From 4deb8c1ed68ca14fb94e13c4f53f87e3d9a80027 Mon Sep 17 00:00:00 2001
From: samatstarion <s.gerene@stariongroup.eu>
Date: Thu, 15 Aug 2024 12:54:17 +0200
Subject: [PATCH] [Update] System.Text.RegularExpressions version 4.3.1 -
 resolves transitive vulnerability

---
 .github/workflows/nuget-reference-check.yml   | 34 +++++++++++++++++++
 CDP4-SDK.sln                                  |  2 --
 CDP4Common/CDP4Common.csproj                  |  8 +++--
 CDP4Dal/CDP4Dal.csproj                        |  4 +--
 CDP4DalCommon/CDP4DalCommon.csproj            |  4 +--
 .../CDP4JsonFileDal.NetCore.Tests.csproj      |  4 +++
 CDP4JsonFileDal/CDP4JsonFileDal.csproj        |  4 +--
 CDP4JsonSerializer/CDP4JsonSerializer.csproj  |  4 +--
 .../CDP4MessagePackSerializer.csproj          |  4 +--
 CDP4Reporting/CDP4Reporting.csproj            |  4 +--
 .../CDP4RequirementsVerification.csproj       |  4 +--
 CDP4Rules/CDP4Rules.csproj                    |  4 +--
 CDP4ServicesDal/CDP4ServicesDal.csproj        |  4 +--
 .../CDP4ServicesMessaging.csproj              |  5 ++-
 CDP4Web/CDP4Web.csproj                        |  4 +--
 CDP4WspDal/CDP4WspDal.csproj                  |  4 +--
 16 files changed, 68 insertions(+), 29 deletions(-)
 create mode 100644 .github/workflows/nuget-reference-check.yml

diff --git a/.github/workflows/nuget-reference-check.yml b/.github/workflows/nuget-reference-check.yml
new file mode 100644
index 00000000..6acf7906
--- /dev/null
+++ b/.github/workflows/nuget-reference-check.yml
@@ -0,0 +1,34 @@
+name: "nuget package reference check"
+
+on:
+  push:
+  pull_request:
+  schedule:
+    - cron: '0 8 * * *'
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v4
+      with:
+        # We must fetch at least the immediate parents so that if this is
+        # a pull request then we can checkout the head.
+        fetch-depth: 2
+
+    - name: Setup .NET Environment
+      uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: 8.0.x
+
+    - name: Checking NuGet vulnerabilites
+      run: |
+        dotnet list CDP4-SDK.sln package --outdated --include-transitive 2>&1 | tee build.log
+
+        dotnet list CDP4-SDK.sln package --deprecated --include-transitive 2>&1 | tee -a build.log
+
+        dotnet list CDP4-SDK.sln package --vulnerable --include-transitive 2>&1 | tee -a build.log
+
+        echo "Analyze dotnet list package command log output..."
+        grep -q -i "critical\|high\|moderate\|low" build.log; [ $? -eq 0 ] && echo "Security Vulnerabilities found on the log output" && exit 1
\ No newline at end of file
diff --git a/CDP4-SDK.sln b/CDP4-SDK.sln
index 4b54bcb1..a239f5d9 100644
--- a/CDP4-SDK.sln
+++ b/CDP4-SDK.sln
@@ -50,8 +50,6 @@ EndProject
 Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{8B27CAF4-B780-43A8-B0CA-768A294C599C}"
 	ProjectSection(SolutionItems) = preProject
 		CDP4-SDK.sln.DotSettings = CDP4-SDK.sln.DotSettings
-		.github\workflows\codeql-analysis.yml = .github\workflows\codeql-analysis.yml
-		.github\workflows\CodeQuality.yml = .github\workflows\CodeQuality.yml
 		README.md = README.md
 	EndProjectSection
 EndProject
diff --git a/CDP4Common/CDP4Common.csproj b/CDP4Common/CDP4Common.csproj
index 27ca358b..1715a0c3 100644
--- a/CDP4Common/CDP4Common.csproj
+++ b/CDP4Common/CDP4Common.csproj
@@ -4,7 +4,7 @@
     <TargetFrameworks>net48;netstandard2.0</TargetFrameworks>
     <Company>Starion Group S.A.</Company>
     <Title>CDP4Common Community Edition</Title>
-    <VersionPrefix>27.2.2</VersionPrefix>
+    <VersionPrefix>27.2.3</VersionPrefix>
     <Description>CDP4 Common Class Library that contains DTOs, POCOs</Description>
     <Copyright>Copyright © Starion Group S.A.</Copyright>
     <Authors>Sam, Merlin, Alex, Naron, Alexander, Yevhen, Nathanael, Ahmed</Authors>
@@ -20,7 +20,7 @@
     <PackageTags>CDP COMET ECSS-E-TM-10-25</PackageTags>
     <PackageLicenseExpression>LGPL-3.0-only</PackageLicenseExpression>
     <PackageReleaseNotes>
-        [Update] NLog version 5.3.3
+        [Update] System.Text.RegularExpressions version 4.3.1 - resolves transitive vulnerability
     </PackageReleaseNotes>
     <PackageReadmeFile>README.md</PackageReadmeFile>
   </PropertyGroup>
@@ -49,4 +49,8 @@
     <PackageReference Include="System.Xml.XmlSerializer" Version="4.3.0" />
   </ItemGroup>
 
+    <ItemGroup Label="override transitive vulnerable dependency">
+        <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
+    </ItemGroup>
+
 </Project>
\ No newline at end of file
diff --git a/CDP4Dal/CDP4Dal.csproj b/CDP4Dal/CDP4Dal.csproj
index 43b6108a..2ebd4901 100644
--- a/CDP4Dal/CDP4Dal.csproj
+++ b/CDP4Dal/CDP4Dal.csproj
@@ -4,7 +4,7 @@
     <TargetFrameworks>net48;netstandard2.0</TargetFrameworks>
     <Company>Starion Group S.A.</Company>
     <Title>CDP4Dal Community Edition</Title>
-    <VersionPrefix>27.2.2</VersionPrefix>
+    <VersionPrefix>27.2.3</VersionPrefix>
     <Description>CDP4 Data Access Layer library, a consumer of an ECSS-E-TM-10-25 Annex C API</Description>
     <Copyright>Copyright © Starion Group S.A.</Copyright>
     <Authors>Sam, Merlin, Alex, Naron, Alexander, Yevhen, Nathanael, Ahmed</Authors>
@@ -20,7 +20,7 @@
     <PackageTags>CDP COMET ECSS-E-TM-10-25</PackageTags>
     <PackageLicenseExpression>LGPL-3.0-only</PackageLicenseExpression>
     <PackageReleaseNotes>
-        [Update] System.Reactive version 6.0.1
+        [BUMP] To CDP4Common 27.2.3
     </PackageReleaseNotes>
     <PackageReadmeFile>README.md</PackageReadmeFile>
   </PropertyGroup>
