From 901a5f1ee13c16fc3487af14602563d21365ab65 Mon Sep 17 00:00:00 2001 From: Eric StJohn Date: Tue, 22 Jul 2025 10:36:23 -0700 Subject: [PATCH 1/3] Update framework package data Porting changes from https://github.com/dotnet/sdk/pull/49092 https://github.com/dotnet/sdk/pull/49882 These improve the accuracy of the FrameworkPackages -- accounting for some packages which were removed from the shared framework, and representing the latest version of packages which were absorbed into the framework. --- .../FrameworkPackages/FrameworkPackages.cs | 11 +++++++++-- .../FrameworkPackages.net5.0.cs | 14 +++++++++++++- .../FrameworkPackages.net6.0.cs | 18 +++++++++++++++++- .../FrameworkPackages.net9.0.cs | 3 +++ .../FrameworkPackages.netcoreapp2.1.cs | 10 +++++----- .../FrameworkPackages.netcoreapp3.0.cs | 6 ++++-- .../FrameworkPackages.netcoreapp3.1.cs | 2 +- .../FrameworkPackages.netstandard2.0.cs | 2 +- .../FrameworkPackages.netstandard2.1.cs | 12 +++++++----- 9 files changed, 60 insertions(+), 18 deletions(-) diff --git a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.cs b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.cs index be5c33679..adfb3f7b5 100644 --- a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.cs +++ b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.cs @@ -217,8 +217,15 @@ private static FrameworkPackages LoadFrameworkPackagesFromPack(NuGetFramework fr private void Add(string id, string version) { - // intentionally redirect to indexer to allow for overwrite - this.Packages[id] = NuGetVersion.Parse(version); + if (string.IsNullOrEmpty(version)) + { + this.Packages.Remove(id); + } + else + { + // intentionally redirect to indexer to allow for overwrite + this.Packages[id] = NuGetVersion.Parse(version); + } } public bool IsAFrameworkComponent(string id, NuGetVersion version) => this.Packages.TryGetValue(id, out var frameworkPackageVersion) && frameworkPackageVersion >= version; diff --git a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.net5.0.cs b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.net5.0.cs index 6b7a63e0a..e74724949 100644 --- a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.net5.0.cs +++ b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.net5.0.cs @@ -18,7 +18,7 @@ internal static class NETCoreApp50 { "System.Formats.Asn1", "5.0.0" }, { "System.IO.FileSystem.AccessControl", "5.0.0" }, { "System.Net.Http.Json", "5.0.0" }, - { "System.Reflection.DispatchProxy", "4.7.1" }, + { "System.Reflection.DispatchProxy", "4.8.2" }, { "System.Reflection.Metadata", "5.0.0" }, { "System.Runtime.CompilerServices.Unsafe", "5.0.0" }, { "System.Security.AccessControl", "5.0.0" }, @@ -29,6 +29,11 @@ internal static class NETCoreApp50 { "System.Text.Json", "5.0.0" }, { "System.Threading.Channels", "5.0.0" }, { "System.Threading.Tasks.Dataflow", "5.0.0" }, + + // removed packages + { "System.Runtime.InteropServices.WindowsRuntime", null }, + { "System.Runtime.WindowsRuntime", null }, + { "System.Runtime.WindowsRuntime.UI.Xaml", null }, }; internal static FrameworkPackages AspNetCore { get; } = new(Net50, FrameworkNames.AspNetCoreApp, NETCoreApp31.AspNetCore) @@ -167,6 +172,10 @@ internal static class NETCoreApp50 { "System.Security.Permissions", "5.0.0" }, { "System.Security.Principal.Windows", "5.0.0" }, { "System.Windows.Extensions", "5.0.0" }, + + // removed packages + { "Microsoft.Win32.SystemEvents", null }, + { "System.Drawing.Common", null }, }; internal static FrameworkPackages WindowsDesktop { get; } = new(Net50, FrameworkNames.WindowsDesktopApp, NETCoreApp31.WindowsDesktop) @@ -194,6 +203,9 @@ internal static