-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Bump SqlClient to 5.1.3 and Npgsql to 8.0.3 #140
Comments
@jbogard - Hello, please take a look |
I don't see any published vulnerabilities for the first package. And the second is for tests, I don't care about that since it's never published. |
You're right. |
You are referencing Microsoft.Data.SqlClient version 4.0.5. Version 1.3.0 of Azure.Identity does have a vulnerability. I would still recommend upgrading Microsoft.Data.SqlClient. The earliest fix for this is in version 5.1.4, the vulnerability is also addressed in the release notes. On top of this, version 4.0.5 of Microsoft.Data.SqlClient references version 6.8.0 of Microsoft.IdentityModel.JsonWebTokens. This has been fixed in version 5.1.5. |
I only address CVEs for direct dependencies (aka ones that dependabot catches). Not transitive dependencies. End users can upgrade their transitive dependencies. |
Current versions:
Contain vulnerabilities, please upgrade these 2 packages.
Suggested versions:
The text was updated successfully, but these errors were encountered: