You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
My question is: can this package override a dependency in a powershell module that I cannot control?
(Sorry for being lazy not trying it myself, but I'm a newbie in PS, so it will take me just longer)
Some context:
I have a Docker image that is being flagged by our security tool for [System.Net.Http:4.3.0/CVE-2018-8292]. After digging more, the image installs the module ExchangeOnlineManagement, which we suspect uses that version of System.Net.Http even though the image installs PS v7.5 (which supposedly uses the latest System.Net.Http version that is already patched).
(Sorry if I'm writing some inaccuracies. That is the best way I understand the issue).
What I want to do is something like node has that can allow you to override a dependency version that way, we can fix the security issue without having to repackage/reinstall the dependency.
Is this possible by using this package? Or is it only used to publish our own package?
Thanks in advance
The text was updated successfully, but these errors were encountered:
Hello,
My question is: can this package override a dependency in a powershell module that I cannot control?
(Sorry for being lazy not trying it myself, but I'm a newbie in PS, so it will take me just longer)
Some context:
I have a Docker image that is being flagged by our security tool for [System.Net.Http:4.3.0/CVE-2018-8292]. After digging more, the image installs the module ExchangeOnlineManagement, which we suspect uses that version of System.Net.Http even though the image installs PS v7.5 (which supposedly uses the latest System.Net.Http version that is already patched).
(Sorry if I'm writing some inaccuracies. That is the best way I understand the issue).
What I want to do is something like node has that can allow you to override a dependency version that way, we can fix the security issue without having to repackage/reinstall the dependency.
Is this possible by using this package? Or is it only used to publish our own package?
Thanks in advance
The text was updated successfully, but these errors were encountered: