Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump dependencies to fix vulnerabilities in tests #674

Merged
merged 3 commits into from
Nov 8, 2023
Merged

Bump dependencies to fix vulnerabilities in tests #674

merged 3 commits into from
Nov 8, 2023

Conversation

frederikprijck
Copy link
Member

Changes

Adds explicit depenencies for known vulnerable dependencies to ensure we use versions that are fixed.

References

✗ Denial of Service (DoS) [High Severity][https://security.snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60045] in System.Net.Http@4.3.0
    introduced by Moq@4.14.7 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0 and 4 other path(s)
  This issue was fixed in versions: 4.1.2, 4.3.2
  ✗ Improper Certificate Validation [High Severity][https://security.snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60046] in System.Net.Http@4.3.0
    introduced by Moq@4.14.7 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0 and 4 other path(s)
  This issue was fixed in versions: 4.1.2, 4.3.2
  ✗ Privilege Escalation [High Severity][https://security.snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60047] in System.Net.Http@4.3.0
    introduced by Moq@4.14.7 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0 and 4 other path(s)
  This issue was fixed in versions: 4.1.2, 4.3.2
  ✗ Authentication Bypass [Medium Severity][https://security.snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60048] in System.Net.Http@4.3.0
    introduced by Moq@4.14.7 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0 and 4 other path(s)
  This issue was fixed in versions: 4.1.2, 4.3.2
  ✗ Information Exposure [High Severity][https://security.snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-72439] in System.Net.Http@4.3.0
    introduced by Moq@4.14.7 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Net.Http@4.3.0 and 4 other path(s)
  This issue was fixed in versions: 2.0.20710, 4.0.1-beta-23225, 4.1.4, 4.3.4
  ✗ Regular Expression Denial of Service (ReDoS) [High Severity][https://security.snyk.io/vuln/SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708] in System.Text.RegularExpressions@4.3.0
    introduced by Moq@4.14.7 > Castle.Core@4.4.0 > NETStandard.Library@1.6.1 > System.Text.RegularExpressions@4.3.0 and 15 other path(s)
  This issue was fixed in versions: 4.3.1

Checklist

@frederikprijck frederikprijck marked this pull request as ready for review November 8, 2023 10:36
@frederikprijck frederikprijck requested a review from a team as a code owner November 8, 2023 10:36
@frederikprijck frederikprijck merged commit 45a0ded into master Nov 8, 2023
6 checks passed
@frederikprijck frederikprijck deleted the security/fix-vulnerabilities branch November 8, 2023 11:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ewanharris ewanharris ewanharris approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@frederikprijck @ewanharris