diff --git a/CDP4DalCommon/CDP4DalCommon.csproj b/CDP4DalCommon/CDP4DalCommon.csproj
index d6916801..2d156e82 100644
--- a/CDP4DalCommon/CDP4DalCommon.csproj
+++ b/CDP4DalCommon/CDP4DalCommon.csproj
@@ -5,7 +5,7 @@
       <Company>Starion Group S.A.</Company>
       <Language>latest</Language>
       <Title>CDP4DalCommon Community Edition</Title>
-      <VersionPrefix>27.2.2</VersionPrefix>
+      <VersionPrefix>27.2.3</VersionPrefix>
       <Description>CDP4 Common Class Library that contains common types for any CDP4 server and the CDP4Dal</Description>
       <Copyright>Copyright © Starion Group S.A.</Copyright>
       <Authors>Sam, Alex, Alexander, Nathanael, Antoine, Omar, Jaime</Authors>
@@ -21,7 +21,7 @@
       <PackageTags>CDP COMET ECSS-E-TM-10-25</PackageTags>
       <PackageLicenseExpression>LGPL-3.0-only</PackageLicenseExpression>
       <PackageReleaseNotes>
-          [BUMP] To CDP4Common 27.2.2
+          [BUMP] To CDP4Common 27.2.3
       </PackageReleaseNotes>
       <PackageReadmeFile>README.md</PackageReadmeFile>
       <GenerateDocumentationFile>true</GenerateDocumentationFile>
diff --git a/CDP4JsonFileDal.NetCore.Tests/CDP4JsonFileDal.NetCore.Tests.csproj b/CDP4JsonFileDal.NetCore.Tests/CDP4JsonFileDal.NetCore.Tests.csproj
index 02538cfc..2d3b7cbe 100644
--- a/CDP4JsonFileDal.NetCore.Tests/CDP4JsonFileDal.NetCore.Tests.csproj
+++ b/CDP4JsonFileDal.NetCore.Tests/CDP4JsonFileDal.NetCore.Tests.csproj
@@ -16,6 +16,10 @@
           <ProjectReference Include="..\CDP4JsonFileDal\CDP4JsonFileDal.csproj" />
     </ItemGroup>
 
+    <ItemGroup Label="override transitive vulnerable dependency">
+        <PackageReference Include="System.Drawing.Common" Version="8.0.8" />
+    </ItemGroup>
+    
     <ItemGroup>
         <PackageReference Include="JetBrains.dotMemoryUnit" Version="3.2.20220510" />
         <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
diff --git a/CDP4JsonFileDal/CDP4JsonFileDal.csproj b/CDP4JsonFileDal/CDP4JsonFileDal.csproj
index f5c3510c..ee113d12 100644
--- a/CDP4JsonFileDal/CDP4JsonFileDal.csproj
+++ b/CDP4JsonFileDal/CDP4JsonFileDal.csproj
@@ -4,7 +4,7 @@
     <TargetFrameworks>net48;netstandard2.0</TargetFrameworks>
     <Company>Starion Group S.A.</Company>
     <Title>CDP4JsonFileDal Community Edition</Title>
-    <VersionPrefix>27.2.2</VersionPrefix>
+    <VersionPrefix>27.2.3</VersionPrefix>
     <Description>CDP4 Json File Dal Plugin</Description>
     <Copyright>Copyright © Starion Group S.A.</Copyright>
     <Authors>Sam, Merlin, Alex, Naron, Alexander, Yevhen, Nathanael</Authors>
@@ -20,7 +20,7 @@
     <PackageTags>CDP COMET ECSS-E-TM-10-25</PackageTags>
     <PackageLicenseExpression>LGPL-3.0-only</PackageLicenseExpression>
     <PackageReleaseNotes>
-      [BUMP] To CDP4Common 27.2.2
+        [BUMP] To CDP4Common 27.2.3
     </PackageReleaseNotes>
     <PackageReadmeFile>README.md</PackageReadmeFile>
   </PropertyGroup>
diff --git a/CDP4JsonSerializer/CDP4JsonSerializer.csproj b/CDP4JsonSerializer/CDP4JsonSerializer.csproj
index 0ba94c68..a50fed98 100644
--- a/CDP4JsonSerializer/CDP4JsonSerializer.csproj
+++ b/CDP4JsonSerializer/CDP4JsonSerializer.csproj
@@ -4,7 +4,7 @@
     <TargetFrameworks>net48;netstandard2.0</TargetFrameworks>
     <Company>Starion Group S.A.</Company>
     <Title>CDP4JsonSerializer Community Edition</Title>
-    <VersionPrefix>27.2.2</VersionPrefix>
+    <VersionPrefix>27.2.3</VersionPrefix>
     <Description>CDP4 JSON Serialization Library</Description>
     <Copyright>Copyright © Starion Group S.A.</Copyright>
     <Authors>Sam, Merlin, Alex, Naron, Alexander, Yevhen, Nathanael</Authors>
@@ -20,7 +20,7 @@
     <PackageTags>CDP COMET ECSS-E-TM-10-25 JSON</PackageTags>
     <PackageLicenseExpression>LGPL-3.0-only</PackageLicenseExpression>
     <PackageReleaseNotes>
-        [BUMP] To CDP4Common 27.2.2
+        [BUMP] To CDP4Common 27.2.3
     </PackageReleaseNotes>
     <PackageReadmeFile>README.md</PackageReadmeFile>
   </PropertyGroup>
diff --git a/CDP4MessagePackSerializer/CDP4MessagePackSerializer.csproj b/CDP4MessagePackSerializer/CDP4MessagePackSerializer.csproj
index a450f436..889b8d3f 100644
--- a/CDP4MessagePackSerializer/CDP4MessagePackSerializer.csproj
+++ b/CDP4MessagePackSerializer/CDP4MessagePackSerializer.csproj
@@ -4,7 +4,7 @@
       <TargetFrameworks>net48;netstandard2.0</TargetFrameworks>
       <Company>Starion Group S.A.</Company>
       <Title>CDP4MessagePackSerializer Community Edition</Title>
-      <VersionPrefix>27.2.2</VersionPrefix>
+      <VersionPrefix>27.2.3</VersionPrefix>
       <Description>CDP4 MessagePack Serialization Library</Description>
       <Copyright>Copyright © Starion Group S.A.</Copyright>
       <Authors>Sam, Alex, Alexander, Nathanael, Antoine, Omar</Authors>
@@ -20,7 +20,7 @@
       <PackageTags>CDP COMET ECSS-E-TM-10-25 MessagePack</PackageTags>
       <PackageLicenseExpression>LGPL-3.0-only</PackageLicenseExpression>
       <PackageReleaseNotes>
-          [Update] MessagePack to version 2.5.172
+          [BUMP] To CDP4Common 27.2.3
       </PackageReleaseNotes>
       <PackageReadmeFile>README.md</PackageReadmeFile>
   </PropertyGroup>
diff --git a/CDP4Reporting/CDP4Reporting.csproj b/CDP4Reporting/CDP4Reporting.csproj
index 84e71f61..81ecec7d 100644
--- a/CDP4Reporting/CDP4Reporting.csproj
+++ b/CDP4Reporting/CDP4Reporting.csproj
@@ -4,7 +4,7 @@
      <TargetFrameworks>netstandard2.0</TargetFrameworks>
      <Company>Starion Group S.A.</Company>
      <Title>CDP4Reporting Community Edition</Title>
-     <VersionPrefix>27.2.2</VersionPrefix>
+     <VersionPrefix>27.2.3</VersionPrefix>
      <Description>CDP4 Reporting</Description>
      <Copyright>Copyright © Starion Group S.A.</Copyright>
      <Authors>Sam, Alex, Alexander</Authors>
@@ -20,7 +20,7 @@
      <PackageTags>CDP COMET ECSS-E-TM-10-25</PackageTags>
      <PackageLicenseExpression>LGPL-3.0-only</PackageLicenseExpression>
      <PackageReleaseNotes>
-       [BUMP] To CDP4Common 27.2.2
+       [BUMP] To CDP4Common 27.2.3
      </PackageReleaseNotes>
      <LangVersion>latest</LangVersion>
      <PackageReadmeFile>README.md</PackageReadmeFile>
diff --git a/CDP4RequirementsVerification/CDP4RequirementsVerification.csproj b/CDP4RequirementsVerification/CDP4RequirementsVerification.csproj
index 87cb7caf..e00d76fa 100644
--- a/CDP4RequirementsVerification/CDP4RequirementsVerification.csproj
+++ b/CDP4RequirementsVerification/CDP4RequirementsVerification.csproj
@@ -4,7 +4,7 @@
     <TargetFrameworks>net48;netstandard2.0</TargetFrameworks>
     <Company>Starion Group S.A.</Company>
     <Title>CDP4RequirementsVerification Community Edition</Title>
-    <VersionPrefix>27.2.2</VersionPrefix>
+    <VersionPrefix>27.2.3</VersionPrefix>
     <Description>CDP4 Class Library that provides requirement verification</Description>
     <Copyright>Copyright © Starion Group S.A.</Copyright>
     <Authors>Sam, Alex, Alexander, Yevhen, Nathanael</Authors>
@@ -20,7 +20,7 @@
     <PackageTags>CDP COMET ECSS-E-TM-10-25</PackageTags>
     <PackageLicenseExpression>LGPL-3.0-only</PackageLicenseExpression>
     <PackageReleaseNotes>
-      [BUMP] To CDP4Common 27.2.2
+      [BUMP] To CDP4Common 27.2.3
     </PackageReleaseNotes>
     <PackageReadmeFile>README.md</PackageReadmeFile>
   </PropertyGroup>
diff --git a/CDP4Rules/CDP4Rules.csproj b/CDP4Rules/CDP4Rules.csproj
index 56f92547..7d18e027 100644
--- a/CDP4Rules/CDP4Rules.csproj
+++ b/CDP4Rules/CDP4Rules.csproj
@@ -4,7 +4,7 @@
     <TargetFrameworks>net48;netstandard2.0</TargetFrameworks>
     <Company>Starion Group S.A.</Company>
     <Title>CDP4Rules Community Edition</Title>
-    <VersionPrefix>27.2.2</VersionPrefix>
+    <VersionPrefix>27.2.3</VersionPrefix>
     <Description>CDP4 Class Library that provides Model Analysis and Rule Checking</Description>
     <Copyright>Copyright © Starion Group S.A.</Copyright>
     <Authors>Sam, Alex, Alexander, Yevhen, Nathanael</Authors>
@@ -20,7 +20,7 @@
     <PackageTags>CDP COMET ECSS-E-TM-10-25</PackageTags>
     <PackageLicenseExpression>LGPL-3.0-only</PackageLicenseExpression>
     <PackageReleaseNotes>
-      [BUMP] To CDP4Common 27.2.2
+      [BUMP] To CDP4Common 27.2.3
     </PackageReleaseNotes>
     <PackageReadmeFile>README.md</PackageReadmeFile>
   </PropertyGroup>
diff --git a/CDP4ServicesDal/CDP4ServicesDal.csproj b/CDP4ServicesDal/CDP4ServicesDal.csproj
index 7e5cbc6d..18e38343 100644
--- a/CDP4ServicesDal/CDP4ServicesDal.csproj
+++ b/CDP4ServicesDal/CDP4ServicesDal.csproj
@@ -4,7 +4,7 @@
     <TargetFrameworks>net48;netstandard2.0</TargetFrameworks>
     <Company>Starion Group S.A.</Company>
     <Title>CDP4ServicesDal Community Edition</Title>
-    <VersionPrefix>27.2.2</VersionPrefix>
+    <VersionPrefix>27.2.3</VersionPrefix>
     <Description>CDP4ServicesDal Dal Plugin</Description>
     <Copyright>Copyright © Starion Group S.A.</Copyright>
     <Authors>Sam, Merlin, Alex, Naron, Alexander, Yevhen, Nathanael</Authors>
@@ -20,7 +20,7 @@
     <PackageTags>CDP COMET ECSS-E-TM-10-25</PackageTags>
     <PackageLicenseExpression>LGPL-3.0-only</PackageLicenseExpression>
     <PackageReleaseNotes>
-      [BUMP] To CDP4Common 27.2.2
+      [BUMP] To CDP4Common 27.2.3
     </PackageReleaseNotes>
     <PackageReadmeFile>README.md</PackageReadmeFile>
   </PropertyGroup>
diff --git a/CDP4ServicesMessaging/CDP4ServicesMessaging.csproj b/CDP4ServicesMessaging/CDP4ServicesMessaging.csproj
