Skip to content

build: update Microsoft.Build* dependencies #1560

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

build: update Microsoft.Build* dependencies #1560

wants to merge 1 commit into from
+8 −8

Conversation

@nil4
Copy link

@nil4 nil4 commented Oct 16, 2025

Address high-severity vulnerabilities in MSBuild packages that Nuke depends on:

Fixes #1544

I confirm that the pull-request:

  • Follows the contribution guidelines
  • Is based on my own work
  • Is in compliance with my employer

@nil4
Copy link
Author

nil4 commented Oct 16, 2025

Resolves the following NuGet audit warnings observed when building Nuke:

Nuke.ProjectModel/Nuke.ProjectModel.csproj : warning NU1903: Package 'Microsoft.Build' 17.11.4 has a known high severity vulnerability, https://github.com/advisories/GHSA-w3q9-fxm7-j8fq
Nuke.ProjectModel/Nuke.ProjectModel.csproj : warning NU1903: Package 'Microsoft.Build' 17.12.6 has a known high severity vulnerability, https://github.com/advisories/GHSA-w3q9-fxm7-j8fq
Nuke.ProjectModel/Nuke.ProjectModel.csproj : warning NU1903: Package 'Microsoft.Build.Tasks.Core' 17.11.4 has a known high severity vulnerability, https://github.com/advisories/GHSA-h4j7-5rxr-p4wc
Nuke.ProjectModel/Nuke.ProjectModel.csproj : warning NU1903: Package 'Microsoft.Build.Tasks.Core' 17.11.4 has a known high severity vulnerability, https://github.com/advisories/GHSA-w3q9-fxm7-j8fq
Nuke.ProjectModel/Nuke.ProjectModel.csproj : warning NU1903: Package 'Microsoft.Build.Tasks.Core' 17.12.6 has a known high severity vulnerability, https://github.com/advisories/GHSA-h4j7-5rxr-p4wc
Nuke.ProjectModel/Nuke.ProjectModel.csproj : warning NU1903: Package 'Microsoft.Build.Tasks.Core' 17.12.6 has a known high severity vulnerability, https://github.com/advisories/GHSA-w3q9-fxm7-j8fq
Nuke.ProjectModel/Nuke.ProjectModel.csproj : warning NU1903: Package 'Microsoft.Build.Utilities.Core' 17.11.4 has a known high severity vulnerability, https://github.com/advisories/GHSA-w3q9-fxm7-j8fq
Nuke.ProjectModel/Nuke.ProjectModel.csproj : warning NU1903: Package 'Microsoft.Build.Utilities.Core' 17.12.6 has a known high severity vulnerability, https://github.com/advisories/GHSA-w3q9-fxm7-j8fq

@avidenic
Copy link
Contributor

avidenic commented Oct 22, 2025

Would love if this gets merged

damianh added a commit to damianh/Electron.NET that referenced this pull request Nov 9, 2025
@damianh
Fixes build warnings NU1903 due to vulnerable nuke transitive depende…
d464188 
…ncies

Can be reverted when nuke-build/nuke#1560 is
merged and shipped but who knows when.
damianh added a commit to damianh/Electron.NET that referenced this pull request Nov 9, 2025
@damianh
Fixes build warnings NU1903 due to vulnerable nuke transitive depende…
078eb5c 
…ncies

Can be reverted when nuke-build/nuke#1560 is
merged and shipped but who knows when.
@nil4
Copy link
Author

nil4 commented Nov 21, 2025

No longer relevant (https://www.nuget.org/packages/nuke.common#dependencies-body-tab)

@nil4 nil4 closed this Nov 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Consider upgrading vulnerable Microsoft.Build.Tasks.Core dependency

2 participants

@nil4 @avidenic