From a11651875f533f524e7695a3cbbd22ccc65341a2 Mon Sep 17 00:00:00 2001
From: Rohan <142411639+Rohannagariya1@users.noreply.github.com>
Date: Thu, 11 Jun 2026 20:11:13 +0530
Subject: [PATCH] fix(security): pin System.Net.Http 4.3.4 +
 System.Text.RegularExpressions 4.3.1 [APS-19257 APS-19258]

- Add explicit PackageReference pins overriding vulnerable transitive 4.3.0
  versions pulled in via NETStandard.Library 1.6.1
- System.Net.Http 4.3.0 -> 4.3.4 (GHSA-7jgj-8wvc-jh57, .NET Core Information Disclosure)
- System.Text.RegularExpressions 4.3.0 -> 4.3.1 (GHSA-cmhx-cq75-c4mj, Regex DoS)
- project.assets.json confirms resolved versions are now 4.3.4 / 4.3.1

Resolves: APS-19257, APS-19258

Co-Authored-By: Claude Fable 5 <noreply@anthropic.com>
---
 .../MSTest-Playwright-BrowserStack.csproj                      | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/MSTest-Playwright-BrowserStack/MSTest-Playwright-BrowserStack.csproj b/MSTest-Playwright-BrowserStack/MSTest-Playwright-BrowserStack.csproj
index f410c36..cd1eef0 100644
--- a/MSTest-Playwright-BrowserStack/MSTest-Playwright-BrowserStack.csproj
+++ b/MSTest-Playwright-BrowserStack/MSTest-Playwright-BrowserStack.csproj
@@ -17,6 +17,9 @@
     <PackageReference Include="MSTest.TestAdapter" Version="2.2.8" />
     <PackageReference Include="MSTest.TestFramework" Version="2.2.8" />
     <PackageReference Include="coverlet.collector" Version="3.1.2" />
+    <!-- Security pins: override vulnerable transitive 4.3.0 (via NETStandard.Library 1.6.1). APS-19257 / APS-19258 -->
+    <PackageReference Include="System.Net.Http" Version="4.3.4" />
+    <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
   </ItemGroup>
 
 </Project>