[Bug]: Metadata like PrivateAssets does not flow from parent to transitively pinned dependency in CPM #10311
Description
Tested and verified to repro on .NET Core SDK versions: 3.1.401, 5.0.100
This is an adoption blocker for our teams.
When CPVM is active, package dependencies are retained to transitive references with pinned versions even if their direct reference had PrivateAssets="all" set on them.
Given this simple csproj:
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>netstandard2.0</TargetFramework>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="MicroBuild.VisualStudio" PrivateAssets="all" />
</ItemGroup>
</Project>and a Directory.Packages.props file with this content:
<Project>
<ItemGroup>
<PackageVersion Include="MicroBuild" Version="2.0.61" />
<PackageVersion Include="MicroBuild.VisualStudio" Version="2.0.61" />
</ItemGroup>
</Project>and a Directory.Build.props file with this content:
<Project>
<PropertyGroup>
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
<CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
</PropertyGroup>
</Project>EXPECTED
The packed project contains no dependency because its only PackageReference has PrivateAssets="all" metadata.
ACTUAL
The resulting package has a nuspec that expresses a dependency on a transitively referenced package:
<dependencies>
<group targetFramework=".NETStandard2.0">
<dependency id="MicroBuild" version="2.0.61" exclude="Build,Analyzers" />
</group>
</dependencies>Sample Project
Minimal repro: issue10311.zip