Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Please upgrade targeting to include .net 8. Currently .net 8 projects resolve .net standard 2.0 packages which include a vulnerability. #678

Open
Banner-Keith opened this issue Nov 6, 2024 · 3 comments

Comments

@Banner-Keith
Copy link

System.Data.Common 4.3.0 has a dependency on System.Text.RegularExpressions 4.3.0 which has a vulnerability. Please add .net 8 support, and consider adding System.Text.RegularExpressions 4.3.1 to your netstandard 2.0 dependencies so that those who are targeting .net standard don't pull in a vulnerable package.

You may also want to consider dropping support for .net 6 since it goes EOL on the 12th.

I would be happy to open a PR if that would help get this done.

@rgroenewoudt
Copy link

Most of the dependencies in MiniProfiler.Shared could be removed if it targets net8.0

@ctyar-qc
Copy link

While waiting for a new release you can add this to your csproj file to supress this warning:

<ItemGroup>
  <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-cmhx-cq75-c4mj" />
</ItemGroup>

@NickCraver
Copy link
Member

Version 4.5.4 is being uploaded to NuGet now, resolving all these issues and moving us to net8.0. I'd appreciate any additional things y'all see that need love - I think we should be in a good state with this set of updates :)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants