer tests * React to breaking change in analyzer test SDK * Enable working DryIoc tests * Fix double-write when LibrariesConfiguration differs from Configuration * Fix LibrariesConfiguration update target * Clean up references and add comments. * Make HostModel references private This ensures projects referenced will not be rebuilt by tests. This also means the HostModel package will not list these as references, but that's OK since the SDK provides them and this is not a shipping package. * Use ProjectReferenceExclusion to avoid framework project references On .NETCore we want to use the targeting pack and avoid rebuilding libs. * Update src/libraries/System.Runtime.InteropServices.JavaScript/tests/JSImportGenerator.UnitTest/JSImportGenerator.Unit.Tests.csproj Co-authored-by: Jeremy Koritzinsky <jkoritzinsky@gmail.com> --------- Co-authored-by: Jeremy Koritzinsky <jkoritzinsky@gmail.com> * Remove live System.Text.Json reference from HostModel (#108263) * Reduce changes to src/installer Since we're no longer trying to reference live S.T.J we don't need these. * Update JSON toolset version * Don't error for NuGet audit on non-official builds (#108718) * Reference live S.T.JSON from DI.ExternalContainers.Tests * Update STJ in Wasm.Build.Tests * Make SystemTextJsonToolsetVersion 8.0.4 We cannot count on VS and MSBuild updating by the time 9.0 ships GA. Fix WASM projects which only target .NET by referencing the LKG and dropping all assets. For Microsoft.NET.HostModel and other build tasks, keep them on the version we can garuntee is present in VS. NoWarn the Audit warnings here. This is safe because we can ensure one of two things. 1. The package is non-shipping and customers won't see the warning and the referencing repo in the product will ensure an update or exclusion of the dependency. (HostModel) 2. The project excludes the reference entirely as making it PrivateAssets (not in package) and ExcludeAssets=runtime (no possibility of using runtime). * Fix STJ audit warning in installer tests --------- Co-authored-by: Jeremy Koritzinsky <jkoritzinsky@gmail.com> |
||
|---|---|---|
| .config | ||
| .devcontainer | ||
| .github | ||
| docs | ||
| eng | ||
| src | ||
| .clang-format | ||
| .clang-tidy | ||
| .CodeQL.yml | ||
| .dockerignore | ||
| .editorconfig | ||
| .gitattributes | ||
| .gitignore | ||
| .markdownlint.json | ||
| .vsconfig | ||
| build.cmd | ||
| Build.proj | ||
| build.sh | ||
| CODE-OF-CONDUCT.md | ||
| CONTRIBUTING.md | ||
| Directory.Build.props | ||
| Directory.Build.rsp | ||
| Directory.Build.targets | ||
| Directory.Solution.props | ||
| dotnet.cmd | ||
| dotnet.sh | ||
| github-merge-flow.jsonc | ||
| global.json | ||
| LICENSE.TXT | ||
| NuGet.config | ||
| PATENTS.TXT | ||
| README.md | ||
| SECURITY.md | ||
| THIRD-PARTY-NOTICES.TXT | ||
.NET Runtime
- What is .NET?
- How can I contribute?
- Reporting security issues and security bugs
- Filing issues
- Useful Links
- .NET Foundation
- License
This repo contains the code to build the .NET runtime, libraries and shared host (dotnet) installers for
all supported platforms, as well as the sources to .NET runtime and libraries.
What is .NET?
Official Starting Page: https://dotnet.microsoft.com
- How to use .NET (with VS, VS Code, command-line CLI)
- Install official releases
- Documentation (Get Started, Tutorials, Porting from .NET Framework, API reference, ...)
- Support (Releases, OS Versions, ...)
- Roadmap
How can I contribute?
We welcome contributions! Many people all over the world have helped make this project better.
- Contributing explains what kinds of contributions we welcome
- Workflow Instructions explains how to build and test
- Dogfooding .NET explains how to get nightly builds of the runtime and its libraries to test them in your own projects.
Reporting security issues and security bugs
Security issues and bugs should be reported privately, via email, to the Microsoft Security Response Center (MSRC) secure@microsoft.com. You should receive a response within 24 hours. If for some reason you do not, please follow up via email to ensure we received your original message. Further information, including the MSRC PGP key, can be found in the Security TechCenter. You can also find these instructions in this repo's Security doc.
Also see info about related Microsoft .NET Bounty Program.
Filing issues
This repo should contain issues that are tied to the runtime, the class libraries and frameworks, the installation of the dotnet binary (sometimes known as the muxer) and the installation of the .NET runtime and libraries.
For other issues, please file them to their appropriate sibling repos. We have links to many of them on our new issue page.
Useful Links
- .NET source index / .NET Framework source index
- API Reference docs
- .NET API Catalog (incl. APIs from daily builds and API usage info)
- API docs writing guidelines - useful when writing /// comments
- .NET Discord Server - a place to discuss the development of .NET and its ecosystem
.NET Foundation
.NET Runtime is a .NET Foundation project.
There are many .NET related projects on GitHub.
- .NET home repo - links to 100s of .NET projects, from Microsoft and the community.
- ASP.NET Core home - the best place to start learning about ASP.NET Core.
This project has adopted the code of conduct defined by the Contributor Covenant to clarify expected behavior in our community. For more information, see the .NET Foundation Code of Conduct.
General .NET OSS discussions: .NET Foundation Discussions
License
.NET (including the runtime repo) is licensed under the MIT license.