Skip to content

Update JsonWebTokens and OpenIdConnect vulnerable package references #2299

New issue
New issue
Closed
Closed
Update JsonWebTokens and OpenIdConnect vulnerable package references#2299
@micah686

Description

@micah686
micah686
opened on Jan 16, 2024

SqlClient 5.14 currently relies on transient packages that have vulnerabilities.
Microsoft.IdentityModel.JsonWebTokens is being referenced at version 6.24.0, which currently is vulnerable.
Microsoft.IdentityModel.Protocols.OpenIdConnect is being referenced at version 6.24.0, which has a dependency of System.IdentityModel.Tokens.Jwt , which is vulnerable.

Could these packages please be updated to non-vulnerable versions?

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    SqlClient Triage Board

    Status

    Closed

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions