Microsoft.AspNetCore.OpenApi 10.0.5 pulls in Microsoft.OpenApi 2.0.0 transitively, which has a known high-severity vulnerability (GHSA-v5pm-xwqc-g5wc) and fails the build with TreatWarningsAsErrors. Pinned a direct reference to the patched 2.9.0 (still 2.x, API-compatible).
33 lines
1.5 KiB
XML
Executable File
33 lines
1.5 KiB
XML
Executable File
<Project Sdk="Microsoft.NET.Sdk.Web">
|
|
|
|
<PropertyGroup>
|
|
<TargetFramework>net10.0</TargetFramework>
|
|
<Nullable>enable</Nullable>
|
|
<ImplicitUsings>enable</ImplicitUsings>
|
|
<LangVersion>latest</LangVersion>
|
|
<TreatWarningsAsErrors>true</TreatWarningsAsErrors>
|
|
</PropertyGroup>
|
|
|
|
<ItemGroup>
|
|
<PackageReference Include="FluentValidation.AspNetCore" Version="11.3.0" />
|
|
<PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="10.0.5" />
|
|
<PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.5" />
|
|
<PackageReference Include="Microsoft.OpenApi" Version="2.9.0" />
|
|
<PackageReference Include="Microsoft.EntityFrameworkCore" Version="10.0.5" />
|
|
<PackageReference Include="Microsoft.EntityFrameworkCore.Relational" Version="10.0.5" />
|
|
<PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="10.0.5">
|
|
<PrivateAssets>all</PrivateAssets>
|
|
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
|
|
</PackageReference>
|
|
<PackageReference Include="Npgsql.EntityFrameworkCore.PostgreSQL" Version="10.0.2" />
|
|
<PackageReference Include="Scalar.AspNetCore" Version="2.6.0" />
|
|
<PackageReference Include="Serilog.AspNetCore" Version="9.0.0" />
|
|
<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.16.0" />
|
|
</ItemGroup>
|
|
|
|
<ItemGroup>
|
|
<ProjectReference Include="..\..\MicCheck.ServiceDefaults\MicCheck.ServiceDefaults.csproj" />
|
|
</ItemGroup>
|
|
|
|
</Project>
|