I have same issue, I tried several changes but still snyk is showing there is a vulnerability.

I tried with all this:

private static Uri CommonSanitize(string url)
 {
     if (string.IsNullOrWhiteSpace(url))
         throw new ArgumentNullException(nameof(url), "URL cannot be null or empty.");

     // Check if the URL is well-formed and uses HTTPS
     if (!Uri.TryCreate(url, UriKind.Absolute, out Uri uriResult) || uriResult.Scheme != Uri.UriSchemeHttps)
         throw new InvalidOperationException("URL must be a well-formed HTTPS URL.");

     // Ensure the URL belongs to the allowed domains
     var allowedDomains = new[] { "xxx.com", "yyy.com" };
     if (!allowedDomains.Any(domain => uriResult.Host.EndsWith(domain, StringComparison.OrdinalIgnoreCase)))
         throw new InvalidOperationException("URL must belong to xxx.com or yyy.com.");

     // Ensure there are no additional http or https strings in the URL
     var urlWithoutScheme = url.Substring(uriResult.Scheme.Length + 3); // +3 to account for "://"
     if (Regex.IsMatch(urlWithoutScheme, @"http[s]?://", RegexOptions.IgnoreCase))
         throw new InvalidOperationException("URL contains additional http or https strings.");

     return uriResult;
 }