RazorLight icon indicating copy to clipboard operation
RazorLight copied to clipboard
verified publisher icon toddams

Only update versions of all vulnerable reference packages

Open fuyuesong opened this issue 10 months ago • 2 comments

仅更新所有有漏洞引用包的版本

fuyuesong avatar Feb 08 '25 18:02 fuyuesong

Along the lines you also added reference to Microsoft.NETCore.App, which we did not have

toddams avatar Feb 10 '25 17:02 toddams

Hello! Glad to see your reply.

The reason why the reference to Microsoft.NETCore.App is added to the following two projects is that these two projects already have this package referenced by default. You can check your original projects to see if there is such a reference.

When the reference is not added manually, the default is to reference the lowest - version package with vulnerabilities. Only after adding the reference manually can a new version be specified.

These two projects are for demonstration and testing, and they have no impact on the core class library.

samples/RazorLight.Samples/Samples.EntityFrameworkProject.csproj

tests/RazorLight.Tests/RazorLight.Tests.csproj

2025-02-11_10-56-26 If the Microsoft.NETCore.App package is not added manually, vulnerabilities exist.

2025-02-11_10-57-03 Manually adding the Microsoft.NETCore.App package resolves the vulnerabilities.

fuyuesong avatar Feb 11 '25 03:02 fuyuesong