dotnet · lonitra · Sep 12, 2024 · Sep 11, 2024 · Sep 11, 2024 · Sep 11, 2024
@@ -24,6 +24,9 @@
                                      or $(MSBuildProjectName.EndsWith('.Analyzers.VisualBasic'))
                                      or $(MSBuildProjectName.EndsWith('.Analyzers.CSharp')))"
                                   >true</IsAnalyzerProject>
+
+    <!-- Only upgrade NuGetAudit warnings to errors for official builds. -->
+    <WarningsNotAsErrors Condition="'$(OfficialBuild)' != 'true'">$(WarningsNotAsErrors);NU1901;NU1902;NU1903;NU1904</WarningsNotAsErrors>
   </PropertyGroup>
 
   <!--

@@ -18,6 +18,10 @@
     <!-- CsWin32 dailies -->
     <add key="winsdk" value="https://pkgs.dev.azure.com/azure-public/winsdk/_packaging/CI/nuget/v3/index.json" />
   </packageSources>
+  <auditSources>
+    <clear />
+    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
+  </auditSources>
   <disabledPackageSources>
     <clear />
   </disabledPackageSources>

@@ -76,7 +76,7 @@
     <MicrosoftVisualStudioThreadingVersion>17.0.15-alpha</MicrosoftVisualStudioThreadingVersion>
     <!-- This is needed for Verify.Xunit to pull correct version of System.Speech -->
     <MicrosoftWindowsCompatibilityVersion>7.0.0</MicrosoftWindowsCompatibilityVersion>
-    <MoqPackageVersion>4.10.0</MoqPackageVersion>
+    <MoqPackageVersion>4.20.70</MoqPackageVersion>
     <FluentAssertionsVersion>6.11.0</FluentAssertionsVersion>
     <SystemComponentModelTypeConverterTestDataVersion>8.0.0-beta.23107.1</SystemComponentModelTypeConverterTestDataVersion>
     <SystemDrawingCommonTestDataVersion>8.0.0-beta.23107.1</SystemDrawingCommonTestDataVersion>
@@ -103,13 +103,15 @@
     <MicrosoftCodeAnalysisPublicApiAnalyzersVersion>$(MicrosoftCodeAnalysisAnalyzersVersion)</MicrosoftCodeAnalysisPublicApiAnalyzersVersion>
     <MicrosoftCodeAnalysisNetAnalyzersVersion>8.0.0-preview.23327.3</MicrosoftCodeAnalysisNetAnalyzersVersion>
     <StyleCopAnalyzersVersion>1.2.0-beta.556</StyleCopAnalyzersVersion>
-    <NugetPackagingVersion>6.3.4</NugetPackagingVersion>
+    <NugetPackagingVersion>6.11.0</NugetPackagingVersion>
   </PropertyGroup>
   <!-- Additional unchanging dependencies -->
   <PropertyGroup>
     <MicrosoftTargetingPackNETFrameworkv472PackageVersion>1.0.0</MicrosoftTargetingPackNETFrameworkv472PackageVersion>
     <MicrosoftWindowsDesktopAppRefv30PackageVersion>3.0.0</MicrosoftWindowsDesktopAppRefv30PackageVersion>
     <NewtonsoftJsonVersion>13.0.1</NewtonsoftJsonVersion>
     <VsWherePackageVersion>2.6.7</VsWherePackageVersion>
+    <!-- Pin transitive dependency to avoid vulnerable 8.0.0 version. -->
+    <SystemFormatsAsn1PackageVersion>8.0.1</SystemFormatsAsn1PackageVersion>
   </PropertyGroup>
 </Project>
@@ -17,6 +17,7 @@
     <PackageReference Include="Microsoft.CodeAnalysis.CSharp.SourceGenerators.Testing.XUnit" Version="$(MicrosoftCodeAnalysisPackagesVersion)" />
     <PackageReference Include="Verify.Xunit" Version="$(VerifyXunitVersion)" />
     <PackageReference Include="NuGet.Packaging" Version="$(NugetPackagingVersion)" />
+    <PackageReference Include="System.Formats.Asn1" Version="$(SystemFormatsAsn1PackageVersion)" />
   </ItemGroup>
 
   <ItemGroup>

@@ -18,6 +18,7 @@
     <PackageReference Include="Microsoft.CodeAnalysis.VisualBasic.SourceGenerators.Testing.XUnit" Version="$(MicrosoftCodeAnalysisPackagesVersion)" />
     <PackageReference Include="Verify.Xunit" Version="$(VerifyXunitVersion)" />
     <PackageReference Include="NuGet.Packaging" Version="$(NugetPackagingVersion)" />
+    <PackageReference Include="System.Formats.Asn1" Version="$(SystemFormatsAsn1PackageVersion)" />
   </ItemGroup>
 
   <ItemGroup>

@@ -20,6 +20,7 @@
     <PackageReference Include="Microsoft.CodeAnalysis.VisualBasic.CodeFix.Testing.XUnit" Version="$(MicrosoftCodeAnalysisPackagesVersion)" />
     <PackageReference Include="Microsoft.CodeAnalysis.VisualBasic.CodeRefactoring.Testing.XUnit" Version="$(MicrosoftCodeAnalysisPackagesVersion)" />
     <PackageReference Include="NuGet.Packaging" Version="$(NugetPackagingVersion)" />
+    <PackageReference Include="System.Formats.Asn1" Version="$(SystemFormatsAsn1PackageVersion)" />
   </ItemGroup>
 
   <ItemGroup>

@@ -17,7 +17,7 @@ public void EditValue_ReturnsOriginalValue_WhenContextInstanceIsNull()
         Mock<ITypeDescriptorContext> mockContext = new(MockBehavior.Strict);
         mockContext
             .Setup(c => c.Instance)
-            .Returns(null);
+            .Returns((object?)null);
 
         Mock<IWindowsFormsEditorService> mockEditorService = new(MockBehavior.Strict);
         mockEditorService

@@ -1,6 +1,5 @@
 using System.ComponentModel;
 using System.Reflection;
-using Castle.Core.Internal;
 
 namespace System.Windows.Forms.Tests;
 
@@ -38,7 +37,7 @@ public void AxSystemMonitor_WhenInitialized_ExpectsProperties()
         foreach(PropertyDescriptor prop in properties)
         {
             string assemblyFromTestingControl = prop.ComponentType.Assembly.GetName().Name;
-            if (!assemblyFromTestingControl.IsNullOrEmpty()
+            if (!string.IsNullOrEmpty(assemblyFromTestingControl)
                 && assemblyFromTestingControl == assemblyNameFromType)
             {
                 testingControlProps.Add(prop.Name);
@@ -49,7 +48,7 @@ public void AxSystemMonitor_WhenInitialized_ExpectsProperties()
         foreach(EventDescriptor singleEvent in events)
         {
             string assemblyFromTestingControl = singleEvent.ComponentType.Assembly.GetName().Name;
-            if (!assemblyFromTestingControl.IsNullOrEmpty()
+            if (!string.IsNullOrEmpty(assemblyFromTestingControl)
                 && assemblyFromTestingControl == assemblyNameFromType)
             {
                 testingControlEvents.Add(singleEvent.Name);