Updating ImageSharp Libraries to address current CVEs. #486
Description
We're getting code scan results highlighting the SixLabors.ImageSharp dependency that PdfSharpCore has:
• CVE-2024-41131 (High) - requires 2.1.9+
• CVE-2025-27598 (High) - requires 2.1.10+
• CVE-2024-27929 (High) - requires 2.1.7+
• CVE-2024-32035 (Medium) - requires 2.1.8+
• CVE-2024-32036 (Medium) - requires 2.1.8+
• CVE-2024-41132 (Medium) - requires 2.1.9+
• CVE-2025-54575 (Medium) - requires 2.1.11+
It looks like these vulnerabilities could be addressed if PdfSharpCore releases a new version that updates the ImageSharp dependency to a newer version to avoid these issues, however, the last minor release was 8 months ago at the moment.
I'd like to see dependencies updated to 2.1.11 or higher and a new NuGet package made available.