JustMock and System.Drawing.Common

1 Answer 51 Views
General Discussions
Tyler
Top achievements
Rank 1
Tyler asked on 23 Jul 2024, 03:03 PM
The latest version of JustMock contains a reference to System.Drawing.Common 5.0.0.   That component has a critical severity security alert associated with it.  I know I could add a reference to the latest System.Drawing.Common package to every project that is referencing JustMock, but since this is dozens of projects and I will never remember to remove this hard reference to the drawing package once it is fixed, it would be better if JustMock updated its reference.  Is this possible to get into the next release?

1 Answer, 1 is accepted

Sort by
0
Ivo
Telerik team
answered on 24 Jul 2024, 01:06 PM

Hello Tyler,

According to ILSpy JustMock has the following references:

.NET Framework

.NET Standard

If you use an installed version of the product, probably some of the installed assemblies refer the mentioned one, could you please clarify how you concluded this?

Regards,
Ivo
Progress Telerik

Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.

Tyler
Top achievements
Rank 1
commented on 24 Jul 2024, 03:45 PM

VS nuget manager is saying it is a transitive package brought in via JustMock:
Ivo
Telerik team
commented on 25 Jul 2024, 09:03 AM

Hello Tyler, I got it. The transitive dependency comes from System.Security.Permissions 5.0.0. Thanks for pointing this out, we will fix it in the upcoming 2024 Q3 release which is expected to be available in the first half of August.
Ivo
Telerik team
commented on 13 Aug 2024, 02:55 PM

The issue is fixed in 2024 Q3 release. Enjoy!
Tags
General Discussions
Asked by
Tyler
Top achievements
Rank 1
Answers by
Ivo
Telerik team
Share this question
or