You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There is currently working being done to release a 2.16 with the dependency version bumped. It should be released in the next few weeks. As a workaround you should be able to target 4.5.4 version, and use assembly redirects.
Describe the bug
From Microsoft.Azure.DocumentDB nuspec:
4.5.0 has a security issue
https://www.nuget.org/packages/System.Net.Http.WinHttpHandler/4.5.0
Advisory Details: GHSA-6xh7-4v2w-36q6
To Reproduce
SDK will pull in 4.5.0 version of System.Net.Http.WinHttpHandler through its dependencies when referencing it in a project
Expected behavior
SDK should pull in a version of this dependency that does not have a vulnerability (e.g.https://www.nuget.org/packages/System.Net.Http.WinHttpHandler/4.5.4)
Actual behavior
SDK pulls in 4.5.0 of System.Net.Http.WinHttpHandler which has a vulnerability
Environment summary
SDK Version:
OS Version (e.g. Windows, Linux, MacOSX):
Windows
Additional context
The text was updated successfully, but these errors were encountered: