A transient package contains security vulnerability

[mindaugasveblauskas]

According to Visual Studio (v17.12.1), the package protobuf-net.Grpc has a security vulnerability, because one of its transient packages are flagged. Even though I'm using the latest version of protobuf-net.Grpc 1.2.2, it uses protobuf-net 2.4.8, but not 3.2.30 as stated at https://github.com/protobuf-net/protobuf-net.Grpc/blob/1.2.2/Directory.Packages.props

The project which uses protobuf-net.Grpc 1.2.2 targets .net 8.

[mgravell]

Yes, we can update the refs. However, this is ultimately a false positive in that a: none of that code is relevant to this lib, and b: you can apply later packages yourself locally. But agree: we should fix the refs.