Closed lidvarko closed 1 month ago
You mean system.net.http?It is a transient, but it is annoying...
Is it possible to lock system.net.http to 4.3.4? Thanks!
@brianrob why does TraceEvent still require those old .net Standard 1.x libs when the TraceEvent lib is .net standard 2.0?
For example System.Diagnostics.Process is part of .net standard 2.0
and only required for .net standard 1.x projects which doesn't apply to TraceEvent
Best is to remove all those old ns1.x support libs.
That's a goodo callout @MagicAndre1981. I've posted #2037 for this.
There is a vulnerability in the library dependency tree. system.net.request 4.3.0 has a dependency to system.net.http 4.3.0 that has a High severity vulnerability.