Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Solve 'System.Private.Uri' vulnerability #363

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Solve 'System.Private.Uri' vulnerability #363

wants to merge 1 commit into from

Conversation

marco-carvalho
Copy link

@marco-carvalho marco-carvalho commented Jul 12, 2024
edited
Loading

MsgPack.Cli has a .csproj kinda like this:

<Project Sdk="Microsoft.NET.Sdk">

  <PropertyGroup>
    <TargetFramework>netstandard2.0</TargetFramework>
    <RuntimeIdentifiers>win-x64;osx-x64;linux-x64</RuntimeIdentifiers>
    <OutputType>Exe</OutputType>
    <LangVersion>latest</LangVersion>
  </PropertyGroup>

  <ItemGroup>
    <PackageReference Include="System.Numerics.Vectors" Version="4.3.0" />
    <PackageReference Include="System.Reflection.Emit" Version="4.3.0" />
    <PackageReference Include="System.Reflection.Emit.LightWeight" Version="4.3.0" />
  </ItemGroup>

</Project>

When I run dotnet build *.sln --no-incremental, I get this:

Restore succeeded with 3 warning(s) in 1,0s
    C:\Users\Administrator\Desktop\Testando\Testando.csproj : warning NU1903: Package 'System.Private.Uri' 4.3.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-5f2m-466j-3848
    C:\Users\Administrator\Desktop\Testando\Testando.csproj : warning NU1902: Package 'System.Private.Uri' 4.3.0 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-x5qj-9vmx-7g6g
    C:\Users\Administrator\Desktop\Testando\Testando.csproj : warning NU1903: Package 'System.Private.Uri' 4.3.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-xhfc-grories/GHSA-xhfc-gr8f-ffwc
You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy
  Testando succeeded with 3 warning(s) (0,3s) → bin\Debug\netstandard2.0\Testando.dll
    C:\Users\Administrator\Desktop\Testando\Testando.csproj : warning NU1903: Package 'System.Private.Uri' 4.3.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-5f2m-466j-3848
    C:\Users\Administrator\Desktop\Testando\Testando.csproj : warning NU1902: Package 'System.Private.Uri' 4.3.0 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-x5qj-9vmx-7g6g
    C:\Users\Administrator\Desktop\Testando\Testando.csproj : warning NU1903: Package 'System.Private.Uri' 4.3.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-xhfc-gr8f-ffwc

Build succeeded with 6 warning(s) in 1,6s

But when I update the dependencies:

    <PackageReference Include="System.Numerics.Vectors" Version="4.4.0" />
    <PackageReference Include="System.Reflection.Emit" Version="4.6.0" />
    <PackageReference Include="System.Reflection.Emit.LightWeight" Version="4.6.0" />

The dotnet build *.sln --no-incremental runs without warnings:

Restore complete (0,5s)
You are using a preview version of .NET. See: https://aka.ms/dotnet-support-policy
  Testando succeeded (0,3s) → bin\Debug\netstandard2.0\Testando.dll

Build succeeded in 1,1s

Solves GHSA-5f2m-466j-3848, GHSA-x5qj-9vmx-7g6g, GHSA-xhfc-gr8f-ffwc

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@marco-carvalho