Nuget

How to replace a Nuget package

1. Open your project's .csproj file.

2. If the vulnerability is in a direct dependency, replace the existing version in the <PackageReference> element (the following example is [email protected]):

  <ItemGroup>
    <PackageReference Include="Newtonsoft.Json" Version="12.0.2-sp1" />
  </ItemGroup>

3. If the vulnerability is in a transitive dependency, add an explicit <PackageReference> to pin it to the sealed version:

  <ItemGroup>
    <PackageReference Include="Newtonsoft.Json" Version="12.0.2-sp1" />
  </ItemGroup>

The dotnet tool might generate a false warning that the sealed version is vulnerable.

It is safe to ignore this warning.

warning NU1903: Package 'Newtonsoft.Json' 12.0.2-sp1 has a known high severity vulnerability, https://github.com/advisories/GHSA-5crp-9r3c-p9vr

PreviousMaven NextWeb Interface

Last updated 28 days ago

hashtagHow to replace a Nuget package

How to replace a Nuget package