fix(security): pin System.Net.Http 4.3.4 + System.Text.RegularExpressions 4.3.1 [APS-19467 APS-19468]

Rohannagariya1 · claude · Rohannagariya1 · commit ddbe2430747e · 2026-06-11T20:07:02.000+05:30
- Add explicit PackageReference pins overriding vulnerable transitive 4.3.0 versions pulled in via NETStandard.Library 1.6.1 - System.Net.Http 4.3.0 -> 4.3.4 (GHSA-7jgj-8wvc-jh57, .NET Core Information Disclosure) - System.Text.RegularExpressions 4.3.0 -> 4.3.1 (GHSA-cmhx-cq75-c4mj, Regex DoS) - dotnet list package --vulnerable now reports no vulnerable packages Resolves: APS-19467, APS-19468 Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
diff --git a/NunitPlaywrightBrowserstack.Tests/NunitPlaywrightBrowserstack.Tests.csproj b/NunitPlaywrightBrowserstack.Tests/NunitPlaywrightBrowserstack.Tests.csproj
@@ -18,6 +18,9 @@
     <PackageReference Include="NUnit" Version="4.3.2" />
     <PackageReference Include="NUnit.Analyzers" Version="4.6.0" />
     <PackageReference Include="NUnit3TestAdapter" Version="4.6.0" />
+    <!-- Security pins: override vulnerable transitive 4.3.0 (via NETStandard.Library 1.6.1). APS-19467 / APS-19468 -->
+    <PackageReference Include="System.Net.Http" Version="4.3.4" />
+    <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
   </ItemGroup>
 
   <ItemGroup>
