Vulnerabilities in dependencies #73
Assignees
Comments
|
Hey @jkuek , it's been a while since I last touched this codebase, that's for sure. |
|
No pressure, I guess the bigger question is whether this library is still supported? If necessary I could remove my dependency on it, but I won't if I can just update it |
I'm happy to make patches/security fixes/package bump-ups, if folks see it as a value. For your particular issue I can try to bump it up to netstandard2.1 (that seems to resolve it, from what I can see from dependency graph in Visual Studio) and push an update. Should I? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I'm using version 2.4.0, which seems to be the latest.
It has dependencies on System.Net.Http 4.3.0 and System.Text.RegularExpressions 4.3.0, both of which have vulnerabilities with high severity:
GHSA-cmhx-cq75-c4mj
GHSA-7jgj-8wvc-jh57
What are the chances of getting an updated package that addresses this?
Or is there an alternative package I could use?
The text was updated successfully, but these errors were encountered: