fix: disable NuGet audit in nethermind Dockerfile (#1036)

mw2000 · web-flow · commit d4a32b2470b5 · 2026-04-27T18:39:06.000-07:00
NuGet's vulnerability database was updated after Nethermind 1.36.2's release to flag Microsoft.AspNetCore.DataProtection 10.0.1 as critically vulnerable (GHSA-9mv3-2cwr-p262). Since Nethermind treats warnings as errors, dotnet restore fails with NU1904 on every PR. Disable NuGet audit at build time with -p:NuGetAudit=false to unblock CI. The fix is merged upstream (NethermindEth/nethermind#11331) and included in 1.37.0 (pre-release). Once a stable Nethermind release ships with the patched dependency, we bump NETHERMIND_TAG and remove this flag.
diff --git a/nethermind/Dockerfile b/nethermind/Dockerfile
@@ -29,7 +29,7 @@ RUN . /tmp/versions.env && git clone $NETHERMIND_REPO --branch $NETHERMIND_TAG -
 RUN TARGETARCH=${TARGETARCH#linux/} && \
     arch=$([ "$TARGETARCH" = "amd64" ] && echo "x64" || echo "$TARGETARCH") && \
     echo "Using architecture: $arch" && \
-    dotnet publish src/Nethermind/Nethermind.Runner -c $BUILD_CONFIG -a $arch -o /publish --sc false
+    dotnet publish src/Nethermind/Nethermind.Runner -c $BUILD_CONFIG -a $arch -o /publish --sc false -p:NuGetAudit=false
 
 FROM mcr.microsoft.com/dotnet/aspnet:10.0-noble
 
