TMS.FlexCel 7.22.0 is using SkiaSharp 2.88.0, which is marked as a vulnerable package.
Indeed, we are trying to do a release as soon as possible that will update this. It is just that we are also adding .NET 9 support and it is taking sometime.
In the meantime, as you can see in the deps you highlighted, FlexCel requires from 2.88.0 to anything less than 3.0. So as a fast workaround, you can require skiasharp 2.88.9 in your project, and nuget should use it also for FlexCel. Nuget uses the older dependency that can be used by everyone, so if your app needs 2.88.9, as FlexCel supports that too, it should use that version everywhere.
1 Like
Just to make sure, the just released 7.23 requires SkiaSharp 3.