Fix the Component Governance issue on System.Text.Json

Azure / azure-functions-sql-extension

Azure SQL bindings for Azure Functions ⚡️ supports Azure SQL Database, Azure SQL Managed Instance, and SQL Server 2016+

https://aka.ms/sqlbindings

MIT License

123 stars 62 forks source link

Fix the Component Governance issue on System.Text.Json #1098

Closed MaddyDev closed 3 months ago

MaddyDev commented 4 months ago

https://msdata.visualstudio.com/SQLToolsAndLibraries/_componentGovernance/azure-functions-sql-extension/alert/11673675?typeId=23606141&pipelinesTrackingFilter=0

Pin System.Text.Json to 8.0.4 adding it as an explicit dependency since all the root dependencies are up to date.

Charles-Gagnon commented 4 months ago

@MaddyDev The CG alert still firing should be fixed - you needed to add the package reference to the projects themselves.

But I don't think we can even do this currently - it's a major version bump for the extension dependencies. Will need to consult with the host team on whether this one will be allowed.

MaddyDev commented 3 months ago

Confirmed with Component Governance support (cg-support@microsoft.com) that the version we have is not vulnerable and they removed the alert. Closing this as no longer required.