Quantcast
Channel: Active questions tagged nuget-package - Stack Overflow
Viewing all articles
Browse latest Browse all 3067

In .Net 7.0 solution, is implicitly referenced Microsoft.NetCore.App 1.1.1 with security vulnerabilities a concern?

$
0
0

I'm looking into a solution, which is using the latest .Net 7.0 framework, has an old nuget package (let's call it package X) with a dependency to Microsoft.NetCore.App version 1.1.1 with security vulnerabilities as shown in the screenshots below. In this case, the Microsoft library is only implicitly referenced.enter image description hereenter image description here

I've searched for documentations or articles that could potentially explain the build behaviour of implicitly referenced library/package but no luck so far. Two things I'd like to know.

  1. Does restoring package X would download the Microsoft.NetCore.App library during build?
  2. Is this is a concern with the security vulnerabilities that could compromise the whole solution.Any confirmation would be highly appreciated. Thanks.

Viewing all articles
Browse latest Browse all 3067

Trending Articles



<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>