Merge branch 'hotfix/9.0.4'

CHANGELOG.md

@@ -6,6 +6,12 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 
 ## [vNext]
 
+## [9.0.4] / 2025-01-15
+- Security: Fixed output filter from `ArgumentStringHandler`
+- Fixed `PreProcess` of tasks requires exact options type
+- Fixed missing `position` and `secret` properties
+- Fixed preparation of shadow directory in `ReSharperTasks`
+
 ## [9.0.3] / 2024-12-05
 - Fixed nullable options for `ToolTasks.Run`
 - Fixed static tool path resolution
@@ -1205,7 +1211,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - Added CLT tasks for Git
 - Fixed background color in console output
 
-[vNext]: https://github.com/nuke-build/nuke/compare/9.0.3...HEAD
+[vNext]: https://github.com/nuke-build/nuke/compare/9.0.4...HEAD
+[9.0.4]: https://github.com/nuke-build/nuke/compare/9.0.3...9.0.4
 [9.0.3]: https://github.com/nuke-build/nuke/compare/9.0.2...9.0.3
 [9.0.2]: https://github.com/nuke-build/nuke/compare/9.0.1...9.0.2
 [9.0.1]: https://github.com/nuke-build/nuke/compare/9.0.0...9.0.1

Directory.Packages.props

@@ -22,16 +22,16 @@
     <PackageVersion Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageVersion Include="NuGet.Packaging" Version="6.12.1" />
     <PackageVersion Include="Octokit" Version="13.0.1" />
-    <PackageVersion Include="Serilog" Version="4.1.0" />
+    <PackageVersion Include="Serilog" Version="4.2.0" />
     <PackageVersion Include="Serilog.Formatting.Compact" Version="3.0.0" />
     <PackageVersion Include="Serilog.Formatting.Compact.Reader" Version="4.0.0" />
     <PackageVersion Include="Serilog.Sinks.Console" Version="6.0.0" />
     <PackageVersion Include="Serilog.Sinks.File" Version="6.0.0" />
     <PackageVersion Include="SharpZipLib" Version="1.4.2" />
     <PackageVersion Include="System.ComponentModel.Annotations" Version="5.0.0" />
     <PackageVersion Include="System.Net.Http" Version="4.3.4" />
-    <PackageVersion Include="System.Text.Json" Version="9.0.0" />
-    <PackageVersion Include="YamlDotNet" Version="16.2.0" />
+    <PackageVersion Include="System.Text.Json" Version="8.0.5" />
+    <PackageVersion Include="YamlDotNet" Version="16.3.0" />
     <PackageVersion Include="matkoch.spectre.console" Version="0.46.0" />
   </ItemGroup>
 

appveyor.yml

@@ -37,7 +37,7 @@ environment:
   PublicNuGetApiKey:
     secure: AzhHrKZGYyWnvMtPg06Q7PMJPp47dl5NxAHaE9ZB9tjIWVqmySx3F26YtVhRSPGa
   GitHubReleaseGitHubToken:
-    secure: a5UfxXiDEere9GkCCN9TURaC8CmN/ZaqWIeoHbHNshmXWLedwrEAdwGNzPf3dusKEykOMB7T/fIorZHPIqSRuuR3JsMya/3zPrvozT5o1A5qf6LpNAtWpdB20+3rvupZ
+    secure: a5UfxXiDEere9GkCCN9TUUq2+8QHAJoeVpZudQZXdWyloZWE5xKOkqzpxdMoYDPSxrVbWxjXbk1Xe9p0OydwuGVnr/3DC//BguNeGtFddbyMWlAiX36XvD1ZGEgP+ZIN
   SignPathApiToken:
     secure: uQTH2MxpqiqWTy7EJkjtNc43ipG17EUOQN99QsODRNgtNEcikDaP0t4ylekK/ibn
   TwitterConsumerKey:

build/Build.CI.AppVeyor.cs

@@ -35,7 +35,7 @@
     InvokedTargets = new[] { nameof(ITest.Test), nameof(IPack.Pack) },
     Secrets = new string[0])]
 [AppVeyorSecret(nameof(PublicNuGetApiKey), "AzhHrKZGYyWnvMtPg06Q7PMJPp47dl5NxAHaE9ZB9tjIWVqmySx3F26YtVhRSPGa")]
-[AppVeyorSecret(ICreateGitHubRelease.GitHubRelease + nameof(ICreateGitHubRelease.GitHubToken), "a5UfxXiDEere9GkCCN9TURaC8CmN/ZaqWIeoHbHNshmXWLedwrEAdwGNzPf3dusKEykOMB7T/fIorZHPIqSRuuR3JsMya/3zPrvozT5o1A5qf6LpNAtWpdB20+3rvupZ")]
+[AppVeyorSecret(ICreateGitHubRelease.GitHubRelease + nameof(ICreateGitHubRelease.GitHubToken), "a5UfxXiDEere9GkCCN9TUUq2+8QHAJoeVpZudQZXdWyloZWE5xKOkqzpxdMoYDPSxrVbWxjXbk1Xe9p0OydwuGVnr/3DC//BguNeGtFddbyMWlAiX36XvD1ZGEgP+ZIN")]
 [AppVeyorSecret(ISignPackages.SignPath + nameof(ISignPackages.ApiToken), "uQTH2MxpqiqWTy7EJkjtNc43ipG17EUOQN99QsODRNgtNEcikDaP0t4ylekK/ibn")]
 [AppVeyorSecret(IHazTwitterCredentials.Twitter + nameof(IHazTwitterCredentials.ConsumerKey), "T61zL4r+xtyj7b0aOGYCsyixrXHooXE759T8z3M67Lw=")]
 [AppVeyorSecret(IHazTwitterCredentials.Twitter + nameof(IHazTwitterCredentials.ConsumerSecret), "CZwdlO4PHT51Xr0Pe/mT6WpfBzQXsL0C3yWfHgXqdYrf22rx8ePEt5qpszWckbHE5Vh5ErtVfIAQgLeFrqe2Gg==")]

source/Nuke.Common/Tools/AzureSignTool/AzureSignTool.Generated.cs

@@ -44,19 +44,19 @@ public partial class AzureSignToolTasks : ToolTasks, IRequireNuGetPackage
 public partial class AzureSignToolSettings : ToolOptions
 {
     /// <summary>A fully qualified URL of the key vault with the certificate that will be used for signing. An example value might be <c>https://my-vault.vault.azure.net</c>.</summary>
-    [Argument(Format = "--azure-key-vault-url {value}")] public string KeyVaultUrl => Get<string>(() => KeyVaultUrl);
+    [Argument(Format = "--azure-key-vault-url {value}", Secret = false)] public string KeyVaultUrl => Get<string>(() => KeyVaultUrl);
     /// <summary>This is the client ID used to authenticate to Azure, which will be used to generate an access token. This parameter is not required if an access token is supplied directly with the <c>--azure-key-vault-accesstoken</c> option. If this parameter is supplied, <c>--azure-key-vault-client-secret</c> and <c>--azure-key-vault-tenant-id</c> must be supplied as well.</summary>
-    [Argument(Format = "--azure-key-vault-client-id {value}")] public string KeyVaultClientId => Get<string>(() => KeyVaultClientId);
+    [Argument(Format = "--azure-key-vault-client-id {value}", Secret = false)] public string KeyVaultClientId => Get<string>(() => KeyVaultClientId);
     /// <summary>This is the client secret used to authenticate to Azure, which will be used to generate an access token. This parameter is not required if an access token is supplied directly with the <c>--azure-key-vault-accesstoken</c> option or when using managed identities with <c>--azure-key-vault-managed-identity</c>. If this parameter is supplied, <c>--azure-key-vault-client-id</c> and <c>--azure-key-vault-tenant-id</c> must be supplied as well.</summary>
     [Argument(Format = "--azure-key-vault-client-secret {value}", Secret = true)] public string KeyVaultClientSecret => Get<string>(() => KeyVaultClientSecret);
     /// <summary>This is the tenant id used to authenticate to Azure, which will be used to generate an access token. This parameter is not required if an access token is supplied directly with the <c>--azure-key-vault-accesstoken</c> option or when using managed identities with <c>--azure-key-vault-managed-identity</c>. If this parameter is supplied, <c>--azure-key-vault-client-id</c> and <c>--azure-key-vault-client-secret</c> must be supplied as well.</summary>
-    [Argument(Format = "--azure-key-vault-tenant-id {value}")] public string KeyVaultTenantId => Get<string>(() => KeyVaultTenantId);
+    [Argument(Format = "--azure-key-vault-tenant-id {value}", Secret = false)] public string KeyVaultTenantId => Get<string>(() => KeyVaultTenantId);
     /// <summary>The name of the certificate used to perform the signing operation.</summary>
-    [Argument(Format = "--azure-key-vault-certificate {value}")] public string KeyVaultCertificateName => Get<string>(() => KeyVaultCertificateName);
+    [Argument(Format = "--azure-key-vault-certificate {value}", Secret = false)] public string KeyVaultCertificateName => Get<string>(() => KeyVaultCertificateName);
     /// <summary>An access token used to authenticate to Azure. This can be used instead of the <c>--azure-key-vault-managed-identity</c>, <c>--azure-key-vault-client-id</c> and <c>--azure-key-vault-client-secret</c> options. This is useful if AzureSignTool is being used as part of another program that is already authenticated and has an access token to Azure.</summary>
     [Argument(Format = "--azure-key-vault-accesstoken {value}", Secret = true)] public string KeyVaultAccessToken => Get<string>(() => KeyVaultAccessToken);
     /// <summary>Use the ambient Managed Identity to authenticate to Azure. This can be used instead of the <c>--azure-key-vault-accesstoken</c>, <c>--azure-key-vault-client-id</c> and <c>--azure-key-vault-client-secret</c> options. This is useful if AzureSignTool is being used on a VM/service/CLI that is configured for managed identities to Azure.</summary>
-    [Argument(Format = "--azure-key-vault-managed-identity")] public bool? KeyVaultManagedIdentity => Get<bool?>(() => KeyVaultManagedIdentity);
+    [Argument(Format = "--azure-key-vault-managed-identity", Secret = false)] public bool? KeyVaultManagedIdentity => Get<bool?>(() => KeyVaultManagedIdentity);
     /// <summary>A description of the signed content. This parameter serves the same purpose as the <c>/d</c> option in the Windows SDK <c>signtool</c>. If this parameter is not supplied, the signature will not contain a description.</summary>
     [Argument(Format = "--description {value}")] public string Description => Get<string>(() => Description);
     /// <summary>A URL with more information of the signed content. This parameter serves the same purpose as the <c>/du</c> option in the Windows SDK <c>signtool</c>. If this parameter is not supplied, the signature will not contain a URL description.</summary>

