Microsoft.AspNetCore.Hosting.Abstractions v2.2 is EOL'd and is going to be unlisted and obsoleted. It also contains a dependency on an insecure NuGet package (System.Text.Encodings.Web v4.5.0), so removing this dependency will remove the dependency on this insecure version.
Alternatively, we could consider bumping up the dependency of System.Text.Encodings.Web to v4.5.1. That way any consumers of Lamar.Microsoft.DependencyInjection won't get this insecure reference. But I think that would be a last resort.
See this conversation.
Microsoft.AspNetCore.Hosting.Abstractions
v2.2
is EOL'd and is going to be unlisted and obsoleted. It also contains a dependency on an insecure NuGet package (System.Text.Encodings.Webv4.5.0
), so removing this dependency will remove the dependency on this insecure version.See https://docs.microsoft.com/en-us/aspnet/core/fundamentals/target-aspnetcore?view=aspnetcore-6.0&tabs=visual-studio for how to reference ASP.NET types from a class library.
Alternatively, we could consider bumping up the dependency of System.Text.Encodings.Web to
v4.5.1
. That way any consumers of Lamar.Microsoft.DependencyInjection won't get this insecure reference. But I think that would be a last resort.