Dependabot reports security alert for package that is at the version that resolves the security alert

[tibi-extera]

Hi,

I have a repository using C#, Visual Studio 2022. One of the projects in the repo generates a private package that uses, among others, the System.Security.Cryptography.Xml package version 6.0.1 from Microsoft.

Dependabot inspected the repo and it declares that there is a security alert for it, with a moderate vulnerability in the System.Security.Cryptography.Xml package. To fix it, it recommends that I update the package to a version >=4.7.1 or >=6.0.1. I have updated it to 6.0.1 (which is the latest), but the alert does not disappear.

I need help to get rid of this alert.

Thank you.

[jhutchings1]

I'm not seeing any advisory on System.Security.Cryptography.Xml in https://github.com/advisories. Do you mind contacting support with more details of what you're seeing here?