Transitive Dependency Vulnerability

[TronActive]

I am getting a "Transitive dependency Microsoft.NETCore.Platforms 3.1.0 contains vulnerabilities according to Checkmarx" warning on your library for version 12.2.0. Could you investigate/update this?

[kaby76]

One of the projects in Antlr4BuildTasks includes the old Core3.1 target, among others, all completely unnecessary.

Antlr4BuildTasks/Antlr4BuildTasks/SharpCompress/SharpCompress.csproj

Line 9 in fead9d4

<TargetFrameworks>net461;netstandard2.0;netstandard2.1;netcoreapp3.1;net5.0;net6.0</TargetFrameworks>

All targets except the netstandard2.1 should be removed.

[masonwheeler]

I'm seeing another transitive vulnerability, reported by NuGet. Microsoft.Build.Framework v17.2.0 depends on an outdated version of System.Security.Permissions, which has a chain of dependencies that eventually lands on a vulnerable version of System.Drawing.Common. Could this be updated to the latest, v17.7.2?

[kaby76]

• Updated the package reference.
• Added Dependabot updates to help avoid these kinds of problems in the future.
• Release configuration is now the default for this package.
• Release 12.4.