Version of a Project Reference defaults to 1.0.0.0 in deps.json file

[dcm99]

I have an application with a plugin architecture where I use the dependency context of the host application (deps.json) to determine which dependencies need to be loaded and which are already provided by the host application.
Now I have the problem that all project references that are versioned by Nerbank.GitVersioning have the default version 1.0.0.0 in the deps.json file, but the *.dll files are versioned correctly.
In this example, I have a test project with two dependencies. One library is versioned with NerdBank.GitVersioning, the other has the version set in the *.csproj file. In the deps.json file of the main application, only the library managed with NerdBank.GitVersioning defaults to V1.0.0.0.
I am probably better of calculating the dependency context of the host application at runtime, rather than rely on the static deps.json file.
But since this behaviour could also cause problems in other scenarios that depend on the deps.json file, I created this issue.

[AArnott]

I was aware that the project.assets.json file would have 1.0.0.0 versions for referenced projects. I wasn't aware this could propagate to the built output via the deps.json file.

This seems to me a nuget or .NET SDK bug.