Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Package Dependency Azure.Identity with Moderate Vulnerability #2787

Closed
vermiceli opened this issue Aug 19, 2024 · 1 comment
Closed

Package Dependency Azure.Identity with Moderate Vulnerability #2787

vermiceli opened this issue Aug 19, 2024 · 1 comment
Labels
Duplicate This issue or pull request already exists

Comments

@vermiceli
Copy link

Describe the bug

Similar to #2195, Azure.Identity version 1.11.3 has a "at least one vulnerability with moderate severity." Microsoft.Data.SqlClient as of 5.2.1 references 1.11.3.

To reproduce

Create a project and reference Microsoft.Data.SqlClient. You'll see errors in the error window

Warning As Error: Package 'Azure.Identity' 1.11.3 has a known moderate severity vulnerability, GHSA-m5vv-6r4h-3vj9

Expected behavior

No references to packages with moderate severity vulnerabilities.

Further technical details

Microsoft.Data.SqlClient version: 5.2.1
.NET target: .NET 8
SQL Server version: N/A
Operating system: Windows

Additional context
N/A
@dauinsight
Copy link
Contributor

@vermiceli there will be a new release before the end of the month to address this: #2568

@dauinsight dauinsight added the Duplicate This issue or pull request already exists label Aug 20, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Duplicate This issue or pull request already exists
Projects
SqlClient Triage Board
Status: Closed
Milestone
No milestone
Development

No branches or pull requests
2 participants
@vermiceli @dauinsight