diff --git a/.github/workflows/pr-analysis-codeql.yml b/.github/workflows/pr-analysis-codeql.yml
index f4fd9fcb..0c2b81b0 100644
--- a/.github/workflows/pr-analysis-codeql.yml
+++ b/.github/workflows/pr-analysis-codeql.yml
@@ -22,7 +22,7 @@ jobs:
uses: actions/checkout@v3
- name: Initialize CodeQL
- uses: github/codeql-action/init@v2
+ uses: github/codeql-action/init@v3
with:
languages: 'csharp'
@@ -30,6 +30,6 @@ jobs:
run: ./Build.ps1 -SkipTests
- name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v2
+ uses: github/codeql-action/analyze@v3
with:
category: "/language:csharp"
diff --git a/CHANGES.md b/CHANGES.md
index afb0bc9f..e197a710 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -1,3 +1,15 @@
+# 6.7.1
+* Fixed issue #552 by downgrading SqlClient dependency to 5.1.6 which is LTS and fixed the vulnerabilities referenced in issue #544
+* Fixed vulnerabilities by removing all System.* 4 versions as recommended by Microsoft (https://devblogs.microsoft.com/nuget/nugetaudit-2-0-elevating-security-and-trust-in-package-management/#system-net-http-and-system-text-regularexpressions, issue #544)
+* Fixed vulnerability by updating xunit to 2.9.0 (issue #544)
+* Fixed vulnerability by directly referencing transitive dependency System.Formats.Asn1 (https://github.com/advisories/GHSA-447r-wph3-92pm, issue #544)
+* Fixed vulnerability by directly referencing transitive dependency System.Private.Uri (https://github.com/advisories/GHSA-xhfc-gr8f-ffwc, issue #544)
+* Activated NuGet Audit for high and critical vulnerabilities in direct and transitive dependencies for all projects (https://devblogs.microsoft.com/nuget/nugetaudit-2-0-elevating-security-and-trust-in-package-management/)
+
+# 6.7.0
+* Fixed some of the vulnerabilities referenced in issue #544 by updating SqlClient dependency to 5.2.1
+* Update codeql-action to v3 before deprecation
+
# 6.6.1
* Fixed issue #515: Cannot use .AuditTo with SpanId or TraceId (thanks to @Kolthor and @vui611)
* Fixed issue #530: Document default value of AllowNull
diff --git a/Directory.Build.props b/Directory.Build.props
new file mode 100644
index 00000000..f35cc248
--- /dev/null
+++ b/Directory.Build.props
@@ -0,0 +1,7 @@
+
+
+ all
+ high
+ true
+
+
diff --git a/Directory.Packages.props b/Directory.Packages.props
index 36191555..be2b31db 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -1,30 +1,26 @@
-
- true
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
\ No newline at end of file
+
+ true
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/serilog-sinks-mssqlserver.sln b/serilog-sinks-mssqlserver.sln
index 37e4c25b..ef9178ee 100644
--- a/serilog-sinks-mssqlserver.sln
+++ b/serilog-sinks-mssqlserver.sln
@@ -24,6 +24,7 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution
.editorconfig = .editorconfig
Build.ps1 = Build.ps1
CHANGES.md = CHANGES.md
+ Directory.Build.props = Directory.Build.props
Directory.Packages.props = Directory.Packages.props
.github\ISSUE_TEMPLATE.md = .github\ISSUE_TEMPLATE.md
.github\workflows\pr-analysis-codeql.yml = .github\workflows\pr-analysis-codeql.yml
