Skip to content

Commit 95475f6

Browse files
dbrattlidbrattli
committed
[All] pin transitive dependencies
Pin Microsoft.Build transitive dependencies to fix CVE-2025-55247
1 parent eeee438 commit 95475f6

File tree

1 file changed

+4
-0
lines changed

1 file changed

+4
-0
lines changed

src/Fable.Cli/Fable.Cli.fsproj

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -43,6 +43,10 @@
4343
</ItemGroup>
4444
<ItemGroup>
4545
<PackageReference Include="Buildalyzer" Version="8.0.0-fable-001" />
46+
<!-- Pin Microsoft.Build transitive dependencies to fix CVE-2025-55247 (GHSA-w3q9-fxm7-j8fq) -->
47+
<PackageReference Include="Microsoft.Build" Version="17.10.46" />
48+
<PackageReference Include="Microsoft.Build.Tasks.Core" Version="17.10.46" />
49+
<PackageReference Include="Microsoft.Build.Utilities.Core" Version="17.10.46" />
4650
<PackageReference Include="EasyBuild.PackageReleaseNotes.Tasks" Version="2.0.0">
4751
<IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
4852
<PrivateAssets>all</PrivateAssets>

0 commit comments

Comments
 (0)