Resolving vulnerable transitive dependencies (#389)

Overriding versions of transitive dependencies that were flagged as vulnerable on nuget.org. Internal ADO work item: https://dev.azure.com/msazure/One/_workitems/edit/29603592
microsoft · Oct 2, 2024 · 6ef7044 · 6ef7044
1 parent 92d10d9
commit 6ef7044
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 0 deletions.
diff --git a/...viceFabric.Actors.KVSToRCMigration/Microsoft.ServiceFabric.Actors.KVSToRCMigration.csproj b/...viceFabric.Actors.KVSToRCMigration/Microsoft.ServiceFabric.Actors.KVSToRCMigration.csproj
@@ -27,6 +27,12 @@
     <PackageReference Include="Microsoft.AspNetCore.HttpsPolicy" Version="2.2.0" />
     <PackageReference Include="Microsoft.AspNetCore.Server.HttpSys" Version="2.2.6" />
   </ItemGroup>
+  <ItemGroup>
+    <!-- Overriding versions of transitive dependencies -->
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
+    <PackageReference Include="System.Security.Cryptography.Xml" Version="4.7.1" />
+    <PackageReference Include="System.Text.Encodings.Web" Version="4.5.1" />
+  </ItemGroup>
   <ItemGroup>
     <Reference Include="System.ComponentModel.DataAnnotations" />
     <Reference Include="System.Web" />

diff --git a/...ctors.KVSToRCMigration/Microsoft.ServiceFabric.Actors.KVSToRCMigration_netstandard.csproj b/...ctors.KVSToRCMigration/Microsoft.ServiceFabric.Actors.KVSToRCMigration_netstandard.csproj
@@ -33,4 +33,11 @@
     <ProjectReference Include="..\Microsoft.ServiceFabric.Services.Remoting\Microsoft.ServiceFabric.Services.Remoting_netstandard.csproj" />
     <ProjectReference Include="..\Microsoft.ServiceFabric.Services\Microsoft.ServiceFabric.Services_netstandard.csproj" />
   </ItemGroup>
+  <ItemGroup>
+    <!-- Overriding versions of transitive dependencies -->
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
+    <PackageReference Include="System.Security.Cryptography.Xml" Version="4.7.1" />
+    <PackageReference Include="System.Text.Encodings.Web" Version="4.5.1" />
+    <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
+  </ItemGroup>
 </Project>
diff --git a/...ic.Actors.StateMigration.Tests/Microsoft.ServiceFabric.Actors.StateMigration.Tests.csproj b/...ic.Actors.StateMigration.Tests/Microsoft.ServiceFabric.Actors.StateMigration.Tests.csproj
@@ -23,4 +23,8 @@
     <ProjectReference Include="$(RepoRoot)src\netstandard\Microsoft.ServiceFabric.Actors.KVSToRCMigration\Microsoft.ServiceFabric.Actors.KVSToRCMigration_netstandard.csproj" />
     <ProjectReference Include="$(RepoRoot)src\netstandard\Microsoft.ServiceFabric.Services\Microsoft.ServiceFabric.Services_netstandard.csproj" />
   </ItemGroup>
+  <ItemGroup>
+    <!-- Overriding versions of transitive dependencies -->
+    <PackageReference Include="System.Drawing.Common" Version="4.7.2" />
+  </ItemGroup>
 </Project>