[NuGet] Support package versions stored in MSBuild properties

[lbussell]

It is common for NuGet package versions to be stored in MSBuild properties like so:

<PropertyGroup>
    <SystemMemoryVersion>4.5.5</SystemMemoryVersion>
</PropertyGroup>

<ItemGroup>
    <PackageReference Update="System.Memory" Version="$(SystemMemoryVersion)" />
</ItemGroup>

This way the package can be referenced in multiple places by the same version. Also, the package version can be overridden at build time by specifying different values of SystemMemoryVersion.

Dependabot could support a common pattern for these package version properties, like the package version without periods followed by Version (ex. Microsoft.IO.Redist => MicrosoftIORedistVersion). Or even better, Dependabot could trace back the property referenced in the PackageReference no matter what the property name is.

Context

See the following issues/PRs:

• https://github.com/dotnet/source-build/issues/2933
• https://github.com/dotnet/msbuild/pull/7798
• https://github.com/dotnet/templating/pull/4941

[brettfo]

There have been several improvements in the last few months around versions stored in properties. Are you still seeing the issue?

[lbussell]

I will defer to @michaelsimons since I don't work directly on the project that requires this anymore.