Proj1006: Suppress NuGet advisories per vulnerability

The NuGet warnings NU1901, NU1902, NU1903, and NU1904 give vulnerability advisories with severities from low up to critical.

As the raised advisories are reported on a specific vulnerability, it is best to suppress it on that specific vulnerability only (assuming it is safe to do so) using <NuGetAuditSuppress>.

Non-compliant 

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net10.0</TargetFramework>
    <NoWarn>NU1901</NoWarn>
  </PropertyGroup>

  <ItemGroup>
   <PackageReference Include="PackageWithVulnerability" Version="1.0.0" />
  </ItemGroup>

</Project>

Compliant 

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net10.0</TargetFramework>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="PackageWithVulnerability" Version="1.0.0" />
  </ItemGroup>

  <ItemGroup>
    <NuGetAuditSuppress Include="https://github.com/advisories/XXXX" />
  </ItemGroup>

</Project>

Edit this page on GitHub.