[BUG] - HIGH CVE vulnerability in dependency from Antlr4BuildTasks #338
Description
Please provide the following information when submitting an issue.
Where appropriate replace the
[ ]with a[X]to mark an item as 'checked'
.NET Framework Used:
- .NET 9.0
- Something else
OS Environment:
- Windows 11
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
OS Version: ####.####...
I have already...
- Reproduced the problem using the latest stable release.
- Reviewed the documentation.
- Reviewed the current issues to check that the issue isn't already known.
Description:
Antlr4BuildTasks v12.10.0 contains a reference to a vulnerable Microsoft.Build.Utilities.Core v17.8.3. This requires an update to Antlr4BuildTasks v12.11.0 to resolve. It is not resolvable by overrides in the project or directory central package management as it is a build-only dependency
Steps to reproduce the problem:
- Reviewed the documentation.
- Included Sample code or link to repository/gist to reproduce the bug (This is the fastest way to a resolution as it reduces the time to reproduce the problem. The smaller the sample is the better.)
- Review NuGet packages per solution. Check box for
show only vulnerabilities, this will show the vulnerable package.
Expected Behavior
No vulnerabilities shown.
Actual Behavior
Microsoft.Build.Utilities.Core v17.8.3 is shown as vulnerable.
Additional context
The vulnerability ONLY impacts *nix like OS so is not currently an issue for this repo (thus this is a bug and not a sec issue as this repo doesn't support Linux [yet])