search

icerpc / icerpc-csharp

A C# RPC framework built for QUIC, with bidirectional streaming, first-class async/await, and Protobuf support.
https://docs.icerpc.dev
Apache License 2.0
98 stars 13 forks source link

CI build failing on main #4020

Open pepone opened 1 month ago

pepone commented 1 month ago

The new NuGet audit feature is breaking CI build.

/home/runner/work/icerpc-csharp/icerpc-csharp/tests/IceRpc.Compressor.Tests/IceRpc.Compressor.Tests.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-hh2w-p6rv-4g7w [/home/runner/work/icerpc-csharp/icerpc-csharp/IceRpc.sln]
  Restored /home/runner/work/icerpc-csharp/icerpc-csharp/src/IceRpc.RequestContext/IceRpc.RequestContext.csproj (in 4 ms).
  Restored /home/runner/work/icerpc-csharp/icerpc-csharp/src/IceRpc.Protobuf/IceRpc.Protobuf.csproj (in 4 ms).
/home/runner/work/icerpc-csharp/icerpc-csharp/tests/IceRpc.Retry.Tests/IceRpc.Retry.Tests.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-hh2w-p6rv-4g7w [/home/runner/work/icerpc-csharp/icerpc-csharp/IceRpc.sln]

We specify 8.0.* for the only reference to System.Text.Json not clear where the 8.0.0 System.Text.Json comes from

pepone commented 1 month ago

Similar issue in https://github.com/dotnet/runtime/issues/104737