WarnOnly Property when set to false - still consider vulnerabilities as warning

[PeretzNadav]

Hi im running a dotnetcore 3.1 project on Visual studio Professional 2019 Version 16.7.7

my NugetDefense.json file contain property "WarnOnly": false
but still show vulnerabilities as warnings after build phase

i have alse ErrorSettings property with:

"ErrorSeverityThreshold": "any",
"Cvss3Threshold": -1

Steps to reproduce the behavior:

1. run a dotnetcore 3.1 project on Visual studio Professional 2019 Version 16.7.7
2. add jQuery package 1.9.0 (had 5 vulnerabilities)
3. build solution (NugetDefense will generate new file NugetDefense.json with "WarnOnly": false attribute)

Expected behavior:
I expect that build phase will failed with jQuery vulnerabilities errors (i got 5)

Tools (please complete the following information):

• IDE: VS2019 Professional 2019 Version 16.7.7
• OS: Windows Server 2019 Datacenter

[digitalcoyote]

Looking into this now. I'm unable to reproduce this behavior in Rider on Linux, but I'm also quite low on sleep and caffeine. I'll take a second look tomorrow (I'm probably just reading right past the problem).

[digitalcoyote]

I don't normally like to leave issues sitting this long, but I've yet to be able to attempt to reproduce this with visual studio or on Windows with Rider (practically a death march at work lately). I'm aiming for a release this weekend, and I want to find a fix for this before that.

[digitalcoyote]

I'm getting an interesting error after packing the fix for this (System.MissingMethodException). I'm in the process ofsetting up a new dev environment to try and remedy it. If this fails, I'm going to try to manually update the corrupted DLL in the nupkg.

[digitalcoyote]

Should be fixed in v1.0.14. I encourage you to reopen this if this build does not fix the issue.