From 9f02d77692bca8c6585941de03750d5eaaca5c5a Mon Sep 17 00:00:00 2001
From: Peter Collins <pecolli@microsoft.com>
Date: Wed, 30 Nov 2022 11:20:39 -0500
Subject: [PATCH] Add reference to System.Security.Cryptography.Xml (#198)

Context: https://dev.azure.com/xamarin/public/_componentGovernance/115226/alert/8008980?typeId=5585428&pipelinesTrackingFilter=1

We've receieved an alert about our usage of the 6.0.0 version of
`System.Security.Cryptography.Xml`.  This package is brought in through
the [Microsoft.Build.Tasks.Core][0] package reference.  An explicit
reference to `System.Security.Cryptography.Xml` 6.0.1 should bring in
the fix for CVE-2022-34716.

[0]: https://www.nuget.org/packages/Microsoft.Build.Tasks.Core/17.3.2#dependencies-body-tab
---
 .../MSBuildReferences.projitems                                  | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/Microsoft.Android.Build.BaseTasks/MSBuildReferences.projitems b/src/Microsoft.Android.Build.BaseTasks/MSBuildReferences.projitems
index a76b5a5..2ce698c 100644
--- a/src/Microsoft.Android.Build.BaseTasks/MSBuildReferences.projitems
+++ b/src/Microsoft.Android.Build.BaseTasks/MSBuildReferences.projitems
@@ -14,6 +14,7 @@
     <PackageReference Include="Microsoft.Build.Framework"      Version="$(MSBuildPackageReferenceVersion)" />
     <PackageReference Include="Microsoft.Build.Tasks.Core"     Version="$(MSBuildPackageReferenceVersion)" />
     <PackageReference Include="Microsoft.Build.Utilities.Core" Version="$(MSBuildPackageReferenceVersion)" />
+    <PackageReference Include="System.Security.Cryptography.Xml" Version="6.0.1" />
     <PackageReference Include="K4os.Compression.LZ4" Version="1.1.11" />
     <PackageReference Include="Xamarin.Build.AsyncTask" Version="0.4.0" GeneratePathProperty="true" />
     <PackageReference Include="Xamarin.LibZipSharp" Version="$(LibZipSharpVersion)" GeneratePathProperty="true" />