Replies: 1 comment 4 replies
-
These are unit test projects. They're not published in any way shape or form. Whatever you used to find these "vulnerabilities" seems broken. Regular expression Denial of Service attack on my unit tests??? How will I sleep at night 🤣 |
Beta Was this translation helpful? Give feedback.
4 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Hi everyone,
We really liked this lib that has been helping us to automate some tasks.
Nonetheless, we found out some dependencies that contain some vulnerabilities.
Where we found those vulnerabilities:
src/IntegrationTests/AutoMapper.IntegrationTests.csproj
src/UnitTests/AutoMapper.UnitTests.csproj
src/AutoMapper.Extensions.Microsoft.DependencyInjection.Tests/AutoMapper.DI.Tests.csproj
Type of vulnerabilities:
Which dependencies are vulnerable and how to fix those:
Shouldly@4.0.3
Can be fixed using:
System.DirectoryServices.Protocols@5.0.1.1
System.Security.Cryptography.Xml@4.7.1
System.Drawing.Common@4.7.2, @5.0.3
Microsoft.NET.Test.Sdk@17.1.0
Can be fixed using:
Newtonsoft.Json@13.0.1
xunit@2.4.1
Can be fixed using:
System.Net.Http@4.1.2, @4.3.2
Could the team please check if is possible to change those libs without broken the lib?
Best Regards
P.S.: We've made a fork to test the upgrade, but in our environment we didn't found any issue after that.
Beta Was this translation helpful? Give feedback.
All reactions