buehler
commented
1 day ago Thank you for the new issue!
I would much appreciate a PR/MR for this! Currently, I'm on a very tight schedule and do not have a lot of time left to work on such projects.
Open assi010 opened 1 week ago
buehler
commented
1 day ago Thank you for the new issue!
I would much appreciate a PR/MR for this! Currently, I'm on a very tight schedule and do not have a lot of time left to work on such projects.
assi010
commented
1 day ago No problem! I have created the PR, just let me know if there is anything else I can do.
The package Microsoft.AspNetCore.Authentication version
2.2.0has been released in 2018 and has deprecated for a long time. Referencing this nuget package results in multiple vulnerabilities being included through its dependencies such as https://github.com/advisories/GHSA-ghhp-997w-qr28.In the Microsoft docs #1 and #2 , it is explained that AspNetCore packages are no longer published on nuget since dotnet
2.2and should be replaced with a FrameworkReference when used in class libraries. However, in my own testing locally it seems like removing the nuget reference altogether does not break the build or the tests.Please consider either removing the reference or changing the current reference from a PackageReference to a FrameworkReference.
Thanks!