Skip to content

Commit

Permalink
chore: uses nuget suppressions for CVEs
Browse files Browse the repository at this point in the history 
Signed-off-by: Vincent Biret <[email protected]>
  • Loading branch information
@baywet
baywet committed Nov 15, 2024
1 parent e366f10 commit 3e1ea11
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 8 deletions.
9 changes: 5 additions & 4 deletions src/http/httpClient/Microsoft.Kiota.Http.HttpClientLibrary.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,11 @@
<ItemGroup
Condition="'$(TargetFramework)' == 'net5.0' or '$(TargetFramework)'== 'netStandard2.0' or '$(TargetFramework)' == 'netStandard2.1' or '$(TargetFramework)' == 'net462'">
<PackageReference Include="System.Diagnostics.DiagnosticSource" Version="[6.0,)" />
<!-- suppressed because of this CVE https://github.com/advisories/GHSA-hh2w-p6rv-4g7w
The target application is the one which will resolve the correct version
when the version range is updated to > 8.0.4 in the future, remove the nowarn suppression -->
<PackageReference Include="System.Text.Json" Version="[6.0,)" NoWarn="NU1903" />
<!-- The target application is the one which will resolve the correct version.
When the version range is updated to > 8.0.4 in the future, remove the GHSA suppression -->
<PackageReference Include="System.Text.Json" Version="[6.0,)" />
<NuGetAuditSuppress Include="https://github.com/advisories/GHSA-hh2w-p6rv-4g7w" />
<NuGetAuditSuppress Include="https://github.com/advisories/GHSA-8g4q-xg66-9fp4" />
</ItemGroup>

<ItemGroup Condition="'$(TargetFramework)' == 'net462'">
Expand Down
9 changes: 5 additions & 4 deletions src/serialization/json/Microsoft.Kiota.Serialization.Json.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -14,10 +14,11 @@
<!-- NET 5 target to be removed on next major version-->
<ItemGroup
Condition="'$(TargetFramework)' == 'net5.0' or '$(TargetFramework)'== 'netStandard2.0' or '$(TargetFramework)' == 'netStandard2.1'">
<!-- suppressed because of this CVE https://github.com/advisories/GHSA-hh2w-p6rv-4g7w
The target application is the one which will resolve the correct version
when the version range is updated to > 8.0.4 in the future, remove the nowarn suppression -->
<PackageReference Include="System.Text.Json" Version="[6.0,)" NoWarn="NU1903" />
<!-- The target application is the one which will resolve the correct version.
When the version range is updated to > 8.0.4 in the future, remove the GHSA suppression -->
<PackageReference Include="System.Text.Json" Version="[6.0,)" />
<NuGetAuditSuppress Include="https://github.com/advisories/GHSA-hh2w-p6rv-4g7w" />
<NuGetAuditSuppress Include="https://github.com/advisories/GHSA-8g4q-xg66-9fp4" />
</ItemGroup>

<ItemGroup>
Expand Down

0 comments on commit 3e1ea11

Please sign in to comment.