High vulnerability in docker image
Closed this issue · 0 comments
FroggieFrog commented
Describe the bug
The Docker Desktop app is showing a vulnerability inside the image.
The root cause is the dependcy on Microsoft.EntityFrameworkCore.SqlServer
which has a dependency on Microsoft.Data.SqlClient >= 5.1.1
, but the issue is fixed in Microsoft.Data.SqlClient >= 5.1.3
.
The current behaviour is to restore the lowest possible version (Microsoft.Data.SqlClient=5.1.1
).
To Reproduce
Run the image and check the Docker Desktop app -> Images -> click on image
Expected behavior
No known and already fixed vulnerabilities in the docker image.
Screenshots
Additional context
There are also 2 other vulnerabilities mentioned, but I haven't looked into those yet.
Possible solution
Add and use the dependcy directly:
- Add reference to
Directory.Packages.props
:<PackageVersion Include="Microsoft.Data.SqlClient" Version="5.1.4" />
- Use reference in
BaGetter.Database.SqlServer.csproj
:<PackageReference Include="Microsoft.Data.SqlClient" />