fix: CG fix for System.IO.packaging vulnerability - Githubissues

microsoft / accessibility-insights-windows

Accessibility Insights for Windows

https://accessibilityinsights.io

Other

429 stars 102 forks source link

fix: CG fix for System.IO.packaging vulnerability #1869

Closed v-rakeshsh closed 1 month ago

v-rakeshsh commented 1 month ago

Details

Updated packages to fix 2 Vulnerabilities

Updated System.Text.Json to 8.0.5 to address https://github.com/advisories/GHSA-hh2w-p6rv-4g7w. This will fix CG issue https://dev.azure.com/mseng/1ES/_workitems/edit/2221678/?view=edit Along with this updated its root dependencies to latest.
Updated System.IO.packaging to address https://dev.azure.com/mseng/1ES/_workitems/edit/2221678/?view=edit

Motivation

CVE

Pull request checklist

[ ] Run through of all test scenarios completed?
[x] Does this address an existing issue? If yes, Issue# -
[ ] Includes UI changes?
- [ ] Run the production version of Accessibility Insights for Windows against a version with changes.
- [ ] Attach any screenshots / GIF's that are applicable.

Note: After the PR has been created, certain checks will be kicked off. All of these checks must pass before a merge.

v-rakeshsh commented 1 month ago

Closing this PR as the axe windows package is already updated, hence the vulnerability is also fixed.