Added packages fixing transitive vulnerabilities

Src/AutoFakeItEasy/AutoFakeItEasy.csproj

@@ -21,7 +21,16 @@
 
   <ItemGroup>
     <PackageReference Include="FakeItEasy" Version="[6.0.0,9.0.0)" />
-    <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" Condition=" '$(TargetFramework)'=='netstandard2.0' " />
+  </ItemGroup>
+
+  <!-- Dependencies added due to transitive vulnerabilities in FakeItEasy -->
+  <ItemGroup Condition=" '$(TargetFramework)'=='netstandard2.0' ">
+    <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
+  </ItemGroup>
+
+  <ItemGroup Condition="'$(TargetFramework)'=='net5.0'">
+    <PackageReference Include="System.Net.Http" Version="4.3.4" />
+    <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
   </ItemGroup>
 
   <ItemGroup>

Src/AutoFixture.NUnit3/AutoFixture.NUnit3.csproj

@@ -19,6 +19,12 @@
     <PackageReference Include="NUnit" Version="[3.7.0,4.0.0)" />
   </ItemGroup>
 
+  <!-- Dependencies added due to transitive vulnerabilities in NUnit -->
+  <ItemGroup Condition="'$(TargetFramework)'=='net5.0'">
+    <PackageReference Include="System.Net.Http" Version="4.3.4" />
+    <PackageReference Include="System.Security.Cryptography.X509Certificates" Version="4.3.2" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\AutoFixture\AutoFixture.csproj" />
   </ItemGroup>

Src/AutoFixture.xUnit2/AutoFixture.xUnit2.csproj

@@ -18,6 +18,12 @@
     <PackageReference Include="xunit.extensibility.core" Version="[2.2.0,3.0.0)" />
   </ItemGroup>
 
+  <!-- Dependencies added due to transitive vulnerabilities in xUnit -->
+  <ItemGroup Condition="'$(TargetFramework)'=='net5.0'">
+    <PackageReference Include="System.Net.Http" Version="4.3.4" />
+    <PackageReference Include="System.Security.Cryptography.X509Certificates" Version="4.3.2" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\AutoFixture\AutoFixture.csproj" />
   </ItemGroup>

Src/AutoFixture/AutoFixture.csproj

@@ -17,7 +17,11 @@
   <ItemGroup>
     <PackageReference Include="Fare" Version="[2.2.1,3.0.0)" />
     <PackageReference Include="System.ComponentModel.Annotations" Version="4.4.0" />
-    <PackageReference Include="Microsoft.Bcl.HashCode" Version="1.0.0" Condition=" '$(TargetFramework)'=='net462' Or '$(TargetFramework)'=='netstandard2.0' " />
-    <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="1.0.0" Condition=" '$(TargetFramework)'=='net462' Or '$(TargetFramework)'=='netstandard2.0' " />
+  </ItemGroup>
+
+  <!-- Dependencies added to support newer BCL types in older version of .NET -->
+  <ItemGroup Condition="'$(TargetFramework)'=='net462' Or '$(TargetFramework)'=='netstandard2.0'">
+    <PackageReference Include="Microsoft.Bcl.HashCode" Version="1.0.0" />
+    <PackageReference Include="Microsoft.Bcl.AsyncInterfaces" Version="1.0.0" />
   </ItemGroup>
 </Project>

Src/AutoFoq/AutoFoq.fsproj

@@ -36,10 +36,16 @@
     <PackageReference Include="FSharp.Core" Version="4.2.3" />
   </ItemGroup>
 
-  <ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.0'">
+  <!-- Dependencies added due to transitive vulnerabilities in Foq -->
+  <ItemGroup Condition="'$(TargetFramework)'=='netstandard2.0'">
     <PackageReference Include="System.Net.Http" Version="4.3.4" />
   </ItemGroup>
 
+  <ItemGroup Condition="'$(TargetFramework)'=='net5.0'">
+    <PackageReference Include="System.Net.Http" Version="4.3.4" />
+    <PackageReference Include="System.Security.Cryptography.X509Certificates" Version="4.3.2" />
+  </ItemGroup>
+
   <ItemGroup>
     <ProjectReference Include="..\AutoFixture\AutoFixture.csproj" />
   </ItemGroup>

Src/AutoMoq/AutoMoq.csproj

@@ -20,7 +20,12 @@
 
   <ItemGroup>
     <PackageReference Include="Moq" Version="[4.7.49,5.0.0)" />
-    <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" Condition=" '$(TargetFramework)'=='netstandard2.0' " />
+  </ItemGroup>
+
+  <!-- Dependencies added due to transitive vulnerabilities in Moq -->
+  <ItemGroup Condition="'$(TargetFramework)'=='netstandard2.0' Or '$(TargetFramework)'=='net5.0'">
+    <PackageReference Include="System.Net.Http" Version="4.3.4" />
+    <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
   </ItemGroup>
 
   <ItemGroup>

Src/AutoNSubstitute/AutoNSubstitute.csproj

@@ -21,8 +21,12 @@
 
   <ItemGroup>
     <PackageReference Include="NSubstitute" Version="[4.0.0,6.0.0)" />
-    <PackageReference Include="System.Net.Http" Version="4.3.4" Condition="'$(TargetFramework)'=='net462' Or '$(TargetFramework)'=='netstandard2.0'" />
-    <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" Condition="'$(TargetFramework)'=='net462' Or '$(TargetFramework)'=='netstandard2.0'" />
+  </ItemGroup>
+
+  <!-- Dependencies added due to transitive vulnerabilities in NSubstitute -->
+  <ItemGroup>
+    <PackageReference Include="System.Net.Http" Version="4.3.4" />
+    <PackageReference Include="System.Text.RegularExpressions" Version="4.3.1" />
   </ItemGroup>
 
   <ItemGroup>

Src/Idioms.FsCheck/Idioms.FsCheck.fsproj

@@ -32,7 +32,12 @@
   <ItemGroup>
     <PackageReference Include="FsCheck" Version="[2.14.0,3.0.0)" />
     <PackageReference Include="FSharp.Core" Version="4.2.3" />
-    <PackageReference Include="System.Net.Http" Version="4.3.4" Condition="'$(TargetFramework)'=='net462' Or '$(TargetFramework)'=='netstandard2.0'" />
+  </ItemGroup>
+
+  <!-- Dependencies added due to transitive vulnerabilities in FsCheck -->
+  <ItemGroup>
+    <PackageReference Include="System.Net.Http" Version="4.3.4" />
+    <PackageReference Include="System.Security.Cryptography.X509Certificates" Version="4.3.2" Condition="'$(TargetFramework)'=='net5.0'" />
   </ItemGroup>
 
   <ItemGroup>