Code vulnerabilities in old SqlClient package

Giorgi / EntityFramework.Exceptions

Strongly typed exceptions for Entity Framework Core. Supports SQLServer, PostgreSQL, SQLite, Oracle and MySql.

https://giorgi.dev/entity-framework/introducing-entityframework-exceptions/

Other

1.44k stars 68 forks source link

Code vulnerabilities in old SqlClient package #61

Closed bgaprogrammer closed 1 year ago

bgaprogrammer commented 1 year ago

The version 4.1.0 of Microsoft.Data.SqlClient is being marked as containing vulnerabilities in one of his transitive dependencies. A quick fix is just to upgrade it to the current latest 5.1.1 in the SqlServer wrapper.

Giorgi commented 1 year ago

Where is it marked as vulnerable? I don't see it on NuGet:

bgaprogrammer commented 1 year ago

I can see the warning in Visual Studio and our local installation of Checkmarx is also warning us of the vulnerability.

Giorgi commented 1 year ago

I don't see any such information in Microsoft.Data.SqlClient security advisory but if you send a PR I'll merge it.

Giorgi commented 1 year ago

Done in #62