Skip to content

deps: remove stale System.Net.Http 4.3.4 and System.Text.RegularExpressions 4.3.1 pins#924

Merged
akunzai merged 3 commits into
mainfrom
chore/update-deps
May 28, 2026
Merged

deps: remove stale System.Net.Http 4.3.4 and System.Text.RegularExpressions 4.3.1 pins#924
akunzai merged 3 commits into
mainfrom
chore/update-deps

Conversation

@akunzai
Copy link
Copy Markdown
Owner

@akunzai akunzai commented May 28, 2026

Summary

Removed two stale central package pins that were no longer required:

  • System.Net.Http 4.3.4
  • System.Text.RegularExpressions 4.3.1

Background

These were added as transitive pins (with CentralPackageTransitivePinningEnabled) to address old backport packages commonly flagged by security scanners (e.g. CVE-2019-0820 for the Regex package).

After review:

  • No project in the main solution directly references either package.
  • The only System.Text.RegularExpressions usages are fully-qualified BCL calls in E2E Playwright tests.
  • dotnet restore on CAS.slnx succeeds cleanly with no resolution errors.
  • dotnet list package --include-transitive on key projects (including the Owin library) shows neither package in the active dependency graph.

Scope

  • The Owin-related projects remain intentionally legacy for .NET Framework / net462 compatibility (as discussed).
  • The Microsoft.AspNetCore.WebUtilities 2.3.10 pin for netstandard2.0/net4* targets was left in place (required by the Owin handler).

Verification

  • Full solution restore succeeded.
  • No new build or audit warnings introduced by the removal.

This continues the dependency hygiene work on the chore/update-deps branch.

akunzai added 3 commits May 28, 2026 14:57
@akunzai
Bump StackExchange.Redis from 2.13.1 to 2.13.17
6c8dd7c 
- https://github.com/StackExchange/StackExchange.Redis/releases/tag/2.3.17
@akunzai
Update NPM packages
5f5c90a
@akunzai
deps: remove stale System.Net.Http 4.3.4 and System.Text.RegularExpre…
87f81f0 
…ssions 4.3.1 pins

These were transitive pins for very old backport packages.
Analysis showed no direct or active transitive usage in the main solution after removal.
The Owin path remains intentionally legacy for .NET Framework compatibility.
@github-actions github-actions Bot added dependencies Pull requests that update a dependency file samples Changes to sample applications labels May 28, 2026
@codecov
Copy link
Copy Markdown

codecov Bot commented May 28, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 71.08%. Comparing base (446af05) to head (87f81f0).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main     #924   +/-   ##
=======================================
  Coverage   71.08%   71.08%           
=======================================
  Files          42       42           
  Lines        1048     1048           
  Branches      136      136           
=======================================
  Hits          745      745           
  Misses        240      240           
  Partials       63       63

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@akunzai akunzai merged commit a895965 into main May 28, 2026
13 checks passed
@akunzai akunzai deleted the chore/update-deps branch May 28, 2026 07:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file samples Changes to sample applications

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@akunzai