This repository is for active development of the Azure SDK for .NET. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/dotnet/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-net.
MIT License
5.36k
stars
4.79k
forks
source link
[BUG]: CG Alert: Upgrade System.IdentityModel.Tokens.Jwt to latest version on Microsoft.Azure.WebJobs.Extensions.SignalRService namespace #44015
I've received cg alert on following package reference coming through latest version of Microsoft.Azure.WebJobs.Extensions.SignalRService
Upgrade System.IdentityModel.Tokens.Jwt from 6.5.0 to 6.34.0 to fix the vulnerability.
Kindly upgrade the dependecy to latest version and release the newer version for downstream consumption
Expected behavior
Security vulnerability fix by upgrading mentioning package
Actual behavior
Older version of System.IdentityModel.Tokens.Jwt is used which seems to be flagged with security issue
Library name and version
Microsoft.Azure.WebJobs.Extensions.SignalRService 1.13.0
Describe the bug
I've received cg alert on following package reference coming through latest version of Microsoft.Azure.WebJobs.Extensions.SignalRService Upgrade System.IdentityModel.Tokens.Jwt from 6.5.0 to 6.34.0 to fix the vulnerability.
Kindly upgrade the dependecy to latest version and release the newer version for downstream consumption
Expected behavior
Security vulnerability fix by upgrading mentioning package
Actual behavior
Older version of System.IdentityModel.Tokens.Jwt is used which seems to be flagged with security issue
Reproduction Steps
Check the dependent packages versions
Environment
No response