DevToys icon indicating copy to clipboard operation
DevToys copied to clipboard
verified publisher icon DevToys-app

SixLabors.ImageSharp 3.1.4 vulnerable

Open jerone opened this issue 1 year ago • 1 comments

Current behavior

DevToys.Api dependency SixLabors.ImageSharp version 3.1.4 is vulnerable:

  • Severity 1 - https://github.com/advisories/GHSA-qxrv-gp6x-rc23
  • Severity 2 - https://github.com/advisories/GHSA-63p8-c4ww-9cg7

How to reproduce it (as minimally and precisely as possible)

No response

Expected behavior

No vulnerabilities.

Screenshots

No response

Workaround

No response

Affected platforms

No response

Affected DevToys kind

DevToys (app with GUI), DevToys CLI

DevToys Version

DevToys.Api.2.0.5-preview

Relevant Assets/Logs

No response

jerone avatar Sep 28 '24 17:09 jerone

Ping @veler for these vulnerabilities.

jerone avatar Oct 03 '24 12:10 jerone

Hello, Sorry for the late answer here and thank you for notifying this issue. I opened a PR to update the dependencies.

veler avatar Oct 20 '24 18:10 veler