You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
System.ServiceModel.Primitives 8.0.0 has dependency System.Security.Cryptography.Xml >= 6.0.1
System.Security.Cryptography.Xml 6.0.1 has depency System.Security.Cryptography.Pkcs 6.0.1 which is marked vulnerable
Visual Studio 2022 transitive package installation installs minimum required package version, which is the vulnerable version
Please update package dependecies of System.ServiceModel.Primitives 8.0.0
The text was updated successfully, but these errors were encountered:
What would have to be changed to use the current dependency? Is it necessary at all to explicitly state the version? The package should be contained in the runtime directly
Why does the .NET 8 dependency list include .NET 6 package? There are older packages with dependency specifications for the older stuff. This feels like a lifecycle violation.
@HongGit Friendly ping since there is still no documented workaround (to either use System.Security.Cryptography.Xml@8.x or System.Security.Cryptography.Pkcs@6.0.3+). So an official fix or at least note would be appreaciated.
System.ServiceModel.Primitives 8.0.0 has dependency System.Security.Cryptography.Xml >= 6.0.1
System.Security.Cryptography.Xml 6.0.1 has depency System.Security.Cryptography.Pkcs 6.0.1 which is marked vulnerable
Visual Studio 2022 transitive package installation installs minimum required package version, which is the vulnerable version
Please update package dependecies of System.ServiceModel.Primitives 8.0.0
The text was updated successfully, but these errors were encountered: