ITU-BDSA23-GROUP6 / Chirp

MIT License
0 stars 2 forks source link

Bump Microsoft.Data.SqlClient from 5.1.2 to 5.1.5 #165

Closed dependabot[bot] closed 8 months ago

dependabot[bot] commented 9 months ago

Bumps Microsoft.Data.SqlClient from 5.1.2 to 5.1.5.

Release notes

Sourced from Microsoft.Data.SqlClient's releases.

Stable Release v5.1.5

[Stable release 5.1.5] - 2024-01-29

This update brings the below changes over the previous release:

Fixed

  • Fixed connection to unsubscribe from transaction completion events before returning it to the connection pool #2321
  • Fixed InvalidCastException when reading an Always Encrypted date or time column #2324

Changed

  • Changed Microsoft.IdentityModel.JsonWebTokens and Microsoft.IdentityModel.Protocols.OpenIdConnect version 6.24.0 to 6.35.0 #2320 to address CVE-2024-21319

Stable Release v5.1.4

[Stable release 5.1.4] - 2024-01-09

Fixed

  • Fixed a deadlock problem for distributed transactions when on .NET.

Changed

For summary of all changes over v5.1.3, refer to 5.1.4.md

Stable Release v5.1.3

[Stable release 5.1.3] - 2024-01-09

Fixed

  • Fixed encryption downgrade issue. CVE-2024-0056
  • Fixed certificate chain validation logic flow.

For summary of all changes over v5.1.2, refer to 5.1.3.md

Changelog

Sourced from Microsoft.Data.SqlClient's changelog.

[Stable release 5.1.5] - 2024-01-29

This update brings the below changes over the previous release:

Fixed

  • Fixed connection to unsubscribe from transaction completion events before returning it to the connection pool #2321
  • Fixed InvalidCastException when reading an Always Encrypted date or time column #2324

Changed

  • Changed Microsoft.IdentityModel.JsonWebTokens and Microsoft.IdentityModel.Protocols.OpenIdConnect version 6.24.0 to 6.35.0 #2320 to address CVE-2024-21319

[Stable release 5.1.4] - 2024-01-09

This update brings the below changes over the previous release:

Fixed

  • Fixed a deadlock problem for distributed transactions when on .NET.

Changed

[Stable release 5.1.3] - 2024-01-09

This update brings the below changes over the previous release:

Fixed

  • Fixed encryption downgrade issue. CVE-2024-0056
  • Fixed certificate chain validation logic flow.
Commits
  • 01a589e [5.1.5] Fix | Enable reading AE date as DateOnly (#2275) (#2324)
  • 759dc69 Fix | Minor fixes to support different test environments (#2045) (#2325)
  • f8520c7 Fix | Invalid transaction exception against the connections and distributed t...
  • b92637e [5.1.5] CVE | Version bump Microsoft.IdentityModel.JsonWebTokens to 6.35.0 (#...
  • 5cc6ca8 Merged PR 4120: [5.1.4] Backport #2161 - Fix deadlock in transaction against ...
  • b77f09e Merged PR 4108: [5.1.4] Update dependency versions
  • 6256edb Merged PR 4047: [5.1.3]
  • 4deb800 Merged PR 3992: [5.1.3]
  • See full diff in compare view


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
dependabot[bot] commented 8 months ago

Superseded by #178.