Fix ASP.NET Core deprecated package
I have a Mend Bolt warning because of this old version for encodings.web: system.text.encodings.web.4.5.0.nupkg. Version 4.5.0 has security vulnerabilities. I need to upgrade to a higher version.
It is added as a transitive package from Microsoft.AspNetCore.Hosting.Abstractions:
The problem is version 2.2.0 for Microsoft.AspNetCore.Hosting.Abstractions is deprecated.
My project uses .NET 6. I cannot find that package in a newer format or another variant. I use Hosting.Abstractions for IWebHost class, for a migration extension method. If I uninstall it, then the warning is solved but my method does not build.
public static IWebHost MigrateDbContext<TContext>(this IWebHost webHost, Action<TContext, IServiceProvider> seeder) where TContext : DbContext
{
var services = scope.ServiceProvider;
var logger = services.GetRequiredService<ILogger<TContext>>();
var context = services.GetService<TContext>();
...
context.Database.Migrate();
...
}
I installed latest stable version for that vulnerable package. In future, after I upgrade to another .NET version and maybe that vulnerability goes away, I will need to go back and remove that line from .csproj where System.Text.Encodings.Web is set to today's latest version.
<PackageReference Include="System.Text.Encodings.Web" Version="6.0.0" />
Also, I needed to check every project to see where my vulnerable package is. Fortunately, my project is small, and I could do that. For bigger applications we will need a library to find transitive packages.