Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Release 6.7.1 #555

Merged
merged 11 commits into from
Aug 29, 2024
Merged

Release 6.7.1 #555

merged 11 commits into from
Aug 29, 2024

Conversation

ckadluba
Copy link
Member

ckadluba added 11 commits August 20, 2024 01:31
@ckadluba
Updated patch version
6febfa2 
Updated patch version after release
@ckadluba
Merge pull request #550 from serilog-mssql/ckadluba-patch-1
11415c6 
Updated patch version
@ckadluba
"Updated" SqlClient to 5.1.6
759c63a 
* Rather have 5.1 than 5.2 because 5.1 is LTS
* Fixes issue #544 (partly) and issue #552
@ckadluba
Fixed vulnerabilities by removing all System.* 4 versions as recommen…
6798ef6 
…ded by Microsoft (https://devblogs.microsoft.com/nuget/nugetaudit-2-0-elevating-security-and-trust-in-package-management/#system-net-http-and-system-text-regularexpressions

Related issue: #544
@ckadluba
Fixed vulnerability by updating xunit
921d1e9 
* Fixed vulnerability by updating xunit to 2.9.0.
* Fixed new warnings in test code.

Related issue: #544

Related Work Items: #5
@ckadluba
Fixed vulnerability GHSA-xhfc-gr8f-ffwc
652ac19 
Fixed vulnerability by directly referencing transitive dependency System.Private.Uri (GHSA-xhfc-gr8f-ffwc)

Related issue: #544
@ckadluba
Fixed vulnerability GHSA-447r-wph3-92pm
862bb6a 
Fixed vulnerability by directly referencing transitive dependency System.Formats.Asn1 (GHSA-447r-wph3-92pm)

Related issue: #544
@ckadluba
* Fixed vulnerability by directly referencing transitive dependency S…
04ad485 
…ystem.Formats.Asn1 (GHSA-447r-wph3-92pm, issue #544)

* Fixed vulnerability by directly referencing transitive dependency System.Private.Uri (GHSA-xhfc-gr8f-ffwc, issue #544)
@ckadluba
Activated NuGet Audit for high and critical vulnerabilities in direct…
30254fd 
… and transitive dependencies for all projects (https://devblogs.microsoft.com/nuget/nugetaudit-2-0-elevating-security-and-trust-in-package-management/)

Related issue: #544
@ckadluba
Updated CHANGES.md
eda0786
@ckadluba
Merge pull request #553 from ckadluba/544-enable-nugetaudit
413542d 
Enabled NuGet audit
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@ckadluba ckadluba merged commit 9f9641b into main Aug 29, 2024
11 checks passed
@ckadluba ckadluba mentioned this pull request Aug 29, 2024
Closed
@cancakar35
Copy link
Member

@ckadluba Why do we directly reference System.Private.Uri?

@ckadluba
Copy link
Member Author

Hi @cancakar35!

Because there was a warning about a vulnerability when using dotnet nuget audit (see discussion here #544 (comment)) and only referencing System.Private.Uri fixed it. As cremor noted, this might be a false positive caused by the SDK, but I didn't want to take the risk or let the sink have any warnings about vulnerabilities. Hopefully we can remove this again when MS fixes it the false positive or we upgrade the TFMs in the future.

@david-brink-talogy david-brink-talogy mentioned this pull request Oct 2, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ckadluba @cancakar35