From dc887a274e27a029cb039ee53fdf8ad6f3ee497d Mon Sep 17 00:00:00 2001 From: Peter Rekdal Khan-Sunde Date: Tue, 30 Jul 2024 11:24:59 +0200 Subject: [PATCH] Enable auditing of nuget packages (#414) * Enable auditing of nuget packages. * Build fix. * Treat nuget audit warning as error. * Enable transitive pinning. --- src/Directory.Build.props | 9 +++++++++ src/Directory.Packages.props | 16 ++++++++++----- .../OsPlatformYamlTypeConverter.cs | 20 ++++++++++--------- .../SemanticVersionYamlTypeConverter.cs | 6 +++--- .../TypeConverters/UriYamlTypeConverter.cs | 6 +++--- 5 files changed, 37 insertions(+), 20 deletions(-) diff --git a/src/Directory.Build.props b/src/Directory.Build.props index 5b346883..7718e01d 100644 --- a/src/Directory.Build.props +++ b/src/Directory.Build.props @@ -2,6 +2,15 @@ 12.0 + true + latest + NU1901;NU1902;NU1903;NU1904 + + + + true + all + low diff --git a/src/Directory.Packages.props b/src/Directory.Packages.props index edcb4caa..517fa90a 100644 --- a/src/Directory.Packages.props +++ b/src/Directory.Packages.props @@ -1,6 +1,7 @@ true + true 11.1.1 @@ -24,9 +25,14 @@ - - - - + + + all + runtime; build; native; contentfiles; analyzers + + + + + - + \ No newline at end of file diff --git a/src/Snap/Core/Yaml/TypeConverters/OsPlatformYamlTypeConverter.cs b/src/Snap/Core/Yaml/TypeConverters/OsPlatformYamlTypeConverter.cs index 96d73b8f..887282cc 100644 --- a/src/Snap/Core/Yaml/TypeConverters/OsPlatformYamlTypeConverter.cs +++ b/src/Snap/Core/Yaml/TypeConverters/OsPlatformYamlTypeConverter.cs @@ -1,4 +1,4 @@ -using System; +using System; using System.Runtime.InteropServices; using YamlDotNet.Core; using YamlDotNet.Core.Events; @@ -8,24 +8,26 @@ namespace Snap.Core.Yaml.TypeConverters; internal sealed class OsPlatformYamlTypeConverter : IYamlTypeConverter { - public bool Accepts(Type type) - { - return type == typeof(OSPlatform); - } + public bool Accepts(Type type) => type == typeof(OSPlatform); - public object ReadYaml(IParser parser, Type type) + public object ReadYaml(IParser parser, Type type, ObjectDeserializer rootDeserializer) { var osPlatform = ((Scalar)parser.Current)?.Value; parser.MoveNext(); return TryCreateOsPlatform(osPlatform); } - public void WriteYaml(IEmitter emitter, object value, Type type) + public void WriteYaml(IEmitter emitter, object value, Type type, ObjectSerializer serializer) { - var osPlatformStr = ((OSPlatform)value).ToString().ToLowerInvariant(); + if (value is not OSPlatform osPlatform) + { + throw new ArgumentException("Value is not an OSPlatform", nameof(value)); + } + + var osPlatformStr = osPlatform.ToString().ToLowerInvariant(); emitter.Emit(new Scalar(osPlatformStr)); } - + static OSPlatform TryCreateOsPlatform(string osPlatform) { if (string.IsNullOrWhiteSpace(osPlatform)) diff --git a/src/Snap/Core/Yaml/TypeConverters/SemanticVersionYamlTypeConverter.cs b/src/Snap/Core/Yaml/TypeConverters/SemanticVersionYamlTypeConverter.cs index 24b085b7..9cfbbd50 100644 --- a/src/Snap/Core/Yaml/TypeConverters/SemanticVersionYamlTypeConverter.cs +++ b/src/Snap/Core/Yaml/TypeConverters/SemanticVersionYamlTypeConverter.cs @@ -1,4 +1,4 @@ -using System; +using System; using NuGet.Versioning; using YamlDotNet.Core; using YamlDotNet.Core.Events; @@ -13,7 +13,7 @@ public bool Accepts(Type type) return type == typeof(SemanticVersion); } - public object ReadYaml(IParser parser, Type type) + public object ReadYaml(IParser parser, Type type, ObjectDeserializer rootDeserializer) { var semanticVersionStr = ((Scalar)parser.Current)?.Value; parser.MoveNext(); @@ -21,7 +21,7 @@ public object ReadYaml(IParser parser, Type type) return semanticVersion; } - public void WriteYaml(IEmitter emitter, object value, Type type) + public void WriteYaml(IEmitter emitter, object value, Type type, ObjectSerializer serializer) { var semanticVersionStr = ((SemanticVersion)value)?.ToNormalizedString() ?? string.Empty; emitter.Emit(new Scalar(semanticVersionStr)); diff --git a/src/Snap/Core/Yaml/TypeConverters/UriYamlTypeConverter.cs b/src/Snap/Core/Yaml/TypeConverters/UriYamlTypeConverter.cs index 301f3e99..d4076b06 100644 --- a/src/Snap/Core/Yaml/TypeConverters/UriYamlTypeConverter.cs +++ b/src/Snap/Core/Yaml/TypeConverters/UriYamlTypeConverter.cs @@ -1,4 +1,4 @@ -using System; +using System; using YamlDotNet.Core; using YamlDotNet.Core.Events; using YamlDotNet.Serialization; @@ -12,7 +12,7 @@ public bool Accepts(Type type) return type == typeof(Uri); } - public object ReadYaml(IParser parser, Type type) + public object ReadYaml(IParser parser, Type type, ObjectDeserializer rootDeserializer) { var uriStr = ((Scalar)parser.Current)?.Value; parser.MoveNext(); @@ -20,7 +20,7 @@ public object ReadYaml(IParser parser, Type type) return uri; } - public void WriteYaml(IEmitter emitter, object value, Type type) + public void WriteYaml(IEmitter emitter, object value, Type type, ObjectSerializer serializer) { var uriStr = ((Uri)value)?.ToString() ?? string.Empty; emitter.Emit(new Scalar(uriStr));