Support for Central Package Management

[ac931274]

Microsoft is now encouraging the use of Central Package Management (https://devblogs.microsoft.com/nuget/introducing-central-package-management/), this is where the version numbers are stored centrally in a solution for the NuGet packages. When running NuGetDefense on a solution that uses CPM you get the message Warning : Unable to find a version for this package. It will be ignored.. Please can you add support to support CPM.

[digitalcoyote]

Absolutely. I'll start looking into this.

[digitalcoyote]

I'm still planning on adding this, but I've been dealing with extra hours for my day job (new responsibilities, frameworks, etc...). I'm also prioritizing some existing bugs and documentation. That said. If anyone gets this in a PR before I get to it. I'll definitely consider merging it in.

[digitalcoyote]

OK, so my first draft of how to handle this :

1. Check for a new Option in the config file for nugetdefense (ex. CentralPackageManagementFilePath) that is a path to the Directory.Packages.props file (absolute or relative to the config file).
2. Check the directory containnig the projectFile, NuGetDefense.json (config file), and the parent directory of both of those for the Directory.Packages.props file. If it doesn't exist, assume that Central Package Management is not in use.

[digitalcoyote]

I haven't gotten a chance to look at this in months. Anyone willing to look into it would be appreciated. Otherwise I'll try to get to it soon.