Remove transitive dependencies on System.Text.RegularExpressions from…

… test projects (#137)

* Remove transitive dependencies on System.Text.RegularExpressions package

Update several out-of-date dependencies in test projects that were pulling in a vulnerable System.Text.RegularExpressions package.

Fix for CVE-2019-0820

Signed-off-by: Thomas Farr <[email protected]>

* Further changelog

Signed-off-by: Thomas Farr <[email protected]>

Signed-off-by: Thomas Farr <[email protected]>
Co-authored-by: Daniel (dB.) Doubrovkine <[email protected]>

CHANGELOG.md

@@ -18,9 +18,14 @@ Inspired from [Keep a Changelog](https://keepachangelog.com/en/1.0.0/)
 ### Fixed
 
 ### Security
+- CVE-2019-0820: Removed transitive dependencies on `System.Text.RegularExpressions` from internal packages; **Client Not Impacted** ([#137](https://github.com/opensearch-project/opensearch-net/pull/137))
 
 ### Dependencies
+- Bumps `SemanticVersioning` from 0.8.0 to 2.0.2
+- Bumps `Microsoft.NET.Test.Sdk` from 16.5.0 to 17.4.1
+- Bumps `Octokit` from 0.32.0 to 4.0.3
+- Bumps `BenchMarkDotNet` from 0.13.1 to 0.13.3
+- Bumps `System.Reactive` from 3.1.1 to 5.0.0
 - Bumps `SharpZipLib` from 1.0.4 to `1.4.1` ([#136](https://github.com/opensearch-project/opensearch-net/pull/136))
 
-
 [Unreleased]: https://github.com/opensearch-project/opensearch-net/compare/1.2.0...HEAD

abstractions/src/OpenSearch.OpenSearch.Ephemeral/packages.lock.json

@@ -187,11 +187,8 @@
       },
       "SemanticVersioning": {
         "type": "Transitive",
-        "resolved": "0.8.0",
-        "contentHash": "hUCnQL79hU0W6X4jPeMAtGDwoEJeBEZfGBnkT+jPG45lD7KHn4h61HgYN8y1HAjPrXmC5oJcLx3l8ygPJOqvlA==",
-        "dependencies": {
-          "NETStandard.Library": "1.6.0"
-        }
+        "resolved": "2.0.2",
+        "contentHash": "4EQgYdNZ92SyaO7YFk6olVnebF5V+jrHyMUjvPq89tLeMo8NSfgDF+6Zwq/lgh9j/0yfQp9Lkm0ZA0rUATCZFA=="
       },
       "System.Buffers": {
         "type": "Transitive",
@@ -786,7 +783,7 @@
       "opensearch.stack.artifactsapi": {
         "type": "Project",
         "dependencies": {
-          "SemanticVersioning": "[0.8.0, )",
+          "SemanticVersioning": "[2.0.2, )",
           "System.Net.Http": "[4.3.4, )",
           "System.Runtime.InteropServices.RuntimeInformation": "[4.3.0, )",
           "System.Text.Json": "[7.0.1, )"

abstractions/src/OpenSearch.OpenSearch.Managed/packages.lock.json

@@ -212,11 +212,8 @@
       },
       "SemanticVersioning": {
         "type": "Transitive",
-        "resolved": "0.8.0",
-        "contentHash": "hUCnQL79hU0W6X4jPeMAtGDwoEJeBEZfGBnkT+jPG45lD7KHn4h61HgYN8y1HAjPrXmC5oJcLx3l8ygPJOqvlA==",
-        "dependencies": {
-          "NETStandard.Library": "1.6.0"
-        }
+        "resolved": "2.0.2",
+        "contentHash": "4EQgYdNZ92SyaO7YFk6olVnebF5V+jrHyMUjvPq89tLeMo8NSfgDF+6Zwq/lgh9j/0yfQp9Lkm0ZA0rUATCZFA=="
       },
       "System.Buffers": {
         "type": "Transitive",
@@ -770,7 +767,7 @@
       "opensearch.stack.artifactsapi": {
         "type": "Project",
         "dependencies": {
-          "SemanticVersioning": "[0.8.0, )",
+          "SemanticVersioning": "[2.0.2, )",
           "System.Net.Http": "[4.3.4, )",
           "System.Runtime.InteropServices.RuntimeInformation": "[4.3.0, )",
           "System.Text.Json": "[7.0.1, )"

abstractions/src/OpenSearch.OpenSearch.Xunit/XunitPlumbing/IntegrationTestDiscoverer.cs

@@ -31,7 +31,7 @@
 using System.Linq;
 using OpenSearch.OpenSearch.Xunit.Sdk;
 using OpenSearch.Stack.ArtifactsApi;
-using SemVer;
+using SemanticVersioning;
 using Xunit;
 using Xunit.Abstractions;
 using Xunit.Sdk;

abstractions/src/OpenSearch.OpenSearch.Xunit/XunitPlumbing/SkipVersionAttribute.cs

@@ -29,7 +29,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
-using SemVer;
+using SemanticVersioning;
 
 namespace OpenSearch.OpenSearch.Xunit.XunitPlumbing
 {

abstractions/src/OpenSearch.OpenSearch.Xunit/packages.lock.json

@@ -188,11 +188,8 @@
       },
       "SemanticVersioning": {
         "type": "Transitive",
-        "resolved": "0.8.0",
-        "contentHash": "hUCnQL79hU0W6X4jPeMAtGDwoEJeBEZfGBnkT+jPG45lD7KHn4h61HgYN8y1HAjPrXmC5oJcLx3l8ygPJOqvlA==",
-        "dependencies": {
-          "NETStandard.Library": "1.6.0"
-        }
+        "resolved": "2.0.2",
+        "contentHash": "4EQgYdNZ92SyaO7YFk6olVnebF5V+jrHyMUjvPq89tLeMo8NSfgDF+6Zwq/lgh9j/0yfQp9Lkm0ZA0rUATCZFA=="
       },
       "SharpZipLib": {
         "type": "Transitive",
@@ -848,7 +845,7 @@
       "opensearch.stack.artifactsapi": {
         "type": "Project",
         "dependencies": {
-          "SemanticVersioning": "[0.8.0, )",
+          "SemanticVersioning": "[2.0.2, )",
           "System.Net.Http": "[4.3.4, )",
           "System.Runtime.InteropServices.RuntimeInformation": "[4.3.0, )",
           "System.Text.Json": "[7.0.1, )"

abstractions/src/OpenSearch.Stack.ArtifactsApi/Artifact.cs

@@ -30,7 +30,7 @@
 using System.IO;
 using OpenSearch.Stack.ArtifactsApi.Products;
 using OpenSearch.Stack.ArtifactsApi.Resolvers;
-using Version = SemVer.Version;
+using Version = SemanticVersioning.Version;
 
 namespace OpenSearch.Stack.ArtifactsApi
 {

abstractions/src/OpenSearch.Stack.ArtifactsApi/OpenSearch.Stack.ArtifactsApi.csproj

@@ -10,7 +10,7 @@
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="SemanticVersioning" Version="0.8.0" />
+        <PackageReference Include="SemanticVersioning" Version="2.0.2" />
         <PackageReference Include="System.Net.Http" Version="4.3.4" />
         <PackageReference Include="System.Runtime.InteropServices.RuntimeInformation" Version="4.3.0" />
         <PackageReference Include="System.Text.Json" Version="7.0.1" />

abstractions/src/OpenSearch.Stack.ArtifactsApi/OpenSearchVersion.cs

@@ -33,8 +33,8 @@
 using OpenSearch.Stack.ArtifactsApi.Platform;
 using OpenSearch.Stack.ArtifactsApi.Products;
 using OpenSearch.Stack.ArtifactsApi.Resolvers;
-using SemVer;
-using Version = SemVer.Version;
+using SemanticVersioning;
+using Version = SemanticVersioning.Version;
 
 namespace OpenSearch.Stack.ArtifactsApi
 {

abstractions/src/OpenSearch.Stack.ArtifactsApi/Resolvers/ReleasedVersionResolver.cs

@@ -29,7 +29,7 @@
 using System.Runtime.InteropServices;
 using OpenSearch.Stack.ArtifactsApi.Platform;
 using OpenSearch.Stack.ArtifactsApi.Products;
-using Version = SemVer.Version;
+using Version = SemanticVersioning.Version;
 
 namespace OpenSearch.Stack.ArtifactsApi.Resolvers
 {

abstractions/src/OpenSearch.Stack.ArtifactsApi/Resolvers/SnapshotApiResolver.cs

@@ -35,8 +35,8 @@
 using System.Threading;
 using OpenSearch.Stack.ArtifactsApi.Platform;
 using OpenSearch.Stack.ArtifactsApi.Products;
-using SemVer;
-using Version = SemVer.Version;
+using SemanticVersioning;
+using Version = SemanticVersioning.Version;
 
 namespace OpenSearch.Stack.ArtifactsApi.Resolvers
 {

abstractions/src/OpenSearch.Stack.ArtifactsApi/Resolvers/StagingVersionResolver.cs

@@ -27,7 +27,7 @@
 */
 
 using OpenSearch.Stack.ArtifactsApi.Products;
-using Version = SemVer.Version;
+using Version = SemanticVersioning.Version;
 
 namespace OpenSearch.Stack.ArtifactsApi.Resolvers
 {

abstractions/src/OpenSearch.Stack.ArtifactsApi/packages.lock.json

@@ -22,12 +22,9 @@
       },
       "SemanticVersioning": {
         "type": "Direct",
-        "requested": "[0.8.0, )",
-        "resolved": "0.8.0",
-        "contentHash": "hUCnQL79hU0W6X4jPeMAtGDwoEJeBEZfGBnkT+jPG45lD7KHn4h61HgYN8y1HAjPrXmC5oJcLx3l8ygPJOqvlA==",
-        "dependencies": {
-          "NETStandard.Library": "1.6.0"
-        }
+        "requested": "[2.0.2, )",
+        "resolved": "2.0.2",
+        "contentHash": "4EQgYdNZ92SyaO7YFk6olVnebF5V+jrHyMUjvPq89tLeMo8NSfgDF+6Zwq/lgh9j/0yfQp9Lkm0ZA0rUATCZFA=="
       },
       "System.Net.Http": {
         "type": "Direct",

abstractions/tests/OpenSearch.OpenSearch.EphemeralTests/OpenSearch.OpenSearch.EphemeralTests.csproj

@@ -8,7 +8,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.5.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.4.1" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.4.5" />
   </ItemGroup>
 

abstractions/tests/OpenSearch.OpenSearch.EphemeralTests/packages.lock.json

@@ -4,12 +4,12 @@
     "net6.0": {
       "Microsoft.NET.Test.Sdk": {
         "type": "Direct",
-        "requested": "[16.5.0, )",
-        "resolved": "16.5.0",
-        "contentHash": "yHZOhVSPuGqgHi+KhHiAZqNY08avkQraXKvgKgDU8c/ztmGzw7gmukkv49EaTq6T3xmp4XroWk3gAlbJHMxl8w==",
+        "requested": "[17.4.1, )",
+        "resolved": "17.4.1",
+        "contentHash": "kJ5/v2ad+VEg1fL8UH18nD71Eu+Fq6dM4RKBVqlV2MLSEK/AW4LUkqlk7m7G+BrxEDJVwPjxHam17nldxV80Ow==",
         "dependencies": {
-          "Microsoft.CodeCoverage": "16.5.0",
-          "Microsoft.TestPlatform.TestHost": "16.5.0"
+          "Microsoft.CodeCoverage": "17.4.1",
+          "Microsoft.TestPlatform.TestHost": "17.4.1"
         }
       },
       "Microsoft.NETFramework.ReferenceAssemblies": {
@@ -52,8 +52,8 @@
       },
       "Microsoft.CodeCoverage": {
         "type": "Transitive",
-        "resolved": "16.5.0",
-        "contentHash": "PM5YLtyN45EyUGePJpaNogndlaQPrMgQQXHKMhMESC6KfSVvt+j7+dxBi8NYC6X6dZVysf7ngwhSW3wwvPJRSQ=="
+        "resolved": "17.4.1",
+        "contentHash": "T21KxaiFawbrrjm0uXjxAStXaBm5P9H6Nnf8BUtBTvIpd8q57lrChVBCY2dnazmSu9/kuX4z5+kAOT78Dod7vA=="
       },
       "Microsoft.CSharp": {
         "type": "Transitive",
@@ -77,19 +77,20 @@
       },
       "Microsoft.TestPlatform.ObjectModel": {
         "type": "Transitive",
-        "resolved": "16.5.0",
-        "contentHash": "NnLFxmFBCAS6kye2JFszD5WKgj4Zve5KX/R0mhYwh6BVnSeybI2unRnjEPtLyY3CAVhwrY4bh/8LNFtslAcGZg==",
+        "resolved": "17.4.1",
+        "contentHash": "v2CwoejusooZa/DZYt7UXo+CJOvwAmqg6ZyFJeIBu+DCRDqpEtf7WYhZ/AWii0EKzANPPLU9+m148aipYQkTuA==",
         "dependencies": {
-          "NuGet.Frameworks": "5.0.0"
+          "NuGet.Frameworks": "5.11.0",
+          "System.Reflection.Metadata": "1.6.0"
         }
       },
       "Microsoft.TestPlatform.TestHost": {
         "type": "Transitive",
-        "resolved": "16.5.0",
-        "contentHash": "ytGymboQIvjNX5pLC0yp/Bz9sGDHqSnLQgBRtd4VrqOUgKmmcfxMYZ6p0TBZgAT1oijdC6xqUZ7rl8mbaaXTJw==",
+        "resolved": "17.4.1",
+        "contentHash": "K7QXM4P4qrDKdPs/VSEKXR08QEru7daAK8vlIbhwENM3peXJwb9QgrAbtbYyyfVnX+F1m+1hntTH6aRX+h/f8g==",
         "dependencies": {
-          "Microsoft.TestPlatform.ObjectModel": "16.5.0",
-          "Newtonsoft.Json": "9.0.1"
+          "Microsoft.TestPlatform.ObjectModel": "17.4.1",
+          "Newtonsoft.Json": "13.0.1"
         }
       },
       "Microsoft.Win32.Primitives": {
@@ -124,8 +125,8 @@
       },
       "NuGet.Frameworks": {
         "type": "Transitive",
-        "resolved": "5.0.0",
-        "contentHash": "c5JVjuVAm4f7E9Vj+v09Z9s2ZsqFDjBpcsyS3M9xRo0bEdm/LVZSzLxxNvfvAwRiiE8nwe1h2G4OwiwlzFKXlA=="
+        "resolved": "5.11.0",
+        "contentHash": "eaiXkUjC4NPcquGWzAGMXjuxvLwc6XGKMptSyOGQeT0X70BUZObuybJFZLA0OfTdueLd3US23NBPTBb6iF3V1Q=="
       },
       "Nullean.VsTest.Pretty.TestLogger": {
         "type": "Transitive",
@@ -244,11 +245,8 @@
       },
       "SemanticVersioning": {
         "type": "Transitive",
-        "resolved": "0.8.0",
-        "contentHash": "hUCnQL79hU0W6X4jPeMAtGDwoEJeBEZfGBnkT+jPG45lD7KHn4h61HgYN8y1HAjPrXmC5oJcLx3l8ygPJOqvlA==",
-        "dependencies": {
-          "NETStandard.Library": "1.6.0"
-        }
+        "resolved": "2.0.2",
+        "contentHash": "4EQgYdNZ92SyaO7YFk6olVnebF5V+jrHyMUjvPq89tLeMo8NSfgDF+6Zwq/lgh9j/0yfQp9Lkm0ZA0rUATCZFA=="
       },
       "SharpZipLib": {
         "type": "Transitive",
@@ -496,6 +494,11 @@
           "System.Runtime": "4.3.0"
         }
       },
+      "System.Reflection.Metadata": {
+        "type": "Transitive",
+        "resolved": "1.6.0",
+        "contentHash": "COC1aiAJjCoA5GBF+QKL2uLqEBew4JsCkQmoHKbN3TlOZKa2fKLz5CpiRQKDz0RsAOEGsVKqOD5bomsXq/4STQ=="
+      },
       "System.Reflection.Primitives": {
         "type": "Transitive",
         "resolved": "4.3.0",
@@ -914,7 +917,7 @@
       "opensearch.stack.artifactsapi": {
         "type": "Project",
         "dependencies": {
-          "SemanticVersioning": "[0.8.0, )",
+          "SemanticVersioning": "[2.0.2, )",
           "System.Net.Http": "[4.3.4, )",
           "System.Runtime.InteropServices.RuntimeInformation": "[4.3.0, )",
           "System.Text.Json": "[7.0.1, )"
@@ -932,7 +935,7 @@
           "DiffPlex": "[1.7.1, )",
           "FluentAssertions": "[5.10.3, )",
           "JunitXml.TestLogger": "[2.1.78, )",
-          "Microsoft.NET.Test.Sdk": "[16.5.0, )",
+          "Microsoft.TestPlatform.ObjectModel": "[17.4.1, )",
           "Nullean.VsTest.Pretty.TestLogger": "[0.3.0, )",
           "OpenSearch.Client.JsonNetSerializer": "[1.2.1, )",
           "OpenSearch.OpenSearch.Xunit": "[1.2.1, )",

abstractions/tests/OpenSearch.Stack.ArtifactsApiTests/OpenSearch.Stack.ArtifactsApiTests.csproj

@@ -9,7 +9,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.5.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.4.1" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.4.5" />
   </ItemGroup>