Package dependency Azure.Identity with high vulnerability #2195
Labels
2️⃣ Duplicate
Issue/PR that is a duplicate and already exists.
Comments
|
@pampua84 What have you tried? In addition, this will be fixed in 5.2 preview 4 |
|
Hi @ErikEJ,
I see that Microsoft.Data.SqlClient 5.1.1 supports any version later than >= 1.7.0, of Azure.Identity, so updating it shouldn't cause any problems. Right? |
|
Correct |
JRahnama
added
the
2️⃣ Duplicate
|
Closing as a duplicate of #2181. |
This was referenced Nov 3, 2023
Closed
This was referenced Nov 20, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe the bug
Hi,
as per the description in the object, when the package is installed, it brings as a dependency version 1.7.0 of Azure.Identity which has a strong vulnerability up to version 1.10.2 , as also reported in the link:
https://github.com/advisories/GHSA-5mfx-4wcx-rv27
and also on nuget.org:
https://www.nuget.org/packages/Azure.Identity/1.7.0
If you update the Azure.Identity library to the latest version, are there any breaking changes?
The text was updated successfully, but these errors were encountered: