Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Vulnerability in System.Text.RegularExpressions #86

Closed
JoaoSeverino opened this issue May 21, 2022 · 5 comments
Closed

Vulnerability in System.Text.RegularExpressions #86

JoaoSeverino opened this issue May 21, 2022 · 5 comments

Comments

@JoaoSeverino
Copy link

Currently, TinyCsvParser uses NuGet System.Text.RegularExpressions version 4.3.0 which has a known vulnerability and should be upgraded to a patched version.

See GHSA-cmhx-cq75-c4mj
@bytefish
Copy link
Collaborator

I will update the dependency and release it as a new 2.6.2. The other PR has some breaking changes I think, and it should be a 3.0. What do you think?

@JoaoSeverino
Copy link
Author

That is perfectly OK

@JoaoSeverino
Copy link
Author

I also now noticed another vulnerability in the Test and Benchmark projects for Microsoft.NETCore.App NuGet (see GHSA-7mfr-774f-w5r9)

But the original one is the only one that affects the product itself.

@bytefish
Copy link
Collaborator

I think disabling dependabot wasn’t that clever. 😇

@bytefish
Copy link
Collaborator

I removed the net45 Target Framework, because it isn't supported anymore. Instead netstandard2.0, netstandard2.1 and net6.0 are targeted. The latter is probably not required, because .net6.0 should support netstandard2.1 anyway.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bytefish @JoaoSeverino