Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Microsoft.CodeAnalysis.SourceGenerators.Testing Indirectly References Package w/ High Severity Vulnerability #1191

Open
MooVC opened this issue Nov 21, 2024 · 0 comments
Open

Microsoft.CodeAnalysis.SourceGenerators.Testing Indirectly References Package w/ High Severity Vulnerability #1191

MooVC opened this issue Nov 21, 2024 · 0 comments

Comments

@MooVC
Copy link

MooVC commented Nov 21, 2024

Issue

The following warning is received on build when referencing the latest version of Microsoft.CodeAnalysis.SourceGenerators.Testing (1.1.2).

Package 'System.Formats.Asn1' 5.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-447r-wph3-92pm

Cause

Version 1.1.2 of Microsoft.CodeAnalysis.SourceGenerators.Testing references Version 6.3.4 of NuGet.Packaging, which in turn references Version 5.0.0 of System.Security.Cryptography.Cng, which in turn references the assembly marked with a High Severity Vulnerability, Version 5.0.0 of System.Formats.Asn1.

Suggested Fix

The issue is addressed in Version 6.12.1 of Nuget.Packaging.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@MooVC