Skip to content

Nuget "project centric detector" should not filter out dependencies #502

Open
@Porges

Description

@Porges

The project-centric detector filters out a large list of dependencies by name.

I think this should not be done because this filters out dependencies which have security advisories filed against them. For example, System.Text.RegularExpressions is filtered out, but has a High severity alert against it (GHSA-cmhx-cq75-c4mj) which is detected by dotnet list --vulnerable.

Metadata

Metadata

Assignees

Labels

breaking changeBreaking change, requires major version bumpdetector:nugetThe NuGet detectorstatus:requirementsFull requirements are not yet known, so implementation should not be startedtype:bugBug fix of existing functionality

Type

No type

Projects

Status

In progress

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions