I'd erroneously relied on the fact that the version defined in project.assets.json would be the same as the package name used in project.deps.json after a successful publish. This was not the case.
dotnet does version normalization when doing dotnet restore, but the same logic is not applied when doing dotnet publish.
I've not found another place where dotnet stores the non-normalized version for easy access, so I've changed the logic that looks for this package away from explicitly looking for a full version, as previous:
I'd erroneously relied on the fact that the version defined in
project.assets.json
would be the same as the package name used inproject.deps.json
after a successfulpublish
. This was not the case.dotnet
does version normalization when doingdotnet restore
, but the same logic is not applied when doingdotnet publish
.I've not found another place where
dotnet
stores the non-normalized version for easy access, so I've changed the logic that looks for this package away from explicitly looking for a full version, as previous:https://github.com/snyk/snyk-nuget-plugin/blob/675b208d373d7c7dce2f214929043e641c93b52d/lib/nuget-parser/parsers/dotnet-core-v2-parser.ts#L118
And instead looks for the first element containing the project name. I guess more beta-testing will tell if this was a good idea or not.