artifacts-credprovider/Directory.Packages.props

<Project>

  <PropertyGroup>
    <CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
  </PropertyGroup>

  <ItemGroup>
    <PackageVersion Include="FluentAssertions" Version="5.9.0" />
    <PackageVersion Include="Microsoft.Extensions.Logging" Version="6.0.0" />
    <PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="6.0.3" />
    <PackageVersion Include="Microsoft.Extensions.Logging.Console" Version="6.0.0" />
    <PackageVersion Include="Microsoft.Extensions.Logging.Debug" Version="6.0.0" />
    <PackageVersion Include="Microsoft.Identity.Client" Version="4.64.0" />
    <PackageVersion Include="Microsoft.Identity.Client.Broker" Version="4.64.0" />
    <PackageVersion Include="Microsoft.Identity.Client.Extensions.Msal" Version="4.64.0" />
    <PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.5.0" />
    <PackageVersion Include="Microsoft.VisualStudioEng.MicroBuild.Core" Version="1.0.0" />
    <PackageVersion Include="Moq" Version="4.18.4" />
    <PackageVersion Include="MSTest.TestAdapter" Version="2.2.10" />
    <PackageVersion Include="MSTest.TestFramework" Version="2.2.10" />
    <PackageVersion Include="Newtonsoft.Json" Version="13.0.3" />
    <PackageVersion Include="NuGet.Protocol" Version="6.7.1" />
    <PackageVersion Include="PowerArgs" Version="3.6.0" />
    <PackageVersion Include="System.Formats.Asn1" Version="6.0.1" />
    <PackageVersion Include="System.Text.Json" Version="6.0.10" />
    <PackageVersion Include="System.Configuration.ConfigurationManager" Version="6.0.0" />
  </ItemGroup>

  <ItemGroup>
    <GlobalPackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0-beta2-19554-01" />
    <GlobalPackageReference Include="ReferenceTrimmer" Version="3.1.17" />
  </ItemGroup>

</Project>
Onboard to central package management (#431) Onboarding to Central Package Management: https://learn.microsoft.com/en-us/nuget/consume-packages/Central-Package-Management 2023-06-28 23:25:35 +03:00			`<Project>`

			`<PropertyGroup>`
			`<CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>`
			`</PropertyGroup>`

			`<ItemGroup>`
			`<PackageVersion Include="FluentAssertions" Version="5.9.0" />`
			`<PackageVersion Include="Microsoft.Extensions.Logging" Version="6.0.0" />`
			`<PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="6.0.3" />`
			`<PackageVersion Include="Microsoft.Extensions.Logging.Console" Version="6.0.0" />`
			`<PackageVersion Include="Microsoft.Extensions.Logging.Debug" Version="6.0.0" />`
Update Microsoft.Identity.Client(.*) (#513) 2024-09-06 02:03:40 +03:00			`<PackageVersion Include="Microsoft.Identity.Client" Version="4.64.0" />`
			`<PackageVersion Include="Microsoft.Identity.Client.Broker" Version="4.64.0" />`
			`<PackageVersion Include="Microsoft.Identity.Client.Extensions.Msal" Version="4.64.0" />`
Onboard to central package management (#431) Onboarding to Central Package Management: https://learn.microsoft.com/en-us/nuget/consume-packages/Central-Package-Management 2023-06-28 23:25:35 +03:00			`<PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.5.0" />`
			`<PackageVersion Include="Microsoft.VisualStudioEng.MicroBuild.Core" Version="1.0.0" />`
			`<PackageVersion Include="Moq" Version="4.18.4" />`
			`<PackageVersion Include="MSTest.TestAdapter" Version="2.2.10" />`
			`<PackageVersion Include="MSTest.TestFramework" Version="2.2.10" />`
			`<PackageVersion Include="Newtonsoft.Json" Version="13.0.3" />`
Correct NuGet.Protocol upgrade version (#478) 2024-02-23 00:53:28 +03:00			`<PackageVersion Include="NuGet.Protocol" Version="6.7.1" />`
Onboard to central package management (#431) Onboarding to Central Package Management: https://learn.microsoft.com/en-us/nuget/consume-packages/Central-Package-Management 2023-06-28 23:25:35 +03:00			`<PackageVersion Include="PowerArgs" Version="3.6.0" />`
Pin System.Formats.Asn1 version to 6.0.1 (#506) Fixes #505 by pinning System.Formats.Asn1 version to 6.0.1 2024-08-13 21:32:49 +03:00			`<PackageVersion Include="System.Formats.Asn1" Version="6.0.1" />`
CVE-2024-43485 (#532) - patching CVE-2024-43485 2024-11-19 23:54:34 +03:00			`<PackageVersion Include="System.Text.Json" Version="6.0.10" />`
Managed Identity and Service Principal Support (#492) # Overview - Added MSAL Managed Identity and Service Principal Token Providers to Microsoft.Artifacts.Authentication Library. - Created new endpoint `ARTIFACTS_CREDENTIALPROVIDER_FEED_ENDPOINTS` environment variable with new json schema for MI/SP required fields. - Updated VstsBuildTaskServiceEndpointCredentialProvider to call Microsoft.Artifacts.Authentication for MI/SP token providers. - Reverted #485 Changes to use system.text.json for de/serialization everywhere except for the `VSS_NUGET_EXTERNAL_FEED_ENDPOINTS` environment variable. ## Design Decisions - Intentionally not supporting SP secrets authentication to promote security best practices. - The new environment variable name and json schema were created instead of reusing or extending the existing `VSS_NUGET_EXTERNAL_FEED_ENDPOINTS` to reduce password usage and clarify the environment variable will be available to our other credproviders such as the [artifacs-keyring](https://github.com/microsoft/artifacts-keyring) not just NuGet. ## Environment Variable `ARTIFACTS_CREDENTIALPROVIDER_FEED_ENDPOINTS` ```javascript {"endpointCredentials": [{"endpoint":"http://example.index.json", "clientId":"required", "clientCertificateSubjectName":"optional", "clientCertificateFilePath":"optional"}]} ``` - `endpoint`: required. Feed url to authenticate against. - `clientId`: required for both MI/SP. For user assigned managed identities enter the Entra client id. For system assigned variables set the value to `system`. - `clientCertificateSubjectName`: Subject Name of the certificate located in the My/ CurrentUser or LocalMachine certificate store. Optional field. Only used by SP authentication. - `clientCertificateFilePath`: File path location of the certificate on the machine. Optional field. Only used by SP authentication. Will throw error if both `clientCertificateSubjectName` or `clientCertificateFilePath` are specified. 2024-06-10 21:45:29 +03:00			`<PackageVersion Include="System.Configuration.ConfigurationManager" Version="6.0.0" />`
Onboard to central package management (#431) Onboarding to Central Package Management: https://learn.microsoft.com/en-us/nuget/consume-packages/Central-Package-Management 2023-06-28 23:25:35 +03:00			`</ItemGroup>`

			`<ItemGroup>`
			`<GlobalPackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0-beta2-19554-01" />`
			`<GlobalPackageReference Include="ReferenceTrimmer" Version="3.1.17" />`
			`</ItemGroup>`

			`</Project>`