Closed kevin-butto-seagen closed 10 months ago
The upcoming beta2
will use the following dependencies with no currently known vulnerabilities:
<ItemGroup>
<PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
<PackageReference Include="System.Reactive" Version="6.0.0" />
<PackageReference Include="RazorEngine.NetCore.nixFix" Version="1.0.1" />
</ItemGroup>
Package for Newtonsoft.json 13.0.1 patches some vulnerabilities (should be upgraded to latest which is 13.0.2): https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678
Also package RazorEngine.NetCore should be upgraded to latest as it leads to this vulnerability : https://security.snyk.io/vuln/SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708 (via ExtentReports@4.1.0 › RazorEngine.NetCore@2.2.6 › Microsoft.CodeAnalysis.CSharp@2.8.0 › Microsoft.CodeAnalysis.Common@2.8.0 › System.Xml.ReaderWriter@4.3.0 › System.Text.RegularExpressions@4.3.0)