Skip to:

  1. Skip to Jira Navigation
  2. Skip to Side Navigation
  3. Skip to Main Content

Upgrade App.Metrics to mitigate security scan warnings

Description

https://forums.couchbase.com/t/compromised-3rd-party-libraries/32278

I think the security scanning tool you're using to find that dependency may either be flawed or misconfigured. There is actually no combination of target frameworks for the Couchbase SDK that would ever bring in that dependency. The NETStandard.Library 1.6.1 dependency is overridden by NETStandard.Library 2.0.3 dependencies closer to the bottom of the dependency tree.

That said, this may be mitigated by an upgrade to App.Metrics 4.3.0, which offers a specific netstandard2.0 dependency list. Depends, again, on how your security scanning tool is looking at it.

Environment

None

Gerrit Reviews

None

Release Notes Description

None

Activity

Show:
Fixed
Pinned fields
Click on the next to a field label to start pinning.

Details

Assignee

Reporter

Story Points

Fix versions

Priority

Instabug

Open Instabug

PagerDuty

Sentry

Zendesk Support

Created November 30, 2021 at 1:10 PM
Updated May 16, 2022 at 10:23 PM
Resolved May 16, 2022 at 10:23 PM
Instabug