Warn when uploading a direct dependency contains a vulnerability

NuGet / NuGetGallery

NuGet Gallery is a package repository that powers https://www.nuget.org. Use this repo for reporting NuGet.org issues.

https://www.nuget.org/

Apache License 2.0

1.52k stars 643 forks source link

Warn when uploading a direct dependency contains a vulnerability #10019

Open martinrrm opened 2 weeks ago

martinrrm commented 2 weeks ago

This PR adds warnings to direct package vulnerabilities when uploading a package. ** This is still a draft because it's missing the UI part, but wanted to start with the reviews

Design Spec: https://github.com/NuGet/Engineering/pull/5431

Addresses https://github.com/NuGet/NuGetGallery/issues/9436