Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Elsa.Http has references to deprecated packages #4951

Closed
Inx51 opened this issue Feb 15, 2024 · 1 comment
Closed

Elsa.Http has references to deprecated packages #4951

Inx51 opened this issue Feb 15, 2024 · 1 comment

Comments

@Inx51
Copy link
Contributor

Inx51 commented Feb 15, 2024

While trying to use Elsa.Http our internal package repository (ProGet) discovered vulnerabilities in Elsa.Http.
Im not sure if the scanner we are using actually found any real vulnerabilities, or if it simply discovered that the referenced packages are deprecated.

The deprecated packages are:

The way to reference to ASP.net (Core 3.0+) framework is from my understanding to add the following to the .csproj:

  <ItemGroup>
    <FrameworkReference Include="Microsoft.AspNetCore.App" />
  </ItemGroup>

Source: https://learn.microsoft.com/en-us/aspnet/core/fundamentals/target-aspnetcore?view=aspnetcore-8.0&tabs=visual-studio

I have forked the elsa-core github repo and removed all references from Elsa.Http except FluentStorage (didnt even add the above FrameworkReference) and yet all seems to build and run just fine.

Could this be resolved? Want me to submit a PR?
@glime-ai Glime AI
Copy link

glime-ai bot commented Feb 15, 2024

Based on the context provided, it seems that you have identified deprecated package references within the Elsa.Http project and have successfully forked the elsa-core repository, making changes that result in a successful build and run without these references.

Before submitting a PR, it would be advisable to ensure that your changes are in line with the project's goals and that they do not inadvertently remove functionality or compatibility that the Elsa team intends to maintain. As per the guidelines in the elsa-core README, you should open an issue first to discuss your findings and proposed changes. This step is crucial as it ensures you don't spend time working on something that might not align with the project's goals or might already be under development by someone else.

Here's what you should do:

  1. Open an issue on the elsa-core GitHub repository to discuss the deprecated package references you've found in Elsa.Http.
  2. In the issue, explain your findings, the potential vulnerabilities, and how you've managed to build and run the project without these references.
  3. Mention that you are willing to submit a PR and ask for guidance or approval to proceed.
  4. If the Elsa team agrees with your assessment, they will likely encourage you to submit a PR. Make sure to follow their contribution guidelines when doing so.

Remember to provide a clear and detailed description of the changes in your PR and reference the issue you opened.

@Inx51 Inx51 mentioned this issue Feb 16, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sfmskywalker @Inx51