From 8c917b4ad3f241cdaec80e242010a80491f450e1 Mon Sep 17 00:00:00 2001
From: Nikola Jokic <jokicnikola07@gmail.com>
Date: Thu, 21 Sep 2023 09:50:00 +0200
Subject: [PATCH] Bump directly dotnet vulnerable packages (#2870)

* Bump directly dotnet vulnerable packages

* Use just single file sdk upgrade for vulnerable dependencies

* Save with UTF8-BOM

* Trim down sdk to only Sdk.csproj upgrade

---------

Co-authored-by: Ferenc Hammerl  <fhammerl@github.com>
---
 src/Sdk/Sdk.csproj | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/Sdk/Sdk.csproj b/src/Sdk/Sdk.csproj
index f9d8fbe2f..dbd96f336 100644
--- a/src/Sdk/Sdk.csproj
+++ b/src/Sdk/Sdk.csproj
@@ -22,6 +22,8 @@
         <PackageReference Include="System.Security.Cryptography.ProtectedData" Version="4.4.0" />
         <PackageReference Include="Minimatch" Version="2.0.0" />
         <PackageReference Include="YamlDotNet.Signed" Version="5.3.0" />
+        <PackageReference Include="System.Net.Http" Version="4.3.4" />
+        <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
     </ItemGroup>
 
     <ItemGroup>