Merge pull request #10668 from NuGet/main

v-ponkumar · web-flow · commit 09abddebe32f · 2026-01-13T10:42:17.000+05:30
[ReleasePrep][2025.12.23]FI of main into dev
diff --git a/.github/policies/resourceManagement.yml b/.github/policies/resourceManagement.yml
@@ -0,0 +1,70 @@
+id: 
+name: GitOps.PullRequestIssueManagement
+description: Issue management and triage
+owner: 
+resource: repository
+disabled: false
+where: 
+configuration:
+  resourceManagementConfiguration:
+    scheduledSearches:
+      - description: Warn the authors on issues that are 'Need More Info', and have not received any activity for 1 week
+        frequencies:
+          - hourly:
+              hour: 1
+        filters:
+          - isOpen
+          - noActivitySince:
+              days: 7
+          - hasLabel:
+              label: Need More Info
+          - isNotLabeledWith:
+              label: DoNotClose
+        actions:
+          - addLabel:
+              label: Stale   
+          - addReply:
+              reply: "${issueAuthor}, this issue will be closed soon due to inactivity. Please add more information to help us triage this issue."
+      - description: Labeling lower priority non-Feature issues that have not received any activity for 18 months as Stale
+        frequencies:
+          - hourly:
+              hour: 1
+        filters:
+          - isOpen
+          - noActivitySince:
+              days: 548
+          - isNotLabeledWith:
+              label: Priority - 1
+          - isNotLabeledWith:
+              label: Priority - 2
+          - isNotLabeledWith:
+              label: feature-request
+          - isNotLabeledWith:
+              label: Feature suggestion
+          - isNotLabeledWith:
+              label: Type:Feature   
+          - isNotLabeledWith:
+              label: DoNotClose
+        actions:
+          - addReply:
+              reply: "${issueAuthor}, this issue has been labeled with Stale due to inactivity for 18 months."
+          - addLabel:
+              label: Stale        
+      - description: Close issues marked with OkToClose 
+        frequencies:
+          - hourly:
+              hour: 1
+        filters:
+          - isOpen
+          - hasLabel:
+              label: OkToClose
+        actions:
+          - closeIssue
+          - removeLabel:
+              label: OkToClose
+          - removeLabel:
+              label: Triaged
+          - addReply:
+              reply: "${issueAuthor}, This issue was closed after the OkToClose label was applied. If you have additional details or questions, please don't hesitate to reopen it."
+onFailure:
+onSuccess:
diff --git a/.github/workflows/prioritize-by-reactions.yaml b/.github/workflows/prioritize-by-reactions.yaml
@@ -0,0 +1,93 @@
+name: Prioritize Issues by Reactions
+
+on:
+   schedule:
+     - cron: '0 0 * * *'   # Runs once a day at midnight UTC
+   workflow_dispatch:       # Allows manual runs
+jobs:
+  prioritize:
+    permissions:
+      issues: write
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout repo
+        uses: actions/checkout@v3
+
+      - name: Install jq
+        run: sudo apt-get install -y jq
+
+      - name: Prioritize issues by reactions
+        env:
+          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          REPO: NuGet/NuGetGallery
+          BUG_HIGH: 10
+          BUG_MEDIUM: 5
+          FEATURE_MEDIUM: 25
+        run: |
+          issue_numbers=$(gh issue list -R "$REPO" --state open --limit 1000 --json number -q '.[].number')
+
+          for ISSUE in $issue_numbers; do
+            echo "🔍 Checking Issue #$ISSUE"
+
+            # Get issue labels
+            labels=$(gh issue view $ISSUE -R $REPO --json labels -q '.labels[].name' | tr '\n' ' ')
+            echo "   Labels: $labels"
+
+            reactions=$(curl -s \
+              -H "Accept: application/vnd.github.squirrel-girl-preview+json" \
+              -H "Authorization: token $GH_TOKEN" \
+              https://api.github.com/repos/$REPO/issues/$ISSUE/reactions)
+
+            total=$(echo "$reactions" | jq 'length')
+
+            # Determine priority based on issue type
+            if echo "$labels" | grep -q "Type:Bug"; then
+              echo "   🐛 Bug issue detected"
+              if [ "$total" -ge "$BUG_HIGH" ]; then
+                priority="Priority - 1"
+              elif [ "$total" -ge "$BUG_MEDIUM" ]; then
+                priority="Priority - 2"
+              else
+                priority="Priority - 3"
+              fi
+              echo "👉 Issue #$ISSUE has $total reactions — Assigning label: $priority"
+            elif echo "$labels" | grep -q "Type:Feature" || echo "$labels" | grep -q "feature-request"; then
+              echo "   ✨ Feature request detected"
+              if [ "$total" -ge "$FEATURE_MEDIUM" ]; then
+                priority="Priority - 1"
+                echo "👉 Issue #$ISSUE has $total reactions — Assigning label: $priority"
+              else
+                priority="Priority - 2"
+                echo "👉 Issue #$ISSUE has $total reactions — Assigning label: $priority"
+              fi
+            else
+              echo "👉 Issue #$ISSUE has no Type:Bug, Type:Feature, feature-request label — Skipping prioritization"
+              continue
+            fi
+
+            # Get current Priority:* label (if any)
+            current_priority=$(gh issue view $ISSUE -R $REPO --json labels -q '.labels[].name' | grep '^Priority - ' || echo "")
+
+            if [[ "$current_priority" != "$priority" ]]; then
+              # Check if current priority label was added by github-actions
+              if [[ -n "$current_priority" ]]; then
+                # Get the timeline events to see who added the current priority label
+                label_added_by=$(gh api repos/$REPO/issues/$ISSUE/timeline --paginate | jq -r --arg label "$current_priority" '.[] | select(.event == "labeled" and .label.name == $label) | .actor.login' | tail -1)
+
+                if [[ "$label_added_by" != "github-actions[bot]" ]]; then
+                  echo "   🚫 Priority label '$current_priority' was set by '$label_added_by' (not github-actions), skipping update"
+                  continue
+                fi
+
+                echo "   ⏹️  Removing old label: $current_priority (was set by github-actions)"
+                gh issue edit $ISSUE -R $REPO --remove-label "$current_priority"
+              fi
+
+              echo "   ➕ Adding new label: $priority"
+              gh issue edit $ISSUE -R $REPO --add-label "$priority"
+            else
+              echo "   ✅ Priority label already correct: $priority"
+            fi
+            echo ""
+          done
diff --git a/RemovedPackages.md b/RemovedPackages.md
@@ -88,6 +88,12 @@ Scanning is not perfect. Community partnership is a very valuable part of the ov
 |    Netherеum.All      |    10/20/2025    |    Potentially Malicious    |
 |    toolsay            |    10/20/2025    |    Untrustworthy            |
 |    MiniMutex version 1.2.4    |    12/04/2025    |    Potentially Malicious    |
+|    Tracer.Fody.NLog   |    12/17/2025    |    Malware                  |
+|    Gp4Framework 0.0.9 |    12/17/2025    |    Potentially Malicious    |
+|    Gp4Framework 0.1.0 |    12/17/2025    |    Potentially Malicious    |
+|    SystemDiagnosticsv324824726 1.0.0   |    01/09/2026    |   Malware  |
+|    SystemDiagnosticsv324824726 1.2.0   |    01/09/2026    |   Malware  |
+|    SystemDiagnosticsV2.5467 1.0.0      |    01/09/2026    |   Malware  |
 
 
 
diff --git a/src/Bootstrap/package-lock.json b/src/Bootstrap/package-lock.json
