Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[5.1] Move NuGet.config to the root + add vuln info #3123

Open
wants to merge 1 commit into
base: release/5.1
Choose a base branch
from
Open

[5.1] Move NuGet.config to the root + add vuln info #3123

wants to merge 1 commit into from

Conversation

cheenamalhotra
Copy link
Member

Ports PRs: #2443 and #3024 to release/5.1 branch

@cheenamalhotra
Move NuGet.config to the root + add vuln info
fd31a18 
Ports PRs: #2443 and #3024 to release/5.1 branch
@cheenamalhotra cheenamalhotra requested a review from a team January 17, 2025 15:52
roji
roji reviewed Jan 17, 2025
View reviewed changes
src/Directory.Build.props
@@ -61,12 +61,18 @@
<NuGetCmd>$(NuGetRoot)nuget.exe</NuGetCmd>
<!-- Respect environment variable for the .NET install directory if set; otherwise, use the current default location -->
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
<WarningsNotAsErrors>$(WarningsNotAsErrors);NU1901;NU1902;NU1903;NU1904;NU1905</WarningsNotAsErrors>
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@cheenamalhotra doesn't this cause the CI build to pass even if there are dependency vulnerability warnings?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I believe it enables us and open source contributors to capture warnings and address vulnerabilities when feasible without breaking builds. For any high/critical vulnerability, it will be captured by CG anyways so we will be addressing them on priority.

@codecov Codecov
Copy link

codecov bot commented Jan 17, 2025
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 71.99%. Comparing base (f6b7d7c) to head (fd31a18).
Report is 1 commits behind head on release/5.1.

Additional details and impacted files 
@@               Coverage Diff               @@
##           release/5.1    #3123      +/-   ##
===============================================
+ Coverage        71.96%   71.99%   +0.03%     
===============================================
  Files              293      293              
  Lines            61647    61647              
===============================================
+ Hits             44364    44385      +21     
+ Misses           17283    17262      -21
Flag Coverage Δ
addons 92.38% <ø> (ø)
netcore 76.05% <ø> (-0.03%) ⬇️
netfx 69.71% <ø> (+0.08%) ⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@cheenamalhotra
Copy link
Member Author

/azp run

@azure-pipelines Azure Pipelines
Copy link

Azure Pipelines successfully started running 1 pipeline(s).

@cheenamalhotra cheenamalhotra added this to the 5.1.7 milestone Jan 17, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@roji roji roji left review comments

@paulmedynski paulmedynski paulmedynski approved these changes

@David-Engel David-Engel David-Engel approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
5.1.7
Development

Successfully merging this pull request may close these issues.
4 participants
@cheenamalhotra @roji @David-Engel @paulmedynski