Closed Elmar-Wiese closed 9 months ago
Hi @Elmar-Wiese. Thanks for this PR.
I will upgrade Pitstop to .NET8 once this is GA. I will then check whether this fixes this (or any other) vulnerability.
This specific vulnerability is not present any more in the latest version (upgrade to .NET 8). Other vulnerabilities are though.
But because this is not a production code-base, I will not implement any continuous vulnerability checking process for it. This is something you should obviously do for your own production workloads.
In the project was used System.Drawing.Common 5.0.0. That version has a critical security vulnerability. In this PR I updated it from 5.0.0 to 5.0.3 and now there are no vulnerabilities in the WorkshopManagementEventHandler project. When running
dotnet list package --vulnerable --include-transitive
it shows that there are now no vulnerabilities: