NuGet warning

During our build process, NuGet security auditing (NU1902) flags 16 warnings related to a known vulnerability in the transitive dependency Magick.NET-Q16-AnyCPU 14.10.1, which is pulled in by Aspose.PDF.

The advisory details:

Package: Magick.NET-Q16-AnyCPU 14.10.1 (transitive, referenced by Aspose.PDF)
Severity: Moderate
NuGet Warning: NU1902
Advisory URL: https://github.com/advisories/GHSA-rwx6-w5xg-x39m (example — the actual advisory link appears in our build output)
Since this is a transitive dependency managed by Aspose.PDF, we cannot upgrade Magick.NET ourselves without breaking the package. We are currently suppressing these warnings via direct, but this is a workaround, not a fix.

Request: Could you please update the Magick.NET dependency to a patched version in an upcoming Aspose.PDF release?

Net 10 Core.

thank you

@CatalinBombea

You mentioned that the transitive Magick.NET‑Q16‑AnyCPU 14.10.1 package used by Aspose.PDF triggers NU1902 security warnings and you would like the library updated to a patched version.

At present Aspose.PDF includes that version of Magick.NET, and the transitive dependency cannot be changed from your project. We will pass your feedback to the product team for consideration in a future release. Meanwhile, please verify that you are using the latest Aspose.PDF NuGet package, as newer versions may already contain an updated Magick.NET dependency. You can follow the release notes on the Aspose.PDF .NET page for any changes. If you have further questions, feel free to continue the discussion in this forum thread.