karenpayneoregon/readme.md

Created November 18, 2024 12:05

Star (0) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/karenpayneoregon/247fadb8c1a771c4cd70d4af871b9020.js"></script>
Save karenpayneoregon/247fadb8c1a771c4cd70d4af871b9020 to your computer and use it in GitHub Desktop.

How to suppress System.Text.Json Severity high

Raw

Currently targeting NET Core project using System.Text.Json 7.0.0 as a Transitive Package will be flagged as high Severity using

dotnet list package --include-transitive --vulnerable

To circumvent, add the following to the project file.

<ItemGroup>
   <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-hh2w-p6rv-4g7w" />
</ItemGroup>

At a later time when there is a new version check for warnings via dotnet list package --include-transitive --vulnerable, if none remove the NuGetAuditSuppress.