Skip to content

fix: pin Microsoft.Bcl.Memory to 9.0.14 to fix DoS vulnerability#2

Draft
NatYou345 with Copilot wants to merge 1 commit into
masterfrom
copilot/fix-dependency-alerts
Draft

fix: pin Microsoft.Bcl.Memory to 9.0.14 to fix DoS vulnerability#2
NatYou345 with Copilot wants to merge 1 commit into
masterfrom
copilot/fix-dependency-alerts

Conversation

Copilot AI commented Apr 9, 2026

Copy link
Copy Markdown

Summary

Fixes the Dependabot security alert for Microsoft.Bcl.Memory.

Vulnerability: .NET Denial of Service Vulnerability

  • Affected versions: >= 9.0.0, <= 9.0.13
  • Patched version: 9.0.14

Changes

  • PingCastle/PingCastle.csproj: Added explicit PackageReference to pin Microsoft.Bcl.Memory to 9.0.14 (addresses the Dependabot PR Bump Microsoft.Bcl.Memory from 9.0.0 to 9.0.14 #1)
  • PingCastleCommon/PingCastleCommon.csproj: Added explicit PackageReference to pin Microsoft.Bcl.Memory to 9.0.14 (also uses Azure.Core and Microsoft.Graph.Beta which transitively pull in this package)

Validation

  • ✅ Code review: no issues found
  • ✅ CodeQL scans: already passing (all scheduled and push-triggered scans succeed on master)
  • ✅ No other Dependabot or code scanning alerts detected

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants