extentreports-csharp icon indicating copy to clipboard operation
extentreports-csharp copied to clipboard

Published 20 hours ago verified publisher icon extent-framework

System.Drawing.Common vulnerability warning

Open ChelseyMoyer opened this issue 11 months ago • 0 comments

When running my tests through GitHub Actions, this warning is appearing in the logs:

warning NU1904: Package 'System.Drawing.Common' 5.0.0 has a known critical severity vulnerability, https://github.com/advisories/GHSA-rxg9-xrhp-64gj

According to the dependency tree, this vulnerable package is referenced like so: image

All of the "System . . ." packages have newer versions available, that I assume have the fixed version of System.Drawing.Common.

RazorEngine.NetCore.nixFix package has no updated version available, but it needs updated to use a more current version of System.Security.Permissions. This package (ExtentReports) then needs updated to use the updated RazorEngine.

I'm reporting this here, because @anshooarora owns both of these packages, and the RazorEngine.NetCore.nixFix repo does not give me the ability to report an issue. (Also reporting it here because other people are more likely to encounter this problem using ExtentReports.)

Thanks!

ChelseyMoyer avatar Dec 04 '24 00:12 ChelseyMoyer