AI OnAI Off
Hello
You can directly install the latest version of Episerver.ImageLibirary.ImageSharp from optimizely NuGet to override the transitive dependencies.
For the rest of vulnerabilities security issues, Azure App service should automatically patch the runtime if your solution is hosted in DXP. If you have Azure access, you can ssh to your container and run dotnet --info to verify your .net runtime (see screenshot below)
I agree that the package references shuld be updated, but you may also
Hello,
The following packages have transitive dependencies to vulnerable packages. Is it possible to update the references?
Episerver.Cms (12.29.1) -> Episerver.ImageLibrary.ImageSharp (1.0.1) -> SixLabors.ImageSharp (2.1.7) https://github.com/advisories/GHSA-g85r-6x2q-45w7
Episerver.Framework (12.21.5) -> System.Security.Cryptography.Xml (6.0.1) -> System.Security.Cryptography.Pkcs (6.0.1) https://github.com/advisories/GHSA-555c-2p6r-68mm
The following packages have a dependency on System.Text.RegularExpressions (4.3.0): https://github.com/advisories/GHSA-cmhx-cq75-c4mj
EPiServer.CloudPlatform.Cms.1.6.1,
EPiServer.CMS.12.29.1,
EPiServer.CMS.AspNetCore.HtmlHelpers.12.21.5,
EPiServer.CMS.AspNetCore.Routing.12.21.5,
EPiServer.CMS.AspNetCore.TagHelpers.12.21.5,
EPiServer.CMS.Core.12.21.5,
EPiServer.CMS.TinyMce.4.7.2, EPiServer.Find.Cms.16.2.0,
EPiServer.GoogleAnalytics.4.2.0