What about vulnerability of SixLabors.ImageSharp

[Stoffelche]

NPOI 2.6.2 installs SixLabors.ImageSharp 2.1.4, which has a vulnerability.
I noted, that the dependency was updated in the next NPOI release 2.7 to SixLabors.ImageSharp 3.1.3
But in the meanwhile, while NPOI 2.7.0 is not yet released, what would be the recommended way to handle this issue?

1. Is NPOI 2.6.2 compatible with SixLabors.ImageSharp 3.1.3, so if explicitly installing this package, and having the corresponding bindingRedirect, it would work?
2. Otherwise, I noted there is a SixLabors.ImageSharp 2.1.7 version, which also does not have the vulnerability. Is this version compatible with NPOI 2.6.2?

TIA for direction, Stefan

[tonyqus]

NPOI 2.7.0 rc-1 was released on nuget 3 days ago. I think you can switch to this version and have a smoke test. This version is based on ImageSharp 2.1.7.

If there is no critical bug report, the final release will happen next week.

Is NPOI 2.6.2 compatible with SixLabors.ImageSharp 3.1.3, so if explicitly installing this package, and having the corresponding bindingRedirect, it would work?

I don't have the answer because I never tried that. It depends on if ImageSharp changes any public API (for example, they remove one existing method, then it will throw MissingMethod exception).