testfx icon indicating copy to clipboard operation
testfx copied to clipboard

Published 20 hours ago verified publisher icon microsoft

High severity vulnerabilities in the [email protected] (Dependency on [email protected])

Open Rashmi-nw opened this issue 4 years ago • 4 comments

Description

IMPORTANT: if the defect is reproduced only in a workflow from within the Visual Studio IDE then do not report the issue here - instead, please report it using Visual Studio's "Send Feedback" option that can be accessed from the Help menu OR using this link https://developercommunity.visualstudio.com.

For a defect specific to the MSTest V2 test framework, describe the issue you've observed.

Steps to reproduce

Create a test project using the package - [email protected] or [email protected] Add a sample test and run snyk test

Expected behavior

No high severity vulnerabilities identified. Alternatively upgrade the System.Net.Http Package?

Actual behavior

[email protected] has a dependency on [email protected] which has a dependency on [email protected]. This package has some vulnerabilities The information can be found here : https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60045

Environment

Tested from VS code/ Visual Studio. Test Adapter and Test framework used : 1.4.0 Same occurs even after upgrading to MSTest.TestAdapter 2.2.4

AB#1575879

Rashmi-nw avatar Jun 07 '21 10:06 Rashmi-nw

We will investigate the update in the latest version of mstest.

nohwnd avatar Jun 08 '21 14:06 nohwnd

@nohwnd any update on this, please?

abatishchev avatar Jul 02 '21 00:07 abatishchev

@nohwnd Is there any ETA? Related: https://github.com/microsoft/testfx/issues/582

SymbioticKilla avatar Dec 11 '21 15:12 SymbioticKilla

This will be handled by #1095

Evangelink avatar Jul 12 '22 18:07 Evangelink

Fixed by #1163

Evangelink avatar Aug 25 '22 15:08 Evangelink