Skip to content

fix(deps): pin Microsoft.OpenApi to 2.7.5 (GHSA-v5pm-xwqc-g5wc)#21

Merged
JerrettDavis merged 1 commit into
masterfrom
fix/vuln-openapi
Jul 3, 2026
Merged

fix(deps): pin Microsoft.OpenApi to 2.7.5 (GHSA-v5pm-xwqc-g5wc)#21
JerrettDavis merged 1 commit into
masterfrom
fix/vuln-openapi

Conversation

@JerrettDavis

Copy link
Copy Markdown
Owner

Pins Microsoft.OpenApi to version 2.7.5 to address the high-severity vulnerability GHSA-v5pm-xwqc-g5wc.

Changes

  • Added explicit PackageReference for Microsoft.OpenApi 2.7.5 in Directory.Packages.props (central package management)
  • Added PackageReference to FlowLedger.Api.csproj
  • Added PackageReference to FlowLedger.Api.Tests.csproj

Verification

  • dotnet list package --vulnerable --include-transitive: PASS (no vulnerable packages)

Co-Authored-By: Claude <noreply@anthropic.com>
@JerrettDavis JerrettDavis merged commit 51befa3 into master Jul 3, 2026
13 checks passed
@JerrettDavis JerrettDavis deleted the fix/vuln-openapi branch July 3, 2026 02:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant