Closed michalkovy closed 2 years ago
Btw. it would be best if FSharp.Configuration NuGet package referenced YamlDotNet instead of containing YamlDotNet.dll so that issues like this doesn't require repackage of FSharp.Configuration.
This is not possible (al least not easy doable) F# TP packages has unique Nuget package layout, that allow IDE/Compiler to resolve correctly design-time dependencies. https://github.com/fsprojects/FSharp.TypeProviders.SDK#nuget-package-layouts-you-should-use
v2.0 version contains YamlDotNet v11.2.1
that already contain the fix
See vulnerability CVE-2018-1000210: https://vuln.whitesourcesoftware.com/vulnerability/CVE-2018-1000210/
FSharp.Configuration 2.0.0-alpha2 nuget package contains YamlDotNet.dll which has this vulnerability in place.
Btw. it would be best if FSharp.Configuration nuget package referenced YamlDotNet instead of containing YamlDotNet.dll so that issues like this doesn't require repackage of FSharp.Configuration.