From 9a8e29343f8dfdc2a6bd1d96fddbd7249b135c61 Mon Sep 17 00:00:00 2001 From: Andy Zivkovic Date: Sun, 18 Aug 2024 07:59:42 +0930 Subject: [PATCH] Update NuGetAuditSuppress info in NU1901-4 docs (#3332) --- docs/reference/errors-and-warnings/NU1901-NU1904.md | 9 +-------- 1 file changed, 1 insertion(+), 8 deletions(-) diff --git a/docs/reference/errors-and-warnings/NU1901-NU1904.md b/docs/reference/errors-and-warnings/NU1901-NU1904.md index e0c986676..08ef6fd06 100644 --- a/docs/reference/errors-and-warnings/NU1901-NU1904.md +++ b/docs/reference/errors-and-warnings/NU1901-NU1904.md @@ -47,14 +47,7 @@ For example, `high`. If you would like to suppress a specific advisory, add an MSBuild [NuGetAuditSuppress](../../concepts/Auditing-Packages.md#excluding-advisories) item. For example ``. +`NuGetAuditSuppress` is available from VS 17.11 and .NET 8.0.400 SDK for projects using `PackageReference`, and from VS 17.12 for projects using `packages.config`. If you do not want NuGet to check for packages with known vulnerabilities during restore, add `false` inside a `` in your project file, or a [`Directory.Build.props` file](/visualstudio/msbuild/customize-by-directory). If you would like to run NuGet Audit on developer machines, but disable it on CI pipelines, you can take advantage of MSBuild importing environment variables, and create a NuGetAudit environment variable set to `false` in your pipeline definition. - -> [!NOTE] -> The initial release of NuGetAudit [does not provide a way to suppress specific advisories (URLs)](https://github.com/NuGet/Home/issues/11926). -> It is a feature we intend on adding based on prioritization of other improvements. -> -> As a mitigation, you can add an appropriate `NoWarn` to your `PackageReference` declarations. -> For example, ``. -> However, be aware that this will prevent new vulnerabilities of the same severity from being reported to you.