Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add explicit System.Runtime.Caching 6.0.1 reference #616

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add explicit System.Runtime.Caching 6.0.1 reference #616

wants to merge 1 commit into from

Conversation

radical
Copy link
Member

@radical radical commented Dec 9, 2024

.. to fix CG warnings.

@radical radical force-pushed the update-caching-nuget branch from e66b961 to c4cdb42 Compare December 9, 2024 21:19
@DamianEdwards
Copy link
Member

@radical thanks. Which packages are bringing in the vulnerable version and why haven't they been revved to fix the warning at their level?

@joperezr
Copy link
Member

joperezr commented Dec 9, 2024

@radical thanks. Which packages are bringing in the vulnerable version and why haven't they been revved to fix the warning at their level?

I also see this CG alert in aspire repo itself, so I'll open a PR to fix that, which relates to your "why haven't they been revved to fix the warning at their level" question. After that goes in, we should check if this PR is still needed.

@radical
Copy link
Member Author

radical commented Dec 9, 2024

@radical thanks. Which packages are bringing in the vulnerable version and why haven't they been revved to fix the warning at their level?

I also see this CG alert in aspire repo itself, so I'll open a PR to fix that, which relates to your "why haven't they been revved to fix the warning at their level" question. After that goes in, we should check if this PR is still needed.

That would be better indeed. The alerts here are because of the Aspire packages - Aspire.Microsoft.Data.SqlClient, Aspire.Microsoft.EntityFrameworkCore.SqlServer and Aspire.Hosting.SqlServer.

@joperezr
Copy link
Member

Looking closer, seems like System.Runtime.Caching wasn't actually vulnerable and the security advisory that had originally marked it as vulnerable has been corrected. Due to this, I have dismissed the alerts and we should be able to close this PR.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@DamianEdwards DamianEdwards Awaiting requested review from DamianEdwards

@joperezr joperezr Awaiting requested review from joperezr

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@radical @DamianEdwards @joperezr