Open Jay-o-Way opened 6 months ago
108>Form\frmScreen.resx : warning MSB3825: Resource "imgListIcon.ImageStream" of type "System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089" is deserialized via BinaryFormatter at runtime. BinaryFormatter is deprecated due to possible security risks and will be removed with .NET 9. If you wish to continue using it, set property "GenerateResourceWarnOnBinaryFormatterUse" to false.
@jaimecbernardo who can i ping for this?
Ah, looks like we need to fix before .NET 9 hits in November.
Regarding unused extensions, there were some that we needed to make sure dependencies follow the same versions after the flattening.
Nobody mentioning the vulnerability issue?
@Jay-o-Way: I'm currently looking into the BinaryFormatter deprecation / security issue. Regarding the System.Net.Http issue, could you indicate where you see the dependency? I don't see us taking any NuGet dependency on System.Net.Http in the entire solution.
@drawbyperpetual thanks. System.Net.Http is unused in SvgPreviewHandler (FYI @zanseb) and is used in OobeWhatsNew - seemingly to create a way to link/show release notes. (HttpClient
and such)
CC @jaimecbernardo and @lncubus
@Jay-o-Way: Yes, System.Net.Http is indeed used there but not via a vulnerable NuGet package, but rather via a framework dependency on .NET Core 8. Where's the vulnerability there?
@drawbyperpetual I just encountered the warning one day. Not an expert on the usage details 😇
System.Net.Http ⚠️
Update 📈
Check for unused 🗑️