Don't fail CI builds on NuGet audit advisories#286
Conversation
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the MaxMind.Db.Test.csproj file to ensure that NuGet audit advisories (NU1901-NU1904) do not cause build failures in CI environments. The review feedback recommends centralizing this configuration in a Directory.Build.props file to maintain consistency across the repository, appending to the WarningsNotAsErrors property instead of overwriting it, and adding NU1905 to cover all advisory severities.
| <!-- In CI, don't fail the build on NuGet audit advisories (NU1901-NU1904). | ||
| Advisories still appear in build output, and Dependabot handles the | ||
| actual fix. Local builds keep the strict behavior. --> | ||
| <WarningsNotAsErrors Condition="'$(CI)' == 'true'">NU1901;NU1902;NU1903;NU1904</WarningsNotAsErrors> |
There was a problem hiding this comment.
To improve maintainability and ensure consistency across the repository, consider moving this configuration to a Directory.Build.props file at the root. This would automatically apply the rule to all projects, including MaxMind.Db.csproj (which also has TreatWarningsAsErrors enabled), and avoid duplication.
Additionally, it is a best practice to append to the WarningsNotAsErrors property rather than overwriting it, to avoid conflicts with values that might be set in other property groups or imported files. You might also consider adding NU1905 to cover 'Unknown' severity advisories.
<WarningsNotAsErrors Condition="'$(CI)' == 'true'">$(WarningsNotAsErrors);NU1901;NU1902;NU1903;NU1904</WarningsNotAsErrors>
Set WarningsNotAsErrors for NU1901-NU1904 when building in CI (CI=true). This keeps TreatWarningsAsErrors strict locally so developers still catch issues, but avoids every PR being blocked by a newly-published advisory on a dependency until Dependabot can merge an upgrade. The advisory still appears in the build output for visibility. Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
horgh
force-pushed
the
wstorey/suppress-ci
branch
from
88edefa to
5cf53ea
Compare
2 participants
Summary
WarningsNotAsErrorsentry forNU1901-NU1904in the unit-test csproj, so NuGet audit advisories on dependencies don't red-X every build while we wait for a Dependabot upgrade.TreatWarningsAsErrorsstays on, and local builds remain strict — the condition is keyed on theCI=trueenv var that GitHub Actions sets automatically. Advisories still appear in CI build output.Companion change in GeoIP2-dotnet and minfraud-api-dotnet.
Test plan
CI=true) to confirm the build still fails locally