Closed vivet closed 11 months ago
Hello @vivet ,
Thank you for reporting.
Indeed, this package was used when we were supporting .net standard 1.3 and is no longer needed.
We will review our dependencies
Best Regards,
Jon
Hello @vivet ,
The v5.0.11 has been released.
We removed that dependency and 4 other packages that were no longer needed.
Thank you for letting us know about this vulnerability.
Best Regards,
Jon
Great, thanks
The library includes System.Data.Common 4.3.0, which has an old vulnerability in System.Text.RegularExpressions 4.3.0. CVE-2019-0820, https://github.com/advisories/GHSA-cmhx-cq75-c4mj.
The package System.Data.Common is old and not updated for a long time. I actually find it strange that you can include it in a netstandard2.0. as it references netstandard1.2.
Is it possible to update this to mitigate the vulnerability?