Closed
Description
Library name and version
System.Text.Encodings.Web 4.5.0
Describe the bug
Microsoft Nuget packages (including the framework) having a reference to System.Text.Encodings.Web 4.5.0 or 5.0.0 which has vulnerabilities as a placeholder which gets marked as vulnerable in jfrog scan.
Expected behavior
Microsoft Nuget packages (including the framework) should not reference vulnerable versions as the placeholder for jfrog scan so that package is not marked for vulnerability. We are using the library as part of Microsoft.ApplicationInsights.AspNetCore.
Actual behavior
Glapi pipeline process failure and blocks the deployment due to vulnerability.
Reproduction Steps
Create any new VS project including those packages and scan through the jfrog.
Environment
All Environments.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment