Skip to content

Enable NuGet Audit #15018

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Aug 26, 2024
+13 −2
Merged

Enable NuGet Audit #15018

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
afe6344
Enable NuGet Audit
ViktorHofer Aug 21, 2024
4fe8a46
Resolve Microsoft.IO.Redist/6.0.0 vulnerability
ViktorHofer Aug 21, 2024
bc6b806
Suppress STJ/8.0.0 advisory
ViktorHofer Aug 21, 2024
d360778
Update BuildTask.Packages.props
ViktorHofer Aug 26, 2024
f237b71
Update Directory.Build.props
ViktorHofer Aug 26, 2024
37d7ce1
Update Directory.Build.props
ViktorHofer Aug 26, 2024
257bb53
Update BuildTask.Packages.props
ViktorHofer Aug 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion Directory.Packages.props
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,7 @@
<PackageVersion Include="Microsoft.Build.Tasks.Core" Version="$(MicrosoftBuildTasksCoreVersion)" />
<PackageVersion Include="Microsoft.Build.Utilities.Core" Version="$(MicrosoftBuildUtilitiesCoreVersion)" />
<PackageVersion Include="Microsoft.Build" Version="$(MicrosoftBuildVersion)" />
<PackageVersion Include="Microsoft.IO.Redist" Version="6.0.1" /> <!-- Pin transitive dependency to avoid vulnerable 6.0.0 version. -->
<!-- nuget -->
<PackageVersion Include="NuGet.Commands" Version="$(NuGetCommandsVersion)" />
<PackageVersion Include="NuGet.Frameworks" Version="$(NuGetFrameworksVersion)" />
Expand Down Expand Up @@ -83,7 +84,6 @@
<PackageVersion Include="Microsoft.DataServices.Client" Version="$(MicrosoftDataServicesClientVersion)" />
<PackageVersion Include="Microsoft.Diagnostics.Runtime" Version="1.0.5" />
<PackageVersion Include="Microsoft.Identity.Client" Version="4.61.3" />
<PackageVersion Include="Microsoft.IO.Redist" Version="6.0.1" />
<PackageVersion Include="Microsoft.OpenApi" Version="1.3.2" />
<PackageVersion Include="Microsoft.OpenApi.Readers" Version="1.3.2" />
<PackageVersion Include="Microsoft.Signed.Wix" Version="$(MicrosoftSignedWixVersion)" />
Expand Down
4 changes: 4 additions & 0 deletions NuGet.config
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -14,6 +14,10 @@
<add key="dotnet9" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet9/nuget/v3/index.json" />
<add key="dotnet9-transport" value="https://pkgs.dev.azure.com/dnceng/public/_packaging/dotnet9-transport/nuget/v3/index.json" />
</packageSources>
<auditSources>
<clear />
<add key="nuget.org" value="https://api.nuget.org/v3/index.json" />
</auditSources>
<disabledPackageSources>
<clear />
</disabledPackageSources>
Expand Down
5 changes: 5 additions & 0 deletions eng/BuildTask.Packages.props
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,9 @@
<PackageVersion Update="Microsoft.Extensions.Logging.Console" Version="8.0.0" />
</ItemGroup>

<!-- Suppress System.Text.Json/8.0.0 advisory as desktop msbuild doesn't yet provide binding redirects for the non-vulnerable version (8.0.4). -->
<ItemGroup>
<NuGetAuditSuppress Include="https://github.com/advisories/GHSA-hh2w-p6rv-4g7w" />
</ItemGroup>

</Project>