A NuGet package my program is using, is an older version of a NuGet package that has a security vulnerability . I want to update the NuGet package within the NuGet package to a new version but have not discovered a way to do that.
There is no update to the NuGet package with the dependency with the vulnerability but there is an update for the dependency NuGet with the vulnerability.
Screenshot of nuget package in visual studio 2022 nuget package in visual studio
I have tried adding '-IgnoreDependencies' to the install command but that installed the NuGet with the insecure NuGet package.
Install-Package RimDev.Stuntman -Version 3.0.0 -IgnoreDependencies
dotnet add package RimDev.Stuntman --version VERSION_YOU_NEED
It will add the package or update it if it is already installed.
You can just install a non-vulnerable version of Microsoft.AspNetCore.Authentication.JwtBearer. I used Microsoft.AspNetCore.Authentication.JwtBearer(6.0.11) because I tested in a .NET6.0 project.
Here is the screenshot of the nuget package in Solution Explorer in visual studio:
Hope it can help you to solve the problem.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.