-
Notifications
You must be signed in to change notification settings - Fork 41
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Critical vulnerability in dependency chain #213
Comments
Wonderful catch, thank you for the heads up |
Hm, not to be a stickler but can we expect a nuget release with the updated references. We are kind of getting our ears pulled by CI. |
@the-black-wolf, just a heads up, The 9.0 release was pulled as we are moving to be fully integrated with the Prism project. All new releases starting with 9.0 will be created over there moving forward. |
@DamianSuess hi, can you please point me as I dont see Avalonia in the main Prism project? |
We're still working on the migration to get things published. What's the best way to reach you to get the support you need? |
@DamianSuess |
Description
Prism.Avalonia (including prerelease) has a versioned dependency chain starting with
System.Configuration.ConfigurationManager
4.7.0 which ends in packageSystem.Drawing.Common
4.7.0 which has a known critical severity vulnerability, GHSA-rxg9-xrhp-64gjReference should be upgraded to the latest 8.0.0 version.
Environment
Severity (1-5)
3 its annoying, but also causes errors in
TreatWarningsLikeErrors
build configs.Steps To Reproduce
Steps to reproduce the behavior:
Just add the package and build under latest toolkit, warning should popup:
` C:\projects\Foo\Fai\Fo\Fam.csproj : warning NU1904: Package 'System.Drawing.Common' 4.7.0 has a known critical severity vulnerability, GHSA-rxg9-xrhp-64gj
Expected Behavior
Updated references
Screenshots
n/a
Additional context
n/a
The text was updated successfully, but these errors were encountered: