Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Version 2.9.1 is reported as vulnerable #938

Open
NinjaCross opened this issue Nov 28, 2024 · 3 comments
Open

Version 2.9.1 is reported as vulnerable #938

NinjaCross opened this issue Nov 28, 2024 · 3 comments

Comments

@NinjaCross
Copy link

Describe the bug
JetBrains Rider signal the 2.9.1 version as vulnerable.
It doesn't provide details on the motivation.
This is also mentioned here:
jeremylong/DependencyCheck#6048
jeremylong/DependencyCheck#6088

Unfortunately some of the projects/customers I'm working on/with refuse to use libraries with known vulnerabilities.
Is there a mitigation ?

Many thanks in advance for any suggestion.

To Reproduce
Just add the NuGet package to any project in Rider, and the warning will appear

Expected behavior
No vulnerabilities signaled

Screenshots
image

@schittli
Copy link

With the Version 2.9.2-ci-210:

image

JetBrains Rider does not report any vulnerability 😃

@NinjaCross
Copy link
Author

Thankyou @schittli :)
When will this version be available on NuGet?
I don't see it listed on NuGet.org yet.

@DrusTheAxe
Copy link

Thankyou @schittli :) When will this version be available on NuGet? I don't see it listed on NuGet.org yet.

Any update here? Nuget.org still has 2.9.1

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

3 participants