Transitive Dependency System.Net.Http 4.3.0 contains vulnerabilities - CVE-2018-8292

[davidd396]

setup-dotnet/__tests__/e2e-test-csproj/packages.lock.json

Line 749 in 21e81f6

"System.Net.Http": {

Hi team,

Could you upgrade the transitive dependency to 4.3.4 ? It will fix the security issue.

Thank you.

Ref: GHSA-7jgj-8wvc-jh57

[priya-kinthali]

Hello @davidd396👋,
Thank you for reporting this. We will investigate the issue and get back to you as soon as we have updates.