Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dotnet list package --vulnerable throws ArgumentException: '' is not a valid version string [.NET 9] #44838

Closed
vascofernandes opened this issue Nov 13, 2024 · 16 comments
Closed

dotnet list package --vulnerable throws ArgumentException: '' is not a valid version string [.NET 9] #44838

vascofernandes opened this issue Nov 13, 2024 · 16 comments
Labels
Area-CLI untriaged Request triage from a team member
Milestone
9.0.101

Comments

@vascofernandes
Copy link

When running the command dotnet list package --vulnerable

I get the following result:

warn : An invalid cache entry was found for URL 'https://api.nuget.org/v3/registration5-gz-semver2/bogus/page/2.1.4/18.0.1.json' and will be replaced.
warn : '' is not a valid version string.
error: '' is not a valid version string.

When running the command dotnet list package --vulnerable -v diag

I get the following exception:

...
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/system.net.http/index.json
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/system.servicemodel.duplex/index.json
  OK https://api.nuget.org/v3/registration5-gz-semver2/bogus/page/2.1.4/18.0.1.json 733ms
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/system.servicemodel.federation/index.json
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/system.servicemodel.http/index.json
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/system.servicemodel.nettcp/index.json
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/system.servicemodel.primitives/index.json
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/system.servicemodel.security/index.json
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/xunit/index.json
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/xunit.analyzers/index.json
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/xunit.runner.visualstudio/index.json
error: '' is not a valid version string.
trace: System.AggregateException: One or more errors occurred. ('' is not a valid version string.)
trace:  ---> System.ArgumentException: '' is not a valid version string.
trace:    at NuGet.Versioning.VersionRange.Parse(String value, Boolean allowFloating)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.DeserializeConvertable(JsonConverter converter, JsonReader reader, Type objectType, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.ResolvePropertyAndCreatorValues(JsonObjectContract contract, JsonProperty containerProperty, JsonReader reader, Type objectType)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObjectUsingCreatorWithParameters(JsonReader reader, JsonObjectContract contract, JsonProperty containerProperty, ObjectConstructor`1 creator, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateList(IList list, JsonReader reader, JsonArrayContract contract, JsonProperty containerProperty, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateList(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, Object existingValue, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.ResolvePropertyAndCreatorValues(JsonObjectContract contract, JsonProperty containerProperty, JsonReader reader, Type objectType)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObjectUsingCreatorWithParameters(JsonReader reader, JsonObjectContract contract, JsonProperty containerProperty, ObjectConstructor`1 creator, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateList(IList list, JsonReader reader, JsonArrayContract contract, JsonProperty containerProperty, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateList(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, Object existingValue, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.SetPropertyValue(JsonProperty property, JsonConverter propertyConverter, JsonContainerContract containerContract, JsonProperty containerProperty, JsonReader reader, Object target)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateObject(Object newObject, JsonReader reader, JsonObjectContract contract, JsonProperty member, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.SetPropertyValue(JsonProperty property, JsonConverter propertyConverter, JsonContainerContract containerContract, JsonProperty containerProperty, JsonReader reader, Object target)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateObject(Object newObject, JsonReader reader, JsonObjectContract contract, JsonProperty member, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateList(IList list, JsonReader reader, JsonArrayContract contract, JsonProperty containerProperty, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateList(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, Object existingValue, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.SetPropertyValue(JsonProperty property, JsonConverter propertyConverter, JsonContainerContract containerContract, JsonProperty containerProperty, JsonReader reader, Object target)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateObject(Object newObject, JsonReader reader, JsonObjectContract contract, JsonProperty member, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent)
trace:    at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType)
trace:    at Newtonsoft.Json.JsonSerializer.Deserialize[T](JsonReader reader)
trace:    at NuGet.Protocol.PackageMetadataResourceV3.DeserializeStreamDataAsync[T](Stream stream, CancellationToken token)
trace:    at NuGet.Protocol.HttpSource.<>c__DisplayClass15_0`1.<<GetAsync>b__0>d.MoveNext()
trace: --- End of stack trace from previous location ---
trace:    at NuGet.Common.ConcurrencyUtilities.ExecuteWithFileLockedAsync[T](String filePath, Func`2 action, CancellationToken token)
trace:    at NuGet.Common.ConcurrencyUtilities.ExecuteWithFileLockedAsync[T](String filePath, Func`2 action, CancellationToken token)
trace:    at NuGet.Protocol.HttpSource.GetAsync[T](HttpSourceCachedRequest request, Func`2 processAsync, ILogger log, CancellationToken token)
trace:    at NuGet.Protocol.PackageMetadataResourceV3.GetMetadataAsync(String packageId, Boolean includePrerelease, Boolean includeUnlisted, VersionRange range, SourceCacheContext sourceCacheContext, ILogger log, CancellationToken token)
trace:    at NuGet.Protocol.PackageMetadataResourceV3.GetMetadataAsync(String packageId, Boolean includePrerelease, Boolean includeUnlisted, SourceCacheContext sourceCacheContext, ILogger log, CancellationToken token)
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.GetLatestVersionPerSourceAsync(PackageSource packageSource, ListPackageArgs listPackageArgs, String package, CancellationToken cancellationToken)
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.<>c__DisplayClass18_0.<<GetPackageVersionsAsync>b__0>d.MoveNext()
trace: --- End of stack trace from previous location ---
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.ThrottledForEachAsync[TItem,TResult](IList`1 items, Func`3 taskFactory, Action`1 continuation, Int32 maxParallel, CancellationToken cancellationToken)
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.GetPackageVersionsAsync(String package, ListPackageArgs listPackageArgs, CancellationToken cancellationToken)
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.<>c__DisplayClass13_0.<<GetPackageMetadataAsync>b__1>d.MoveNext()
trace: --- End of stack trace from previous location ---
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.ThrottledForEachAsync[TItem,TResult](IList`1 items, Func`3 taskFactory, Action`1 continuation, Int32 maxParallel, CancellationToken cancellationToken)
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.GetPackageMetadataAsync(List`1 targetFrameworks, ListPackageArgs listPackageArgs)
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.GetProjectMetadataAsync(String projectPath, ListPackageReportModel listPackageReportModel, MSBuildAPIUtility msBuild, ListPackageArgs listPackageArgs)
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.GetReportDataAsync(ListPackageArgs listPackageArgs)
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.ExecuteCommandAsync(ListPackageArgs listPackageArgs)
trace:    at NuGet.CommandLine.XPlat.ListPackageCommand.<>c__DisplayClass0_1.<<Register>b__1>d.MoveNext()
trace:    --- End of inner exception stack trace ---
trace:    at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
trace:    at Microsoft.Extensions.CommandLineUtils.CommandLineApplication.Execute(String[] args)
trace:    at NuGet.CommandLine.XPlat.Program.MainInternal(String[] args, CommandOutputLogger log)

Worked fine with Sdk 8.0.402.

Thanks.
@dotnet-issue-labeler dotnet-issue-labeler bot added Area-CLI untriaged Request triage from a team member labels Nov 13, 2024
@vascofernandes vascofernandes changed the title dotnet list package --vulnerable throws ArgumentException: '' is not a valid version string dotnet list package --vulnerable throws ArgumentException: '' is not a valid version string [.NET 9] Nov 13, 2024
@robindv robindv mentioned this issue Nov 14, 2024
Closed
@esbenbjerre esbenbjerre mentioned this issue Nov 14, 2024
Open
@JonDouglas
Copy link

@aortiz-msft @zivkan @nkolev92 FYI

@zivkan
Copy link
Member

zivkan commented Nov 14, 2024

I'm quite confident that it will be fixed by NuGet/NuGet.Client#6119

It's already inserted into dotnet/sdk's release/9.0.1xx branch, but we got the bug report too late to make it into 9.0.100, so it will be in 9.0.101 (as NuGet 6.12 release notes already state).

I think it's up to @baronfel and @marcpopMSFT when that gets released (if it waits until the first monthly update, or an out of band release)

@nkolev92
Copy link
Contributor

Should be fixed by NuGet/NuGet.Client@fec427d.
#44596 was merged 1 week ago, so the next SDK release should have the fix.

@nkolev92
Copy link
Contributor

Apparently @zivkan beat me to it :D

@sailro
Copy link

sailro commented Nov 14, 2024

Ok perfect. Thank you folks

@kaylumah kaylumah mentioned this issue Nov 17, 2024
Merged
cmeeren pushed a commit to cmeeren/Facil that referenced this issue Nov 17, 2024
Revert to .NET SDK 8.0.403
8a1b25c 
dotnet/sdk#44838 (comment)
@Frulfump
Copy link

When is the 9.0.101 SDK planned to release? I assume on the upcoming December patch Tuesday but 8.0.101 was released in January therefore the question for planning purposes.

@SimonCropp
Copy link
Contributor

can we get a beta of 9.0.101 SDK ASAP

@nkolev92
Copy link
Contributor

@SimonCropp

If you go to https://github.com/dotnet/sdk/blob/main/documentation/package-table.md
The 9.0.1xx column has the latest preview builds.

@SimonCropp
Copy link
Contributor

@nkolev92 thanks

@krymtkts krymtkts mentioned this issue Nov 22, 2024
Merged
@pregress
Copy link

Similar issue: #45037

@rbhanda rbhanda added this to the 9.0.101 milestone Nov 26, 2024
@SimonCropp
Copy link
Contributor

@nkolev92 i tried the preview of 9.0.101. it complained about not being able to find packages during restore. so i rolled back

@pregress
Copy link

pregress commented Nov 27, 2024
edited
Loading

Tested with below version and for me the issue is fixed.

.NET SDK:
 Version:           9.0.102
 Commit:            d281819115
 Workload version:  9.0.100-manifests.c6f19616
 MSBuild version:   17.12.12+1cce7796

@nojaf nojaf mentioned this issue Nov 27, 2024
Closed
@TheDukeJohnny
Copy link

TheDukeJohnny commented Nov 28, 2024
edited
Loading

TBH That is the first time ever I post a comment in github, but just couldn't leave it without saying thanks:
@zivkan, @nkolev92 thanks guys, the 9.0.102 did fix the issue for me, cheers!
Unfortunately, like @SimonCropp observes, the restore is unable to pass, so I also needed to roll back afterwards.

@philipp-naused
Copy link

I tested it with the release of 9.0.101. It's fixed.

.NET SDK:
 Version:           9.0.101
 Commit:            eedb237549
 Workload version:  9.0.100-manifests.a8e428f9
 MSBuild version:   17.12.12+1cce77968

@nkolev92
Copy link
Contributor

nkolev92 commented Dec 6, 2024

I missed the comments about the restore failing to find packages, for context in the future if you want to dogfood the latest .NET SDK builds, you need an extra feed to download those packages.
Details here: https://github.com/dotnet/runtime/blob/main/docs/project/dogfooding.md#install-prerequisites.

@nkolev92
Copy link
Contributor

Closing this since it completed in 9.0.101.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area-CLI untriaged Request triage from a team member
Projects
None yet
Milestone
9.0.101
Development

No branches or pull requests