Dependabot reports security alert for package that is at the version that resolves the security alert #30835
Unanswered
tibi-extera
asked this question in
Code Security
Replies: 1 comment
-
|
I'm not seeing any advisory on System.Security.Cryptography.Xml in https://github.com/advisories. Do you mind contacting support with more details of what you're seeing here? |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hi,
I have a repository using C#, Visual Studio 2022. One of the projects in the repo generates a private package that uses, among others, the System.Security.Cryptography.Xml package version 6.0.1 from Microsoft.
Dependabot inspected the repo and it declares that there is a security alert for it, with a moderate vulnerability in the System.Security.Cryptography.Xml package. To fix it, it recommends that I update the package to a version >=4.7.1 or >=6.0.1. I have updated it to 6.0.1 (which is the latest), but the alert does not disappear.
I need help to get rid of this alert.
Thank you.
Beta Was this translation helpful? Give feedback.
All reactions