From a916a6e214264be50289a95457f7a10da6da60d8 Mon Sep 17 00:00:00 2001
From: Mihir Wadekar <mihir.wadekar@coinbase.com>
Date: Mon, 27 Apr 2026 16:41:18 -0700
Subject: [PATCH] fix: disable NuGet audit in nethermind Dockerfile

NuGet's vulnerability database was updated after Nethermind 1.36.2's
release to flag Microsoft.AspNetCore.DataProtection 10.0.1 as critically
vulnerable (GHSA-9mv3-2cwr-p262). Since Nethermind treats warnings as
errors, dotnet restore fails with NU1904 on every PR.

Disable NuGet audit at build time with -p:NuGetAudit=false to unblock
CI. The fix is merged upstream (NethermindEth/nethermind#11331) and
included in 1.37.0 (pre-release). Once a stable Nethermind release
ships with the patched dependency, we bump NETHERMIND_TAG and remove
this flag.
---
 nethermind/Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nethermind/Dockerfile b/nethermind/Dockerfile
index 0ecb7360..4c2df2a0 100644
--- a/nethermind/Dockerfile
+++ b/nethermind/Dockerfile
@@ -29,7 +29,7 @@ RUN . /tmp/versions.env && git clone $NETHERMIND_REPO --branch $NETHERMIND_TAG -
 RUN TARGETARCH=${TARGETARCH#linux/} && \
     arch=$([ "$TARGETARCH" = "amd64" ] && echo "x64" || echo "$TARGETARCH") && \
     echo "Using architecture: $arch" && \
-    dotnet publish src/Nethermind/Nethermind.Runner -c $BUILD_CONFIG -a $arch -o /publish --sc false
+    dotnet publish src/Nethermind/Nethermind.Runner -c $BUILD_CONFIG -a $arch -o /publish --sc false -p:NuGetAudit=false
 
 FROM mcr.microsoft.com/dotnet/aspnet:10.0-noble