From a155a0ca209fb202660168bbf0ce7efd03a2010c Mon Sep 17 00:00:00 2001
From: Maggiekimani1 <maggiekim42@gmail.com>
Date: Fri, 30 Aug 2024 13:11:20 +0300
Subject: [PATCH 01/11] Add server info

---
 .../UtilityFiles/docWithReusableHeadersAndExamples.yaml         | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/test/Microsoft.OpenApi.Hidi.Tests/UtilityFiles/docWithReusableHeadersAndExamples.yaml b/test/Microsoft.OpenApi.Hidi.Tests/UtilityFiles/docWithReusableHeadersAndExamples.yaml
index 2f86d7661..3260ea430 100644
--- a/test/Microsoft.OpenApi.Hidi.Tests/UtilityFiles/docWithReusableHeadersAndExamples.yaml
+++ b/test/Microsoft.OpenApi.Hidi.Tests/UtilityFiles/docWithReusableHeadersAndExamples.yaml
@@ -2,6 +2,8 @@ openapi: 3.0.1
 info:
   title: Example with Multiple Operations and Local $refs
   version: 1.0.0
+servers:
+- url: https://api.github.com
 paths:
   /items:
     get:

From e94ea23b7f50e42c90bc1d0ead56ba527d6f1505 Mon Sep 17 00:00:00 2001
From: Maggiekimani1 <maggiekim42@gmail.com>
Date: Fri, 30 Aug 2024 13:12:07 +0300
Subject: [PATCH 02/11] Compare the source document's server to that of the
 resulting subset document for equality

---
 .../Services/OpenApiFilterServiceTests.cs                        | 1 +
 1 file changed, 1 insertion(+)

diff --git a/test/Microsoft.OpenApi.Hidi.Tests/Services/OpenApiFilterServiceTests.cs b/test/Microsoft.OpenApi.Hidi.Tests/Services/OpenApiFilterServiceTests.cs
index ac566bf0d..f91d0db93 100644
--- a/test/Microsoft.OpenApi.Hidi.Tests/Services/OpenApiFilterServiceTests.cs
+++ b/test/Microsoft.OpenApi.Hidi.Tests/Services/OpenApiFilterServiceTests.cs
@@ -193,6 +193,7 @@ public void CopiesOverAllReferencedComponentsToTheSubsetDocumentCorrectly()
             var targetExamples = subsetOpenApiDocument.Components.Examples;
 
             // Assert
+            Assert.Same(doc.Servers, subsetOpenApiDocument.Servers);
             Assert.False(responseHeader.UnresolvedReference);
             Assert.False(mediaTypeExample.UnresolvedReference);
             Assert.Single(targetHeaders);

From b67e0d7dc478db6b1e632d785fb57eaeae4b72ac Mon Sep 17 00:00:00 2001
From: Vincent Biret <vibiret@microsoft.com>
Date: Fri, 30 Aug 2024 08:52:58 -0400
Subject: [PATCH 03/11] fix: directly adds non-vulnerable versions of
 transitive deps to resolve alerts

---
 src/Microsoft.OpenApi.Hidi/Microsoft.OpenApi.Hidi.csproj      | 4 ++++
 .../Microsoft.OpenApi.Workbench.csproj                        | 2 ++
 .../Microsoft.OpenApi.Readers.Tests.csproj                    | 2 ++
 3 files changed, 8 insertions(+)

diff --git a/src/Microsoft.OpenApi.Hidi/Microsoft.OpenApi.Hidi.csproj b/src/Microsoft.OpenApi.Hidi/Microsoft.OpenApi.Hidi.csproj
index 21a7f677f..ee760451f 100644
--- a/src/Microsoft.OpenApi.Hidi/Microsoft.OpenApi.Hidi.csproj
+++ b/src/Microsoft.OpenApi.Hidi/Microsoft.OpenApi.Hidi.csproj
@@ -39,6 +39,10 @@
     <PackageReference Include="Microsoft.OpenApi.OData" Version="2.0.0-preview.2" />
     <PackageReference Include="Microsoft.OpenApi.ApiManifest" Version="0.5.0-preview" />
     <PackageReference Include="System.CommandLine.Hosting" Version="0.4.0-alpha.22272.1" />
+    <!--STJ
+    required until Microsoft.Extensions.Logging.Console and Microsoft.Extensions.Configuration.Json
+    update their dependencies -->
+    <PackageReference Include="System.Text.Json" Version="8.0.4" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/Microsoft.OpenApi.Workbench/Microsoft.OpenApi.Workbench.csproj b/src/Microsoft.OpenApi.Workbench/Microsoft.OpenApi.Workbench.csproj
index 4379c7595..0e7205ef0 100644
--- a/src/Microsoft.OpenApi.Workbench/Microsoft.OpenApi.Workbench.csproj
+++ b/src/Microsoft.OpenApi.Workbench/Microsoft.OpenApi.Workbench.csproj
@@ -10,6 +10,8 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.VisualStudio.Threading" Version="17.11.20" />
     <PackageReference Include="Microsoft.Windows.Compatibility" Version="8.0.8" />
+    <!-- Microsoft.Windows.Compatibility 8.0.8 depends on 8.0.0 this dependency can be removed once they update theirs -->
+    <PackageReference Include="System.Formats.Asn1" Version="8.0.1" />
   </ItemGroup>
   <ItemGroup>
     <Resource Include="Themes\Metro\HowToApplyTheme.txt" />
diff --git a/test/Microsoft.OpenApi.Readers.Tests/Microsoft.OpenApi.Readers.Tests.csproj b/test/Microsoft.OpenApi.Readers.Tests/Microsoft.OpenApi.Readers.Tests.csproj
index 3b6f7c76e..ebb063101 100644
--- a/test/Microsoft.OpenApi.Readers.Tests/Microsoft.OpenApi.Readers.Tests.csproj
+++ b/test/Microsoft.OpenApi.Readers.Tests/Microsoft.OpenApi.Readers.Tests.csproj
@@ -23,6 +23,8 @@
         <PackageReference Include="SharpYaml" Version="2.1.1" />
         <PackageReference Include="xunit" Version="2.9.0" />
         <PackageReference Include="xunit.runner.visualstudio" Version="2.8.2" PrivateAssets="all" />
+        <!--STJ required until Microsoft.Extensions.Logging.Console and Microsoft.Extensions.Configuration.Json update their dependencies -->
+        <PackageReference Include="System.Text.Json" Version="8.0.4" />
     </ItemGroup>
 
     <ItemGroup>

From 7995db95d82686d9eff0e6c6dd18545dda802450 Mon Sep 17 00:00:00 2001
From: Vincent Biret <vibiret@microsoft.com>
Date: Fri, 30 Aug 2024 14:28:28 -0400
Subject: [PATCH 04/11] ci: upgrades outdated nuget installer task

---
 .azure-pipelines/ci-build.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.azure-pipelines/ci-build.yml b/.azure-pipelines/ci-build.yml
index 77e92b36a..f381a4303 100644
--- a/.azure-pipelines/ci-build.yml
+++ b/.azure-pipelines/ci-build.yml
@@ -57,10 +57,10 @@ extends:
             version: 8.x
         
         # Install the nuget tool.
-        - task: NuGetToolInstaller@0
-          displayName: 'Use NuGet >=5.2.0'
+        - task: NuGetToolInstaller@1
+          displayName: 'Use NuGet >=6.11.0'
           inputs:
-            versionSpec: '>=5.2.0'
+            versionSpec: '>=6.11.0'
             checkLatest: true
 
         # Build the Product project

From 1f3c5711b4bcdbe9509a401c6734fefeb72261b5 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Sat, 31 Aug 2024 06:51:58 +0300
Subject: [PATCH 05/11] Bump Verify.Xunit from 26.2.0 to 26.3.0 (#1808)

Bumps [Verify.Xunit](https://github.com/VerifyTests/Verify) from 26.2.0 to 26.3.0.
- [Release notes](https://github.com/VerifyTests/Verify/releases)
- [Commits](https://github.com/VerifyTests/Verify/compare/26.2.0...26.3.0)

---
updated-dependencies:
- dependency-name: Verify.Xunit
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 test/Microsoft.OpenApi.Tests/Microsoft.OpenApi.Tests.csproj | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/Microsoft.OpenApi.Tests/Microsoft.OpenApi.Tests.csproj b/test/Microsoft.OpenApi.Tests/Microsoft.OpenApi.Tests.csproj
index 081f70390..6d5e1ad49 100644
--- a/test/Microsoft.OpenApi.Tests/Microsoft.OpenApi.Tests.csproj
+++ b/test/Microsoft.OpenApi.Tests/Microsoft.OpenApi.Tests.csproj
@@ -15,7 +15,7 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="SharpYaml" Version="2.1.1" />
-    <PackageReference Include="Verify.Xunit" Version="26.2.0" />
+    <PackageReference Include="Verify.Xunit" Version="26.3.0" />
     <PackageReference Include="xunit" Version="2.9.0" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.8.2" PrivateAssets="all" />
     <PackageReference Include="Microsoft.CSharp" Version="4.7.0" />

From af22a8d9db355c7dd5f5e6e4bf435fd4a558c7fd Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 3 Sep 2024 08:20:42 +0300
Subject: [PATCH 06/11] Bump Verify.Xunit from 26.3.0 to 26.3.1 (#1811)

Bumps [Verify.Xunit](https://github.com/VerifyTests/Verify) from 26.3.0 to 26.3.1.
- [Release notes](https://github.com/VerifyTests/Verify/releases)
- [Commits](https://github.com/VerifyTests/Verify/compare/26.3.0...26.3.1)

---
updated-dependencies:
- dependency-name: Verify.Xunit
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 test/Microsoft.OpenApi.Tests/Microsoft.OpenApi.Tests.csproj | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/test/Microsoft.OpenApi.Tests/Microsoft.OpenApi.Tests.csproj b/test/Microsoft.OpenApi.Tests/Microsoft.OpenApi.Tests.csproj
index 6d5e1ad49..ce9425dbc 100644
--- a/test/Microsoft.OpenApi.Tests/Microsoft.OpenApi.Tests.csproj
+++ b/test/Microsoft.OpenApi.Tests/Microsoft.OpenApi.Tests.csproj
@@ -15,7 +15,7 @@
     <PackageReference Include="Moq" Version="4.20.70" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="SharpYaml" Version="2.1.1" />
-    <PackageReference Include="Verify.Xunit" Version="26.3.0" />
+    <PackageReference Include="Verify.Xunit" Version="26.3.1" />
     <PackageReference Include="xunit" Version="2.9.0" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.8.2" PrivateAssets="all" />
     <PackageReference Include="Microsoft.CSharp" Version="4.7.0" />

From cf4201cad806e49b89f3f7c5d7a74f4b2c29748b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 3 Sep 2024 21:27:42 +0000
Subject: [PATCH 07/11] Bump Moq from 4.20.70 to 4.20.71

Bumps [Moq](https://github.com/moq/moq) from 4.20.70 to 4.20.71.
- [Release notes](https://github.com/moq/moq/releases)
- [Changelog](https://github.com/devlooped/moq/blob/main/changelog.md)
- [Commits](https://github.com/moq/moq/compare/v4.20.70...v4.20.71)

---
updated-dependencies:
- dependency-name: Moq
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 .../Microsoft.OpenApi.Hidi.Tests.csproj                         | 2 +-
 test/Microsoft.OpenApi.Tests/Microsoft.OpenApi.Tests.csproj     | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/test/Microsoft.OpenApi.Hidi.Tests/Microsoft.OpenApi.Hidi.Tests.csproj b/test/Microsoft.OpenApi.Hidi.Tests/Microsoft.OpenApi.Hidi.Tests.csproj
index 75c176305..a0689b473 100644
--- a/test/Microsoft.OpenApi.Hidi.Tests/Microsoft.OpenApi.Hidi.Tests.csproj
+++ b/test/Microsoft.OpenApi.Hidi.Tests/Microsoft.OpenApi.Hidi.Tests.csproj
@@ -13,7 +13,7 @@
   <ItemGroup>
     <PackageReference Include="coverlet.msbuild" Version="6.0.2" PrivateAssets="all" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.0" />
-    <PackageReference Include="Moq" Version="4.20.70" />
+    <PackageReference Include="Moq" Version="4.20.71" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="xunit" Version="2.9.0" />
     <PackageReference Include="xunit.runner.visualstudio" Version="2.8.2" PrivateAssets="all" />
diff --git a/test/Microsoft.OpenApi.Tests/Microsoft.OpenApi.Tests.csproj b/test/Microsoft.OpenApi.Tests/Microsoft.OpenApi.Tests.csproj
index ce9425dbc..9c91a65ab 100644
--- a/test/Microsoft.OpenApi.Tests/Microsoft.OpenApi.Tests.csproj
+++ b/test/Microsoft.OpenApi.Tests/Microsoft.OpenApi.Tests.csproj
@@ -12,7 +12,7 @@
     <PackageReference Include="coverlet.msbuild" Version="6.0.2" PrivateAssets="all" />
     <PackageReference Include="FluentAssertions" Version="6.12.0" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.0" />
-    <PackageReference Include="Moq" Version="4.20.70" />
+    <PackageReference Include="Moq" Version="4.20.71" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="SharpYaml" Version="2.1.1" />
     <PackageReference Include="Verify.Xunit" Version="26.3.1" />

From e85dfd0d8a12183a81e353c9b19b55cb8d5c9ea0 Mon Sep 17 00:00:00 2001
From: Maggiekimani1 <maggiekim42@gmail.com>
Date: Wed, 4 Sep 2024 12:39:44 +0300
Subject: [PATCH 08/11] Remove empty list initialization

---
 src/Microsoft.OpenApi/Models/OpenApiDocument.cs  | 5 ++---
 src/Microsoft.OpenApi/Models/OpenApiOperation.cs | 2 +-
 2 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/src/Microsoft.OpenApi/Models/OpenApiDocument.cs b/src/Microsoft.OpenApi/Models/OpenApiDocument.cs
index 201b321f1..745bb3cdb 100644
--- a/src/Microsoft.OpenApi/Models/OpenApiDocument.cs
+++ b/src/Microsoft.OpenApi/Models/OpenApiDocument.cs
@@ -1,4 +1,4 @@
-// Copyright (c) Microsoft Corporation. All rights reserved.
+// Copyright (c) Microsoft Corporation. All rights reserved.
 // Licensed under the MIT license.
 
 using System;
@@ -48,8 +48,7 @@ public class OpenApiDocument : IOpenApiSerializable, IOpenApiExtensible, IOpenAp
         /// <summary>
         /// A declaration of which security mechanisms can be used across the API.
         /// </summary>
-        public IList<OpenApiSecurityRequirement> SecurityRequirements { get; set; } =
-            new List<OpenApiSecurityRequirement>();
+        public IList<OpenApiSecurityRequirement> SecurityRequirements { get; set; }
 
         /// <summary>
         /// A list of tags used by the specification with additional metadata.
diff --git a/src/Microsoft.OpenApi/Models/OpenApiOperation.cs b/src/Microsoft.OpenApi/Models/OpenApiOperation.cs
index 69054740e..e4bf5cc39 100644
--- a/src/Microsoft.OpenApi/Models/OpenApiOperation.cs
+++ b/src/Microsoft.OpenApi/Models/OpenApiOperation.cs
@@ -91,7 +91,7 @@ public class OpenApiOperation : IOpenApiSerializable, IOpenApiExtensible, IOpenA
         /// This definition overrides any declared top-level security.
         /// To remove a top-level security declaration, an empty array can be used.
         /// </summary>
-        public IList<OpenApiSecurityRequirement> Security { get; set; } = new List<OpenApiSecurityRequirement>();
+        public IList<OpenApiSecurityRequirement> Security { get; set; }
 
         /// <summary>
         /// An alternative server array to service this operation.

From 18d99e6ebd2425a1196a886a740bfbd61ac2fca7 Mon Sep 17 00:00:00 2001
From: Maggiekimani1 <maggiekim42@gmail.com>
Date: Wed, 4 Sep 2024 12:40:15 +0300
Subject: [PATCH 09/11] Add tests

---
 .../V3Tests/OpenApiDocumentTests.cs           | 61 +++++++++++++++++++
 1 file changed, 61 insertions(+)

diff --git a/test/Microsoft.OpenApi.Readers.Tests/V3Tests/OpenApiDocumentTests.cs b/test/Microsoft.OpenApi.Readers.Tests/V3Tests/OpenApiDocumentTests.cs
index bb3db096f..a0bfa7c80 100644
--- a/test/Microsoft.OpenApi.Readers.Tests/V3Tests/OpenApiDocumentTests.cs
+++ b/test/Microsoft.OpenApi.Readers.Tests/V3Tests/OpenApiDocumentTests.cs
@@ -10,6 +10,7 @@
 using FluentAssertions;
 using Microsoft.OpenApi.Any;
 using Microsoft.OpenApi.Exceptions;
+using Microsoft.OpenApi.Extensions;
 using Microsoft.OpenApi.Interfaces;
 using Microsoft.OpenApi.Models;
 using Microsoft.OpenApi.Readers.Interface;
@@ -1432,5 +1433,65 @@ public void ParseBasicDocumentWithServerVariableAndNoDefaultShouldFail()
 
             diagnostic.Errors.Should().NotBeEmpty();
         }
+
+        [Fact]
+        public void ParseDocumentWithMissingSecuritySchemeDefaultsToNull()
+        {
+            // Arrange
+            var input = @"openapi: 3.0.0
+info:
+  title: test
+  version: ""1.0""
+paths:
+  /test:
+    get:
+      description: description for test path
+      responses:
+        '200':
+          description: test
+components:
+  securitySchemes:
+    apiKey0:
+      type: apiKey,
+      name: x-api-key,
+      in: header";
+
+            // Act && Assert
+            var doc = new OpenApiStringReader().Read(input, out var diagnostic);
+
+            doc.Paths["/test"].Operations[OperationType.Get].Security.Should().BeNull();
+            doc.SecurityRequirements.Should().BeNull();
+        }
+
+        [Fact]
+        public void ParseDocumentWithEmptySecuritySchemeDefaultsToEmptyList()
+        {
+            // Arrange
+            var input = @"openapi: 3.0.0
+info:
+  title: test
+  version: ""1.0""
+paths:
+  /test:
+    get:
+      description: description for test path
+      responses:
+        '200':
+          description: test
+      security: []
+security: 
+- apiKey0: []
+components:
+  securitySchemes:
+    apiKey0:
+      type: apiKey,
+      name: x-api-key,
+      in: header";
+
+            // Act && Assert
+            var doc = new OpenApiStringReader().Read(input, out var diagnostic);
+
+            doc.Paths["/test"].Operations[OperationType.Get].Security.Should().BeEmpty();
+        }
     }
 }

From 7143cd385df4dbe84e199ecfefe18d596fe15097 Mon Sep 17 00:00:00 2001
From: Maggiekimani1 <maggiekim42@gmail.com>
Date: Wed, 4 Sep 2024 12:57:36 +0300
Subject: [PATCH 10/11] Disable VisualStudio.Threading analyzers to eliminate
 build failures for dependent projects

---
 .../Microsoft.OpenApi.Readers.csproj                     | 9 ++++++++-
 src/Microsoft.OpenApi/Microsoft.OpenApi.csproj           | 9 ++++++++-
 2 files changed, 16 insertions(+), 2 deletions(-)

diff --git a/src/Microsoft.OpenApi.Readers/Microsoft.OpenApi.Readers.csproj b/src/Microsoft.OpenApi.Readers/Microsoft.OpenApi.Readers.csproj
index 0a517bbce..7768e3a89 100644
--- a/src/Microsoft.OpenApi.Readers/Microsoft.OpenApi.Readers.csproj
+++ b/src/Microsoft.OpenApi.Readers/Microsoft.OpenApi.Readers.csproj
@@ -3,7 +3,7 @@
         <TargetFramework>netstandard2.0</TargetFramework>
         <LangVersion>latest</LangVersion>
         <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
-        <Version>1.6.19</Version>
+        <Version>1.6.20</Version>
         <Description>OpenAPI.NET Readers for JSON and YAML documents</Description>
         <SignAssembly>true</SignAssembly>
         <!-- https://github.com/dotnet/sourcelink/blob/main/docs/README.md#embeduntrackedsources -->
@@ -22,6 +22,13 @@
         <PackageReference Include="SharpYaml" Version="2.1.1" />
     </ItemGroup>
 
+    <!-- Workaround to disable Microsoft.VisualStudio.Threading.Analyzers -->
+    <Target Name="DisableVSAnalyzers" BeforeTargets="CoreCompile" Condition=" '$(RunStaticAnalysis)' == '' OR '$(RunStaticAnalysis)' == 'false' ">
+        <ItemGroup>
+            <Analyzer Remove="@(Analyzer)" Condition=" '%(Filename)' == 'Microsoft.VisualStudio.Threading.Analyzers' OR '%(Filename)' == 'Microsoft.VisualStudio.Threading.Analyzers.CSharp' " />
+        </ItemGroup>
+    </Target>
+
     <ItemGroup>
         <ProjectReference Include="..\Microsoft.OpenApi\Microsoft.OpenApi.csproj" />
     </ItemGroup>
diff --git a/src/Microsoft.OpenApi/Microsoft.OpenApi.csproj b/src/Microsoft.OpenApi/Microsoft.OpenApi.csproj
index d889cc760..5db722570 100644
--- a/src/Microsoft.OpenApi/Microsoft.OpenApi.csproj
+++ b/src/Microsoft.OpenApi/Microsoft.OpenApi.csproj
@@ -3,7 +3,7 @@
         <TargetFramework>netstandard2.0</TargetFramework>
         <LangVersion>Latest</LangVersion>
         <GeneratePackageOnBuild>true</GeneratePackageOnBuild>
-        <Version>1.6.19</Version>
+        <Version>1.6.20</Version>
         <Description>.NET models with JSON and YAML writers for OpenAPI specification</Description>
         <SignAssembly>true</SignAssembly>
         <!-- https://github.com/dotnet/sourcelink/blob/main/docs/README.md#embeduntrackedsources -->
@@ -39,4 +39,11 @@
     <ItemGroup>
       <PackageReference Include="Microsoft.VisualStudio.Threading" Version="17.11.20" />
     </ItemGroup>
+
+    <!-- Workaround to disable Microsoft.VisualStudio.Threading.Analyzers -->
+    <Target Name="DisableVSAnalyzers" BeforeTargets="CoreCompile" Condition=" '$(RunStaticAnalysis)' == '' OR '$(RunStaticAnalysis)' == 'false' ">
+        <ItemGroup>
+            <Analyzer Remove="@(Analyzer)" Condition=" '%(Filename)' == 'Microsoft.VisualStudio.Threading.Analyzers' OR '%(Filename)' == 'Microsoft.VisualStudio.Threading.Analyzers.CSharp' " />
+        </ItemGroup>
+    </Target>
 </Project>

