dotnet-felickz · felickz · Nov 11, 2025 · Nov 11, 2025 · Feb 6, 2026 · Feb 6, 2026
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -30,12 +30,22 @@ jobs:
       - name: 'Checkout repository'
         uses: actions/checkout@v4
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@v4
+        #uses: actions/dependency-review-action@v4
+        # Test 2 - attempt to fix bug with N/A shown
+        # Test 3 - build the dist folder - better debug output
+        # Test 3.1 - No snapshots were found for the head SHA 30134881ae6e9e0c6f8c01581b8cf6bbbb957b3f.
+        # Test 4 - merge in recent changes
+        # Test 5 - show true/false testing
+        #uses: forks-felickz/dependency-review-action@copilot/add-patched-versions-column
+        uses: actions/dependency-review-action@aa60746a920d63ce55376f67d381e15edd3a714d #aka forks-felickz:main     
         # Commonly enabled options, see https://github.com/actions/dependency-review-action#configuration-options for all available options.
         with:
           comment-summary-in-pr: always          
           #   fail-on-severity: moderate
           #   deny-licenses: GPL-1.0-or-later, LGPL-2.0-or-later
           retry-on-snapshot-warnings: true #wait for snapshots to upload from the auto-submission workflow!
           retry-on-snapshot-warnings-timeout: 120
+          show-patched-versions: false
+          #show-patched-versions: true
+
 
diff --git a/Directory.Packages.props b/Directory.Packages.props
@@ -3,30 +3,37 @@
     <ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
     <CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
   </PropertyGroup>
-
   <ItemGroup>
     <!-- Common packages -->
     <PackageVersion Include="Microsoft.Extensions.Logging" Version="9.0.0" />
     <PackageVersion Include="Microsoft.Extensions.Logging.Console" Version="9.0.0" />
     <PackageVersion Include="Microsoft.Extensions.DependencyInjection" Version="9.0.0" />
-
     <!-- Vulnerable direct dependencies -->
-    <PackageVersion Include="Newtonsoft.Json" Version="12.0.3" />  <!-- Has known vulnerabilities -->
-    <PackageVersion Include="System.Text.RegularExpressions" Version="4.3.0" /> <!-- Known regex vulnerability -->
-    <PackageVersion Include="System.Net.Http" Version="4.3.0" /> <!-- Contains security vulnerabilities -->
-
+    <PackageVersion Include="Newtonsoft.Json" Version="12.0.3" />
+    <!-- Has known vulnerabilities -->
+    <PackageVersion Include="RestSharp" Version="111.4.1" />
+    <PackageVersion Include="System.Text.Json" Version="8.0.0" />
+    <PackageVersion Include="System.Text.RegularExpressions" Version="4.3.0" />
+    <!-- Known regex vulnerability -->
+    <PackageVersion Include="System.Net.Http" Version="4.3.3" />
+    <!-- Contains security vulnerabilities -->
     <!-- API dependencies -->
-    <PackageVersion Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0" /> <!-- Intentionally older version -->
-    <PackageVersion Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="7.0.0" /> <!-- Older version -->
+    <PackageVersion Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="8.0.0" />
+    <!-- Intentionally older version -->
+    <PackageVersion Include="Microsoft.AspNetCore.Mvc.NewtonsoftJson" Version="7.0.0" />
+    <!-- Older version -->
     <PackageVersion Include="Microsoft.AspNetCore.OpenApi" Version="9.0.8" />
-    <PackageVersion Include="Swashbuckle.AspNetCore" Version="6.2.3" /> <!-- Outdated version -->
-
+    <PackageVersion Include="Swashbuckle.AspNetCore" Version="6.2.3" />
+    <!-- Outdated version -->
     <!-- Library dependencies with transitive vulnerabilities -->
-    <PackageVersion Include="Microsoft.AspNet.WebApi.Client" Version="5.2.7" /> <!-- Has vulnerable dependencies -->
-    <PackageVersion Include="Microsoft.Data.OData" Version="5.8.4" /> <!-- Contains vulnerable dependency chain -->
-
+    <PackageVersion Include="Microsoft.AspNet.WebApi.Client" Version="5.2.7" />
+    <!-- Has vulnerable dependencies -->
+    <PackageVersion Include="Microsoft.Data.OData" Version="5.8.4" />
+    <!-- Contains vulnerable dependency chain -->
     <!-- Utility dependencies -->
-    <PackageVersion Include="log4net" Version="2.0.12" /> <!-- Has known vulnerabilities -->
-    <PackageVersion Include="SharpZipLib" Version="1.3.1" /> <!-- Contains security issues -->
+    <PackageVersion Include="log4net" Version="2.0.12" />
+    <!-- Has known vulnerabilities -->
+    <PackageVersion Include="SharpZipLib" Version="1.3.1" />
+    <!-- Contains security issues -->
   </ItemGroup>
 </Project>
diff --git a/VulnerableLibrary/VulnerableLibrary.csproj b/VulnerableLibrary/VulnerableLibrary.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFramework>net9.0</TargetFramework>
@@ -10,7 +10,10 @@
     <PackageReference Include="Microsoft.AspNet.WebApi.Client" />
     <PackageReference Include="Microsoft.Data.OData" />
     <PackageReference Include="Microsoft.Extensions.Logging" />
+    <PackageReference Include="Newtonsoft.Json" />
+    <PackageReference Include="RestSharp" />
     <PackageReference Include="SharpZipLib" />
+    <PackageReference Include="System.Text.Json" />
     <PackageReference Include="System.Text.RegularExpressions" />
   </ItemGroup>