Closed ViktorHofer closed 6 days ago
Issue is missing Type label, remember to add a Type label
For hotseat:
dotnet restore
or with dotnet build only?A binlog might help us narrow down where the 2nd warning is coming from.
This happens when doing a dotnet build
which implicitly and incrementally performs a restore. It doesn't happen when only doing a dotnet restore
as then, only the Restore
target is called, but not the Build
target.
Here's a sample:
app.csproj
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>netstandard1.6</TargetFramework>
</PropertyGroup>
</Project>
Invoke dotnet build
on it (with a nightly P7 SDK -> https://github.com/dotnet/sdk/blob/main/documentation/package-table.md) and you will see the warning logged twice.
I'm guessing the 2nd warning is somehow replayed by the SDK then? Might be an SDK bug.
For hotseat:
- Does this happen every time?
- Does this happen with
dotnet restore
or with dotnet build only?- What about nuget.exe/msbuild?
A binlog might help us narrow down where the 2nd warning is coming from.
dotnet build
dotnet restore
only reports the error oncenuget.exe restore
does not show any vulnerability warnings. msbuild /t:restore
only shows 1 warning.I also reproduced this with .NET SDK 8.0.400-preview.0.24324.5
Team Triage: Since the replaying of the warnings is happening at build time as confirmed by both Donie and Viktor, we'll move this to the .NET SDK.
I assume the warning is logged both during restore and during the build target.