index e890b976..78ea1f3c 100644
--- a/CDP4ServicesMessaging/CDP4ServicesMessaging.csproj
+++ b/CDP4ServicesMessaging/CDP4ServicesMessaging.csproj
@@ -4,7 +4,7 @@
     <TargetFrameworks>netstandard2.0</TargetFrameworks>
     <Company>Starion Group S.A.</Company>
     <Title>CDP4Common Community Edition</Title>
-    <VersionPrefix>27.2.2</VersionPrefix>
+    <VersionPrefix>27.2.3</VersionPrefix>
     <Description>CDP4 Services Messaging is a Class Library that contains clients and messages class that can be used for inter services communication</Description>
     <Copyright>Copyright © Starion Group S.A.</Copyright>
     <Authors>Sam, Alex, Alexander, Nathanael, Antoine</Authors>
@@ -20,8 +20,7 @@
     <PackageTags>CDP COMET ECSS-E-TM-10-25</PackageTags>
     <PackageLicenseExpression>LGPL-3.0-only</PackageLicenseExpression>
     <PackageReleaseNotes>
-        [Update] Polly to version 8.4.1
-        [Update] Microsoft.Extensions.Configuration.Binder to version 8.0.2
+        [BUMP] To CDP4Common 27.2.3
     </PackageReleaseNotes>
     <PackageReadmeFile>README.md</PackageReadmeFile>
     <LangVersion>latest</LangVersion>
diff --git a/CDP4Web/CDP4Web.csproj b/CDP4Web/CDP4Web.csproj
index 476f484a..33bb243d 100644
--- a/CDP4Web/CDP4Web.csproj
+++ b/CDP4Web/CDP4Web.csproj
@@ -5,7 +5,7 @@
         <LangVersion>latest</LangVersion>
         <Company>Starion Group S.A.</Company>
         <Title>CDP4Web Community Edition</Title>
-        <VersionPrefix>27.2.2</VersionPrefix>
+        <VersionPrefix>27.2.3</VersionPrefix>
         <Description>CDP4Web Dedicated Sdk for CDPServicesDal</Description>
         <Copyright>Copyright © Starion Group S.A.</Copyright>
         <Authors>Sam, Alex, Alexander, Nathanael, Antoine, Omar, Jaime</Authors>
@@ -21,7 +21,7 @@
         <PackageTags>CDP COMET ECSS-E-TM-10-25</PackageTags>
         <PackageLicenseExpression>LGPL-3.0-only</PackageLicenseExpression>
         <PackageReleaseNotes>
-            [Update] FluentResults to version 3.16.0
+            [BUMP] To CDP4Common 27.2.3
         </PackageReleaseNotes>
         <PackageReadmeFile>README.md</PackageReadmeFile>
     </PropertyGroup>
diff --git a/CDP4WspDal/CDP4WspDal.csproj b/CDP4WspDal/CDP4WspDal.csproj
index ad4cb4e6..85af287a 100644
--- a/CDP4WspDal/CDP4WspDal.csproj
+++ b/CDP4WspDal/CDP4WspDal.csproj
@@ -4,7 +4,7 @@
     <TargetFrameworks>net48;netstandard2.0</TargetFrameworks>
     <Company>Starion Group S.A.</Company>
     <Title>CDP4WspDal Community Edition</Title>
-    <VersionPrefix>27.2.2</VersionPrefix>
+    <VersionPrefix>27.2.3</VersionPrefix>
     <Description>CDP4 WSP Dal Plugin</Description>
     <Copyright>Copyright © Starion Group S.A.</Copyright>
     <Authors>Sam, Merlin, Alex, Naron, Alexander, Yevhen, Nathanael</Authors>
@@ -20,7 +20,7 @@
     <PackageTags>CDP COMET ECSS-E-TM-10-25</PackageTags>
     <PackageLicenseExpression>LGPL-3.0-only</PackageLicenseExpression>
     <PackageReleaseNotes>
-      [BUMP] To CDP4Common 27.2.2
+      [BUMP] To CDP4Common 27.2.3
     </PackageReleaseNotes>
     <PackageReadmeFile>README.md</PackageReadmeFile>
   </PropertyGroup>