[NETSDKE2E]Warning "NU1903: Package 'System.Text.Json' 6.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-hh2w-p6rv-4g7w" displays after building mstest project in CLI. #42091
Comments
|
I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label. |
1 similar comment
|
I couldn't figure out the best area label to add to this issue. If you have write-permissions please help me learn by adding exactly one area label. |
|
This problem is also reproduced on Win ARM64. |
|
This issue is also repro on Linux. |
|
may relate to #42073 |
Evangelink
added
Area-DotNet Test
and removed
untriaged
|
Is this an existing test project or a new one using the test templates? Earlier this week a security fix was released for STJ. Additionally, nuget has enabled auditing in .net9 to flag insecure references. Those have combined to lead to this so the app in question needs to be updated (hence me wondering if it's the mstest template or an existing project)? CC @ericstj |
|
There was a problem that incorrectly marked STJ 6.x as vulnerable yesterday. Please try again and see if it's fixed. @rbhanda @eiriktsarpalis The version range was corrected but it took time for nuget/cg to update. |
|
We have double checked and there is no explicit dependency to |
|
This issue not repro on 9.0.100-preview.7.24379.15,hence close it. |
Describe the bug
Warning "NU1903: Package 'System.Text.Json' 6.0.0 has a known high severity vulnerability, GHSA-hh2w-p6rv-4g7w" displays after building mstest project in CLI.
Expected Behavior
There is no any warning after building mstest project.
Steps To Reproduce
Build:
dotnet-sdk-9.0.100-preview.7.24360.15-win-x64 from https://github.com/dotnet/sdk/blob/main/documentation/package-table.md on windows11
1.dotnet new mstest -o ms1
2.cd ms1
3.dotnet build
.NET Version
.NET SDK:
Version: 9.0.100-preview.7.24360.15
Commit: ae55b93
Workload version: 9.0.100-manifests.bd76a59e
MSBuild version: 17.12.0-preview-24359-01+c2f9b76bb
Runtime Environment:
OS Name: Windows
OS Version: 10.0.22631
OS Platform: Windows
RID: win-x64
Base Path: C:\Program Files\dotnet\sdk\9.0.100-preview.7.24360.15\
.NET workloads installed:
Configured to use loose manifests when installing new manifests.
There are no installed workloads to display.
Host:
Version: 9.0.0-preview.7.24357.2
Architecture: x64
Commit: static
.NET SDKs installed:
9.0.100-preview.7.24360.15 [C:\Program Files\dotnet\sdk]
.NET runtimes installed:
Microsoft.AspNetCore.App 9.0.0-preview.7.24359.10 [C:\Program Files\dotnet\shared\Microsoft.AspNetCore.App]
Microsoft.NETCore.App 9.0.0-preview.7.24357.2 [C:\Program Files\dotnet\shared\Microsoft.NETCore.App]
Microsoft.WindowsDesktop.App 9.0.0-preview.7.24359.1 [C:\Program Files\dotnet\shared\Microsoft.WindowsDesktop.App]
Other architectures found:
None
Environment variables:
Not set
global.json file:
Not found
Learn more:
https://aka.ms/dotnet/info
Download .NET:
https://aka.ms/dotnet/download
The text was updated successfully, but these errors were encountered: