Comments (13)
Jericho
commented on June 19, 2024
StrongGrid does not take a direct dependency on any of the three packages on the screenshot you provided. Maybe one of our dependencies does? But which one????
from stronggrid.
Jericho
commented on June 19, 2024
I know that Pathoschild.Http.FluentClient is referencing System.Net.Http but only if your project is using .netstandard1.3. Does that seem right to you? Is you project targeting .net standard1.x? If so, can you upgrade to a more recent .net? That's probably to easiest and fastest way of getting rid of the vulnarable System.Net.Http reference.
I have no idea where the other two references are coming from though.
from stronggrid.
Jericho
commented on June 19, 2024
oh and by the way, what lead you to conclude that these dependencies came from StrongGrid in the first place?
from stronggrid.
drma-tech
commented on June 19, 2024
from stronggrid.
drma-tech
commented on June 19, 2024
If you open it with Visual Studio, you can easily see this, including where the references come from.
from stronggrid.
Jericho
commented on June 19, 2024
"Transitively referenced by StrongGrid" this pretty much confirms what I said: we don't directly reference any of these packages, but some of our references do.
Like I said, I have a pretty good idea where the System.Net.Http reference comes from but no idea about the other two. And further more, the vulnerable System.Net.Http is used only when you target netstandard1.x Does this apply to your situation? Any chance you can upgrade your platform target(s)?
from stronggrid.
Jericho
commented on June 19, 2024
As it turns out, all three references are being pulled in by our dependency on Pathoschild.Http.FluentClient:
from stronggrid.
drma-tech
commented on June 19, 2024
im using .net 8.0. not sure if is using this netstandard
from stronggrid.
drma-tech
commented on June 19, 2024
so, its just notify the owner of this component
from stronggrid.
Jericho
commented on June 19, 2024
When I open the FluentHttp project in Visual Studio and look at their dependencies, I see this:
So, while the author of the FluentHttp project might be able to fix the System.Net.Http reference (by dropping support for netstandard1.x, I presume), the other two are being pulled in by even further upstream dependencies.
from stronggrid.
Jericho
commented on June 19, 2024
Turns out, I was wrong about one specific detail: the FluentHttpClient project is already referencing the patched System.Net.Http package (which is version 4.3.4) as evidenced by:
So they may have to go upstream to get this transitive reference upgraded.
from stronggrid.
Related Issues (20)
- Webhook parser should implement an interface HOT 2
- Mark the LegacyCLient as obsolete HOT 1
- Remove obsolete members
- InternalMessageId on webhook Events not always being returned with .filter in the value HOT 6
- Rename the `Client` class
- `IpAddress.AssignedOn` can be null HOT 2
- Access modifier issue in SingleSend model HOT 3
- `The JSON value is not in a supported DateTime format` when searching for contacts HOT 1
- Improve the WebhookSettings resource to handle multiple webhook settings HOT 1
- Unable to create new Webhook settings HOT 1
- Unable to configure Oauth when updating an existing Webhokk settings HOT 1
- Improve logging template/scopes, or provide a logging delegate? HOT 5
- Unable to configure Oauth when testing webhooks HOT 1
- Unable to toggle signature verification for a event webhook HOT 1
- Unable to specify the Id of the desired event webhook settings when retrieving the public key HOT 1
- Missing method to delete an existing event webhook settings HOT 1
- Use .net8 HostedApplication to run integration tests HOT 1
- Further improve how we handle unsupported encodings when parsing InboundEmail webhooks HOT 1
- .NET 8 JsonException when trying to parse inbound email HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from stronggrid.