nuget.packaging 6.3.1 is being flagged by vulnerability scanners #1081
Milestone
Comments
flcdrg
added a commit
to flcdrg/Nerdbank.GitVersioning
that referenced
this issue
Aug 26, 2024
|
Wanna give our CI build a try to see if it addresses the issue? |
|
Confirmed that issue is no longer being flagged in the CI build |
|
Watch for 3.6.143 on nuget.org shortly. |
# for free
to join this conversation on GitHub.
Already have an account?
# to comment
I'm building Docker containers that include nbgv 3.6 and the container images are being flagged by JFrog XRay with GHSA-68w7-72jg-6qpp due to the presence of nuget.packaging v6.3.1
Apparently this vulnerabiliy is fixed in versions 5.11.6, 6.0.6, 6.3.4, 6.4.3, 6.6.2, 6.7.1, 6.8.1
If we could upgrade NuGet.PackageManagement to 6.3.4 I think that would mitigate the issue (as I believe that's what is causing NuGet.Packaging to be included)
The text was updated successfully, but these errors were encountered: