search

Reloaded-Project / Reloaded-II

Universal .NET Core Powered Modding Framework for any Native Game X86, X64.
GNU General Public License v3.0
611 stars 83 forks source link

Updated: Dependencies #453

Closed dreamsyntax closed 2 months ago

dreamsyntax commented 2 months ago

Summary:

Makes these two PRs obsolete: https://github.com/Reloaded-Project/Reloaded-II/pull/234 https://github.com/Reloaded-Project/Reloaded-II/pull/168

--Reloaded.Mod.Installer & Reloaded.Mod.Installer.Cli--
Explicitly Declare transitive dependencies to resolve known vuln:
System.Net.Http to 4.3.4
System.Text.RegularExpressions to 4.3.1

--Reloaded.Mod.Launcher.Lib--
IoC.Container 1.3.7 -> 1.3.8

--Reloaded.Mod.Launcher--
Reloaded.Memory 9.4.0 -> 9.4.2
Delete 'Reloaded - Backup.Mod.Launcher.csproj'

--Reloaded.Mod.Launcher.IO--
Reloaded.Memory 9.4.0 -> 9.4.2
System.Text.Json 7.0.0-rc.2.22472.3 -> 8.0.4

--Reloaded.Mod.Loader.Tests--
Bogus 34.0.2 -> 35.6.1
Microsoft.NET.Test.Sdk 17.2.0 -> 17.11.1
Moq 4.18.1 -> 4.20.72
xunit 2.4.1 -> 2.9.2

--Reloaded.Mod.Loader.Update.Packaging--
Sewer56.Update 4.0.0 -> 4.0.2
Sewer56.Update.Extractors.SevenZipSharp 1.1.2 -> 1.1.4 
Sewer56.Update.Packaging 3.0.0 -> 3.0.1
Sewer56.Update.Resolvers.NuGet 1.4.0 -> 1.4.1
Sewer56.Update.Resolvers.GameBanana 1.4.1 -> 1.4.2

--Reloaded.Mod.Loader.Update--
HtmlAgilityPack 1.11.43 -> 1.11.66
NuGet.Packaging 6.3.0 -> 6.11.0
NuGet.Packaging.Core 6.3.0 -> REMOVED (Deprecated)
NuGet.Protocol 6.3.0 -> 6.7.1
Polly 8.3.1 -> 8.4.2
ReverseMarkdown 3.23.1 -> 4.6.0
Sewer56.Update 4.0.1 -> 4.0.2
Sewer56.Update.Resolvers.GitHub 1.5.1 -> 1.5.2
System.Formats.Asn1 8.0.1 (transitive to explicit vuln patch)
System.Net.Http 4.3.4 (transitive to explicit vuln patch)
System.Text.RegularExpressions 4.3.1 (transitive to explicit vuln patch)

--Reloaded.Mod.Loader--
Microsoft.NET.ILLink.Tasks 8.0.2 -> 8.0.8
Sewer56 commented 2 months ago

Did you test the NuGet code? From what I remember, a part of the implementation calls an internal field via reflection, because the public API doesn't have the required functionality. I think it had to do with file sizes of downloads.

dreamsyntax commented 2 months ago

Did you test the NuGet code? From what I remember, a part of the implementation calls an internal field via reflection, because the public API doesn't have the required functionality. I think it had to do with file sizes of downloads.

Performed test:

Changed the version number to lower
Remove non-nuget upgrade sources
Check for updates (restart launcher)
See if NuGet update works ✔️ 
See if FileSize present ✔️

image

dreamsyntax commented 2 months ago

Side note, on first install Reloaded.Hooks is auto downloaded/updated and shows "Unknown Package". This is not related to my PR, happens on current release. image