Bump System.Text.RegularExpressions from 4.3.0 to 4.3.1#9
Conversation
--- updated-dependencies: - dependency-name: System.Text.RegularExpressions dependency-version: 4.3.1 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
.NET
Rohannagariya1
left a comment
Rohannagariya1
left a comment
There was a problem hiding this comment.
✅ Approved — APS-19256. System.Text.RegularExpressions 4.3.0→4.3.1 (Regex DoS, patched 4.3.1). Verified via dotnet dependency scanner: both flagged packages resolved transitively at the vulnerable 4.3.0 (via NETStandard.Library 1.6.1); after this pin dotnet list package --vulnerable reports no vulnerable packages. Live session/test execution was environment-blocked (missing .NET 6 runtime / Playwright driver locally per the runbook prereqs) — not a regression; the dependency fix itself is scanner-verified. Build succeeds. Safe to merge.
…st_browserstack/System.Text.RegularExpressions-4.3.1 # Conflicts: # MSTest_browserstack/MSTest_browserstack.csproj
Rohannagariya1
dismissed stale reviews from karanshah-browserstack and themself
via
e8b7893
Rohannagariya1
left a comment
Rohannagariya1
left a comment
There was a problem hiding this comment.
Re-approving after resolving the merge conflict with main (sibling System.Net.Http PR #8 was merged, which moved main). Resolution: merged origin/main into the branch keeping both PackageReferences — System.Net.Http 4.3.4 (from #8) and System.Text.RegularExpressions 4.3.1 (this PR). Single-file .csproj change, no lockfile. Conflict cleared (mergeable). cc @karanshah-browserstack — your prior approval was auto-dismissed by the resolution commit; please re-approve + merge.
karanshah-browserstack
deleted the
dependabot/nuget/MSTest_browserstack/System.Text.RegularExpressions-4.3.1
branch
2 participants
Pinned System.Text.RegularExpressions at 4.3.1.
You can trigger a rebase of this PR by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)You can disable automated security fix PRs for this repo from the Security Alerts page.