CVE-2019-0820: Update or Replace Sprache 2.3.1 - due to Transitive Dependency System.Text.RegularExpressions 4.3.0

[JamesHopkinson]

Scanning dependencies for this library I see the following vulnerability being raised for System.Text.RegularExpressions 4.3.0, which is a transitive dependency within Sprache 2.3.1.

To resolve this, it would be good to move away from Sprache 2.3.1 (I believe there is a prerelease of 3.0.0 that addresses this)

Further Info:
dotnet/announcements#111

[Mike-E-angelo]

Hi @JamesHopkinson thank you for writing in. If I understand correctly, Sprache dependencies include System.Text.RegularExpressions (>= 4.3.0) which means anything greater than this version will suffice. The danger (as I understand it) is that the final application being compiled actually uses this version. At this point, a warning will be displayed in the IDE to alert the developer to this vulnerability. Most applications are net9.0 or net10.0`, which automatically reference versions that are greater than the offending version in question.

Please let me know if I have misunderstood, and we can further discuss.