Open
Description
The project-centric detector filters out a large list of dependencies by name.
I think this should not be done because this filters out dependencies which have security advisories filed against them. For example, System.Text.RegularExpressions
is filtered out, but has a High severity alert against it (GHSA-cmhx-cq75-c4mj) which is detected by dotnet list --vulnerable
.
Metadata
Metadata
Assignees
Labels
Type
Projects
Status
In progress