Mirrors/velopack
1
0
Fork 0
mirror of https://github.com/velopack/velopack.git synced 2025-10-25 15:19:22 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixing vulnerable NuGet packages

Browse Source 
Updating transitive System.Text.Json package.
Ignoring vulnerable package in legacy app.
This commit is contained in:
Kevin Bost
2025-01-13 22:21:12 -08:00
committed by Caelan
parent 15fcf333c0
commit 9f94e57192
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/vpk/Velopack.Packaging/Velopack.Packaging.csproj
View File

@@ -16,6 +16,7 @@
<PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
<PackageReference Include="System.Linq.Async" Version="6.0.1" />
<PackageReference Include="System.Net.Http" Version="4.3.4" />
<PackageReference Include="System.Text.Json" Version="9.0.0" />
<PackageReference Include="Markdig" Version="0.40.0" />
<PackageReference Include="Microsoft.Identity.Client" Version="4.67.1" />
<PackageReference Include="Microsoft.Identity.Client.Broker" Version="4.67.1" />

5
test/LegacyTestApp/LegacyTestApp.csproj
View File

@@ -4,6 +4,11 @@
<OutputType>WinExe</OutputType>
<TargetFramework>net48</TargetFramework>
<LangVersion>latest</LangVersion>
<!--
NU1902: Vulnerable, obsolete packages ar eintentionally used as this is a demonstration of an old app
-->
<NoWarn>$(NoWarn);NU1902</NoWarn>
<!--<UseClowd>2.11.1</UseClowd>-->
<!--<UseClowd>3.0.210-*</UseClowd>-->
<!--<UseVelopack>0.0.84</UseVelopack>-->