search

icerpc / icerpc-csharp

A C# RPC framework built for QUIC, with bidirectional streaming, first-class async/await, and Protobuf support.
https://docs.icerpc.dev
Apache License 2.0
102 stars 13 forks source link

Build fail with error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.0 has a known high severity vulnerability, #4032

Closed bernardnormier closed 2 weeks ago

bernardnormier commented 2 weeks ago

I can't build icerpc-csharp after upgrading to the latest .NET 9 preview on macos:

dotnet build -nr:false -c Debug
    /Users/bernard/builds/icerpc-csharp/tests/IceRpc.Extensions.DependencyInjection.Tests/IceRpc.Extensions.DependencyInjection.Tests.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-hh2w-p6rv-4g7w
    /Users/bernard/builds/icerpc-csharp/tests/IceRpc.Deadline.Tests/IceRpc.Deadline.Tests.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-hh2w-p6rv-4g7w
    /Users/bernard/builds/icerpc-csharp/tests/IceRpc.Quic.Tests/IceRpc.Quic.Tests.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-hh2w-p6rv-4g7w
    /Users/bernard/builds/icerpc-csharp/tests/IceRpc.Slice.Tests/IceRpc.Slice.Tests.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-hh2w-p6rv-4g7w
    /Users/bernard/builds/icerpc-csharp/tests/IceRpc.Conformance.Tests/IceRpc.Conformance.Tests.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-hh2w-p6rv-4g7w
    /Users/bernard/builds/icerpc-csharp/tests/IceRpc.Tests/IceRpc.Tests.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-hh2w-p6rv-4g7w
    /Users/bernard/builds/icerpc-csharp/tests/IceRpc.RequestContext.Tests/IceRpc.RequestContext.Tests.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-hh2w-p6rv-4g7w
    ...
dotnet --version
9.0.100-preview.7.24407.12

Related to #4020, but not for CI.

bernardnormier commented 2 weeks ago

Add /p:NuGetAudit=false to the dotnet build|test command works-around this issue.