From 693d3e389c3a942eb61621c64b27b3a64addcb45 Mon Sep 17 00:00:00 2001
From: Maggiekimani1 <maggiekim42@gmail.com>
Date: Wed, 4 Sep 2024 15:38:45 +0300
Subject: [PATCH 11/11] Use privateAssets setting to control dependency assets

---
 .../Microsoft.OpenApi.Readers.csproj                 | 12 ++++--------
 src/Microsoft.OpenApi/Microsoft.OpenApi.csproj       | 11 +++--------
 2 files changed, 7 insertions(+), 16 deletions(-)

diff --git a/src/Microsoft.OpenApi.Readers/Microsoft.OpenApi.Readers.csproj b/src/Microsoft.OpenApi.Readers/Microsoft.OpenApi.Readers.csproj
index 7768e3a89..83bc1be2e 100644
--- a/src/Microsoft.OpenApi.Readers/Microsoft.OpenApi.Readers.csproj
+++ b/src/Microsoft.OpenApi.Readers/Microsoft.OpenApi.Readers.csproj
@@ -18,17 +18,13 @@
     </PropertyGroup>
 
     <ItemGroup>
-        <PackageReference Include="Microsoft.VisualStudio.Threading" Version="17.11.20" />
+        <PackageReference Include="Microsoft.VisualStudio.Threading" Version="17.11.20">
+            <PrivateAssets>all</PrivateAssets>
+        </PackageReference>
+
         <PackageReference Include="SharpYaml" Version="2.1.1" />
     </ItemGroup>
 
-    <!-- Workaround to disable Microsoft.VisualStudio.Threading.Analyzers -->
-    <Target Name="DisableVSAnalyzers" BeforeTargets="CoreCompile" Condition=" '$(RunStaticAnalysis)' == '' OR '$(RunStaticAnalysis)' == 'false' ">
-        <ItemGroup>
-            <Analyzer Remove="@(Analyzer)" Condition=" '%(Filename)' == 'Microsoft.VisualStudio.Threading.Analyzers' OR '%(Filename)' == 'Microsoft.VisualStudio.Threading.Analyzers.CSharp' " />
-        </ItemGroup>
-    </Target>
-
     <ItemGroup>
         <ProjectReference Include="..\Microsoft.OpenApi\Microsoft.OpenApi.csproj" />
     </ItemGroup>
diff --git a/src/Microsoft.OpenApi/Microsoft.OpenApi.csproj b/src/Microsoft.OpenApi/Microsoft.OpenApi.csproj
index 5db722570..61680a879 100644
--- a/src/Microsoft.OpenApi/Microsoft.OpenApi.csproj
+++ b/src/Microsoft.OpenApi/Microsoft.OpenApi.csproj
@@ -37,13 +37,8 @@
     </ItemGroup>
 
     <ItemGroup>
-      <PackageReference Include="Microsoft.VisualStudio.Threading" Version="17.11.20" />
+      <PackageReference Include="Microsoft.VisualStudio.Threading" Version="17.11.20" >
+          <PrivateAssets>all</PrivateAssets>
+      </PackageReference>
     </ItemGroup>
-
-    <!-- Workaround to disable Microsoft.VisualStudio.Threading.Analyzers -->
-    <Target Name="DisableVSAnalyzers" BeforeTargets="CoreCompile" Condition=" '$(RunStaticAnalysis)' == '' OR '$(RunStaticAnalysis)' == 'false' ">
-        <ItemGroup>
-            <Analyzer Remove="@(Analyzer)" Condition=" '%(Filename)' == 'Microsoft.VisualStudio.Threading.Analyzers' OR '%(Filename)' == 'Microsoft.VisualStudio.Threading.Analyzers.CSharp' " />
-        </ItemGroup>
-    </Target>
 </Project>