I received an email, that suggested to fix the problem.
On Thu, 22 Apr 2021 at 5:30 am, dependabot[bot] email@example.com wrote:
This automated pull request fixes a security vulnerability (high severity).
Bumps System.Net.Http from 4.1.0 to 4.3.4.
According to description link .NET Core Information Disclosure · CVE-2018-8292 · GitHub Advisory Database · GitHub
This affects .NET Core 2.1, .NET Core 1.0, .NET Core 1.1, PowerShell Core 6.0.
However my project is using .Net Framework 4.6, that can be determined by .csproj and packages.config.
Our private repositories received similar false alarms.
It will be nice, if dependabot will be more smart and understand, does the issue applicable to the project or not and avoid false alarms.