Remove critical vulnerability issue in WorkshopManagementEventHandler

EdwinVW / pitstop

This repo contains a sample application based on a Garage Management System for Pitstop - a fictitious garage. The primary goal of this sample is to demonstrate several software-architecture concepts like: Microservices, CQRS, Event Sourcing, Domain Driven Design (DDD), Eventual Consistency.

Apache License 2.0

1.08k stars 472 forks source link

Remove critical vulnerability issue in WorkshopManagementEventHandler #145

Closed Elmar-Wiese closed 9 months ago

Elmar-Wiese commented 12 months ago

In the project was used System.Drawing.Common 5.0.0. That version has a critical security vulnerability. In this PR I updated it from 5.0.0 to 5.0.3 and now there are no vulnerabilities in the WorkshopManagementEventHandler project. When running dotnet list package --vulnerable --include-transitive it shows that there are now no vulnerabilities: fixed

EdwinVW commented 11 months ago

Hi @Elmar-Wiese. Thanks for this PR.

I will upgrade Pitstop to .NET8 once this is GA. I will then check whether this fixes this (or any other) vulnerability.

EdwinVW commented 9 months ago

This specific vulnerability is not present any more in the latest version (upgrade to .NET 8). Other vulnerabilities are though.

But because this is not a production code-base, I will not implement any continuous vulnerability checking process for it. This is something you should obviously do for your own production workloads.