Is it possible to update dependency on Microsoft.CodeAnalysis 2.9.0

pumasecurity / puma-scan

Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.

https://www.pumascan.com

Mozilla Public License 2.0

443 stars 82 forks source link

Is it possible to update dependency on Microsoft.CodeAnalysis 2.9.0 #66

Open gregpakes opened 4 years ago

gregpakes commented 4 years ago

There appears to be a dependency on Microsoft.CodeAnalysis 2.9.0, but that version of the package appears to have this issue:

https://github.com/dotnet/roslyn-analyzers/issues/2961 https://github.com/dotnet/roslyn-analyzers/issues/2680 https://github.com/dotnet/roslyn-analyzers/issues/1888

In all cases the fix is to add an explicit reference to a later version of Microsoft.CodeAnalysis in every project. In my case, that is 320 projects. I think it would be better to reference a version of the package that doesn't contain the issue.

gregpakes commented 4 years ago

Incidentally, we only get this issue when we target .Net 4.8. Previously, we were targeting 4.6 and didn't have this issue.

ejohn20 commented 3 years ago

Just circling back to this, @gregpakes what's the actual solution here? Upgrading to v3.0 of the Roslyn libraries?

Also - is this using the Visual Studio extension or the NuGet package?

gregpakes commented 3 years ago

So, I solved it in my solution by adding a specific reference to the latest version of Microsoft.CodeAnalysis. I'm not sure what you want to do to fix, it may be a niche scenario for me.

We are using the Nuget Packages.

games commented 3 years ago

hi there, any update for this?