Packages are out of date.

[antonyfisher]

The referenced packages are out of date and do not seem to have been updated in a long time.

I have executed dotnet list package --vulnerable --include-transitive from the command line for my project, at request of security team.

It lists the versions of System.Text.RegularExpressions & System.Net.Http (both 4.3.0) as vulnerable. These are include from GlobalPay.API package, as part of NetStandard.Library (1.6.11)

Can the GlobalPay.API package be updated to reference non-vulnerable package versions ? Is there a version that does not reference NetStandard.Library ?

[RicPigeon]

Thank you for bringing this up! I’m also encountering the same issue with GlobalPay.API referencing older, vulnerable versions of System.Text.RegularExpressions and System.Net.Http. As you mentioned, updating these dependencies would be very beneficial from a security standpoint.

It would be great if the maintainers could prioritize an update or consider a version of GlobalPay.API that doesn’t depend on NetStandard.Library (or at least includes a more recent version). This would help a lot with compliance in environments that require up-to-date security practices.

Thanks again for highlighting this.