Open Jay-o-Way opened 6 months ago
Jay-o-Way
commented
4 months ago 108>Form\frmScreen.resx : warning MSB3825: Resource "imgListIcon.ImageStream" of type "System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" is deserialized via BinaryFormatter at runtime. BinaryFormatter is deprecated due to possible security risks and will be removed with .NET 9. If you wish to continue using it, set property "GenerateResourceWarnOnBinaryFormatterUse" to false.
Jay-o-Way
commented
4 months ago @jaimecbernardo who can i ping for this?
jaimecbernardo
commented
4 months ago Ah, looks like we need to fix before .NET 9 hits in November.
jaimecbernardo
commented
4 months ago Regarding unused extensions, there were some that we needed to make sure dependencies follow the same versions after the flattening.
Jay-o-Way
commented
3 months ago Nobody mentioning the vulnerability issue?
drawbyperpetual
commented
3 months ago @Jay-o-Way: I'm currently looking into the BinaryFormatter deprecation / security issue. Regarding the System.Net.Http issue, could you indicate where you see the dependency? I don't see us taking any NuGet dependency on System.Net.Http in the entire solution.
Jay-o-Way
commented
3 months ago @drawbyperpetual thanks. System.Net.Http is unused in SvgPreviewHandler (FYI @zanseb) and is used in OobeWhatsNew - seemingly to create a way to link/show release notes. (HttpClient and such)
CC @jaimecbernardo and @lncubus
drawbyperpetual
commented
3 months ago @Jay-o-Way: Yes, System.Net.Http is indeed used there but not via a vulnerable NuGet package, but rather via a framework dependency on .NET Core 8. Where's the vulnerability there?
Jay-o-Way
commented
3 months ago @drawbyperpetual I just encountered the warning one day. Not an expert on the usage details 😇
System.Net.Http ⚠️
Update 📈
Check for unused 🗑️