Open
Description
openedon Sep 20, 2024
Version Used: Roslyn 4.11.0
Steps to Reproduce:
Run this code:
using Microsoft.CodeAnalysis.MSBuild;
var workspace = MSBuildWorkspace.Create();
var project = await workspace.OpenProjectAsync(@"..\..\..\..\project\project.csproj");
foreach (var diagnostic in workspace.Diagnostics)
{
Console.WriteLine($"{diagnostic.Kind}: {diagnostic.Message}");
}Where project.csproj is:
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net8.0</TargetFramework>
<ImplicitUsings>enable</ImplicitUsings>
<Nullable>enable</Nullable>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Newtonsoft.Json" Version="12.0.3" />
</ItemGroup>
</Project>Expected Behavior:
The workspace reports the NU1903 warning about a vulnerability as a warning, i.e. the output should be:
Warning: Msbuild failed when processing the file 'C:\src\tmp\roslynworkspaceapp\project\project.csproj' with message: Package 'Newtonsoft.Json' 12.0.3 has a known high severity vulnerability, https://github.com/advisories/GHSA-5crp-9r3c-p9vr
Actual Behavior:
The warning is reported as a failure:
Failure: Msbuild failed when processing the file 'C:\src\tmp\roslynworkspaceapp\project\project.csproj' with message: Package 'Newtonsoft.Json' 12.0.3 has a known high severity vulnerability, https://github.com/advisories/GHSA-5crp-9r3c-p9vr
The problem is in Microsoft.CodeAnalysis.MSBuild.DiagnosticReporter, whose Report(DiagnosticLog log) method ignores DiagnosticLogItem.Kind.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment