Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

System.Drawing.Common vulnerability warning #232

Open
ChelseyMoyer opened this issue Dec 4, 2024 · 0 comments
Open

System.Drawing.Common vulnerability warning #232

ChelseyMoyer opened this issue Dec 4, 2024 · 0 comments

Comments

@ChelseyMoyer
Copy link

When running my tests through GitHub Actions, this warning is appearing in the logs:

warning NU1904: Package 'System.Drawing.Common' 5.0.0 has a known critical severity vulnerability, GHSA-rxg9-xrhp-64gj

According to the dependency tree, this vulnerable package is referenced like so:
image

All of the "System . . ." packages have newer versions available, that I assume have the fixed version of System.Drawing.Common.

RazorEngine.NetCore.nixFix package has no updated version available, but it needs updated to use a more current version of System.Security.Permissions. This package (ExtentReports) then needs updated to use the updated RazorEngine.

I'm reporting this here, because @anshooarora owns both of these packages, and the RazorEngine.NetCore.nixFix repo does not give me the ability to report an issue. (Also reporting it here because other people are more likely to encounter this problem using ExtentReports.)

Thanks!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant