[Repo Assist] Microsoft.Build 17.11.4 has known high-severity security vulnerabilities β needs updateΒ #1615
Description
π€ This is an automated issue from Repo Assist.
The Microsoft.Build, Microsoft.Build.Framework, Microsoft.Build.Tasks.Core, and Microsoft.Build.Utilities.Core packages pinned at 17.11.4 in the Fake group of paket.dependencies have known high-severity vulnerabilities:
- GHSA-w3q9-fxm7-j8fq β affects
Microsoft.Build,Microsoft.Build.Tasks.Core,Microsoft.Build.Utilities.Core - GHSA-h4j7-5rxr-p4wc β affects
Microsoft.Build.Tasks.Core
These packages are only used by the FAKE build toolchain (build/build.fsproj), so the production library itself is not affected at runtime. However the build environment is exposed.
Recommended Fix
Update to Microsoft.Build 17.14.28 (latest 17.x). Note that 17.14.x targets .NETFramework rather than net8.0 on NuGet, so compatibility with FAKE on .NET 8 should be tested. Alternatively, consider whether FAKE 6.1.4 supports Microsoft.Build 17.14.x.
These packages were intentionally skipped in the recent dependency bump PR to allow maintainers to review the upgrade path.
Generated by Repo Assist
To install this workflow, run
gh aw add githubnext/agentics/workflows/repo-assist.md@0d6e8cf9db90470cd5477c6a40b350fd9f9e1422. View source at https://github.com/githubnext/agentics/tree/0d6e8cf9db90470cd5477c6a40b350fd9f9e1422/workflows/repo-assist.md.
Warning
β οΈ Firewall blocked 3 domains
The following domains were blocked by the firewall during workflow execution:
schemas.microsoft.comtomasp.netwww.google.com