Skip to content

Bump Scriban from 7.2.0 to 7.2.5 to fix NU1902 vulnerability#14133

Merged
SergeyMenshykh merged 1 commit into
microsoft:mainfrom
SergeyMenshykh:sergeymenshykh-bump-scriban-dependency
Jul 1, 2026
Merged

Bump Scriban from 7.2.0 to 7.2.5 to fix NU1902 vulnerability#14133
SergeyMenshykh merged 1 commit into
microsoft:mainfrom
SergeyMenshykh:sergeymenshykh-bump-scriban-dependency

Conversation

@SergeyMenshykh

Copy link
Copy Markdown
Contributor

Fixes CI failure caused by NU1902 errors due to known moderate severity vulnerabilities in Scriban 7.2.0 (GHSA-6q7j-xr26-3h2c, GHSA-q6rr-fm2g-g5x8).

The CI was failing with NU1902 errors because Scriban 7.2.0 has known
moderate severity vulnerabilities (GHSA-6q7j-xr26-3h2c, GHSA-q6rr-fm2g-g5x8).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings July 1, 2026 15:53
@SergeyMenshykh SergeyMenshykh requested a review from a team as a code owner July 1, 2026 15:53

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the centrally managed .NET package version for Scriban to address NU1902 vulnerability findings that are currently failing CI for the repository’s .NET builds.

Changes:


💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@github-actions github-actions Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated Code Review

Reviewers: 5 | Confidence: 86% | Result: All clear

Reviewed: Correctness, Security Reliability, Test Coverage, Failure Modes, Design Approach


Automated review by SergeyMenshykh's agents

@SergeyMenshykh SergeyMenshykh enabled auto-merge July 1, 2026 17:56
@SergeyMenshykh SergeyMenshykh added this pull request to the merge queue Jul 1, 2026
@github-merge-queue github-merge-queue Bot removed this pull request from the merge queue due to failed status checks Jul 1, 2026
@SergeyMenshykh SergeyMenshykh added this pull request to the merge queue Jul 1, 2026
Merged via the queue into microsoft:main with commit f25753b Jul 1, 2026
19 of 30 checks passed
@SergeyMenshykh SergeyMenshykh deleted the sergeymenshykh-bump-scriban-dependency branch July 1, 2026 19:01
@github-project-automation github-project-automation Bot moved this from In Review to Done in Agent Framework Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

Status: Done

Development

Successfully merging this pull request may close these issues.

4 participants