Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CG work item fix for System.Text.JSON package #1871

Merged
merged 10 commits into from
Oct 27, 2024
Merged

CG work item fix for System.Text.JSON package #1871

merged 10 commits into from
Oct 27, 2024

Conversation

v-rakeshsh
Copy link
Contributor

@v-rakeshsh v-rakeshsh commented Oct 17, 2024
edited by v-viyada
Loading

Details

Updated System.Text.Json to 8.0.5 to address GHSA-hh2w-p6rv-4g7w. This will fix CG issue https://dev.azure.com/mseng/1ES/_workitems/edit/2221678/?view=edit
Along with this updated its root dependencies to latest.

NOTE: After updating the version, test case was failing in pipeline with below error

Error Log:
Failed AllDropFilesAreAccountedFor [136 ms]

Error Message:
Assert.IsFalse failed. 1 drop files are missing from "ProductComponent" of WXS: Microsoft.Bcl.TimeProvider.dll

Stack Trace:
at MsiFileTests.WxsValidationTests.CompareWxsSectionToDropPath(String repoRoot, String relativeDropPath, String wxsFile, String wxsComponentId, HashSet`1 intentionalExclusions) in D:\a_work\1\s\src\MsiFileTests\WxsValidationTests.cs:line 48
at MsiFileTests.WxsValidationTests.AllDropFilesAreAccountedFor() in D:\a_work\1\s\src\MsiFileTests\WxsValidationTests.cs:line 25
Results File: D:\a_work_temp\TestResults\cloudtest_d22066dec000000_2024-10-17_06_24_32.trx

To fix above, made changes in Product.wxs as below

Added below code to fix the error in pipeline:
<File Id="Microsoft.Bcl.TimeProvider.dll" Source="Microsoft.Bcl.TimeProvider.dll" />

Motivation

CVE

Context

Pull request checklist

  • Run through of all test scenarios completed?
  • Does this address an existing issue? If yes, Issue# -
  • Includes UI changes?
    • Run the production version of Accessibility Insights for Windows against a version with changes.
    • Attach any screenshots / GIF's that are applicable.

Note: After the PR has been created, certain checks will be kicked off. All of these checks must pass before a merge.

@v-rakeshsh v-rakeshsh requested a review from a team as a code owner October 17, 2024 06:58
@v-viyada v-viyada marked this pull request as draft October 17, 2024 16:45
v-viyada
v-viyada reviewed Oct 18, 2024
View reviewed changes
src/MSI/Product.wxs Outdated Show resolved Hide resolved
@v-rakeshsh v-rakeshsh requested a review from v-viyada October 21, 2024 05:57
@v-viyada v-viyada marked this pull request as ready for review October 21, 2024 20:08
v-viyada
v-viyada previously approved these changes Oct 21, 2024
View reviewed changes
This was referenced Oct 24, 2024
Closed
Closed
@codeofdusk codeofdusk merged commit 5f7860f into main Oct 27, 2024
8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codeofdusk codeofdusk codeofdusk approved these changes

@v-viyada v-viyada v-viyada left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@v-rakeshsh @codeofdusk @v-viyada