Skip to content

Update NuGet Client packages to 6.14.3 to address GHSA-g4vj-cjjj-v7hg#10391

Closed
Copilot wants to merge 2 commits intomainfrom
copilot/update-nuget-client-pkg
Closed

Update NuGet Client packages to 6.14.3 to address GHSA-g4vj-cjjj-v7hg#10391
Copilot wants to merge 2 commits intomainfrom
copilot/update-nuget-client-pkg

Conversation

Copy link
Copy Markdown
Contributor

Copilot AI commented Apr 15, 2026
edited
Loading

NuGet Client packages at 6.14.0 are vulnerable to package identity spoofing (GHSA-g4vj-cjjj-v7hg), now causing build errors.

  • Bump NuGet.Configuration, NuGet.Versioning, NuGet.Protocol from 6.14.0 → 6.14.3 in Packages.Data.props

6.14.3 is the minimum patched version for the 6.14.x line.

Copilot AI linked an issue Apr 15, 2026 that may be closed by this pull request
Update NuGet Client Pkg to Address Vulnerabilities #10390
Closed
@jorgerangel-msft
fix: update NuGet packages to 6.14.3 to address GHSA-g4vj-cjjj-v7hg
fcdbc9b 
Agent-Logs-Url: https://github.com/microsoft/typespec/sessions/bf68d631-cbdd-4b1f-a16f-361a37d28523

Co-authored-by: jorgerangel-msft <102122018+jorgerangel-msft@users.noreply.github.com>
@microsoft-github-policy-service microsoft-github-policy-service bot added the emitter:client:csharp Issue for the C# client emitter: @typespec/http-client-csharp label Apr 15, 2026
Copilot AI changed the title [WIP] Update NuGet client package to address vulnerabilities Update NuGet Client packages to 6.14.3 to address GHSA-g4vj-cjjj-v7hg Apr 15, 2026
Copilot AI requested a review from jorgerangel-msft April 15, 2026 19:09
@jorgerangel-msft jorgerangel-msft deleted the copilot/update-nuget-client-pkg branch April 15, 2026 19:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jorgerangel-msft jorgerangel-msft Awaiting requested review from jorgerangel-msft jorgerangel-msft is a code owner

@m-nash m-nash Awaiting requested review from m-nash m-nash will be requested when the pull request is marked ready for review m-nash is a code owner

@JoshLove-msft JoshLove-msft Awaiting requested review from JoshLove-msft JoshLove-msft will be requested when the pull request is marked ready for review JoshLove-msft is a code owner

@christothes christothes Awaiting requested review from christothes christothes will be requested when the pull request is marked ready for review christothes is a code owner

@jsquire jsquire Awaiting requested review from jsquire jsquire will be requested when the pull request is marked ready for review jsquire is a code owner

@ShivangiReja ShivangiReja Awaiting requested review from ShivangiReja ShivangiReja will be requested when the pull request is marked ready for review ShivangiReja is a code owner

@joseharriaga joseharriaga Awaiting requested review from joseharriaga joseharriaga will be requested when the pull request is marked ready for review joseharriaga is a code owner

Assignees

@jorgerangel-msft jorgerangel-msft

Copilot code review Copilot

Labels

emitter:client:csharp Issue for the C# client emitter: @typespec/http-client-csharp

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Update NuGet Client Pkg to Address Vulnerabilities

2 participants

@jorgerangel-msft