Skip to content

chore(deps): update dependency nuget.protocol to 7.3.1 [security]#100

Open
Workleap IT (Infra-Workleap) wants to merge 1 commit into
mainfrom
renovate/nuget-nuget.protocol-vulnerability
Open

chore(deps): update dependency nuget.protocol to 7.3.1 [security]#100
Workleap IT (Infra-Workleap) wants to merge 1 commit into
mainfrom
renovate/nuget-nuget.protocol-vulnerability

Conversation

@Infra-Workleap

Copy link
Copy Markdown
Contributor

This PR contains the following updates:

Package Change Age Confidence
NuGet.Protocol (source) 7.3.07.3.1 age confidence

GitHub Vulnerability Alerts

GHSA-g4vj-cjjj-v7hg

Impact

This update adds validation of the package ID and version during package download, in addition to the existing package signature validation.

Patches

NuGet

The following NuGet.exe, NuGet.CommandLine, NuGet.Packaging, and NuGet.Protocol versions have been patched:

Affected versions Patched version
>= 4.9.0, <= 4.9.6 4.9.7
>= 5.11.0, <= 5.11.6 5.11.7
>= 6.8.0, <= 6.8.1 6.8.2
>= 6.11.0, <= 6.11.1 6.11.2
>= 6.12.0, <= 6.12.4 6.12.5
>= 6.14.0, <= 6.14.2 6.14.3
>= 7.0.0, <= 7.0.2 7.0.3
7.3.0 7.3.1

.NET SDK

  • .NET 8.0.126 SDK
  • .NET 8.0.420 SDK
  • .NET 9.0.116 SDK
  • .NET 9.0.313 SDK
  • .NET 10.0.106 SDK
  • .NET 10.0.202 SDK

Workarounds

N/A

References

GHSA-9r3h-v4hx-rhfr

Credit

splitline with DEVCORE


Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

Copilot AI review requested due to automatic review settings May 23, 2026 06:28
@Infra-Workleap Workleap IT (Infra-Workleap) requested a review from a team as a code owner May 23, 2026 06:28
@Infra-Workleap Workleap IT (Infra-Workleap) enabled auto-merge (squash) May 23, 2026 06:28
@Infra-Workleap

Copy link
Copy Markdown
Contributor Author

Branch automerge failure

This PR was configured for branch automerge. However, this is not possible, so it has been raised as a PR instead.


  • Branch has one or more failed status checks

Copilot AI left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR updates the Leap.Cli .NET tool’s NuGet client dependency to a patched release to address the NuGet vulnerability advisory referenced in the PR description (adds package ID/version validation during download).

Changes:

  • Bump NuGet.Protocol from 7.3.0 to 7.3.1 in src/Leap.Cli/Leap.Cli.csproj.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants