Skip to content

Commit 7cd7bb5

Browse files
authored
Fix MessagePack vulnerability GHSA-hv8m-jj95-wg3x by pinning to 2.5.301
1 parent 61331d8 commit 7cd7bb5

2 files changed

Lines changed: 2 additions & 0 deletions

File tree

dotnet/Directory.Packages.props

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -13,6 +13,7 @@
1313
<PackageVersion Include="CommunityToolkit.Aspire.Hosting.Dapr" Version="9.9.0" />
1414
<PackageVersion Include="CommunityToolkit.Aspire.Hosting.NodeJS.Extensions" Version="9.9.0" />
1515
<PackageVersion Include="Aspire.Hosting.Azure.Search" Version="13.0.0" />
16+
<PackageVersion Include="MessagePack" Version="2.5.301" /><!-- Vulnerability fix: GHSA-hv8m-jj95-wg3x; transitively pinned via Aspire.Hosting.AppHost -->
1617
<PackageVersion Include="AWSSDK.BedrockAgent" Version="4.0.7.5" />
1718
<PackageVersion Include="AWSSDK.BedrockAgentRuntime" Version="4.0.8.5" />
1819
<PackageVersion Include="AWSSDK.BedrockRuntime" Version="4.0.14.5" />

dotnet/samples/Demos/AgentFrameworkWithAspire/ChatWithAgent.AppHost/ChatWithAgent.AppHost.csproj

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -20,6 +20,7 @@
2020

2121
<ItemGroup>
2222
<PackageReference Include="Aspire.Hosting.AppHost" />
23+
<PackageReference Include="MessagePack" /><!-- Pin to patched version; overrides vulnerable transitive 2.5.192 from Aspire.Hosting.AppHost (GHSA-hv8m-jj95-wg3x) -->
2324
<PackageReference Include="Aspire.Hosting.Azure.CognitiveServices" />
2425
<PackageReference Include="Aspire.Hosting.Azure.Search" />
2526
</ItemGroup>

0 commit comments

Comments
 (0)