The Docker Desktop app is showing a vulnerability inside the image.
The root cause is the dependcy on Microsoft.EntityFrameworkCore.SqlServer which has a dependency on Microsoft.Data.SqlClient >= 5.1.1, but the issue is fixed in Microsoft.Data.SqlClient >= 5.1.3.
The current behaviour is to restore the lowest possible version (Microsoft.Data.SqlClient=5.1.1).
To Reproduce
Run the image and check the Docker Desktop app -> Images -> click on image
Expected behavior
No known and already fixed vulnerabilities in the docker image.
Screenshots
Additional context
There are also 2 other vulnerabilities mentioned, but I haven't looked into those yet.
Possible solution
Add and use the dependcy directly:
Add reference to Directory.Packages.props: <PackageVersion Include="Microsoft.Data.SqlClient" Version="5.1.4" />
Use reference in BaGetter.Database.SqlServer.csproj: <PackageReference Include="Microsoft.Data.SqlClient" />
Describe the bug
The Docker Desktop app is showing a vulnerability inside the image. The root cause is the dependcy on
Microsoft.EntityFrameworkCore.SqlServerwhich has a dependency onMicrosoft.Data.SqlClient >= 5.1.1, but the issue is fixed inMicrosoft.Data.SqlClient >= 5.1.3. The current behaviour is to restore the lowest possible version (Microsoft.Data.SqlClient=5.1.1).To Reproduce
Run the image and check the Docker Desktop app -> Images -> click on image
Expected behavior
No known and already fixed vulnerabilities in the docker image.
Screenshots
Additional context
There are also 2 other vulnerabilities mentioned, but I haven't looked into those yet.
Possible solution
Add and use the dependcy directly:
Directory.Packages.props:<PackageVersion Include="Microsoft.Data.SqlClient" Version="5.1.4" />BaGetter.Database.SqlServer.csproj:<PackageReference Include="Microsoft.Data.SqlClient" />