commandline icon indicating copy to clipboard operation
commandline copied to clipboard
verified publisher icon commandlineparser

Version 2.9.1 is reported as vulnerable

Open NinjaCross opened this issue 1 year ago • 8 comments

Describe the bug JetBrains Rider signal the 2.9.1 version as vulnerable. It doesn't provide details on the motivation. This is also mentioned here: https://github.com/jeremylong/DependencyCheck/issues/6048 https://github.com/jeremylong/DependencyCheck/issues/6088

Unfortunately some of the projects/customers I'm working on/with refuse to use libraries with known vulnerabilities. Is there a mitigation ?

Many thanks in advance for any suggestion.

To Reproduce Just add the NuGet package to any project in Rider, and the warning will appear

Expected behavior No vulnerabilities signaled

Screenshots image

NinjaCross avatar Nov 28 '24 08:11 NinjaCross

With the Version 2.9.2-ci-210:

image

JetBrains Rider does not report any vulnerability 😃

schittli avatar Nov 30 '24 13:11 schittli

Thankyou @schittli :) When will this version be available on NuGet? I don't see it listed on NuGet.org yet.

NinjaCross avatar Nov 30 '24 17:11 NinjaCross

Thankyou @schittli :) When will this version be available on NuGet? I don't see it listed on NuGet.org yet.

Any update here? Nuget.org still has 2.9.1

DrusTheAxe avatar Dec 19 '24 11:12 DrusTheAxe

@schittli any progress on this ? Nuget.org still has 2.9.1

NinjaCross avatar Jan 09 '25 07:01 NinjaCross

I will look into this over the weekend

ericnewton76 avatar Jan 24 '25 18:01 ericnewton76

Any news?

DrusTheAxe avatar Feb 09 '25 04:02 DrusTheAxe

is this going to be pushed to nuget?

ES0T avatar May 01 '25 14:05 ES0T

This was remarked as false positive, so rather no issue, right?

https://github.com/dependency-check/DependencyCheck/issues/6088

HaGGi13 avatar Jul 23 '25 14:07 HaGGi13