chore(deps): bump ASP.NET/EF Core 9.0.9->9.0.15 + fix vuln ImageSharp

gustavograciano · gustavograciano · commit 6ac4fb0197a2 · 2026-04-22T08:32:35.000-03:00
Consolida bumps seguros que estavam em Dependabot PRs obsoletos (fechados em lote). Principais motivacoes: - SixLabors.ImageSharp 3.1.5 -> 3.1.12: - GHSA-2cmq-823j-5qj8 (high): fix de SixLabors.ImageSharp - GHSA-rxmq-m78w-7wmc (moderate): idem - Runtime patches (sem breaking): - Microsoft.AspNetCore.Authentication.JwtBearer 9.0.9 -> 9.0.15 - Microsoft.AspNetCore.OpenApi 9.0.0 -> 9.0.15 - Microsoft.EntityFrameworkCore[.Design/.SqlServer/.InMemory] 9.0.9 -> 9.0.15 - Microsoft.IdentityModel.Tokens 8.14.0 -> 8.14.2 - System.IdentityModel.Tokens.Jwt 8.14.0 -> 8.14.2 - Infra de config: - nuget.config na raiz do repo consolida todos os projetos em src/ pra usarem apenas nuget.org (antes Application/Infrastructure/ Jobs herdavam feed Azure DevOps privado do config global do dev, que falha com 401 em maquina sem credenciais) Validacao: 120 testes passando, build Release 0 warnings. PRs do Dependabot fechados neste lote (obsoletos contra main atualizado): - #3 setup-node (gh actions, sem workflow scope) - #4 cache - #6 setup-dotnet - #11 eslint group - #12 globals - #13 BCrypt - #14 axios (caret ja puxava a nova via npm) - #18 aspnet group (superseded por este commit) - #19 EF Design (idem) - #20 Serilog group (Sinks.Seq 9.0.1 nao existe; mantemos 9.0.0) Major bumps arriscados fechados para review futuro: - #5 upload-artifact 4->7 - #7 react group - #8 vite group - #9 node 20->25-alpine - #10 dotnet/sdk 9->10 - #15 coverlet 6->10 - #16 dotnet/aspnet 9->10 - #21 Swashbuckle 9->10
diff --git a/ImovelStand.Api/ImovelStand.Api.csproj b/ImovelStand.Api/ImovelStand.Api.csproj
@@ -11,9 +11,9 @@
     <PackageReference Include="Hangfire.AspNetCore" Version="1.8.14" />
     <PackageReference Include="Hangfire.SqlServer" Version="1.8.14" />
     <PackageReference Include="Mapster.DependencyInjection" Version="1.0.1" />
-    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="9.0.9" />
-    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.0" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.9">
+    <PackageReference Include="Microsoft.AspNetCore.Authentication.JwtBearer" Version="9.0.15" />
+    <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="9.0.15" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.15">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
diff --git a/ImovelStand.Tests/ImovelStand.Tests.csproj b/ImovelStand.Tests/ImovelStand.Tests.csproj
@@ -9,7 +9,7 @@
 
   <ItemGroup>
     <PackageReference Include="coverlet.collector" Version="6.0.2" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="9.0.9" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.InMemory" Version="9.0.15" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.11.1" />
     <PackageReference Include="Moq" Version="4.20.72" />
     <PackageReference Include="xunit" Version="2.9.2" />
diff --git a/nuget.config b/nuget.config
@@ -0,0 +1,7 @@
+<?xml version="1.0" encoding="utf-8"?>
+<configuration>
+  <packageSources>
+    <clear />
+    <add key="nuget.org" value="https://api.nuget.org/v3/index.json" protocolVersion="3" />
+  </packageSources>
+</configuration>
diff --git a/src/ImovelStand.Application/ImovelStand.Application.csproj b/src/ImovelStand.Application/ImovelStand.Application.csproj
@@ -13,10 +13,10 @@
     <PackageReference Include="Mapster" Version="7.4.0" />
     <PackageReference Include="Microsoft.Extensions.Configuration.Abstractions" Version="9.0.0" />
     <PackageReference Include="Microsoft.Extensions.Http" Version="9.0.0" />
-    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.14.0" />
+    <PackageReference Include="Microsoft.IdentityModel.Tokens" Version="8.14.2" />
     <PackageReference Include="QuestPDF" Version="2024.10.2" />
-    <PackageReference Include="SixLabors.ImageSharp" Version="3.1.5" />
-    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.14.0" />
+    <PackageReference Include="SixLabors.ImageSharp" Version="3.1.12" />
+    <PackageReference Include="System.IdentityModel.Tokens.Jwt" Version="8.14.2" />
   </ItemGroup>
 
   <PropertyGroup>
diff --git a/src/ImovelStand.Infrastructure/ImovelStand.Infrastructure.csproj b/src/ImovelStand.Infrastructure/ImovelStand.Infrastructure.csproj
@@ -7,15 +7,15 @@
 
   <ItemGroup>
     <PackageReference Include="MailKit" Version="4.8.0" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="9.0.9" />
-    <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.9">
+    <PackageReference Include="Microsoft.EntityFrameworkCore" Version="9.0.15" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.Design" Version="9.0.15">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
-    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="9.0.9" />
+    <PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="9.0.15" />
     <PackageReference Include="Microsoft.Extensions.Http" Version="9.0.0" />
     <PackageReference Include="Minio" Version="6.0.3" />
-    <PackageReference Include="SixLabors.ImageSharp" Version="3.1.5" />
+    <PackageReference Include="SixLabors.ImageSharp" Version="3.1.12" />
   </ItemGroup>
 
   <PropertyGroup>
