search

JonPSmith / EfCore.SchemaCompare

Library to compare EF Core's Model of the database against a database's schema.
https://www.thereformedprogrammer.net/how-to-update-a-databases-schema-without-using-ef-cores-migrate-feature/
MIT License
106 stars 15 forks source link

CVE-2024-0056: NuGet upgrade due to vulnerability #35

Closed chrisbbe closed 5 months ago

chrisbbe commented 5 months ago

EfCore.SchemaCompare:8.0.1 -> Microsoft.EntityFrameworkCore.SqlServer:8.0.0 -> Microsoft.Data.SqlClient:5.1.1 (vulnerable)

chrisbbe commented 5 months ago

Can you take a look @JonPSmith ?

JonPSmith commented 5 months ago

In actual fact EfCore.SchemaCompare doesn't use the Microsoft.EntityFrameworkCore.SqlServer because in version 8.0.0 works with (nearly) every database types supported by EF Core. EfCore.SchemaCompare gets the database via the user's DbContext. Therefore the Microsoft.EntityFrameworkCore.SqlServer in the EfCore.SchemaCompare is obsolete and at some time I will remove it.

I am going though all of my libraries to provide some changes, and within that I update any vulnerable NuGets. I will get to EfCore.SchemaCompare, but because the Microsoft.EntityFrameworkCore.SqlServer isn't used then its not a priority.

JonPSmith commented 5 months ago

I had a look and I could do this now, so I have just released EfCore.SchemaCompare 8.0.2. Enjoy.