UE 5.6.1 build failure on VS2022 due to NugetAudit warnings treated as errors #388
Description
Hi :)
I've been trying to build myself an UE windows container to ship test builds for Windows testers - UE4 Docker is the savior. However, MS strikes again! My build of 5.6.1 engine with 2022 VS consistently failed at AutomationTool build. After some digging I found that this is due to relatively new enforcement of security audit during Nuget restore stage that also defaults to turning warnings into errors.
I cloned UE repo and tried to build it outside the container and got the same issue. After inspecting the logs I found that version of https://github.com/dlemstra/Magick.NET used by some UE components triggers security audit warnings (errors) and fails the build. I've modified the following project files:
- .\Engine\Source\Programs\AutomationTool\AutomationTool.csproj
- .\Engine\Source\Programs\AutomationTool\AutomationUtils\AutomationUtils.Automation.csproj
- .\Engine\Source\Programs\AutomationTool\Gauntlet\Gauntlet.Automation.csproj
with:
<ItemGroup>
<NuGetAuditSuppress Include="https://github.com/advisories/GHSA-w3q9-fxm7-j8fq" />
<NuGetAuditSuppress Include="https://github.com/advisories/GHSA-fh55-q5pj-pxgw" />
<NuGetAuditSuppress Include="https://github.com/advisories/GHSA-6hgw-6x87-578x" />
<NuGetAuditSuppress Include="https://github.com/advisories/GHSA-qp29-wxp5-wh82" />
<NuGetAuditSuppress Include="https://github.com/advisories/GHSA-mxvv-97wh-cfmm" />
<NuGetAuditSuppress Include="https://github.com/advisories/GHSA-9pp9-cfwx-54rm" />
<NuGetAuditSuppress Include="https://github.com/advisories/GHSA-9ccg-6pjw-x645" />
<NuGetAuditSuppress Include="https://github.com/advisories/GHSA-cjc8-g9w8-chfw" />
</ItemGroup>
and the engine is happily compiling now. I am wondering what is the best way to integrate this in ue4-docker - happy to contribute with some guidance.
Reference: https://learn.microsoft.com/en-us/nuget/concepts/auditing-packages