I have a large project which is using 3rd party libraries. Recently i have been seeing errors advising some of the packages have vulnerabilities.
Most of these are transitive packages that need some attention. What would be the most feasible way to update these? I can do this through NuGet but then im adding this package to my project?
What would happen if the 3rd party upgrades the vulnerable package themselves and ive already installed another version?
Ive checked out this and the blogs https://learn.microsoft.com/en-us/nuget/reference/errors-and-warnings/nu1901-nu1904 but they dont seem to offer much insight to these questions