source/Nuke.Common/Tools/AzureSignTool/AzureSignTool.json

@@ -14,12 +14,14 @@
             "name": "KeyVaultUrl",
             "type": "string",
             "format": "--azure-key-vault-url {value}",
+            "secret": false,
             "help": "A fully qualified URL of the key vault with the certificate that will be used for signing. An example value might be <c>https://my-vault.vault.azure.net</c>."
           },
           {
             "name": "KeyVaultClientId",
             "type": "string",
             "format": "--azure-key-vault-client-id {value}",
+            "secret": false,
             "help": "This is the client ID used to authenticate to Azure, which will be used to generate an access token. This parameter is not required if an access token is supplied directly with the <c>--azure-key-vault-accesstoken</c> option. If this parameter is supplied, <c>--azure-key-vault-client-secret</c> and <c>--azure-key-vault-tenant-id</c> must be supplied as well."
           },
           {
@@ -33,12 +35,14 @@
             "name": "KeyVaultTenantId",
             "type": "string",
             "format": "--azure-key-vault-tenant-id {value}",
+            "secret": false,
             "help": "This is the tenant id used to authenticate to Azure, which will be used to generate an access token. This parameter is not required if an access token is supplied directly with the <c>--azure-key-vault-accesstoken</c> option or when using managed identities with <c>--azure-key-vault-managed-identity</c>. If this parameter is supplied, <c>--azure-key-vault-client-id</c> and <c>--azure-key-vault-client-secret</c> must be supplied as well."
           },
           {
             "name": "KeyVaultCertificateName",
             "type": "string",
             "format": "--azure-key-vault-certificate {value}",
+            "secret": false,
             "help": "The name of the certificate used to perform the signing operation."
           },
           {
@@ -52,6 +56,7 @@
             "name": "KeyVaultManagedIdentity",
             "type": "bool",
             "format": "--azure-key-vault-managed-identity",
+            "secret": false,
             "help": "Use the ambient Managed Identity to authenticate to Azure. This can be used instead of the <c>--azure-key-vault-accesstoken</c>, <c>--azure-key-vault-client-id</c> and <c>--azure-key-vault-client-secret</c> options. This is useful if AzureSignTool is being used on a VM/service/CLI that is configured for managed identities to Azure."
           },
           {

source/Nuke.Common/Tools/DocFX/DocFX.Generated.cs

@@ -155,7 +155,7 @@ public partial class DocFXBuildSettings : ToolOptions
     /// <summary>Set the max parallelism, 0 is auto.</summary>
     [Argument(Format = "--maxParallelism={value}")] public int? MaxParallelism => Get<int?>(() => MaxParallelism);
     /// <summary>Disable default lang keyword.</summary>
-    [Argument(Format = "--noLangKeyword")] public bool? NoLangKeyword => Get<bool?>(() => NoLangKeyword);
+    [Argument(Format = "--noLangKeyword", Secret = false)] public bool? NoLangKeyword => Get<bool?>(() => NoLangKeyword);
     /// <summary>Specify the output base directory.</summary>
     [Argument(Format = "--output={value}")] public string OutputFolder => Get<string>(() => OutputFolder);
     /// <summary>The output folder for files generated for debugging purpose when in debug mode. If not specified, it is ${TempPath}/docfx.</summary>
@@ -416,7 +416,7 @@ public partial class DocFXPdfSettings : ToolOptions
     /// <summary>Set the max parallelism, 0 is auto.</summary>
     [Argument(Format = "--maxParallelism={value}")] public int? MaxParallelism => Get<int?>(() => MaxParallelism);
     /// <summary>Disable default lang keyword.</summary>
-    [Argument(Format = "--noLangKeyword")] public bool? NoLangKeyword => Get<bool?>(() => NoLangKeyword);
+    [Argument(Format = "--noLangKeyword", Secret = false)] public bool? NoLangKeyword => Get<bool?>(() => NoLangKeyword);
     /// <summary>Specify the output base directory.</summary>
     [Argument(Format = "--output={value}")] public string OutputFolder => Get<string>(() => OutputFolder);
     /// <summary>The output folder for files generated for debugging purpose when in debug mode. If not specified, it is ${TempPath}/docfx.</summary>

source/Nuke.Common/Tools/DocFX/DocFX.json

@@ -167,6 +167,7 @@
             "name": "NoLangKeyword",
             "type": "bool",
             "format": "--noLangKeyword",
+            "secret": false,
             "help": "Disable default lang keyword."
           },
           {
@@ -864,6 +865,7 @@
         "name": "NoLangKeyword",
         "type": "bool",
         "format": "--noLangKeyword",
+        "secret": false,
         "help": "Disable default lang keyword."
       },
       {