Skip to content

.NET: Update GitHub.Copilot.SDK to 1.0.0-beta.2 to address NU1903#5697

Closed
Copilot wants to merge 3 commits intomainfrom
copilot/fix-nerdbank-messagepack-vulnerability
Closed

.NET: Update GitHub.Copilot.SDK to 1.0.0-beta.2 to address NU1903#5697
Copilot wants to merge 3 commits intomainfrom
copilot/fix-nerdbank-messagepack-vulnerability

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented May 7, 2026
edited
Loading

Motivation and Context

GitHub.Copilot.SDK 0.1.29 transitively pulls Nerdbank.MessagePack 1.0.2 (via StreamJsonRpc), which has a known high severity vulnerability (GHSA-2cwq-pwfr-wcw3 — attacker-controlled stackalloc in DateTime decoding causes a process-terminating StackOverflowException, fixed in 1.1.62). This surfaces as NU1903 errors and breaks the build under TreatWarningsAsErrors.

Per review feedback, since we don't depend on Nerdbank.MessagePack directly, the cleaner fix is to upgrade GitHub.Copilot.SDK itself rather than pin the transitive dependency — the newer SDK releases (1.0.0-beta.1/1.0.0-beta.2) no longer reference StreamJsonRpc/Nerdbank.MessagePack at all.

Description

  • Bumped GitHub.Copilot.SDK from 0.1.29 to the latest 1.0.0-beta.2 in dotnet/Directory.Packages.props. Its only dependencies are now Microsoft.Extensions.AI.Abstractions, Microsoft.Extensions.Logging.Abstractions, and System.Text.Json, eliminating the vulnerable chain.
  • Adapted call sites in Microsoft.Agents.AI.GitHub.Copilot, the Agent_With_GitHubCopilot sample, and the unit/integration tests to match the new SDK API:
    • UserMessageDataAttachmentsItem / UserMessageDataAttachmentsItemFileUserMessageAttachmentFile
    • McpLocalServerConfig (stdio) / McpRemoteServerConfig (http) → McpStdioServerConfig / McpHttpServerConfig (the explicit Type discriminator is no longer needed)
    • McpServers dictionary value type changed from object to the new McpServerConfig base type
    • PermissionRequestResult.Kind is now strongly typed: stringPermissionRequestResultKind enum (Approved / Rejected)

Verified dotnet build succeeds with 0 warnings/errors across net8.0/net9.0/net10.0 for the src project, unit tests, integration tests, and the sample. All 45 unit tests pass.

Note: there is overlap with #5699 which performs the same SDK upgrade; either PR can supersede the other.

Contribution Checklist

  • The code builds clean without any errors or warnings
  • The PR follows the Contribution Guidelines
  • All unit tests pass, and I have added new tests where possible
  • Is this a breaking change? If yes, add "[BREAKING]" prefix to the title of the PR.

@rogerbarreto
Verify build
cbc45c9 
Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/d9d91295-72ca-4a34-ac27-2b97ea1abcfe

Co-authored-by: rogerbarreto <19890735+rogerbarreto@users.noreply.github.com>
Copilot AI review requested due to automatic review settings May 7, 2026 14:57
Copilot AI review requested due to automatic review settings May 7, 2026 14:57
@rogerbarreto rogerbarreto marked this pull request as ready for review May 7, 2026 14:58
Copilot AI review requested due to automatic review settings May 7, 2026 14:58
@moonbox3 moonbox3 added the .NET label May 7, 2026
Copilot AI temporarily deployed to integration May 7, 2026 14:58 Inactive
Copilot AI temporarily deployed to integration May 7, 2026 14:58 Inactive
@github-actions github-actions Bot changed the title Pin Nerdbank.MessagePack to 1.1.62 to address NU1903 .NET: Pin Nerdbank.MessagePack to 1.1.62 to address NU1903 May 7, 2026
Copilot AI reviewed May 7, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Pins a vulnerable transitive dependency (Nerdbank.MessagePack) via .NET Central Package Management to eliminate NU1903 failures caused by GitHub.Copilot.SDK’s transitive dependency graph.

Changes:

  • Adds a central transitive pin for Nerdbank.MessagePack to version 1.1.62 in dotnet/Directory.Packages.props.
  • Documents the security motivation inline (GHSA-2cwq-pwfr-wcw3 / NU1903).

@rogerbarreto rogerbarreto moved this to In Review in Agent Framework May 7, 2026
@lokitoth
Copy link
Copy Markdown
Member

lokitoth commented May 7, 2026
edited
Loading

We don't rely directly on Nerdbank.MessagePack, we get it through the GitHub.Copilot.SDK; should we just update that dependency instead (since the later ones, 1.0.0-beta.1 and 1.0.0-beta.2 don't include the transitive dependency that pulled this in: StreamJsonRpc)? (PR here)

(Happy to do it either way, so approving now, but wanted to raise awareness)

@lokitoth lokitoth added this pull request to the merge queue May 7, 2026
@lokitoth lokitoth removed this pull request from the merge queue due to a manual request May 7, 2026
@lokitoth
Copy link
Copy Markdown
Member

lokitoth commented May 7, 2026

(Sorry, wrong tab; did not mean to trigger merge queue)

@rogerbarreto
Copy link
Copy Markdown
Member

rogerbarreto commented May 7, 2026

@copilot Please follow suggestion from @lokitoth, please check most recent version from the SDK

We don't rely directly on Nerdbank.MessagePack, we get it through the GitHub.Copilot.SDK; should we just update that dependency instead

@rogerbarreto
Upgrade GitHub.Copilot.SDK to 1.0.0-beta.2 (drops vulnerable Nerdbank…
cf5b467 
….MessagePack)

Agent-Logs-Url: https://github.com/microsoft/agent-framework/sessions/87766014-7331-4d2c-bf53-d59097d66021

Co-authored-by: rogerbarreto <19890735+rogerbarreto@users.noreply.github.com>
Copy link
Copy Markdown
Contributor Author

Copilot AI commented May 7, 2026
edited
Loading

@copilot Please follow suggestion from @lokitoth, please check most recent version from the SDK

We don't rely directly on Nerdbank.MessagePack, we get it through the GitHub.Copilo...

Done in cf5b467 — upgraded GitHub.Copilot.SDK to the latest 1.0.0-beta.2 (which no longer pulls in StreamJsonRpc / Nerdbank.MessagePack) and removed the transitive pin. Adapted call sites to the new SDK API (UserMessageAttachmentFile, McpStdioServerConfig/McpHttpServerConfig, Dictionary<string, McpServerConfig>, PermissionRequestResultKind enum). Builds clean on net8/9/10 and all 45 unit tests pass.

We don't rely directly on Nerdbank.MessagePack, we get it through the GitHub.Copilot.SDK; should we just update that dependency instead (since the later ones, 1.0.0-beta.1 and 1.0.0-beta.2 don...

Switched approach in cf5b467 to upgrade GitHub.Copilot.SDK to 1.0.0-beta.2 instead of pinning the transitive — drops the Nerdbank.MessagePack/StreamJsonRpc chain entirely. (Note: there is overlap with #5699; happy to defer if that one merges first.)

Copilot AI changed the title .NET: Pin Nerdbank.MessagePack to 1.1.62 to address NU1903 .NET: Update GitHub.Copilot.SDK to 1.0.0-beta.2 to address NU1903 May 7, 2026
Copilot AI requested a review from rogerbarreto May 7, 2026 17:32
Copilot AI temporarily deployed to integration May 7, 2026 17:55 Inactive
Copilot AI temporarily deployed to integration May 7, 2026 17:55 Inactive
@rogerbarreto
Copy link
Copy Markdown
Member

rogerbarreto commented May 7, 2026

Superseded by

@github-project-automation github-project-automation Bot moved this from In Review to Done in Agent Framework May 7, 2026
@rogerbarreto rogerbarreto deleted the copilot/fix-nerdbank-messagepack-vulnerability branch May 7, 2026 18:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@lokitoth lokitoth lokitoth approved these changes

@westey-m westey-m westey-m approved these changes

@rogerbarreto rogerbarreto Awaiting requested review from rogerbarreto

Assignees

@rogerbarreto rogerbarreto

Copilot code review Copilot

Labels

.NET

Projects

Agent Framework
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@lokitoth @rogerbarreto @westey-m @moonbox3