Reference to vulnerable version of Azure.Identity package

dotnet / docker-tools

This is a repo to house some common tools for our various docker repos.

MIT License

122 stars 46 forks source link

Reference to vulnerable version of Azure.Identity package #1189

Closed mthalman closed 11 months ago

mthalman commented 11 months ago

Currently, Image Builder ends up transitively referencing Azure.Identity.1.7.0 via Microsoft.Data.SqlClient.5.1.1 and Microsoft.Azure.Kusto.Ingest.11.3.1. That version of Azure.Identity is marked as vulnerable and should be updated to latest (1.10.2) via an explicit reference.

lbussell commented 11 months ago

Fixed by https://github.com/dotnet/docker-tools/pull/1188