Fix package version and security vulnerabilities

claude · claude · commit 50f90731ca08 · 2025-11-15T05:03:44.000Z
- Fixed Microsoft.AspNet.WebApi.Client: 6.0.2 (doesn't exist) → 6.0.0 - Added Microsoft.IdentityModel.JsonWebTokens 8.14.0 to fix GHSA-59j7-ghrg-fj52 vulnerability - Added System.IdentityModel.Tokens.Jwt 8.14.0 to fix GHSA-59j7-ghrg-fj52 vulnerability These explicit package references override the vulnerable 7.0.3 versions that were coming in as transitive dependencies.
diff --git a/src/NosCore.Networking/NosCore.Networking.csproj b/src/NosCore.Networking/NosCore.Networking.csproj
@@ -31,6 +31,8 @@
 		<PackageReference Include="DotNetty.Transport" Version="0.7.6" />
 		<PackageReference Include="NodaTime" Version="3.2.0" />
 		<PackageReference Include="NosCore.Packets" Version="15.0.0" />
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.14.0" />
+		<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.14.0" />
 	</ItemGroup>
 
 	<ItemGroup>
diff --git a/test/NosCore.Networking.Tests/NosCore.Networking.Tests.csproj b/test/NosCore.Networking.Tests/NosCore.Networking.Tests.csproj
@@ -24,12 +24,14 @@
 			<PrivateAssets>all</PrivateAssets>
 			<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
 		</PackageReference>
-		<PackageReference Include="Microsoft.AspNet.WebApi.Client" Version="6.0.2" />
+		<PackageReference Include="Microsoft.AspNet.WebApi.Client" Version="6.0.0" />
 		<PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.0.1" />
 		<PackageReference Include="Moq" Version="4.20.72" />
 		<PackageReference Include="MSTest.TestAdapter" Version="4.0.2" />
 		<PackageReference Include="MSTest.TestFramework" Version="4.0.2" />
 		<PackageReference Include="NodaTime.Testing" Version="3.2.0" />
+		<PackageReference Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.14.0" />
+		<PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.14.0" />
 	</ItemGroup>
 
 	<ItemGroup>
