warning NU1903: Package 'System.Security.Cryptography.Xml' 8.0.2 has a known high severity vulnerability, https://github.com/advisories/GHSA-37gx-xxp4-5rgx [TargetFramework=net10.0-browserwasm]
warning NU1903: Package 'System.Security.Cryptography.Xml' 8.0.2 has a known high severity vulnerability, https://github.com/advisories/GHSA-w3x6-4m5h-cxqf [TargetFramework=net10.0-browserwasm]
Summary
Discovered while fixing #506's NU1605 restore blocker. Once
TodoApp.Uno.csprojrestores cleanly (Uno.Sdk bumped 5.4.5 -> 5.6.54), restoring thenet10.0-browserwasmhead surfaces two more NU1903 findings that were previously masked by the NU1605 restore failure:This is independent of the
Tmds.DBusfinding tracked in #506/#524 (different package, different head - browserwasm rather than desktop).Ask
Investigate:
System.Security.Cryptography.Xml8.0.2 is pulled in from for thenet10.0-browserwasmhead specifically (likely transitively via a browserwasm-specific Uno/WebAssembly package).PackageReference/PackageVersionoverride (mirroring theSQLitePCLRaw.bundle_e_sqlite3pattern from fix: resolve NU1903 for SQLitePCLRaw.lib.e_sqlite3 by pinning SQLitePCLRaw 3.x #498) is sufficient, or whether it requires a broader Uno.Sdk bump.Related
Tmds.DBus) on the desktop head, requires a Uno 6.x major bump.