You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
I know that NuGet packages are typically not updated unless there are CVEs, important bug fixes, or other specific need to. However, when reviewing the list of NuGet packages installed, I saw that YamlDotNet was several versions out of date. This package directly affects the parsing of manifests within WinGet and the associated utilities. Given that, I thought it best to update it, especially given the fact that 1.10 is preparing to go through the release cycle, which would give these changes enough time to be tested in the 1.11 previews and testing cycles.
This change only directly updates the top-level project - WinGetUtilInterop. I'm expecting that all the other projects which have this NuGet package as a transient dependency will pick up this new version, as all of them have a Project Dependency on WinGetUtilInterop.
8.1.2 is the explicit version used by internal wingetsvc (not sure why, maybe it's from some earlier security fix), which has a dependency on the UtilInterop. But I guess it's ok to update now since it's so many versions behind.
8.1.2 is the explicit version used by internal wingetsvc (not sure why, maybe it's from some earlier security fix), which has a dependency on the UtilInterop. But I guess it's ok to update now since it's so many versions behind.
Does this mean I need to update another place in the code also?
8.1.2 is the explicit version used by internal wingetsvc (not sure why, maybe it's from some earlier security fix), which has a dependency on the UtilInterop. But I guess it's ok to update now since it's so many versions behind.
Does this mean I need to update another place in the code also?
My guess is that it means we (the service maintainers) would need to update the version internally whenever this change gets integrated into the service code. That is probably more of a logistical annoyance than anything else.
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I know that NuGet packages are typically not updated unless there are CVEs, important bug fixes, or other specific need to. However, when reviewing the list of NuGet packages installed, I saw that YamlDotNet was several versions out of date. This package directly affects the parsing of manifests within WinGet and the associated utilities. Given that, I thought it best to update it, especially given the fact that 1.10 is preparing to go through the release cycle, which would give these changes enough time to be tested in the 1.11 previews and testing cycles.
This change only directly updates the top-level project -
WinGetUtilInterop. I'm expecting that all the other projects which have this NuGet package as a transient dependency will pick up this new version, as all of them have a Project Dependency onWinGetUtilInterop.The projects which consume this change -
Top-Level
Transitive
Microsoft Reviewers: Open in CodeFlow