Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add .NET 9 breaking change about NuGetAuditMode changed default #43569

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add .NET 9 breaking change about NuGetAuditMode changed default #43569

wants to merge 1 commit into from
+47 −0

Conversation

zivkan
Copy link
Member

@zivkan zivkan commented Nov 13, 2024
edited by github-actions bot
Loading

Summary

As the article describes, NuGet changed a default so will now emit warnings when .NET 8 would not. This means that projects that treat all warnings as errors might fail unexpectedly.

Internal previews

📄 File 🔗 Preview link
docs/core/compatibility/sdk/9.0/nugetaudit-transitive-packages.md docs/core/compatibility/sdk/9.0/nugetaudit-transitive-packages

@zivkan zivkan requested review from gewarren and a team as code owners November 13, 2024 22:06
@dotnetrepoman dotnetrepoman bot added this to the November 2024 milestone Nov 13, 2024
@zivkan zivkan requested a review from a team November 13, 2024 22:06
nkolev92
nkolev92 approved these changes Nov 14, 2024
View reviewed changes
docs/core/compatibility/sdk/9.0/nugetaudit-transitive-packages.md

- [Audit for security vulnerabilities (`dotnet restore`)](../../../tools/dotnet-restore.md#audit-for-security-vulnerabilities)
- [Auditing package dependencies for security vulnerabilities](/nuget/concepts/auditing-packages)
- [NuGetAudit 2.0: Elevating Security and Trust in Package Management](https://devblogs.microsoft.com/nuget/nugetaudit-2-0-elevating-security-and-trust-in-package-management/)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The blog seems to contain some information that the docs do not.
We should move all the content from the blog to some docs and reference those.

I recall someone else asking this as well, maybe we can create a tracking issue for that if there isn't one already.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nkolev92 nkolev92 nkolev92 approved these changes

@JonDouglas JonDouglas JonDouglas approved these changes

@gewarren gewarren Awaiting requested review from gewarren gewarren is a code owner

Assignees
No one assigned
Labels
dotnet-fundamentals/svc
Projects
None yet
Milestone
November 2024
Development

Successfully merging this pull request may close these issues.
3 participants
@zivkan @JonDouglas @nkolev92