✨ Support Nuget Pinned Dependency with RestoreLockedMode attribute #4351
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
7d30eeb to
c50d2b8
Compare
1d68b81 to
d1bbb7b
Compare
|
here are a number of repos to test this change on:
|
Signed-off-by: balteraivshay <avishay.balter@gmail.com> Signed-off-by: balteraivshay <avishay.balter@gmail.com>
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
…#4317) Signed-off-by: Spencer Schrock <sschrock@google.com> Signed-off-by: balteraivshay <avishay.balter@gmail.com>
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
…4343) Signed-off-by: balteraivshay <avishay.balter@gmail.com>
…sf#4356) Signed-off-by: balteraivshay <avishay.balter@gmail.com>
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
Signed-off-by: balteraivshay <avishay.balter@gmail.com>
d092c5e to
c5ac83f
Compare
|
/scdiff generate Pinned-Dependencies |
2 tasks
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What kind of change does this PR introduce?
Support pinning dependency in .NET using lockfile by declaring the RestoreLockedMode attribute in csproj
What is the current behavior?
checking for nuget pinned dependency attributes only CLI locked mode flags (i.e. --locked-mode) and if not found the score is 0.
What is the new behavior (if this is a feature change)?**
if nuget cli command found that is not locked with the CLI flag, a post-processing method checks for csproj files in the repo and scores according to the number of them that are declaring RestoreLockedMode attribute set to true.
Which issue(s) this PR fixes
Fixes #4251
Special notes for your reviewer
This implementation for this fix, using post processing method, was discussed with @spencerschrock in the Scorecard community call.
There is an upcoming PR that will compliment the behaviour by adding support for Central Package Management that will also be performing post processing to look for another file type (Directory.Packages.props) where this feature is enabled.
Does this PR introduce a user-facing change?
For user-facing changes, please add a concise, human-readable release note to
the
release-note(In particular, describe what changes users might need to make in their
application as a result of this pull request.)