Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

dotnet list package --vulnerable throws ArgumentException: '' is not a valid version string [.NET 9] #44838

Open
vascofernandes opened this issue Nov 13, 2024 · 5 comments
Open

dotnet list package --vulnerable throws ArgumentException: '' is not a valid version string [.NET 9] #44838

vascofernandes opened this issue Nov 13, 2024 · 5 comments
Labels
Area-CLI untriaged Request triage from a team member

Comments

@vascofernandes
Copy link

When running the command dotnet list package --vulnerable

I get the following result:

warn : An invalid cache entry was found for URL 'https://api.nuget.org/v3/registration5-gz-semver2/bogus/page/2.1.4/18.0.1.json' and will be replaced.
warn : '' is not a valid version string.
error: '' is not a valid version string.

When running the command dotnet list package --vulnerable -v diag

I get the following exception:

...
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/system.net.http/index.json
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/system.servicemodel.duplex/index.json
  OK https://api.nuget.org/v3/registration5-gz-semver2/bogus/page/2.1.4/18.0.1.json 733ms
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/system.servicemodel.federation/index.json
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/system.servicemodel.http/index.json
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/system.servicemodel.nettcp/index.json
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/system.servicemodel.primitives/index.json
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/system.servicemodel.security/index.json
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/xunit/index.json
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/xunit.analyzers/index.json
  CACHE https://api.nuget.org/v3/registration5-gz-semver2/xunit.runner.visualstudio/index.json
error: '' is not a valid version string.
trace: System.AggregateException: One or more errors occurred. ('' is not a valid version string.)
trace:  ---> System.ArgumentException: '' is not a valid version string.
trace:    at NuGet.Versioning.VersionRange.Parse(String value, Boolean allowFloating)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.DeserializeConvertable(JsonConverter converter, JsonReader reader, Type objectType, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.ResolvePropertyAndCreatorValues(JsonObjectContract contract, JsonProperty containerProperty, JsonReader reader, Type objectType)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObjectUsingCreatorWithParameters(JsonReader reader, JsonObjectContract contract, JsonProperty containerProperty, ObjectConstructor`1 creator, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateList(IList list, JsonReader reader, JsonArrayContract contract, JsonProperty containerProperty, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateList(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, Object existingValue, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.ResolvePropertyAndCreatorValues(JsonObjectContract contract, JsonProperty containerProperty, JsonReader reader, Type objectType)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObjectUsingCreatorWithParameters(JsonReader reader, JsonObjectContract contract, JsonProperty containerProperty, ObjectConstructor`1 creator, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateList(IList list, JsonReader reader, JsonArrayContract contract, JsonProperty containerProperty, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateList(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, Object existingValue, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.SetPropertyValue(JsonProperty property, JsonConverter propertyConverter, JsonContainerContract containerContract, JsonProperty containerProperty, JsonReader reader, Object target)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateObject(Object newObject, JsonReader reader, JsonObjectContract contract, JsonProperty member, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.SetPropertyValue(JsonProperty property, JsonConverter propertyConverter, JsonContainerContract containerContract, JsonProperty containerProperty, JsonReader reader, Object target)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateObject(Object newObject, JsonReader reader, JsonObjectContract contract, JsonProperty member, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateList(IList list, JsonReader reader, JsonArrayContract contract, JsonProperty containerProperty, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateList(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, Object existingValue, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.SetPropertyValue(JsonProperty property, JsonConverter propertyConverter, JsonContainerContract containerContract, JsonProperty containerProperty, JsonReader reader, Object target)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.PopulateObject(Object newObject, JsonReader reader, JsonObjectContract contract, JsonProperty member, String id)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateObject(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.CreateValueInternal(JsonReader reader, Type objectType, JsonContract contract, JsonProperty member, JsonContainerContract containerContract, JsonProperty containerMember, Object existingValue)
trace:    at Newtonsoft.Json.Serialization.JsonSerializerInternalReader.Deserialize(JsonReader reader, Type objectType, Boolean checkAdditionalContent)
trace:    at Newtonsoft.Json.JsonSerializer.DeserializeInternal(JsonReader reader, Type objectType)
trace:    at Newtonsoft.Json.JsonSerializer.Deserialize[T](JsonReader reader)
trace:    at NuGet.Protocol.PackageMetadataResourceV3.DeserializeStreamDataAsync[T](Stream stream, CancellationToken token)
trace:    at NuGet.Protocol.HttpSource.<>c__DisplayClass15_0`1.<<GetAsync>b__0>d.MoveNext()
trace: --- End of stack trace from previous location ---
trace:    at NuGet.Common.ConcurrencyUtilities.ExecuteWithFileLockedAsync[T](String filePath, Func`2 action, CancellationToken token)
trace:    at NuGet.Common.ConcurrencyUtilities.ExecuteWithFileLockedAsync[T](String filePath, Func`2 action, CancellationToken token)
trace:    at NuGet.Protocol.HttpSource.GetAsync[T](HttpSourceCachedRequest request, Func`2 processAsync, ILogger log, CancellationToken token)
trace:    at NuGet.Protocol.PackageMetadataResourceV3.GetMetadataAsync(String packageId, Boolean includePrerelease, Boolean includeUnlisted, VersionRange range, SourceCacheContext sourceCacheContext, ILogger log, CancellationToken token)
trace:    at NuGet.Protocol.PackageMetadataResourceV3.GetMetadataAsync(String packageId, Boolean includePrerelease, Boolean includeUnlisted, SourceCacheContext sourceCacheContext, ILogger log, CancellationToken token)
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.GetLatestVersionPerSourceAsync(PackageSource packageSource, ListPackageArgs listPackageArgs, String package, CancellationToken cancellationToken)
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.<>c__DisplayClass18_0.<<GetPackageVersionsAsync>b__0>d.MoveNext()
trace: --- End of stack trace from previous location ---
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.ThrottledForEachAsync[TItem,TResult](IList`1 items, Func`3 taskFactory, Action`1 continuation, Int32 maxParallel, CancellationToken cancellationToken)
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.GetPackageVersionsAsync(String package, ListPackageArgs listPackageArgs, CancellationToken cancellationToken)
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.<>c__DisplayClass13_0.<<GetPackageMetadataAsync>b__1>d.MoveNext()
trace: --- End of stack trace from previous location ---
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.ThrottledForEachAsync[TItem,TResult](IList`1 items, Func`3 taskFactory, Action`1 continuation, Int32 maxParallel, CancellationToken cancellationToken)
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.GetPackageMetadataAsync(List`1 targetFrameworks, ListPackageArgs listPackageArgs)
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.GetProjectMetadataAsync(String projectPath, ListPackageReportModel listPackageReportModel, MSBuildAPIUtility msBuild, ListPackageArgs listPackageArgs)
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.GetReportDataAsync(ListPackageArgs listPackageArgs)
trace:    at NuGet.CommandLine.XPlat.ListPackageCommandRunner.ExecuteCommandAsync(ListPackageArgs listPackageArgs)
trace:    at NuGet.CommandLine.XPlat.ListPackageCommand.<>c__DisplayClass0_1.<<Register>b__1>d.MoveNext()
trace:    --- End of inner exception stack trace ---
trace:    at System.Threading.Tasks.Task`1.GetResultCore(Boolean waitCompletionNotification)
trace:    at Microsoft.Extensions.CommandLineUtils.CommandLineApplication.Execute(String[] args)
trace:    at NuGet.CommandLine.XPlat.Program.MainInternal(String[] args, CommandOutputLogger log)

Worked fine with Sdk 8.0.402.

Thanks.
@dotnet-issue-labeler dotnet-issue-labeler bot added Area-CLI untriaged Request triage from a team member labels Nov 13, 2024
@vascofernandes vascofernandes changed the title dotnet list package --vulnerable throws ArgumentException: '' is not a valid version string dotnet list package --vulnerable throws ArgumentException: '' is not a valid version string [.NET 9] Nov 13, 2024
@robindv robindv mentioned this issue Nov 14, 2024
Open
@esbenbjerre esbenbjerre mentioned this issue Nov 14, 2024
Open
@JonDouglas
Copy link

@aortiz-msft @zivkan @nkolev92 FYI

@zivkan
Copy link
Member

zivkan commented Nov 14, 2024

I'm quite confident that it will be fixed by NuGet/NuGet.Client#6119

It's already inserted into dotnet/sdk's release/9.0.1xx branch, but we got the bug report too late to make it into 9.0.100, so it will be in 9.0.101 (as NuGet 6.12 release notes already state).

I think it's up to @baronfel and @marcpopMSFT when that gets released (if it waits until the first monthly update, or an out of band release)

@nkolev92
Copy link
Contributor

Should be fixed by NuGet/NuGet.Client@fec427d.
#44596 was merged 1 week ago, so the next SDK release should have the fix.

@nkolev92
Copy link
Contributor

Apparently @zivkan beat me to it :D

@sailro
Copy link

sailro commented Nov 14, 2024

Ok perfect. Thank you folks

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Area-CLI untriaged Request triage from a team member
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@sailro @JonDouglas @nkolev92 @zivkan @vascofernandes