PowderCoatingLogix

spouliot/PowderCoatingLogix

Fork 0

Commit Graph

Author	SHA1	Message	Date
spouliot	c4625ba28a	Security: document unpatched System.Security.Cryptography.Xml advisory GHSA-37gx-xxp4-5rgx and GHSA-w3x6-4m5h-cxqf (XML signature vulns) affect 8.0.2 transitively. No patched version exists in the NuGet feed yet — 9.0.0 is also flagged. Tracked in Directory.Build.props for re-check when a fix ships. System.Net.Http 4.1.0 and System.Security.Cryptography.X509Certificates 4.1.0 are false positives: same NCalc2 -> Antlr4 -> NETStandard.Library 1.6.0 chain already documented; .NET 8 BCL provides the runtime versions. Microsoft.Build / NuGet.* are build-tooling-only, not deployed to production. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-13 22:17:46 -04:00
spouliot	cf07356147	Fix all NU1605 errors: suppress via Directory.Build.props instead of per-package pins NCalc2 -> Antlr4 -> Antlr4.Runtime -> NETStandard.Library 1.6.0 triggers 6+ NU1605 downgrade warnings on linux-x64 publish (System.IO.FileSystem.Primitives, System.Text.Encoding.Extensions, System.Diagnostics.Tracing, Microsoft.Win32.Primitives, System.IO.FileSystem, System.Net.Primitives). All are harmless — .NET 8 supplies these natively. Directory.Build.props suppresses NU1605 solution-wide cleanly. Removes the individual System.Runtime.InteropServices pin added in previous commit. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-06-01 23:41:56 -04:00

Author

SHA1

Message

Date

spouliot

c4625ba28a

Security: document unpatched System.Security.Cryptography.Xml advisory

GHSA-37gx-xxp4-5rgx and GHSA-w3x6-4m5h-cxqf (XML signature vulns) affect
8.0.2 transitively. No patched version exists in the NuGet feed yet — 9.0.0
is also flagged. Tracked in Directory.Build.props for re-check when a fix ships.

System.Net.Http 4.1.0 and System.Security.Cryptography.X509Certificates 4.1.0
are false positives: same NCalc2 -> Antlr4 -> NETStandard.Library 1.6.0 chain
already documented; .NET 8 BCL provides the runtime versions.

Microsoft.Build / NuGet.* are build-tooling-only, not deployed to production.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-06-13 22:17:46 -04:00

spouliot

cf07356147

Fix all NU1605 errors: suppress via Directory.Build.props instead of per-package pins

NCalc2 -> Antlr4 -> Antlr4.Runtime -> NETStandard.Library 1.6.0 triggers 6+
NU1605 downgrade warnings on linux-x64 publish (System.IO.FileSystem.Primitives,
System.Text.Encoding.Extensions, System.Diagnostics.Tracing, Microsoft.Win32.Primitives,
System.IO.FileSystem, System.Net.Primitives). All are harmless — .NET 8 supplies
these natively. Directory.Build.props suppresses NU1605 solution-wide cleanly.
Removes the individual System.Runtime.InteropServices pin added in previous commit.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-06-01 23:41:56 -04:00

2 Commits