diff --git a/src/Serilog.Sinks.MSSqlServer/Serilog.Sinks.MSSqlServer.csproj b/src/Serilog.Sinks.MSSqlServer/Serilog.Sinks.MSSqlServer.csproj
index 6cfae30f..4b471904 100644
--- a/src/Serilog.Sinks.MSSqlServer/Serilog.Sinks.MSSqlServer.csproj
+++ b/src/Serilog.Sinks.MSSqlServer/Serilog.Sinks.MSSqlServer.csproj
@@ -2,7 +2,7 @@
A Serilog sink that writes events to Microsoft SQL Server and Azure SQL
- 6.6.2
+ 6.7.1
Michiel van Oudheusden;Christian Kadluba;Serilog Contributors
netstandard2.0;net462;net472;net6.0
true
@@ -37,6 +37,8 @@
+
+
diff --git a/test/Serilog.Sinks.MSSqlServer.Tests/Serilog.Sinks.MSSqlServer.Tests.csproj b/test/Serilog.Sinks.MSSqlServer.Tests/Serilog.Sinks.MSSqlServer.Tests.csproj
index 296dcb72..828477ca 100644
--- a/test/Serilog.Sinks.MSSqlServer.Tests/Serilog.Sinks.MSSqlServer.Tests.csproj
+++ b/test/Serilog.Sinks.MSSqlServer.Tests/Serilog.Sinks.MSSqlServer.Tests.csproj
@@ -38,8 +38,6 @@
-
-
@@ -47,12 +45,6 @@
-
-
-
-
-
-
runtime; build; native; contentfiles; analyzers; buildtransitive
all
diff --git a/test/Serilog.Sinks.MSSqlServer.Tests/Sinks/MSSqlServer/MSSqlServerSinkTests.cs b/test/Serilog.Sinks.MSSqlServer.Tests/Sinks/MSSqlServer/MSSqlServerSinkTests.cs
index fa91f233..ca886b17 100644
--- a/test/Serilog.Sinks.MSSqlServer.Tests/Sinks/MSSqlServer/MSSqlServerSinkTests.cs
+++ b/test/Serilog.Sinks.MSSqlServer.Tests/Sinks/MSSqlServer/MSSqlServerSinkTests.cs
@@ -162,7 +162,7 @@ public async Task EmitBatchAsyncCallsSqlLogEventWriter()
});
// Act
- await _sut.EmitBatchAsync(logEvents).ConfigureAwait(false);
+ await _sut.EmitBatchAsync(logEvents);
// Assert
_sqlBulkBatchWriter.Verify(w => w.WriteBatch(It.IsAny>(), _dataTable), Times.Once);
diff --git a/test/Serilog.Sinks.MSSqlServer.Tests/Sinks/MSSqlServer/Platform/SqlBulkBatchWriterTests.cs b/test/Serilog.Sinks.MSSqlServer.Tests/Sinks/MSSqlServer/Platform/SqlBulkBatchWriterTests.cs
index d7d83a4f..2de6712e 100644
--- a/test/Serilog.Sinks.MSSqlServer.Tests/Sinks/MSSqlServer/Platform/SqlBulkBatchWriterTests.cs
+++ b/test/Serilog.Sinks.MSSqlServer.Tests/Sinks/MSSqlServer/Platform/SqlBulkBatchWriterTests.cs
@@ -72,7 +72,7 @@ public async Task WriteBatchCallsLogEventDataGeneratorGetColumnsAndValuesForEach
var logEvents = CreateLogEvents();
// Act
- await _sut.WriteBatch(logEvents, _dataTable).ConfigureAwait(false);
+ await _sut.WriteBatch(logEvents, _dataTable);
// Assert
_logEventDataGeneratorMock.Verify(c => c.GetColumnsAndValues(logEvents[0]), Times.Once);
@@ -86,7 +86,7 @@ public async Task WriteBatchCallsSqlConnectionFactoryCreate()
var logEvents = CreateLogEvents();
// Act
- await _sut.WriteBatch(logEvents, _dataTable).ConfigureAwait(false);
+ await _sut.WriteBatch(logEvents, _dataTable);
// Assert
_sqlConnectionFactoryMock.Verify(f => f.Create(), Times.Once);
@@ -99,7 +99,7 @@ public async Task WriteBatchCallsSqlConnectionWrapperOpenAsync()
var logEvents = CreateLogEvents();
// Act
- await _sut.WriteBatch(logEvents, _dataTable).ConfigureAwait(false);
+ await _sut.WriteBatch(logEvents, _dataTable);
// Assert
_sqlConnectionWrapperMock.Verify(c => c.OpenAsync(), Times.Once);
@@ -113,7 +113,7 @@ public async Task WriteBatchCallsSqlConnectionWrappeCreateSqlBulkCopy()
var expectedDestinationTableName = string.Format(CultureInfo.InvariantCulture, "[{0}].[{1}]", _schemaName, _tableName);
// Act
- await _sut.WriteBatch(logEvents, _dataTable).ConfigureAwait(false);
+ await _sut.WriteBatch(logEvents, _dataTable);
// Assert
_sqlConnectionWrapperMock.Verify(c => c.CreateSqlBulkCopy(false, expectedDestinationTableName), Times.Once);
@@ -128,7 +128,7 @@ public async Task WriteBatchCallsSqlConnectionWrappeCreateSqlBulkCopyWithDisable
var sut = new SqlBulkBatchWriter(_tableName, _schemaName, true, _sqlConnectionFactoryMock.Object, _logEventDataGeneratorMock.Object);
// Act
- await sut.WriteBatch(logEvents, _dataTable).ConfigureAwait(false);
+ await sut.WriteBatch(logEvents, _dataTable);
// Assert
_sqlConnectionWrapperMock.Verify(c => c.CreateSqlBulkCopy(true, expectedDestinationTableName), Times.Once);
@@ -145,7 +145,7 @@ public async Task WriteBatchCallsSqlBulkCopyWrapperAddSqlBulkCopyColumnMappingFo
_dataTable.Columns.Add(new DataColumn(column2Name));
// Act
- await _sut.WriteBatch(logEvents, _dataTable).ConfigureAwait(false);
+ await _sut.WriteBatch(logEvents, _dataTable);
// Assert
_sqlBulkCopyWrapper.Verify(c => c.AddSqlBulkCopyColumnMapping(column1Name, column1Name), Times.Once);
@@ -159,7 +159,7 @@ public async Task WriteBatchCallsSqlBulkCopyWrapperWriteToServerAsync()
var logEvents = CreateLogEvents();
// Act
- await _sut.WriteBatch(logEvents, _dataTable).ConfigureAwait(false);
+ await _sut.WriteBatch(logEvents, _dataTable);
// Assert
_sqlBulkCopyWrapper.Verify(c => c.WriteToServerAsync(_dataTable), Times.Once);
@@ -172,14 +172,14 @@ public async Task WriteBatchClearsDataTable()
var logEvents = CreateLogEvents();
// Act
- await _sut.WriteBatch(logEvents, _dataTable).ConfigureAwait(false);
+ await _sut.WriteBatch(logEvents, _dataTable);
// Assert
Assert.Empty(_dataTable.Rows);
}
[Fact]
- public void WriteBatchRethrowsIfLogEventDataGeneratorMockGetColumnsAndValuesThrows()
+ public async Task WriteBatchRethrowsIfLogEventDataGeneratorMockGetColumnsAndValuesThrows()
{
// Arrange
_logEventDataGeneratorMock.Setup(d => d.GetColumnsAndValues(It.IsAny()))
@@ -187,33 +187,33 @@ public void WriteBatchRethrowsIfLogEventDataGeneratorMockGetColumnsAndValuesThro
var logEvents = CreateLogEvents();
// Act + assert
- Assert.ThrowsAsync(() => _sut.WriteBatch(logEvents, _dataTable));
+ await Assert.ThrowsAsync(() => _sut.WriteBatch(logEvents, _dataTable));
}
[Fact]
- public void WriteBatchRethrowsIfSqlConnectionFactoryCreateThrows()
+ public async Task WriteBatchRethrowsIfSqlConnectionFactoryCreateThrows()
{
// Arrange
_sqlConnectionFactoryMock.Setup(f => f.Create()).Callback(() => throw new InvalidOperationException());
var logEvents = CreateLogEvents();
// Act + assert
- Assert.ThrowsAsync(() => _sut.WriteBatch(logEvents, _dataTable));
+ await Assert.ThrowsAsync(() => _sut.WriteBatch(logEvents, _dataTable));
}
[Fact]
- public void WriteBatchRethrowsIfSqlConnectionOpenAsyncThrows()
+ public async Task WriteBatchRethrowsIfSqlConnectionOpenAsyncThrows()
{
// Arrange
_sqlConnectionWrapperMock.Setup(c => c.OpenAsync()).Callback(() => throw new InvalidOperationException());
var logEvents = CreateLogEvents();
// Act + assert
- Assert.ThrowsAsync(() => _sut.WriteBatch(logEvents, _dataTable));
+ await Assert.ThrowsAsync(() => _sut.WriteBatch(logEvents, _dataTable));
}
[Fact]
- public void WriteBatchRethrowsIfSqlBulkCopyWriterAddSqlBulkCopyColumnMappingThrows()
+ public async Task WriteBatchRethrowsIfSqlBulkCopyWriterAddSqlBulkCopyColumnMappingThrows()
{
// Arrange
_sqlBulkCopyWrapper.Setup(c => c.AddSqlBulkCopyColumnMapping(It.IsAny(), It.IsAny()))
@@ -222,11 +222,11 @@ public void WriteBatchRethrowsIfSqlBulkCopyWriterAddSqlBulkCopyColumnMappingThro
_dataTable.Columns.Add(new DataColumn("ColumnName"));
// Act + assert
- Assert.ThrowsAsync(() => _sut.WriteBatch(logEvents, _dataTable));
+ await Assert.ThrowsAsync(() => _sut.WriteBatch(logEvents, _dataTable));
}
[Fact]
- public void WriteBatchRethrowsIfSqlBulkCopyWriterWriteToServerAsyncThrows()
+ public async Task WriteBatchRethrowsIfSqlBulkCopyWriterWriteToServerAsyncThrows()
{
// Arrange
_sqlBulkCopyWrapper.Setup(c => c.WriteToServerAsync(It.IsAny()))
@@ -234,7 +234,7 @@ public void WriteBatchRethrowsIfSqlBulkCopyWriterWriteToServerAsyncThrows()
var logEvents = CreateLogEvents();
// Act + assert
- Assert.ThrowsAsync(() => _sut.WriteBatch(logEvents, _dataTable));
+ await Assert.ThrowsAsync(() => _sut.WriteBatch(logEvents, _dataTable));
}
private static List CreateLogEvents()
diff --git a/test/Serilog.Sinks.MSSqlServer.Tests/Sinks/MSSqlServer/Platform/SqlInsertStatementWriterTests.cs b/test/Serilog.Sinks.MSSqlServer.Tests/Sinks/MSSqlServer/Platform/SqlInsertStatementWriterTests.cs
index dac3704b..34e9d9db 100644
--- a/test/Serilog.Sinks.MSSqlServer.Tests/Sinks/MSSqlServer/Platform/SqlInsertStatementWriterTests.cs
+++ b/test/Serilog.Sinks.MSSqlServer.Tests/Sinks/MSSqlServer/Platform/SqlInsertStatementWriterTests.cs
@@ -192,7 +192,7 @@ public async Task WriteBatchCallsLogEventDataGeneratorGetColumnsAndValuesForEach
var logEvents = CreateLogEvents();
// Act
- await _sut.WriteBatch(logEvents).ConfigureAwait(false);
+ await _sut.WriteBatch(logEvents);
// Assert
_logEventDataGeneratorMock.Verify(c => c.GetColumnsAndValues(logEvents[0]), Times.Once);
diff --git a/test/Serilog.Sinks.MSSqlServer.Tests/Sinks/MSSqlServer/SqlServerColumnTests.cs b/test/Serilog.Sinks.MSSqlServer.Tests/Sinks/MSSqlServer/SqlServerColumnTests.cs
index c1f5526c..a06eb028 100644
--- a/test/Serilog.Sinks.MSSqlServer.Tests/Sinks/MSSqlServer/SqlServerColumnTests.cs
+++ b/test/Serilog.Sinks.MSSqlServer.Tests/Sinks/MSSqlServer/SqlServerColumnTests.cs
@@ -33,7 +33,7 @@ public void StoresPropertyName()
// Assert
Assert.Equal(propertyName, sut.PropertyName);
- Assert.Equal(1, sut.PropertyNameHierarchy.Count);
+ Assert.Single(sut.PropertyNameHierarchy);
Assert.Equal(propertyName, sut.PropertyNameHierarchy[0]);
Assert.False(sut.HasHierarchicalPropertyName);
}