icerpc-csharp icon indicating copy to clipboard operation
icerpc-csharp copied to clipboard
verified publisher icon icerpc

CI build failing on main

Open pepone opened this issue 1 year ago • 1 comments

The new NuGet audit feature is breaking CI build.

/home/runner/work/icerpc-csharp/icerpc-csharp/tests/IceRpc.Compressor.Tests/IceRpc.Compressor.Tests.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-hh2w-p6rv-4g7w [/home/runner/work/icerpc-csharp/icerpc-csharp/IceRpc.sln]
  Restored /home/runner/work/icerpc-csharp/icerpc-csharp/src/IceRpc.RequestContext/IceRpc.RequestContext.csproj (in 4 ms).
  Restored /home/runner/work/icerpc-csharp/icerpc-csharp/src/IceRpc.Protobuf/IceRpc.Protobuf.csproj (in 4 ms).
/home/runner/work/icerpc-csharp/icerpc-csharp/tests/IceRpc.Retry.Tests/IceRpc.Retry.Tests.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-hh2w-p6rv-4g7w [/home/runner/work/icerpc-csharp/icerpc-csharp/IceRpc.sln]

We specify 8.0.* for the only reference to System.Text.Json not clear where the 8.0.0 System.Text.Json comes from

pepone avatar Jul 15 '24 19:07 pepone

Similar issue in https://github.com/dotnet/runtime/issues/104737

pepone avatar Jul 15 '24 19:07 pepone