Skip to content

Update vulnerable dependencies#2568

Merged
jeremydmiller merged 1 commit intoJasperFx:mainfrom
dmytro-pryvedeniuk:update-vulnerable-dependencies
Apr 23, 2026
Merged

Update vulnerable dependencies#2568
jeremydmiller merged 1 commit intoJasperFx:mainfrom
dmytro-pryvedeniuk:update-vulnerable-dependencies

Conversation

@dmytro-pryvedeniuk
Copy link
Copy Markdown
Contributor

@dmytro-pryvedeniuk dmytro-pryvedeniuk commented Apr 22, 2026
edited
Loading

This PR updates NuGet packages to avoid vulnerable dependencies.

  • Microsoft.AspNetCore.WebSockets 2.2.0 has a vulnerability with high severity (GHSA-6px8-22w5-w334). It's comes with Microsoft.AspNetCore.SignalR.
image
  • Other vulnerabilities (System.Security.Cryptography.Xml and NuGet.Packaging) come from Nuke (atm no fixed version) and Microsoft.Build.Tasks.Core (used in EFCore). See dotnet restore for wolverine.slnx and build.csproj below.
E:\dmp\JasperFx\wolverine>dotnet restore wolverine.slnx
Restore succeeded with 6 warning(s) in 15.0s
    E:\dmp\JasperFx\wolverine\src\Persistence\SharedPersistenceModels\SharedPersistenceModels.csproj : warning NU1903: Package 'System.Security.Cryptography.Xml' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-37gx-xxp4-5rgx
    E:\dmp\JasperFx\wolverine\src\Persistence\Wolverine.EntityFrameworkCore\Wolverine.EntityFrameworkCore.csproj : warning NU1903: Package 'System.Security.Cryptography.Xml' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-37gx-xxp4-5rgx
    E:\dmp\JasperFx\wolverine\src\Persistence\Wolverine.EntityFrameworkCore\Wolverine.EntityFrameworkCore.csproj : warning NU1903: Package 'System.Security.Cryptography.Xml' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-w3x6-4m5h-cxqf
    E:\dmp\JasperFx\wolverine\src\Persistence\SharedPersistenceModels\SharedPersistenceModels.csproj : warning NU1903: Package 'System.Security.Cryptography.Xml' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-w3x6-4m5h-cxqf
    E:\dmp\JasperFx\wolverine\src\Persistence\EFCore\DomainEventsWithEfCore\BackLogService\BackLogService.csproj : warning NU1903: Package 'System.Security.Cryptography.Xml' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-37gx-xxp4-5rgx
    E:\dmp\JasperFx\wolverine\src\Persistence\EFCore\DomainEventsWithEfCore\BackLogService\BackLogService.csproj : warning NU1903: Package 'System.Security.Cryptography.Xml' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-w3x6-4m5h-cxqf

Build succeeded with 6 warning(s) in 15.3s

E:\dmp\JasperFx\wolverine\build>dotnet restore
Restore succeeded with 3 warning(s) in 0.8s
    E:\dmp\JasperFx\wolverine\build\build.csproj : warning NU1901: Package 'NuGet.Packaging' 6.12.1 has a known low severity vulnerability, https://github.com/advisories/GHSA-g4vj-cjjj-v7hg
    E:\dmp\JasperFx\wolverine\build\build.csproj : warning NU1903: Package 'System.Security.Cryptography.Xml' 9.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-37gx-xxp4-5rgx
    E:\dmp\JasperFx\wolverine\build\build.csproj : warning NU1903: Package 'System.Security.Cryptography.Xml' 9.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-w3x6-4m5h-cxqf

@jeremydmiller jeremydmiller merged commit 08233f2 into JasperFx:main Apr 23, 2026
18 of 21 checks passed
This was referenced Apr 23, 2026
Closed
Closed
Open
Closed
Merged
Merged
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dmytro-pryvedeniuk @jeremydmiller