Merge PR #219: fix NuGet audit packages

2026-04-26 20:24:00 -07:00 · 2026-04-26 20:24:00 -07:00 · a53d31016f
commit a53d31016f
parent 0bd56ffb9a 435b47fddc
2 changed files with 17 additions and 0 deletions
--- a/src/Directory.Build.props
+++ b/src/Directory.Build.props
@ -0,0 +1,16 @@
+<Project>
+
+  <!--
+    Shared build configuration for OpenClaw.Shared, OpenClaw.Tray.WinUI, and OpenClaw.Cli.
+
+    OpenClaw.CommandPalette has its own Directory.Build.props one level deeper, so MSBuild
+    stops walking up at that file and this one does NOT apply to CommandPalette.
+  -->
+
+  <PropertyGroup>
+    <!-- Audit all package dependencies (direct + transitive) for known CVEs during restore.
+         Defaults to "direct" in the SDK; "all" provides broader security coverage. -->
+    <NuGetAuditMode>all</NuGetAuditMode>
+  </PropertyGroup>
+
+</Project>
--- a/src/OpenClaw.Tray.WinUI/OpenClaw.Tray.WinUI.csproj
+++ b/src/OpenClaw.Tray.WinUI/OpenClaw.Tray.WinUI.csproj
@ -42,6 +42,7 @@
    <PackageReference Include="System.Drawing.Common" Version="10.0.0" />
    <PackageReference Include="WinUIEx" Version="2.9.0" />
    <PackageReference Include="Microsoft.Toolkit.Uwp.Notifications" Version="7.1.3" />
+    <PackageReference Include="System.Drawing.Common" Version="10.0.7" />
    <PackageReference Include="Updatum" Version="1.3.4" />
    <PackageReference Include="ZXing.Net" Version="0.16.10" />
  </ItemGroup>