Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Grpc.Tools version 2.55.1 not resolved to specific version error #894

Open
Kubana opened this issue Jul 10, 2024 · 5 comments
Open

Grpc.Tools version 2.55.1 not resolved to specific version error #894

Kubana opened this issue Jul 10, 2024 · 5 comments
Labels
bug Something isn't working question Further information is requested

Comments

@Kubana
Copy link

Kubana commented Jul 10, 2024
edited
Loading

Couple of days ago I started getting this exception when generating SBOM from one of our projects.

Dependency (Grpc.Tools) with version range ([2.55.1, )) referenced by (Name:Grpc.AspNetCore Version:2.55.0) did not resolve to a specific version.
Unable to locate valid bom ref for Grpc.Tools [2.55.1, )

What is the issue here?
@github-actions github-actions bot added the triage Don't know what to do with this yet label Jul 10, 2024
@mtsfoni
Copy link
Contributor

mtsfoni commented Jul 30, 2024

Are you using the current version of cyclonedx-dotnet? I hoped we got rid of that bug.

Do you maybe have a different version of grpc.tools referenced directly?

@mtsfoni mtsfoni added question Further information is requested bug Something isn't working and removed triage Don't know what to do with this yet labels Jul 30, 2024
@Kubana
Copy link
Author

Kubana commented Aug 12, 2024
edited
Loading

Currently running the dotnet tool CycloneDX version 3.0.8 , still the same error
In project.assets.json I have this record:

"Grpc.AspNetCore/2.55.0": {
"type": "package",
"dependencies": {
"Google.Protobuf": "3.23.1",
"Grpc.AspNetCore.Server.ClientFactory": "2.55.0",
"Grpc.Tools": "2.55.1"
},
"compile": {
"lib/net7.0/.": {}
},
"runtime": {
"lib/net7.0/.": {}
}
}

@mtsfoni
Copy link
Contributor

mtsfoni commented Aug 12, 2024

With what argument do you call the tool?
Normaly a single project.assets.json should be unambiguous.
This problem can arise, if you have a solution where different projects refer to different versions of a library as the tool doesn't know which version to use.

I want to change the tool to just add all versions of that library in case, but I have no free capacity.

A workaround can be, to generate the sboms by refering the "root-component"-projects (meaning your .exe / service-backend ). I recommend doing it that way for increased accuracy anyway and handle all my projects like that. (I generate a frontend and backend bom seperately then)

@Kubana
Copy link
Author

Kubana commented Aug 22, 2024
edited
Loading

dotnet-CycloneDX.exe {projectName}.csproj -o CycloneDXOutputs -fn {projectName}.xml -dpr and it fails sadly on the project that is creating the .exe

@Kubana
Copy link
Author

Kubana commented Oct 10, 2024
edited
Loading

Problem persists even in version 4.0.0 problem is with Grpc.Tools nuget package version range [2.60.0,

Dependency (Grpc.Tools) with version range ([2.60.0, )) referenced by (Name:Grpc.AspNetCore Version:2.60.0) did not resolve to a specific version.
Unable to locate valid bom ref for Grpc.Tools [2.60.0, )
our every project that uses this nuget package has this problem

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working question Further information is requested
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Kubana @mtsfoni