-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDirectory.Packages.props
More file actions
46 lines (37 loc) · 2.33 KB
/
Copy pathDirectory.Packages.props
File metadata and controls
46 lines (37 loc) · 2.33 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
<Project>
<!-- Central Package Management: one source of truth for dependency versions. -->
<PropertyGroup>
<ManagePackageVersionsCentrally>true</ManagePackageVersionsCentrally>
<CentralPackageTransitivePinningEnabled>true</CentralPackageTransitivePinningEnabled>
</PropertyGroup>
<ItemGroup>
<!-- Cross-check oracle + hybrid ML-DSA primitives (test + hybrid only). -->
<PackageVersion Include="BouncyCastle.Cryptography" Version="2.5.1" />
<!-- DI / options / logging abstractions for AspNetCore + state stores. -->
<PackageVersion Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="8.0.2" />
<PackageVersion Include="Microsoft.Extensions.DependencyInjection" Version="8.0.1" />
<PackageVersion Include="Microsoft.Extensions.Options" Version="8.0.2" />
<PackageVersion Include="Microsoft.Extensions.Logging.Abstractions" Version="8.0.2" />
<PackageVersion Include="Microsoft.Extensions.Diagnostics.HealthChecks.Abstractions" Version="8.0.10" />
<!-- SQLite reference state store -->
<PackageVersion Include="Microsoft.Data.Sqlite" Version="8.0.10" />
<!-- Transitive pin: the Microsoft.Data.Sqlite 8.0 LTS line resolves the native
SQLitePCLRaw bundle at 2.1.6. The entire 2.x native line (SQLitePCLRaw.lib.e_sqlite3
<= 2.1.11) carries advisory GHSA-2m69-gcr7-jv3q (bundled SQLite CVE). The 3.x bundle
replaces that native package with SourceGear.sqlite3 (SQLite 3.50.x, patched), so the
flagged package leaves the graph. Transitive pinning lifts the bundle for all consumers. -->
<PackageVersion Include="SQLitePCLRaw.bundle_e_sqlite3" Version="3.0.3" />
<!-- Benchmarks -->
<PackageVersion Include="BenchmarkDotNet" Version="0.14.0" />
<!-- CLI -->
<PackageVersion Include="System.CommandLine" Version="2.0.0-beta4.22272.1" />
<!-- Analyzers -->
<PackageVersion Include="Microsoft.CodeAnalysis.CSharp" Version="4.11.0" />
<PackageVersion Include="Microsoft.CodeAnalysis.Analyzers" Version="3.11.0" />
<!-- Test stack -->
<PackageVersion Include="Microsoft.NET.Test.Sdk" Version="17.11.1" />
<PackageVersion Include="xunit" Version="2.9.2" />
<PackageVersion Include="xunit.runner.visualstudio" Version="2.8.2" />
<PackageVersion Include="coverlet.collector" Version="6.0.2" />
</ItemGroup>
</Project>