NU1903: Package 'Snappier' 1.0.0 has a known high severity vulnerability

XMLWordPrintableJSON

    • Type: Bug
    • Resolution: Duplicate
    • Priority: Critical - P2
    • None
    • Affects Version/s: None
    • Component/s: None
    • None
    • None
    • Dotnet Drivers
    • Hide

      1. What would you like to communicate to the user about this feature?
      2. Would you like the user to see examples of the syntax and/or executable code and its output?
      3. Which versions of the driver/connector does this apply to?

      Show
      1. What would you like to communicate to the user about this feature? 2. Would you like the user to see examples of the syntax and/or executable code and its output? 3. Which versions of the driver/connector does this apply to?
    • None
    • None
    • None
    • None
    • None
    • None

      warning NU1903: Package 'Snappier' 1.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-pggp-6c3x-2xmx

       

      is reported by Microsoft's Dotnet Audit ( https://learn.microsoft.com/en-us/nuget/concepts/auditing-packages )

      I see upgrade requests/attempts in tickets and PRs but they have all been postponed / closed unmerged. (CSHARP-57412, CSHARP-6031)

            Assignee:
            Unassigned
            Reporter:
            Jeroen Habets
            None
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: