32 строки
1.7 KiB
XML
32 строки
1.7 KiB
XML
<Project>
|
|
|
|
<PropertyGroup>
|
|
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
|
|
<CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
|
|
<!-- Using multiple feeds isn't supported by Maestro: https://github.com/dotnet/arcade/issues/14155. -->
|
|
<NoWarn>$(NoWarn);NU1507</NoWarn>
|
|
</PropertyGroup>
|
|
|
|
<ItemGroup>
|
|
<!-- MSBuild dependencies -->
|
|
<PackageVersion Include="Microsoft.Build.Tasks.Core" Version="17.9.5" />
|
|
|
|
<!-- Runtime dependencies -->
|
|
<PackageVersion Include="System.Security.Cryptography.Xml" Version="8.0.0" />
|
|
<PackageVersion Include="System.Text.Json" Version="8.0.4" />
|
|
<PackageVersion Include="System.Formats.Asn1" Version="8.0.1" /> <!-- Pin transitive dependency to avoid vulnerable 8.0.0 version. -->
|
|
</ItemGroup>
|
|
|
|
<!-- DotNetBuild overrides needed until https://github.com/dotnet/source-build/issues/4467 is implemented. -->
|
|
<ItemGroup>
|
|
<PackageVersion Update="Microsoft.Build.Tasks.Core" Version="$(MicrosoftBuildTasksCoreVersion)" Condition="'$(MicrosoftBuildTasksCoreVersion)' != ''" />
|
|
<PackageVersion Update="System.Security.Cryptography.Xml" Version="$(SystemSecurityCryptographyXmlVersion)" Condition="'$(SystemSecurityCryptographyXmlVersion)' != ''" />
|
|
<PackageVersion Update="System.Text.Json" Version="$(SystemTextJsonVersion)" Condition="'$(SystemTextJsonVersion)' != ''" />
|
|
</ItemGroup>
|
|
|
|
<!-- Suppress System.Text.Json/8.0.4 advisory as desktop msbuild doesn't yet provide binding redirects for the non-vulnerable version (8.0.5). -->
|
|
<ItemGroup>
|
|
<NuGetAuditSuppress Include="https://github.com/advisories/GHSA-8g4q-xg66-9fp4" />
|
|
</ItemGroup>
|
|
|
|
</Project> |