Pin Microsoft.OpenApi to patched 2.9.0 to fix NU1903 build failure
Microsoft.AspNetCore.OpenApi 10.0.5 pulls in Microsoft.OpenApi 2.0.0 transitively, which has a known high-severity vulnerability (GHSA-v5pm-xwqc-g5wc) and fails the build with TreatWarningsAsErrors. Pinned a direct reference to the patched 2.9.0 (still 2.x, API-compatible).
This commit is contained in:
@@ -12,6 +12,7 @@
|
||||
<PackageReference Include="FluentValidation.AspNetCore" Version="11.3.0" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.5" />
|
||||
<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.5" />
|
||||
<PackageReference Include="Microsoft.OpenApi" Version="2.9.0" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore" Version="10.0.5" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="10.0.5" />
|
||||
<PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="10.0.5">
|
||||
|
||||
Reference in New Issue
Block a user