Skip to content

Commit

Permalink
Merge pull request #474 from microsoft/chore/nuget-suppressions
Browse files Browse the repository at this point in the history 
chore: uses nuget suppressions for CVEs
  • Loading branch information
@baywet
baywet authored Nov 18, 2024
2 parents e366f10 + bb8f67c commit 3768f36
Show file tree
Hide file tree
Showing 3 changed files with 8 additions and 8 deletions.
6 changes: 6 additions & 0 deletions Directory.Build.props
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,4 +17,10 @@
<IsPackable>false</IsPackable>
<OutputType>Library</OutputType>
</PropertyGroup>
<ItemGroup>
<!-- The target application is the one which will resolve the correct version.
When the version range is updated to > 8.0.4 in the future, remove the GHSA suppression -->
<NuGetAuditSuppress Include="https://github.com/advisories/GHSA-hh2w-p6rv-4g7w" />
<NuGetAuditSuppress Include="https://github.com/advisories/GHSA-8g4q-xg66-9fp4" />
</ItemGroup>
</Project>
5 changes: 1 addition & 4 deletions src/http/httpClient/Microsoft.Kiota.Http.HttpClientLibrary.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,7 @@
<ItemGroup
Condition="'$(TargetFramework)' == 'net5.0' or '$(TargetFramework)'== 'netStandard2.0' or '$(TargetFramework)' == 'netStandard2.1' or '$(TargetFramework)' == 'net462'">
<PackageReference Include="System.Diagnostics.DiagnosticSource" Version="[6.0,)" />
<!-- suppressed because of this CVE https://github.com/advisories/GHSA-hh2w-p6rv-4g7w
The target application is the one which will resolve the correct version
when the version range is updated to > 8.0.4 in the future, remove the nowarn suppression -->
<PackageReference Include="System.Text.Json" Version="[6.0,)" NoWarn="NU1903" />
<PackageReference Include="System.Text.Json" Version="[6.0,)" />
</ItemGroup>

<ItemGroup Condition="'$(TargetFramework)' == 'net462'">
Expand Down
5 changes: 1 addition & 4 deletions src/serialization/json/Microsoft.Kiota.Serialization.Json.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,7 @@
<!-- NET 5 target to be removed on next major version-->
<ItemGroup
Condition="'$(TargetFramework)' == 'net5.0' or '$(TargetFramework)'== 'netStandard2.0' or '$(TargetFramework)' == 'netStandard2.1'">
<!-- suppressed because of this CVE https://github.com/advisories/GHSA-hh2w-p6rv-4g7w
The target application is the one which will resolve the correct version
when the version range is updated to > 8.0.4 in the future, remove the nowarn suppression -->
<PackageReference Include="System.Text.Json" Version="[6.0,)" NoWarn="NU1903" />
<PackageReference Include="System.Text.Json" Version="[6.0,)" />
</ItemGroup>

<ItemGroup>
Expand Down

0 comments on commit 3768f36

Please sign in to comment.