{"id":903,"date":"2024-12-19T23:23:12","date_gmt":"2024-12-20T07:23:12","guid":{"rendered":"https:\/\/devblogs.microsoft.com\/dotnet-ch\/?p=903"},"modified":"2024-12-19T23:24:40","modified_gmt":"2024-12-20T07:24:40","slug":"%e4%bd%bf%e7%94%a8-dependabot-%e7%ae%a1%e7%90%86-net-sdk-%e6%9b%b4%e6%96%b0","status":"publish","type":"post","link":"https:\/\/devblogs.microsoft.com\/dotnet-ch\/%e4%bd%bf%e7%94%a8-dependabot-%e7%ae%a1%e7%90%86-net-sdk-%e6%9b%b4%e6%96%b0\/","title":{"rendered":"\u4f7f\u7528 Dependabot \u7ba1\u7406 .NET SDK \u66f4\u65b0"},"content":{"rendered":"<p style=\"text-align: center;\"><em><span style=\"font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;\">\u672c\u6587\u7ffb\u8bd1\u81ea\u5fae\u8f6f\u9ad8\u7ea7\u8f6f\u4ef6\u5de5\u7a0b\u5e08 <span class=\"TextRun SCXW52716580 BCX8\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun SCXW52716580 BCX8\">Jamie Magee \u7684<a href=\"https:\/\/devblogs.microsoft.com\/dotnet\/using-dependabot-to-manage-dotnet-sdk-updates\/\">Using Dependabot to Manage .NET SDK Updates<\/a><\/span><\/span><\/span><\/em><\/p>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;\">\u4fdd\u6301 .NET SDK \u5904\u4e8e\u6700\u65b0\u7248\u672c\u5bf9\u7ef4\u62a4\u5b89\u5168\u9ad8\u6548\u7684\u5e94\u7528\u7a0b\u5e8f\u81f3\u5173\u91cd\u8981\u3002\u73b0\u5728\uff0cDependabot \u53ef\u4ee5\u66f4\u65b0 global.json \u4e2d\u7684 .NET SDK \u7248\u672c\uff0c\u8fd9\u4f7f\u60a8\u53ef\u4ee5\u6bd4\u4ee5\u5f80\u66f4\u8f7b\u677e\u5730\u786e\u4fdd\u81ea\u5df1\u7684\u5e94\u7528\u7a0b\u5e8f\u59cb\u7ec8\u8fd0\u884c\u6700\u65b0\u7684\u5b89\u5168\u8865\u4e01\u548c\u6539\u8fdb\u3002<\/span><\/p>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;\">\u5b9a\u671f\u7684\u66f4\u65b0 SDK\u975e\u5e38\u91cd\u8981\uff0c\u56e0\u4e3a\u5b83\u4eec\u5305\u542b\uff1a<\/span><\/p>\n<ul>\n<li><span style=\"font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;\">\u5df2\u77e5\u6f0f\u6d1e\uff08CVE\uff09\u7684\u5b89\u5168\u8865\u4e01<\/span><\/li>\n<li><span style=\"font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;\">\u9519\u8bef\u4fee\u590d\u548c\u6027\u80fd\u6539\u8fdb<\/span><\/li>\n<li><span style=\"font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;\">\u6700\u65b0\u7684\u5f00\u53d1\u5de5\u5177\u548c\u529f\u80fd<\/span><\/li>\n<\/ul>\n<h2><span style=\"font-family: tahoma, arial, helvetica, sans-serif; font-size: 14pt;\"><strong>\u4f7f\u7528 global.json <\/strong><strong>\u7ba1\u7406 SDK <\/strong><strong>\u7248\u672c<\/strong><\/span><\/h2>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;\">\u8981\u7ba1\u7406\u60a8\u7684 .NET SDK \u7248\u672c\uff0c\u60a8\u901a\u5e38\u4f1a\u5728\u9879\u76ee\u4e2d\u4f7f\u7528 <a href=\"https:\/\/learn.microsoft.com\/dotnet\/core\/tools\/global-json\">global.json \u6587\u4ef6<\/a>\u3002\u6b64\u6587\u4ef6\u4f1a\u6307\u5b9a\u9879\u76ee\u5e94\u4f7f\u7528\u54ea\u4e2a\u7248\u672c\u7684 SDK\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u7b80\u5355\u7684 global.json \u6587\u4ef6\u793a\u4f8b\uff1a<\/span><\/p>\n<pre class=\"prettyprint language-json\"><code class=\"language-json\">{\r\n  \"sdk\": {\r\n    \"version\": \"9.0.100\"\r\n  }\r\n}<\/code><\/pre>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;\">\u5982\u679c\u60a8\u6b63\u5728\u4f7f\u7528 GitHub Actions\u4ee5\u53ca <a href=\"https:\/\/github.com\/actions\/setup-dotnet\">dotnet\/setup-dotnet<\/a> \uff0c\u6b64\u6587\u4ef6\u5c06\u786e\u4fdd\u5728\u60a8\u7684 CI\/CD \u7ba1\u9053\u4e2d\u4f7f\u7528\u4e86\u6b63\u786e\u7684 SDK \u7248\u672c\u3002<\/span><\/p>\n<h2><span style=\"font-family: tahoma, arial, helvetica, sans-serif; font-size: 14pt;\"><strong>\u914d\u7f6e Dependabot <\/strong><strong>\u4ee5\u8fdb\u884c .NET SDK <\/strong><strong>\u66f4\u65b0<\/strong>\u00a0<\/span><\/h2>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;\">\u6dfb\u52a0\u4e00\u4e2a<code>dependabot.yml<\/code>\u6587\u4ef6\u5230\u60a8\u4ee3\u7801\u4ed3\u5e93\u9ed8\u8ba4\u5206\u652f\u7684<code>.github\/dependabot.yml<\/code>\u8def\u5f84\u4e0b\u3002\u5982\u679c\u60a8\u5e0c\u671b\u59cb\u7ec8\u63a5\u6536\u6700\u65b0\u66f4\u65b0\uff0c\u6700\u7b80\u5355\u7684\u914d\u7f6e\u5982\u4e0b\u6240\u793a\uff1a<\/span><\/p>\n<pre class=\"prettyprint language-default\"><code class=\"language-default\">version: 2\r\nupdates:\r\n  - package-ecosystem: \"dotnet-sdk\"\r\n    directory: \"\/\"<\/code><\/pre>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;\">\u4f46\u662f .NET SDK \u66f4\u65b0\u901a\u5e38\u5728\u201c\u8865\u4e01\u661f\u671f\u4e8c\u201d\uff08\u6bcf\u6708\u7684\u7b2c\u4e8c\u4e2a\u661f\u671f\u4e8c\uff09\u53d1\u5e03\uff0c\u56e0\u6b64\u60a8\u53ef\u80fd\u5e0c\u671b\u8c03\u6574\u66f4\u65b0\u8ba1\u5212\u4ee5\u6bcf\u5468\u4ec5\u68c0\u67e5\u4e00\u6b21\u66f4\u65b0\u3002\u60a8\u53ef\u4ee5\u901a\u8fc7\u6dfb\u52a0<code>schedule<\/code>\u90e8\u5206\u6765\u5b9e\u73b0\uff1a<\/span><\/p>\n<pre class=\"prettyprint language-default\"><code class=\"language-default\">version: 2\r\nupdates:\r\n  - package-ecosystem: \"dotnet-sdk\"\r\n    directory: \"\/\"\r\n    schedule:\r\n      interval: \"weekly\"\r\n      day: \"wednesday\"<\/code><\/pre>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;\">\u6b64\u5916\uff0c\u5982\u679c\u60a8\u53ea\u60f3\u5173\u6ce8\u5b89\u5168\u8865\u4e01\uff0c\u53ef\u4ee5\u5ffd\u7565\u4e3b\u8981\u548c\u6b21\u8981\u7248\u672c\u66f4\u65b0\u3002\u8fd9\u53ef\u4ee5\u901a\u8fc7\u6dfb\u52a0<code>ignore<\/code>\u90e8\u5206\u6765\u5b9e\u73b0\uff1a<\/span><\/p>\n<pre class=\"prettyprint language-default\"><code class=\"language-default\">version: 2\r\nupdates:\r\n  - package-ecosystem: \"dotnet-sdk\"\r\n    directory: \"\/\"\r\n    schedule:\r\n      interval: \"weekly\"\r\n      day: \"wednesday\"\r\n    ignore:\r\n      - dependency-name: \"*\"\r\n        update-types: \r\n          - \"version-update:semver-major\"\r\n          - \"version-update:semver-minor\"<\/code><\/pre>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;\">Dependabot\u540c\u65f6\u4e5f\u9075\u5faa global.json \u6587\u4ef6\u4e2d\u7684 <a href=\"https:\/\/learn.microsoft.com\/en-us\/dotnet\/core\/tools\/global-json#allowprerelease\">allowPrerelease<\/a> \u8bbe\u7f6e\u3002\u56e0\u6b64\uff0c\u5982\u679c\u60a8\u60f3\u8981\u5728\u66f4\u65b0\u4e2d\u5305\u542b\u9884\u53d1\u5e03\u7248\u672c\uff0c\u8bf7\u786e\u4fdd\u76f8\u5e94\u5730\u8bbe\u7f6e\u8be5\u9009\u9879\u3002<\/span><\/p>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;\">\u6709\u5173\u6240\u6709\u53ef\u7528\u914d\u7f6e\u9009\u9879\u7684\u66f4\u591a\u8be6\u7ec6\u4fe1\u606f\uff0c\u8bf7\u53c2\u9605<a href=\"https:\/\/docs.github.com\/en\/code-security\/dependabot\/dependabot-version-updates\/configuration-options-for-the-dependabot.yml-file\">Dependabot\u6587\u6863<\/a>\u3002\u00a0<\/span><\/p>\n<h2><span style=\"font-size: 14pt; font-family: tahoma, arial, helvetica, sans-serif;\">Dependabot NuGet \u8f6f\u4ef6\u5305\u66f4\u65b0<\/span><\/h2>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;\">\u9664\u4e86 .NET SDK \u66f4\u65b0\uff0c\u60a8\u8fd8\u53ef\u4ee5\u914d\u7f6e Dependabot \u6765\u7ba1\u7406\u60a8\u7684 NuGet \u5305\u4f9d\u8d56\u9879\u3002\u53bb\u5e74\uff0c\u6211\u4eec\u663e\u8457<a href=\"https:\/\/github.blog\/changelog\/2023-11-28-improvements-to-nuget-support-for-dependabot\/\">\u6539\u8fdb\u4e86 Dependabot \u4e2d\u7684 NuGet \u652f\u6301<\/a>\uff0c\u4ee5\u7ba1\u7406\u66f4\u590d\u6742\u7684\u573a\u666f\uff0c\u6765\u786e\u4fdd\u60a8\u53ef\u4ee5\u8f7b\u677e\u4fdd\u6301\u5305\u7684\u66f4\u65b0\u3002<\/span><\/p>\n<h2><span style=\"font-size: 14pt; font-family: tahoma, arial, helvetica, sans-serif;\">\u53cd\u9988<\/span><\/h2>\n<p><span style=\"font-family: tahoma, arial, helvetica, sans-serif; font-size: 12pt;\">\u60a8\u53ef\u4ee5\u901a\u8fc7\u5728<a href=\"https:\/\/github.com\/dependabot\/dependabot-core\/\">Dependabot\u4ed3\u5e93<\/a>\u4e2d\u63d0\u4ea4\u95ee\u9898\u4e0e\u6211\u4eec\u5206\u4eab\u53cd\u9988\u3002\u5982\u679c\u60a8\u6709\u4efb\u4f55\u95ee\u9898\u6216\u5efa\u8bae\uff0c\u4e5f\u53ef\u4ee5\u5728\u6b64\u5e16\u5b50\u4e0a\u7559\u8a00\u3002<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>\u672c\u6587\u7ffb\u8bd1\u81ea\u5fae\u8f6f\u9ad8\u7ea7\u8f6f\u4ef6\u5de5\u7a0b\u5e08 Jamie Magee \u7684Using Dependabot to Manage .NET SDK Updates \u4fdd\u6301 .NET SDK \u5904\u4e8e\u6700\u65b0\u7248\u672c\u5bf9\u7ef4\u62a4\u5b89\u5168\u9ad8\u6548\u7684\u5e94\u7528\u7a0b\u5e8f\u81f3\u5173\u91cd\u8981\u3002\u73b0\u5728\uff0cDependabot \u53ef\u4ee5\u66f4\u65b0 global.json \u4e2d\u7684 .NET SDK \u7248\u672c\uff0c\u8fd9\u4f7f\u60a8\u53ef\u4ee5\u6bd4\u4ee5\u5f80\u66f4\u8f7b\u677e\u5730\u786e\u4fdd\u81ea\u5df1\u7684\u5e94\u7528\u7a0b\u5e8f\u59cb\u7ec8\u8fd0\u884c\u6700\u65b0\u7684\u5b89\u5168\u8865\u4e01\u548c\u6539\u8fdb\u3002 \u5b9a\u671f\u7684\u66f4\u65b0 SDK\u975e\u5e38\u91cd\u8981\uff0c\u56e0\u4e3a\u5b83\u4eec\u5305\u542b\uff1a \u5df2\u77e5\u6f0f\u6d1e\uff08CVE\uff09\u7684\u5b89\u5168\u8865\u4e01 \u9519\u8bef\u4fee\u590d\u548c\u6027\u80fd\u6539\u8fdb \u6700\u65b0\u7684\u5f00\u53d1\u5de5\u5177\u548c\u529f\u80fd \u4f7f\u7528 global.json \u7ba1\u7406 SDK \u7248\u672c \u8981\u7ba1\u7406\u60a8\u7684 .NET SDK \u7248\u672c\uff0c\u60a8\u901a\u5e38\u4f1a\u5728\u9879\u76ee\u4e2d\u4f7f\u7528 global.json \u6587\u4ef6\u3002\u6b64\u6587\u4ef6\u4f1a\u6307\u5b9a\u9879\u76ee\u5e94\u4f7f\u7528\u54ea\u4e2a\u7248\u672c\u7684 SDK\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u7b80\u5355\u7684 global.json \u6587\u4ef6\u793a\u4f8b\uff1a { &#8220;sdk&#8221;: { &#8220;version&#8221;: &#8220;9.0.100&#8221; } } \u5982\u679c\u60a8\u6b63\u5728\u4f7f\u7528 GitHub Actions\u4ee5\u53ca dotnet\/setup-dotnet \uff0c\u6b64\u6587\u4ef6\u5c06\u786e\u4fdd\u5728\u60a8\u7684 CI\/CD \u7ba1\u9053\u4e2d\u4f7f\u7528\u4e86\u6b63\u786e\u7684 SDK \u7248\u672c\u3002 [&hellip;]<\/p>\n","protected":false},"author":177361,"featured_media":911,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[59,1],"tags":[2,52,23],"class_list":["post-903","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-net","category-dotnet-ch","tag-net","tag-net-9","tag-net-core"],"acf":[],"blog_post_summary":"<p>\u672c\u6587\u7ffb\u8bd1\u81ea\u5fae\u8f6f\u9ad8\u7ea7\u8f6f\u4ef6\u5de5\u7a0b\u5e08 Jamie Magee \u7684Using Dependabot to Manage .NET SDK Updates \u4fdd\u6301 .NET SDK \u5904\u4e8e\u6700\u65b0\u7248\u672c\u5bf9\u7ef4\u62a4\u5b89\u5168\u9ad8\u6548\u7684\u5e94\u7528\u7a0b\u5e8f\u81f3\u5173\u91cd\u8981\u3002\u73b0\u5728\uff0cDependabot \u53ef\u4ee5\u66f4\u65b0 global.json \u4e2d\u7684 .NET SDK \u7248\u672c\uff0c\u8fd9\u4f7f\u60a8\u53ef\u4ee5\u6bd4\u4ee5\u5f80\u66f4\u8f7b\u677e\u5730\u786e\u4fdd\u81ea\u5df1\u7684\u5e94\u7528\u7a0b\u5e8f\u59cb\u7ec8\u8fd0\u884c\u6700\u65b0\u7684\u5b89\u5168\u8865\u4e01\u548c\u6539\u8fdb\u3002 \u5b9a\u671f\u7684\u66f4\u65b0 SDK\u975e\u5e38\u91cd\u8981\uff0c\u56e0\u4e3a\u5b83\u4eec\u5305\u542b\uff1a \u5df2\u77e5\u6f0f\u6d1e\uff08CVE\uff09\u7684\u5b89\u5168\u8865\u4e01 \u9519\u8bef\u4fee\u590d\u548c\u6027\u80fd\u6539\u8fdb \u6700\u65b0\u7684\u5f00\u53d1\u5de5\u5177\u548c\u529f\u80fd \u4f7f\u7528 global.json \u7ba1\u7406 SDK \u7248\u672c \u8981\u7ba1\u7406\u60a8\u7684 .NET SDK \u7248\u672c\uff0c\u60a8\u901a\u5e38\u4f1a\u5728\u9879\u76ee\u4e2d\u4f7f\u7528 global.json \u6587\u4ef6\u3002\u6b64\u6587\u4ef6\u4f1a\u6307\u5b9a\u9879\u76ee\u5e94\u4f7f\u7528\u54ea\u4e2a\u7248\u672c\u7684 SDK\u3002\u4ee5\u4e0b\u662f\u4e00\u4e2a\u7b80\u5355\u7684 global.json \u6587\u4ef6\u793a\u4f8b\uff1a { &#8220;sdk&#8221;: { &#8220;version&#8221;: &#8220;9.0.100&#8221; } } \u5982\u679c\u60a8\u6b63\u5728\u4f7f\u7528 GitHub Actions\u4ee5\u53ca dotnet\/setup-dotnet \uff0c\u6b64\u6587\u4ef6\u5c06\u786e\u4fdd\u5728\u60a8\u7684 CI\/CD \u7ba1\u9053\u4e2d\u4f7f\u7528\u4e86\u6b63\u786e\u7684 SDK \u7248\u672c\u3002 [&hellip;]<\/p>\n","_links":{"self":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet-ch\/wp-json\/wp\/v2\/posts\/903","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet-ch\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet-ch\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet-ch\/wp-json\/wp\/v2\/users\/177361"}],"replies":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet-ch\/wp-json\/wp\/v2\/comments?post=903"}],"version-history":[{"count":0,"href":"https:\/\/devblogs.microsoft.com\/dotnet-ch\/wp-json\/wp\/v2\/posts\/903\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet-ch\/wp-json\/wp\/v2\/media\/911"}],"wp:attachment":[{"href":"https:\/\/devblogs.microsoft.com\/dotnet-ch\/wp-json\/wp\/v2\/media?parent=903"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet-ch\/wp-json\/wp\/v2\/categories?post=903"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/devblogs.microsoft.com\/dotnet-ch\/wp-json\/wp\/v2\/tags?post=903"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}