You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Check 'Show only vulnerable' checkbox, then you can see that the warning is because the following packages have a dependency on System.text.json 8.0.0, which has been detected as the vulnerable package
ACTUAL
Check 'Show only vulnerable' checkbox, then you can see that the warning is because the following packages have a dependency on System.text.json 8.0.0, which has been detected as the vulnerable package
Aspire.Hosting.AppHost "Version=" 8.0.0
NOTE:
This issue can be repro in any aspire project or in a project with aspire
This issue also repro on Dev17.10 + Aspire 8.0.2/8.1 and Dev17.11 + Aspire 8.0.2/8.1
EXPECTED
The packages should be updated to depend on a newer version of System.text.json that is not vulnerable.