madelson
commented
7 months ago @krukowskid thanks for bringing this to my attention. Probably obvious, but note that you can work around this in the meantime by just adding a <PackageReference> element for the problematic package of your own to set a version floor.
Hey! DistributedLock.Azure has a transitive package with vulnerability (Azure.Storage.Blobs). I see that you updated this package in the source code but this change was not published.