-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[NETSDKE2E]Warning "NU1903: Package 'System.Text.Json' 6.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-hh2w-p6rv-4g7w" displays after building mstest project in CLI. #42091
Comments
I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label. |
1 similar comment
I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label. |
may relate to #42073 |
Is this an existing test project or a new one using the test templates? Earlier this week a security fix was released for STJ. Additionally, nuget has enabled auditing in .net9 to flag insecure references. Those have combined to lead to this so the app in question needs to be updated (hence me wondering if it's the mstest template or an existing project)? CC @ericstj |
There was a problem that incorrectly marked STJ 6.x as vulnerable yesterday. Please try again and see if it's fixed. @rbhanda @eiriktsarpalis The version range was corrected but it took time for nuget/cg to update. |
We have double checked and there is no explicit dependency to |
Describe the bug
Warning "NU1903: Package 'System.Text.Json' 6.0.0 has a known high severity vulnerability, GHSA-hh2w-p6rv-4g7w" displays after building mstest project in CLI.
Expected Behavior
There is no any warning after building mstest project.
Steps To Reproduce
Build:
dotnet-sdk-9.0.100-preview.7.24360.15-win-x64 from https://github.com/dotnet/sdk/blob/main/documentation/package-table.md on windows11
1.dotnet new mstest -o ms1
2.cd ms1
3.dotnet build
.NET Version
.NET SDK:
Version: 9.0.100-preview.7.24360.15
Commit: ae55b93
Workload version: 9.0.100-manifests.bd76a59e
MSBuild version: 17.12.0-preview-24359-01+c2f9b76bb
Runtime Environment:
OS Name: Windows
OS Version: 10.0.22631
OS Platform: Windows
RID: win-x64
Base Path: C:\Program Files\dotnet\sdk\9.0.100-preview.7.24360.15\
.NET workloads installed:
Configured to use loose manifests when installing new manifests.
There are no installed workloads to display.
Host:
Version: 9.0.0-preview.7.24357.2
Architecture: x64
Commit: static
.NET SDKs installed:
9.0.100-preview.7.24360.15 [C:\Program Files\dotnet\sdk]
.NET runtimes installed:
Microsoft.AspNetCore.App 9.0.0-preview.7.24359.10 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.NETCore.App 9.0.0-preview.7.24357.2 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.WindowsDesktop.App 9.0.0-preview.7.24359.1 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Other architectures found:
None
Environment variables:
Not set
global.json file:
Not found
Learn more:
https://aka.ms/dotnet/info
Download .NET:
https://aka.ms/dotnet/download
The text was updated successfully, but these errors were encountered: