Downgrade Best.Conventional to target netstandard20 (rather than netstandard21 which excludes .NET Framework consumption)

[todthomson]

This commit a72a988 bumped Conventional from netstandard2.0 to netstandard2.1.

Unfortunately, this makes it impossible for .NET Framework projects to use Best.Conventional versions 10.x and 11.x.

Older versions of Best.Conventional depend on older versions of System.Data.SqlClient which have CVEs.

My understanding is that there is no way currently to release hotfixes to older versions of Best.Conventional.

By targeting back to netstandard2.0 older .NET Framework projects can still use the latest version of Best.Conventional (with the latest and greatest features) with any current or future CVEs also able to be addressed easily and correctly (here).

I have tested this using:

1. The existing Best.Conventional tests (all tests still pass).
2. A preexisting .NET Framework project (all tests still pass).
3. A preexisting .NET Core project (all tests still pass).

Please advise if there is anything else I can do to assist in getting this PR ready to land. :)

I will provide a separate PR to fix the same issue in Best.Conventional.Roslyn once this has landed, as Best.Conventional.Roslyn depends on the Best.Conventional NuGet package.

[todthomson]

Build is failing because the AppVeyor images being used are out of date. We need to change the following:

• Visual Studio 2019 to Visual Studio 2022, and
• Ubuntu1804 to Ubuntu2204.

I could do this, but I don't have access to your AppVeyor.

If you can provide access, I will fix this up. :)

[andrewabest]

This has reminded me of this issue #84.

I'm wondering since the 5.2.x version of Microsoft.Data.SqlClient is now released, should we be using the latest version of that instead of upgrading the reference to System.Data.SqlClient? Keen to hear your thoughts.

Update

I've tested the above issue and it seems to no longer be a big problem. I think for the moment we will go for the minor bump and leave it at that. One thing we do need to do in this PR is to also bump the global.json file to net8.0.

A nice improvement for the future will be to add some conditionals for build-time to run some net462 tests as well to prove that is all happy at build time, but I don't think we need to do that now.

[andrewabest]

I've updated the AppVeyor images, thanks for the prompt! Build is green.

[andrewabest]

My understanding is that there is no way currently to release hotfixes to older versions of Best.Conventional.

Yes, this is deliberate. I only wanted to support mainline of the library, so don't have the build infrastructure set up to build and publish hotfixes.

[andrewabest]

Fixes #84

[todthomson]

This also fixes: #91 (dependabot issue with System.Data.SqlClient).

[andrewabest]

@todthomson I've updated a previous comment, but will re-state this ask here in case it was missed:

One thing we do need to do in this PR is to also bump the global.json file to net8.0.

[andrewabest]

Something like this should do it:

{
  "sdk": {
    "version": "8.0.100",
    "rollForward": "latestFeature"
  }
}

[todthomson]

Something like this should do it:

{
  "sdk": {
    "version": "8.0.100",
    "rollForward": "latestFeature"
  }
}

All good, I didn't miss it, I'm updating my PR as we speak. :)

[todthomson]

The Visual Studio 2022 agent (Windows Build VM) in AppVeyor has .NET 8 SDK 8.0.401, so I propose we that for global.json:
https://www.appveyor.com/docs/windows-images-software/#net-framework

The latest version of the .NET SDK v8 is 8.0.403 so that should be fine:
https://dotnet.microsoft.com/en-us/download/dotnet/8.0

I agree that using latestFeature rather than minor seems like the correct approach:
https://learn.microsoft.com/en-us/dotnet/core/tools/global-json#rollforward
So that dotnet (CLI) will version 8.0.4** will be used to build Best.Conventional (is my understanding).

[todthomson]

I'm wondering since the 5.2.x version of Microsoft.Data.SqlClient is now released, should we be using the latest version of that instead of upgrading the reference to System.Data.SqlClient? Keen to hear your thoughts.

Update
I've tested the above issue and it seems to no longer be a big problem. I think for the moment we will go for the minor bump and leave it at that.

Agreed.

This can be done as a separate PR (and a separately "major" versioned release) anyhow if/when it's needed.

Being that this will move Conventional from System.Data.SqlClient to Microsoft.Data.SqlClient, we don't want to break anyone taking a transient (is that even the right term?) dependency on System.Data.SqlClient via Conventional.

It also separates that from the move back to netstandard2.0, which is a safer/good thing IMO.

[todthomson]

Something like this should do it:

{
  "sdk": {
    "version": "8.0.100",
    "rollForward": "latestFeature"
  }
}

All good, I didn't miss it, I'm updating my PR as we speak. :)

PR updated to update global.json (as above).

[todthomson]

dotnet pack "C:\projects\conventional\src\Core\Conventional.Tests\Conventional.Tests.csproj" --configuration Release --output "C:\Users\appveyor\AppData\Local\Temp\1\4jhi4ddw5c" --no-build
if ($env:APPVEYOR_BUILD_WORKER_IMAGE -eq "Visual Studio 2019") {
cd src\Core
dotnet test
}
else {
dotnet test --filter TestCategory!=Database
}
MSBUILD : error MSB1003: Specify a project or solution file. The current working directory does not contain a project or solution file.

The tests don't look to be running on "Visual Studio 2022" worker.

From looking at the above, I think it will be because the cd src\Core is missing from how it's running the tests.

I'll see if I can fix. :)

[todthomson]

dotnet restore
...
Installed SDKs:
8.0.303 [/usr/share/dotnet/sdk]
Install the [8.0.401] .NET SDK or update [/home/appveyor/projects/conventional/src/Core/global.json] to match an installed SDK.

Will push an update to (hopefully) fix this.

[andrewabest]

That test script isn't right at all. I'll update it shortly once the build is 🟢 with your current changes.

[todthomson]

That test script isn't right at all. I'll update it shortly once the build is 🟢 with your current changes.

I was hoping to do that, but I couldn't find the source for the "test script" in the repo, so I'm assuming it's elsewhere.

It looks like it would be as simple as fixing this line:

if ($env:APPVEYOR_BUILD_WORKER_IMAGE -eq "Visual Studio 2019")

to:

if ($env:APPVEYOR_BUILD_WORKER_IMAGE -eq "Visual Studio 2022")

Though that may not be the best / most correct fix.

[andrewabest]

That test script isn't right at all. I'll update it shortly once the build is 🟢 with your current changes.

I was hoping to do that, but I couldn't find the source for the "test script" in the repo, so I'm assuming it's elsewhere.

It looks like it would be as simple as fixing this line:

if ($env:APPVEYOR_BUILD_WORKER_IMAGE -eq "Visual Studio 2019")

to:

if ($env:APPVEYOR_BUILD_WORKER_IMAGE -eq "Visual Studio 2022")

Though that may not be the best / most correct fix.

Yup, no scripts in the repo because I don't want rascals mining bitcoin via my CI builds 😆 that will change once I move to GHA.

[andrewabest]

Thanks for helping me work through this one @todthomson! Much appreciated.

[todthomson]

Easy, you're welcome. Ultimately, you're also helping me to squash some CVEs in 100+ test fixtures, so thanks to you too mate. Glad to see you got the tests running again too. 😁