Packages upgrades that patch vulnerabilites are needed

extent-framework / extentreports-csharp

Extent Reporting Library, .NET

http://extentreports.com

Apache License 2.0

49 stars 40 forks source link

Packages upgrades that patch vulnerabilites are needed #170

Closed kevin-butto-seagen closed 10 months ago

kevin-butto-seagen commented 1 year ago

Package for Newtonsoft.json 13.0.1 patches some vulnerabilities (should be upgraded to latest which is 13.0.2): https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678

Also package RazorEngine.NetCore should be upgraded to latest as it leads to this vulnerability : https://security.snyk.io/vuln/SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708 (via ExtentReports@4.1.0 › RazorEngine.NetCore@2.2.6 › Microsoft.CodeAnalysis.CSharp@2.8.0 › Microsoft.CodeAnalysis.Common@2.8.0 › System.Xml.ReaderWriter@4.3.0 › System.Text.RegularExpressions@4.3.0)

anshooarora commented 10 months ago

The upcoming beta2 will use the following dependencies with no currently known vulnerabilities:

<ItemGroup>
    <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
    <PackageReference Include="System.Reactive" Version="6.0.0" />
    <PackageReference Include="RazorEngine.NetCore.nixFix" Version="1.0.1" />
</ItemGroup>