search

Azure / azure-sdk-for-net

This repository is for active development of the Azure SDK for .NET. For consumers of the SDK we recommend visiting our public developer docs at https://learn.microsoft.com/dotnet/azure/ or our versioned developer docs at https://azure.github.io/azure-sdk-for-net.
MIT License
5.24k stars 4.58k forks source link

[BUG] Microsoft.Azure.WebJobs.Extensions.Storage.Queues 5.3.0 references vulnerable version of Azure.Identity. #45000

Closed ArturAdam closed 1 month ago

ArturAdam commented 1 month ago

Library name and version

Microsoft.Azure.WebJobs.Extensions.Storage.Queues 5.3.0

Describe the bug

Microsoft.Azure.WebJobs.Extensions.Storage.Queues 5.3.0 depends on Microsoft.Extensions.Azure 1.7.3 and that includes the vulnerable version of Azure.Identity which causes the security scans to fail.

Expected behavior

Microsoft.Azure.WebJobs.Extensions.Storage.Queues references Microsoft.Extensions.Azure 1.7.4

Actual behavior

Microsoft.Azure.WebJobs.Extensions.Storage.Queues references Microsoft.Extensions.Azure 1.7.3

Reproduction Steps

N/A

Environment

No response

github-actions[bot] commented 1 month ago

Thank you for your feedback. Tagging and routing to the team member best able to assist.

github-actions[bot] commented 1 month ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @xgithubtriage.

ArturAdam commented 1 month ago

any updates on this?

ArturAdam commented 1 month ago

closing as the latest version references the version 1.7.4