From 1a3ff45535655c2047eb33809e812a49d1859f70 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20P=C3=B6lz?= <38893694+Flash0ver@users.noreply.github.com> Date: Thu, 20 Nov 2025 14:03:56 +0100 Subject: [PATCH 1/3] ci: re-enable List vulnerable packages --- .github/workflows/vulnerabilities.yml | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.github/workflows/vulnerabilities.yml b/.github/workflows/vulnerabilities.yml index a8bdb21b6e..0c96a2755f 100644 --- a/.github/workflows/vulnerabilities.yml +++ b/.github/workflows/vulnerabilities.yml @@ -2,10 +2,9 @@ name: List vulnerable packages on: workflow_dispatch: - # Currently broken on .net 8, see https://github.com/NuGet/Home/issues/12954 - # schedule: - # - cron: "0 0 * * *" # once a day - # pull_request: + schedule: + - cron: "0 0 * * *" # once a day + pull_request: jobs: list-vulnerable-packages: From 8c8bff43c4e4da2492434b3d6ff7c2dceefa61f5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20P=C3=B6lz?= <38893694+Flash0ver@users.noreply.github.com> Date: Thu, 20 Nov 2025 14:23:38 +0100 Subject: [PATCH 2/3] ci: update List vulnerable packages to .NET 10 --- .github/workflows/vulnerabilities.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/vulnerabilities.yml b/.github/workflows/vulnerabilities.yml index 0c96a2755f..1b0d1f3c80 100644 --- a/.github/workflows/vulnerabilities.yml +++ b/.github/workflows/vulnerabilities.yml @@ -25,11 +25,11 @@ jobs: - name: Restore .NET Dependencies run: dotnet restore Sentry.sln --nologo - # The dotnet list package command doesn't change its exit code on detection, so tee to a file and scan it + # The dotnet package list command doesn't change its exit code on detection, so tee to a file and scan it # See https://github.com/NuGet/Home/issues/11315#issuecomment-1243055173 - name: List vulnerable packages shell: bash run: | - dotnet list ${{ github.workspace }}/Sentry.sln package --vulnerable --include-transitive | tee vulnerable.txt + dotnet package list --project ${{ github.workspace }}/Sentry.sln --vulnerable --include-transitive | tee vulnerable.txt # https://github.com/getsentry/sentry-dotnet/issues/2814 # ! grep 'has the following vulnerable packages' vulnerable.txt From 0e9e9aa29c0316207909c6d35e63b0c95a9a5c87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20P=C3=B6lz?= <38893694+Flash0ver@users.noreply.github.com> Date: Thu, 20 Nov 2025 14:31:07 +0100 Subject: [PATCH 3/3] ci: no double restore when List vulnerable packages --- .github/workflows/vulnerabilities.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/vulnerabilities.yml b/.github/workflows/vulnerabilities.yml index 1b0d1f3c80..c80e465ca6 100644 --- a/.github/workflows/vulnerabilities.yml +++ b/.github/workflows/vulnerabilities.yml @@ -30,6 +30,6 @@ jobs: - name: List vulnerable packages shell: bash run: | - dotnet package list --project ${{ github.workspace }}/Sentry.sln --vulnerable --include-transitive | tee vulnerable.txt + dotnet package list --project Sentry.sln --vulnerable --include-transitive --no-restore | tee vulnerable.txt # https://github.com/getsentry/sentry-dotnet/issues/2814 # ! grep 'has the following vulnerable packages' vulnerable.txt