dotnetパッチバージョン固定/脆弱性パッケージ検査

.github/workflows/server-test.yml

@@ -5,6 +5,7 @@ name: Server Test
 # - 単体テスト（xUnit）
 # - 統合テスト（Testcontainers + PostgreSQL）
 # - コードカバレッジレポート
+# - 脆弱性パッケージ検査
 # ============================================
 
 on:
@@ -32,6 +33,37 @@ env:
   DOTNET_CLI_TELEMETRY_OPTOUT: true
 
 jobs:
+  # ============================================
+  # 脆弱性パッケージ検査
+  # ============================================
+  vulnerability-check:
+    name: Vulnerability Check
+    runs-on: ubuntu-latest
+    timeout-minutes: 5
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+
+      - name: Setup .NET
+        uses: actions/setup-dotnet@baa11fbfe1d6520db94683bd5c7a3818018e4309 # v5.1.0
+        with:
+          dotnet-version: ${{ env.DOTNET_VERSION }}
+
+      - name: Restore packages
+        run: dotnet restore src/Game.Server/Game.Server.csproj
+
+      - name: Check for vulnerable packages
+        run: |
+          OUTPUT=$(dotnet list src/Game.Server/Game.Server.csproj package --vulnerable --include-transitive 2>&1)
+          echo "$OUTPUT"
+          if echo "$OUTPUT" | grep -q "has the following vulnerable packages"; then
+            echo ""
+            echo "::error::Vulnerable packages detected. Update affected packages or review the vulnerabilities."
+            exit 1
+          fi
+          echo "No vulnerable packages found."
+
   # ============================================
   # 単体テスト（高速・Dockerなし）
   # ============================================
@@ -237,7 +269,7 @@ jobs:
   summary:
     name: Test Summary
     runs-on: ubuntu-latest
-    needs: [unit-tests, integration-tests, coverage-report]
+    needs: [unit-tests, integration-tests, coverage-report, vulnerability-check]
     if: always()
 
     steps:
@@ -274,3 +306,12 @@ jobs:
           else
             echo "| Coverage Report | ⚠️ Issues |" >> $GITHUB_STEP_SUMMARY
           fi
+
+          # Vulnerability Check
+          if [ "${{ needs.vulnerability-check.result }}" == "success" ]; then
+            echo "| Vulnerability Check | ✅ No Issues |" >> $GITHUB_STEP_SUMMARY
+          elif [ "${{ needs.vulnerability-check.result }}" == "skipped" ]; then
+            echo "| Vulnerability Check | ⏭️ Skipped |" >> $GITHUB_STEP_SUMMARY
+          else
+            echo "| Vulnerability Check | ❌ Vulnerable Packages Found |" >> $GITHUB_STEP_SUMMARY
+          fi

docker/game-realtime/Dockerfile

@@ -3,7 +3,7 @@
 # Usage: docker compose -f docker/game-server/docker-compose.yml build game-realtime-app
 
 # === Build Stage ===
-FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+FROM mcr.microsoft.com/dotnet/sdk:9.0.311 AS build
 WORKDIR /src
 
 # Copy project files for restore cache
@@ -22,7 +22,7 @@ COPY src/Game.Realtime/ src/Game.Realtime/
 RUN dotnet publish src/Game.Realtime/Game.Realtime.csproj -c Release -o /app/publish
 
 # === Runtime Stage ===
-FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS runtime
+FROM mcr.microsoft.com/dotnet/aspnet:9.0.13 AS runtime
 WORKDIR /app
 
 RUN apt-get update && apt-get install -y --no-install-recommends curl \

docker/game-realtime/prod/Dockerfile

@@ -2,7 +2,7 @@
 # Game.Realtime 本番用 Dockerfile
 
 # ===== Build Stage =====
-FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+FROM mcr.microsoft.com/dotnet/sdk:9.0.311 AS build
 WORKDIR /src
 
 COPY Directory.Packages.props ./
@@ -20,7 +20,7 @@ RUN dotnet publish src/Game.Realtime/Game.Realtime.csproj \
     -o /app/publish
 
 # ===== Runtime Stage =====
-FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS runtime
+FROM mcr.microsoft.com/dotnet/aspnet:9.0.13 AS runtime
 
 RUN groupadd -r appgroup && useradd -r -g appgroup appuser
 

docker/game-server/Dockerfile

@@ -5,7 +5,7 @@
 #   docker compose -f docker/game-server/docker-compose.yml build
 
 # === Build Stage ===
-FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+FROM mcr.microsoft.com/dotnet/sdk:9.0.311 AS build
 WORKDIR /src
 
 # Copy project files for restore cache
@@ -24,7 +24,7 @@ COPY src/Game.Server/ src/Game.Server/
 RUN dotnet publish src/Game.Server/Game.Server.csproj -c Release -o /app/publish
 
 # === Runtime Stage ===
-FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS runtime
+FROM mcr.microsoft.com/dotnet/aspnet:9.0.13 AS runtime
 WORKDIR /app
 
 RUN apt-get update && apt-get install -y --no-install-recommends curl && rm -rf /var/lib/apt/lists/* \

docker/game-server/prod/Dockerfile

@@ -2,7 +2,7 @@
 # Google Cloud Run 用 Dockerfile
 
 # ===== Build Stage =====
-FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+FROM mcr.microsoft.com/dotnet/sdk:9.0.311 AS build
 WORKDIR /src
 
 # 依存関係のみ先にコピー（キャッシュ活用）
@@ -24,7 +24,7 @@ RUN dotnet publish src/Game.Server/Game.Server.csproj \
     -o /app/publish
 
 # ===== Runtime Stage =====
-FROM mcr.microsoft.com/dotnet/aspnet:9.0 AS runtime
+FROM mcr.microsoft.com/dotnet/aspnet:9.0.13 AS runtime
 
 # curl インストール（ヘルスチェック用）+ 非rootユーザー作成
 RUN apt-get update && apt-get install -y --no-install-recommends curl && rm -rf /var/lib/apt/lists/* \

docker/migrate/Dockerfile

@@ -1,7 +1,7 @@
 # Migration Job Dockerfile
 # Cloud Run Job でマイグレーションを実行するためのイメージ
 
-FROM mcr.microsoft.com/dotnet/sdk:9.0 AS build
+FROM mcr.microsoft.com/dotnet/sdk:9.0.311 AS build
 WORKDIR /src
 
 # プロジェクトファイルをコピーして依存関係を復元

src/Game.Client/Assets/Programs/Editor/Tests/Shared/Network/RequestQueueTests.cs

@@ -329,7 +329,7 @@ public void Dispose_ClearsQueue()
         #region QueuedRequest Tests
 
         [Test]
-        public void QueuedRequest_IsExpired_WhenPastExpiration()
+        public async Task QueuedRequest_IsExpired_WhenPastExpiration()
         {
             // Arrange
             var request = new QueuedRequest(
@@ -342,7 +342,7 @@ public void QueuedRequest_IsExpired_WhenPastExpiration()
                 expiration: TimeSpan.FromMilliseconds(1));
 
             // Act - 少し待つ
-            Task.Delay(10).Wait();
+            await Task.Delay(10);
 
             // Assert
             Assert.That(request.IsExpired, Is.True);
@@ -365,7 +365,7 @@ public void QueuedRequest_CanRetry_WhenBelowMaxRetries()
         }
 
         [Test]
-        public void QueuedRequest_CannotRetry_WhenExpired()
+        public async Task QueuedRequest_CannotRetry_WhenExpired()
         {
             // Arrange - 非常に短い有効期限を設定
             var request = new QueuedRequest(
@@ -378,7 +378,7 @@ public void QueuedRequest_CannotRetry_WhenExpired()
                 expiration: TimeSpan.FromMilliseconds(1));
 
             // Act - 有効期限切れを待つ
-            Task.Delay(10).Wait();
+            await Task.Delay(10);
 
             // Assert
             Assert.That(request.IsExpired, Is.True);