White Source security complains

Hello,

We use Aspose.PDF in our product.
Third-party service WhiteSource (WS) is used to detect vulnerabilities.

WS reported issue for system.text.regularexpressions.4.1.0.nupkg.
image.png (25.2 KB)

This package is a transitive dependency of Aspose.PDF.
How can we fix or mitigate that?

@Andrei86

We have created a task as PDFNET-51124 in our issue tracking system to include this dependency in our .nuspec with explicit version indication (4.3.1). We have linked the task with this forum thread so that you will receive a notification as soon as it is resolved. Please be patient and spare us some time.

We are sorry for the inconvenience.

Do you have any update?

@Andrei86

We are afraid that the earlier logged issue is not yet resolved due to other pending issues in the queue. We will surely inform you as soon as we have some definite updates regarding its resolution. Please be patient and spare us some time.

We are sorry for the inconvenience.

Hello,
Perhaps you have some updates?

@Andrei86

The earlier logged ticket is currently under the phase of the investigation and we are afraid that it is not yet resolved. However, we will notify you via this forum thread as soon as we have some certain news about its fix or resolution ETA. We apologize for your inconvenience.

Hi,

Do we have any updates for this case?

@Andrei86

We are afraid that the earlier logged ticket could not get resolved. However, we will surely inform you as soon as we have updates about its resolution. We apologize for the inconvenience faced.

Do you have any forecast when it might be resolved?

@Andrei86

We are afraid that an ETA for this ticket cannot be shared at the moment as the ticket is under the investigation phase. However, we will let you know as soon as the investigation is complete. We highly appreciate your patience and comprehension in this regard.