Suppress advisory for Microsoft.Build.Tasks.Core by dfederm · Pull Request #627 · microsoft/MSBuildSdks

dfederm · 2025-05-14T21:43:15Z

The pipeline is currently failing with:

D:\a\_work\1\s\src\CopyOnWrite\Microsoft.Build.CopyOnWrite.csproj : warning NU1901: Package 'Microsoft.Build.Tasks.Core' 16.11.0 has a known low severity vulnerability, https://github.com/advisories/GHSA-h4j7-5rxr-p4wc [D:\a\_work\1\s\MSBuildSdks.sln]
D:\a\_work\1\s\src\Artifacts\Microsoft.Build.Artifacts.csproj : warning NU1901: Package 'Microsoft.Build.Tasks.Core' 16.11.0 has a known low severity vulnerability, https://github.com/advisories/GHSA-h4j7-5rxr-p4wc [D:\a\_work\1\s\MSBuildSdks.sln]
D:\a\_work\1\s\src\RunTests\Microsoft.Build.RunVSTest.csproj : warning NU1901: Package 'Microsoft.Build.Tasks.Core' 17.11.4 has a known low severity vulnerability, https://github.com/advisories/GHSA-h4j7-5rxr-p4wc [D:\a\_work\1\s\MSBuildSdks.sln]
D:\a\_work\1\s\src\Artifacts\Microsoft.Build.Artifacts.csproj : error NU1901: Package 'Microsoft.Build.Tasks.Core' 16.11.0 has a known low severity vulnerability, https://github.com/advisories/GHSA-h4j7-5rxr-p4wc [TargetFramework=netstandard2.0]
D:\a\_work\1\s\src\CopyOnWrite\Microsoft.Build.CopyOnWrite.csproj : error NU1901: Package 'Microsoft.Build.Tasks.Core' 16.11.0 has a known low severity vulnerability, https://github.com/advisories/GHSA-h4j7-5rxr-p4wc
D:\a\_work\1\s\src\RunTests\Microsoft.Build.RunVSTest.csproj : error NU1901: Package 'Microsoft.Build.Tasks.Core' 17.11.4 has a known low severity vulnerability, https://github.com/advisories/GHSA-h4j7-5rxr-p4wc
D:\a\_work\1\s\src\CopyOnWrite\Microsoft.Build.CopyOnWrite.csproj : error NU1901: Package 'Microsoft.Build.Tasks.Core' 16.11.0 has a known low severity vulnerability, https://github.com/advisories/GHSA-h4j7-5rxr-p4wc
D:\a\_work\1\s\src\CopyOnWrite\Microsoft.Build.CopyOnWrite.csproj : error NU1901: Package 'Microsoft.Build.Tasks.Core' 16.11.0 has a known low severity vulnerability, https://github.com/advisories/GHSA-h4j7-5rxr-p4wc
D:\a\_work\1\s\src\Artifacts\Microsoft.Build.Artifacts.csproj : error NU1901: Package 'Microsoft.Build.Tasks.Core' 16.11.0 has a known low severity vulnerability, https://github.com/advisories/GHSA-h4j7-5rxr-p4wc [TargetFramework=netstandard2.0]
D:\a\_work\1\s\src\RunTests\Microsoft.Build.RunVSTest.csproj : error NU1901: Package 'Microsoft.Build.Tasks.Core' 17.11.4 has a known low severity vulnerability, https://github.com/advisories/GHSA-h4j7-5rxr-p4wc

jeffkl · 2025-05-14T23:46:13Z

Directory.Packages.props

    <PackageVersion Include="Microsoft.Build.Framework" Version="$(MicrosoftBuildPackageVersion)" />
+    <!--
+      Suppress advisory for Microsoft.Build.Tasks.Core as this repo only compiles against these assemblies,
+      and uses a lower version for compatability. The actual version used at runtime is the version of


Suggested change

and uses a lower version for compatability. The actual version used at runtime is the version of

and uses a lower version for compatibility. The actual version used at runtime is the version of

dfederm enabled auto-merge (squash) May 14, 2025 22:02

Upgrade MSBuild dependencies to latest patch version

07983ca

dfederm force-pushed the fix-nuget-audit branch from 8af0645 to 07983ca Compare May 14, 2025 22:52

dfederm changed the title ~~Upgrade MSBuild dependencies to latest patch version~~ Suppress advisory for Microsoft.Build.Tasks.Core May 14, 2025

jeffkl approved these changes May 14, 2025

View reviewed changes

dfederm merged commit c8da0a9 into main May 14, 2025
5 checks passed

dfederm deleted the fix-nuget-audit branch May 14, 2025 23:47

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Suppress advisory for Microsoft.Build.Tasks.Core#627

Suppress advisory for Microsoft.Build.Tasks.Core#627
dfederm merged 1 commit intomainfrom
fix-nuget-audit

dfederm commented May 14, 2025

Uh oh!

jeffkl May 14, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants

	and uses a lower version for compatability. The actual version used at runtime is the version of
	and uses a lower version for compatibility. The actual version used at runtime is the version of

Conversation

dfederm commented May 14, 2025

Uh oh!

jeffkl May 14, 2025

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

2 participants