High severity vulnerability is introduced via the dependency package used by Serilog.Sinks.AzureEventHub@5.0.0
Rashmi-nw opened this issue · comments
Serilog.Sinks.AzureEventHub@5.0.0
has a dependency on Microsoft.Azure.EventHubs@1.0.3
which is having a dependency on NETStandard.Library@1.6.1
.
NETStandard.Library@1.6.1
is having a dependency on System.Text.RegularExpressions@4.3.0
. We are using the snyk which has identified high severity vulnerabilities with this package. Vulnerability identified : https://snyk.io/vuln/SNYK-DOTNET-SYSTEMTEXTREGULAREXPRESSIONS-174708
NETStandard.Library@1.6.1 is also having a dependency on System.Net.Http@4.3.0
. High severity vulnerability identified : https://snyk.io/vuln/SNYK-DOTNET-SYSTEMNETHTTP-60045
It would be great if you could point to right version of NETStandard.Library