From adf6b4aef29c5be6ebac448308ba3c37e0cfa239 Mon Sep 17 00:00:00 2001
From: Stephen Shaw <sshaw@decriptor.com>
Date: Sun, 15 Mar 2026 21:15:09 -0600
Subject: [PATCH 1/2] Update test dependencies to latest versions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- MSTest 4.0.2 → 4.1.0
- coverlet.collector 6.0.4 → 8.0.0
- Verify.MSTest 31.9.3 → 31.13.2
---
 Directory.Packages.props | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/Directory.Packages.props b/Directory.Packages.props
index 89cd72e..0c51268 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -11,7 +11,7 @@
     <PackageVersion Include="Nullable" Version="1.3.1" />
     <!-- Testing -->
     <PackageVersion Include="MSTest" Version="4.1.0" />
-    <PackageVersion Include="coverlet.collector" Version="6.0.4" />
-    <PackageVersion Include="Verify.MSTest" Version="31.12.5" />
+    <PackageVersion Include="coverlet.collector" Version="8.0.0" />
+    <PackageVersion Include="Verify.MSTest" Version="31.13.2" />
   </ItemGroup>
 </Project>
\ No newline at end of file

From 02b4c8981caa44e8d5c64c078e03bab3bf08fc54 Mon Sep 17 00:00:00 2001
From: Stephen Shaw <sshaw@decriptor.com>
Date: Mon, 16 Mar 2026 00:55:41 -0600
Subject: [PATCH 2/2] deps: Pin Microsoft.Bcl.Memory 10.0.5 to fix
 CVE-2026-26127

System.Memory 4.6.3 transitively depends on Microsoft.Bcl.Memory 9.0.0
which has a high-severity DoS vulnerability (GHSA-73j8-2gch-69rq).
Add an explicit PackageReference to the patched version for netstandard
targets where System.Memory is used.
---
 Directory.Packages.props             | 1 +
 src/TagLibSharp2/TagLibSharp2.csproj | 1 +
 2 files changed, 2 insertions(+)

diff --git a/Directory.Packages.props b/Directory.Packages.props
index 0c51268..12f45a6 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -6,6 +6,7 @@
     <!-- Polyfills for older frameworks -->
     <PackageVersion Include="PublicApiGenerator" Version="11.5.4" />
     <PackageVersion Include="System.Memory" Version="4.6.3" />
+    <PackageVersion Include="Microsoft.Bcl.Memory" Version="10.0.5" />
     <PackageVersion Include="Microsoft.Bcl.HashCode" Version="6.0.0" />
     <PackageVersion Include="IndexRange" Version="1.1.0" />
     <PackageVersion Include="Nullable" Version="1.3.1" />
diff --git a/src/TagLibSharp2/TagLibSharp2.csproj b/src/TagLibSharp2/TagLibSharp2.csproj
index 37718fa..fdb3d20 100644
--- a/src/TagLibSharp2/TagLibSharp2.csproj
+++ b/src/TagLibSharp2/TagLibSharp2.csproj
@@ -34,6 +34,7 @@
 	<!-- Polyfills for older frameworks -->
 	<ItemGroup Condition="'$(TargetFramework)' == 'netstandard2.0' Or '$(TargetFramework)' == 'netstandard2.1'">
 		<PackageReference Include="System.Memory" />
+		<PackageReference Include="Microsoft.Bcl.Memory" />
 		<PackageReference Include="Microsoft.Bcl.HashCode" />
 	</ItemGroup>