Vulnerability in System.Data.SqlClient package

Cinchoo / ChoETL

ETL framework for .NET (Parser / Writer for CSV, Flat, Xml, JSON, Key-Value, Parquet, Yaml, Avro formatted files)

MIT License

787 stars 133 forks source link

Vulnerability in System.Data.SqlClient package #267

Open alexanddercrb opened 1 year ago

alexanddercrb commented 1 year ago

There is a vulnerability on this package, details here: https://security.snyk.io/vuln/SNYK-DOTNET-SYSTEMDATASQLCLIENT-3110424 Maybe it can be updated to a newer version

Cinchoo commented 1 year ago

completed.

jvmap commented 3 months ago

There is a new vulnerability: https://github.com/advisories/GHSA-98g6-xh36-x2p7

I wonder, why does the core ChoETL package even depend on System.Data.SqlClient? On first sight, this dependency would be more sensible as an optional extension.