class NETCoreApp50 { "System.Security.Principal.Windows", "5.0.0" }, { "System.Threading.AccessControl", "5.0.0" }, { "System.Windows.Extensions", "5.0.0" }, + + // removed packages + { "System.Formats.Asn1", null }, }; internal static void Register() => FrameworkPackages.Register(Instance, AspNetCore, WindowsDesktop); diff --git a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.net6.0.cs b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.net6.0.cs index dde6aa768..cdbd31dc8 100644 --- a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.net6.0.cs +++ b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.net6.0.cs @@ -16,7 +16,7 @@ internal static class NETCoreApp60 { "System.Formats.Asn1", "6.0.0" }, { "System.Net.Http.Json", "6.0.0" }, { "System.Reflection.Metadata", "6.0.0" }, - { "System.Runtime.CompilerServices.Unsafe", "6.0.0" }, + { "System.Runtime.CompilerServices.Unsafe", "6.1.2" }, { "System.Security.AccessControl", "6.0.0" }, { "System.Text.Encoding.CodePages", "6.0.0" }, { "System.Text.Encodings.Web", "6.0.0" }, @@ -157,6 +157,14 @@ internal static class NETCoreApp60 { "System.IO.Pipelines", "6.0.0" }, { "System.Security.Cryptography.Pkcs", "6.0.0" }, { "System.Security.Cryptography.Xml", "6.0.0" }, + + // removed packages + { "Microsoft.Win32.Registry", null }, + { "System.Security.AccessControl", null }, + { "System.Security.Cryptography.Cng", null }, + { "System.Security.Permissions", null }, + { "System.Security.Principal.Windows", null }, + { "System.Windows.Extensions", null }, }; internal static FrameworkPackages WindowsDesktop { get; } = new(Net60, FrameworkNames.WindowsDesktopApp, NETCoreApp50.WindowsDesktop) @@ -176,6 +184,14 @@ internal static class NETCoreApp60 { "System.Security.Permissions", "6.0.0" }, { "System.Threading.AccessControl", "6.0.0" }, { "System.Windows.Extensions", "6.0.0" }, + + // removed packages + { "Microsoft.Win32.Registry", null }, + { "System.IO.FileSystem.AccessControl", null }, + { "System.IO.Pipes.AccessControl", null }, + { "System.Security.AccessControl", null }, + { "System.Security.Cryptography.Cng", null }, + { "System.Security.Principal.Windows", null }, }; internal static void Register() => FrameworkPackages.Register(Instance, AspNetCore, WindowsDesktop); diff --git a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.net9.0.cs b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.net9.0.cs index a8e88a552..b0fcc77ab 100644 --- a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.net9.0.cs +++ b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.net9.0.cs @@ -178,6 +178,9 @@ internal static class NETCoreApp90 { "System.Security.Cryptography.Pkcs", "8.0.1" }, { "System.Security.Cryptography.Xml", "9.0.0" }, { "System.Threading.RateLimiting", "9.0.0" }, + + // removed packages + { "System.IO.Pipelines", null }, }; internal static FrameworkPackages WindowsDesktop { get; } = new(Net90, FrameworkNames.WindowsDesktopApp, NETCoreApp80.WindowsDesktop) diff --git a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netcoreapp2.1.cs b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netcoreapp2.1.cs index a046281fb..295432fc0 100644 --- a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netcoreapp2.1.cs +++ b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netcoreapp2.1.cs @@ -15,14 +15,14 @@ internal static class NETCoreApp21 { "Microsoft.NETCore.App", "2.1.0" }, { "Microsoft.VisualBasic", "10.3.0" }, { "Microsoft.Win32.Registry", "4.5.0" }, - { "System.Buffers", "4.5.0" }, + { "System.Buffers", "4.6.1" }, { "System.Collections.Immutable", "1.5.0" }, { "System.ComponentModel.Annotations", "4.5.0" }, { "System.Diagnostics.DiagnosticSource", "4.5.0" }, { "System.IO.FileSystem.AccessControl", "4.5.0" }, { "System.IO.Pipes.AccessControl", "4.5.0" }, - { "System.Memory", "4.5.5" }, - { "System.Numerics.Vectors", "4.5.0" }, + { "System.Memory", "4.6.3" }, + { "System.Numerics.Vectors", "4.6.1" }, { "System.Reflection.DispatchProxy", "4.5.0" }, { "System.Reflection.Metadata", "1.6.0" }, { "System.Security.AccessControl", "4.5.0" }, @@ -30,8 +30,8 @@ internal static class NETCoreApp21 { "System.Security.Cryptography.OpenSsl", "4.5.0" }, { "System.Security.Principal.Windows", "4.5.0" }, { "System.Threading.Tasks.Dataflow", "4.9.0" }, - { "System.Threading.Tasks.Extensions", "4.5.4" }, - { "System.ValueTuple", "4.5.0" }, + { "System.Threading.Tasks.Extensions", "4.6.3" }, + { "System.ValueTuple", "4.6.1" }, }; internal static void Register() => FrameworkPackages.Register(Instance); diff --git a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netcoreapp3.0.cs b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netcoreapp3.0.cs index 079a9a0cd..88c02187d 100644 --- a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netcoreapp3.0.cs +++ b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netcoreapp3.0.cs @@ -13,7 +13,7 @@ internal static class NETCoreApp30 { { "Microsoft.CSharp", "4.6.0" }, { "Microsoft.Win32.Registry", "4.6.0" }, - { "System.Buffers", "4.5.1" }, + { "System.Buffers", "4.6.1" }, { "System.Collections.Immutable", "1.6.0" }, { "System.ComponentModel.Annotations", "4.6.0" }, { "System.Data.DataSetExtensions", "4.5.0" }, @@ -28,7 +28,9 @@ internal static class NETCoreApp30 { "System.Security.AccessControl", "4.6.0" }, { "System.Security.Cryptography.Cng", "4.6.0" }, { "System.Security.Cryptography.OpenSsl", "4.6.0" }, - { "System.Security.Cryptography.Xml", "4.4.0" }, + + // this package was listed in the package overrides.txt for netcoreapp3.0, but it is not actually in the targeting pack + // { "System.Security.Cryptography.Xml", "4.4.0" }, { "System.Security.Principal.Windows", "4.6.0" }, { "System.Text.Encoding.CodePages", "4.6.0" }, { "System.Text.Encodings.Web", "4.6.0" }, diff --git a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netcoreapp3.1.cs b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netcoreapp3.1.cs index ce3338d80..9824a956d 100644 --- a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netcoreapp3.1.cs +++ b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netcoreapp3.1.cs @@ -17,7 +17,7 @@ internal static class NETCoreApp31 { "System.ComponentModel.Annotations", "4.7.0" }, { "System.Diagnostics.DiagnosticSource", "4.7.0" }, { "System.IO.FileSystem.AccessControl", "4.7.0" }, - { "System.Reflection.DispatchProxy", "4.7.0" }, + { "System.Reflection.DispatchProxy", "4.8.2" }, { "System.Reflection.Metadata", "1.8.0" }, { "System.Runtime.CompilerServices.Unsafe", "4.7.1" }, { "System.Runtime.WindowsRuntime", "4.7.0" }, diff --git a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netstandard2.0.cs b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netstandard2.0.cs index 66c9bdd64..9588b4864 100644 --- a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netstandard2.0.cs +++ b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netstandard2.0.cs @@ -96,7 +96,7 @@ internal static class NETStandard20 { "System.Threading.Thread", "4.3.0" }, { "System.Threading.ThreadPool", "4.3.0" }, { "System.Threading.Timer", "4.3.0" }, - { "System.ValueTuple", "4.4.0" }, + { "System.ValueTuple", "4.6.1" }, { "System.Xml.ReaderWriter", "4.3.1" }, { "System.Xml.XDocument", "4.0.11" }, { "System.Xml.XmlDocument", "4.3.0" }, diff --git a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netstandard2.1.cs b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netstandard2.1.cs index 5b6aeb282..c6caffe2e 100644 --- a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netstandard2.1.cs +++ b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.netstandard2.1.cs @@ -11,7 +11,7 @@ internal static class NETStandard21 { internal static FrameworkPackages Instance { get; } = new(NetStandard21, FrameworkNames.NetStandardLibrary, NETStandard20.Instance) { - { "System.Buffers", "4.5.1" }, + { "System.Buffers", "4.6.1" }, { "System.Collections.Concurrent", "4.3.0" }, { "System.Collections.Immutable", "1.4.0" }, { "System.ComponentModel", "4.3.0" }, @@ -20,10 +20,10 @@ internal static class NETStandard21 { "System.Diagnostics.Contracts", "4.3.0" }, { "System.Dynamic.Runtime", "4.3.0" }, { "System.Linq.Queryable", "4.3.0" }, - { "System.Memory", "4.5.5" }, + { "System.Memory", "4.6.3" }, { "System.Net.Requests", "4.3.0" }, { "System.Net.WebHeaderCollection", "4.3.0" }, - { "System.Numerics.Vectors", "4.5.0" }, + { "System.Numerics.Vectors", "4.6.1" }, { "System.ObjectModel", "4.3.0" }, { "System.Private.DataContractSerialization", "4.3.0" }, { "System.Reflection.DispatchProxy", "4.5.1" }, @@ -35,11 +35,13 @@ internal static class NETStandard21 { "System.Runtime.Numerics", "4.3.0" }, { "System.Runtime.Serialization.Json", "4.3.0" }, { "System.Security.AccessControl", "4.4.0" }, - { "System.Security.Cryptography.Xml", "4.4.0" }, + + // this package was listed in the package overrides.txt for netstandard2.1, but it is not actually in the targeting pack + // { "System.Security.Cryptography.Xml", "4.4.0" }, { "System.Security.Principal", "4.3.0" }, { "System.Security.Principal.Windows", "4.4.0" }, { "System.Threading", "4.3.0" }, - { "System.Threading.Tasks.Extensions", "4.5.4" }, + { "System.Threading.Tasks.Extensions", "4.6.3" }, { "System.Threading.Tasks.Parallel", "4.3.0" }, { "System.Xml.XDocument", "4.3.0" }, { "System.Xml.XmlSerializer", "4.3.0" }, From 3e0b5193e0b5b70a6c25f938b38bc2c913d77b07 Mon Sep 17 00:00:00 2001 From: Eric StJohn Date: Tue, 22 Jul 2025 15:40:21 -0700 Subject: [PATCH 2/3] Update src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.cs --- .../nuget/FrameworkPackages/FrameworkPackages.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.cs b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.cs index adfb3f7b5..f3842989a 100644 --- a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.cs +++ b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.cs @@ -217,7 +217,7 @@ private static FrameworkPackages LoadFrameworkPackagesFromPack(NuGetFramework fr private void Add(string id, string version) { - if (string.IsNullOrEmpty(version)) + if (string.IsNullOrWhitespace(version)) { this.Packages.Remove(id); } From 5ef3748aabb754144f6e6dd466f1f2574ab86cca Mon Sep 17 00:00:00 2001 From: Eric StJohn Date: Tue, 22 Jul 2025 19:02:00 -0700 Subject: [PATCH 3/3] Fix typo --- .../nuget/FrameworkPackages/FrameworkPackages.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.cs b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.cs index f3842989a..cf63a0793 100644 --- a/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.cs +++ b/src/Microsoft.ComponentDetection.Detectors/nuget/FrameworkPackages/FrameworkPackages.cs @@ -217,7 +217,7 @@ private static FrameworkPackages LoadFrameworkPackagesFromPack(NuGetFramework fr private void Add(string id, string version) { - if (string.IsNullOrWhitespace(version)) + if (string.IsNullOrWhiteSpace(version)) { this.Packages.Remove(id); }