Skip to content

Suppress NuGet vulnerability audit warnings in RepoTasks#66423

Merged
wtgodbe merged 2 commits intodotnet:mainfrom
wtgodbe:wtgodbe/fix-nu1903
Apr 23, 2026
Merged

Suppress NuGet vulnerability audit warnings in RepoTasks#66423
wtgodbe merged 2 commits intodotnet:mainfrom
wtgodbe:wtgodbe/fix-nu1903

Conversation

@wtgodbe
Copy link
Copy Markdown
Member

@wtgodbe wtgodbe commented Apr 22, 2026
edited
Loading

RepoTasks is a build-time MSBuild task project that is not shipped to customers. Suppress NU1901-NU1904 vulnerability audit warnings to unblock the internal CI pipeline, which has been 100% broken for 24+ hours due to a newly published advisory for the transitive dependency System.Security.Cryptography.Xml 8.0.0.

Relates to #66348

@wtgodbe
Suppress NuGet vulnerability audit warnings in RepoTasks
adb689a 
RepoTasks is a build-time MSBuild task project that is not shipped to
customers. Suppress NU1901-NU1904 vulnerability audit warnings to
unblock the internal CI pipeline, which has been 100% broken for 24+
hours due to a newly published advisory for the transitive dependency
System.Security.Cryptography.Xml 8.0.0.

Affects main, release/10.0, and internal/release/10.0-nonstable.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings April 22, 2026 20:42
@wtgodbe wtgodbe requested a review from a team as a code owner April 22, 2026 20:42
@github-actions github-actions Bot added the area-infrastructure Includes: MSBuild projects/targets, build scripts, CI, Installers and shared framework label Apr 22, 2026
@wtgodbe
Copy link
Copy Markdown
Member Author

wtgodbe commented Apr 22, 2026

/backport to release/10.0

@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Apr 22, 2026

Started backporting to release/10.0 (link to workflow run)

@github-actions github-actions Bot mentioned this pull request Apr 22, 2026
Merged
11 tasks
Copilot AI reviewed Apr 22, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Suppresses NuGet vulnerability-audit warnings in the RepoTasks build-time MSBuild task project to unblock CI restores/builds that are currently failing due to NU190x being treated as errors.

Changes:

  • Adds project-level suppression for NU1901–NU1904 via NoWarn in RepoTasks.csproj.

Comment thread eng/tools/RepoTasks/RepoTasks.csproj Outdated
Comment thread eng/tools/RepoTasks/RepoTasks.csproj Outdated
@wtgodbe
Update eng/tools/RepoTasks/RepoTasks.csproj
f9c044e 
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
@wtgodbe wtgodbe merged commit ace3934 into dotnet:main Apr 23, 2026
25 checks passed
@dotnet-policy-service dotnet-policy-service Bot added this to the 11.0-preview4 milestone Apr 23, 2026
@dotnet-maestro dotnet-maestro Bot mentioned this pull request Apr 24, 2026
Open
@wtgodbe wtgodbe modified the milestones: 11.0-preview4, 11.0-preview5 Apr 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

No one assigned

Labels

area-infrastructure Includes: MSBuild projects/targets, build scripts, CI, Installers and shared framework

Projects

None yet

Milestone

11.0-preview5

Development

Successfully merging this pull request may close these issues.

2 participants

@wtgodbe