You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Azure.Identity is a dependency of SqlClient, not of EF; SqlClient 5.1.6 is planned to depend on a new version of Azure.Identity that doesn't have the security issue. Once that's out, EF can update its own dependency on SqlClient.
In the meantime, you can simply take a direct dependency on a newer version of Azure.Identity in your csproj.
Thanks for the update/nfo - I was going off the Advanced Security detections in DevOps - The other root dependency, Microsoft.Identity.Web, has a merge in-flight to address already.
Resolve alerts on a dependency vulnerability within microsoft.entityframeworkcore.sqlserver --> Azure.Identity v1.10.4
Ref: GHSA-wvxc-855f-jvrv
Upgrade to Azure.Identity version 1.11.0 or higher
The text was updated successfully, but these errors were encountered: