Merge branch 'release/9.0.3xx' of https://github.com/dotnet/templating into merge/release/9.0.2xx-to-release/9.0.3xx

Author: v-wuzhai

eng/Version.Details.xml

@@ -19,14 +19,14 @@
     </Dependency>
   </ProductDependencies>
   <ToolsetDependencies>
-    <Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="9.0.0-beta.25255.5">
+    <Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="9.0.0-beta.25263.5">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>1cfa39f82d00b3659a3d367bc344241946e10681</Sha>
+      <Sha>93823d49ca01742464ad1c0b49ea940e693b1be3</Sha>
     </Dependency>
     <!-- Intermediate is necessary for source build. -->
-    <Dependency Name="Microsoft.SourceBuild.Intermediate.arcade" Version="9.0.0-beta.25255.5">
+    <Dependency Name="Microsoft.SourceBuild.Intermediate.arcade" Version="9.0.0-beta.25263.5">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>1cfa39f82d00b3659a3d367bc344241946e10681</Sha>
+      <Sha>93823d49ca01742464ad1c0b49ea940e693b1be3</Sha>
       <SourceBuild RepoName="arcade" ManagedOnly="true" />
     </Dependency>
     <!-- Dependencies required for source build. We'll still update manually -->

global.json

@@ -1,8 +1,8 @@
 {
   "tools": {
-    "dotnet": "9.0.105"
+    "dotnet": "9.0.106"
   },
   "msbuild-sdks": {
-    "Microsoft.DotNet.Arcade.Sdk": "9.0.0-beta.25255.5"
+    "Microsoft.DotNet.Arcade.Sdk": "9.0.0-beta.25263.5"
   }
 }

test/Microsoft.TemplateEngine.Edge.UnitTests/NuGetApiPackageManagerTests.cs

@@ -146,13 +146,13 @@ internal async Task DownloadPackage_HasVulnerabilities()
 
             var exception = await Assert.ThrowsAsync<VulnerablePackageException>(() => packageManager.DownloadPackageAsync(
                 installPath,
-                "log4net",
-                "2.0.3",
+                "System.Text.Json",
+                "8.0.4",
                 // add the source for getting vulnerability info
                 additionalSources: _additionalSources));
 
-            exception.PackageIdentifier.Should().Be("log4net");
-            exception.PackageVersion.Should().Be("2.0.3");
+            exception.PackageIdentifier.Should().Be("System.Text.Json");
+            exception.PackageVersion.Should().Be("8.0.4");
             exception.Vulnerabilities.Should().NotBeNullOrEmpty();
         }
 
@@ -167,15 +167,15 @@ internal async Task DownloadPackage_HasVulnerabilitiesForce()
 
             var result = await packageManager.DownloadPackageAsync(
                 installPath,
-                "log4net",
-                "2.0.3",
+                "System.Text.Json",
+                "8.0.4",
                 // add the source for getting vulnerability info
                 additionalSources: _additionalSources,
                 force: true);
 
-            result.PackageIdentifier.Should().Be("log4net");
-            result.Author.Should().Be("Apache Software Foundation");
-            result.PackageVersion.Should().Be("2.0.3");
+            result.PackageIdentifier.Should().Be("System.Text.Json");
+            result.Author.Should().Be("Microsoft");
+            result.PackageVersion.Should().Be("8.0.4");
             Assert.True(File.Exists(result.FullPath));
             result.PackageVulnerabilities.Should().NotBeNullOrEmpty();
             result.NuGetSource.Should().Be(_additionalSources[0]);