Welcome Guest Search | Active Topics | Sign In | Register

NU1701 with central package management and transitive pinning Options
Johan
Posted: Friday, August 30, 2024 7:39:41 AM
Rank: Newbie
Groups: Member

Joined: 8/30/2024
Posts: 1
According to the topic below you don't create .NET specific packages since it is safe to override the warnings. However, without .NET specific packages you run into issues when you use Central Package Management (CPM) in Visual Studio with Transitive Pinning enabled in CPM.

When you use CPM without transitive pinning you can override the NU1701 on individual packages in the props-file, but when you enable transitive pinning to force vulnerable indirect dependencies to newer secure versions it becomes messy since the override solution doesn't work anymore. Having Essential Object binaries with target framework set to .NET and not .NET Framework would be really helpful to avoid awkward and potentially insecure workarounds like disabling NU1701 completely. Or do you have another solution to this problem?

Your original statement about not needing a .NET specific package.
https://www.essentialobjects.com/forum/postst12416_EOPdf-Nuget-Package-on-NET-Core-6-shows-exclamation-warning-icon.aspx
eo_support
Posted: Tuesday, September 3, 2024 10:04:14 AM
Rank: Administration
Groups: Administration

Joined: 5/27/2007
Posts: 24,177
Thank you very much for your valuable feedback. We indeed plan to switch the package target to .NET from .NET Framework soon since this is the overall direction that Microsoft is pushing for.


You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.