Skip to content

Microsoft.AspNet.Web.Optimization is not marked as deprecated #63995

New issue
New issue
Open
Open
Microsoft.AspNet.Web.Optimization is not marked as deprecated#63995
Labels
area-infrastructureIncludes: MSBuild projects/targets, build scripts, CI, Installers and shared framework
@ericstj

Description

@ericstj
ericstj
opened on Oct 10, 2025

Is there an existing issue for this?

  • I have searched the existing issues

Describe the bug

I'm reviewing packages which reference other packages with known vulnerabilites and Microsoft.AspNet.Web.Optimization came up due to it referencing a very old Newtonsoft.Json.

It seems this package should be marked deprecated, like the repo: https://github.com/aspnet/AspNetWebOptimization

It's also unclear what the user should do as a replacement.

Expected Behavior

Package is up to date, or deprecated with some mention of what to use for replacement.

No audit warnings when using latest package.

Steps To Reproduce

Build project

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>net48</TargetFramework>
    <NuGetAudit>true</NuGetAudit>
    <NuGetAuditMode>all</NuGetAuditMode>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="Microsoft.AspNet.Web.Optimization" Version="1.1.3" />
  </ItemGroup>
    
</Project>

Exceptions (if any)

warning NU1903: Package 'Newtonsoft.Json' 5.0.4 has a known high severity vulnerability, https://github.com/advisories/GHSA-5crp-9r3c-p9vr

.NET Version

9.0.305

Anything else?

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    area-infrastructureIncludes: MSBuild projects/targets, build scripts, CI, Installers and shared framework

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions