Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
[release/7.0] Bump Microsoft.Data.SqlClient to 5.1.1 (#31286)
Bump Microsoft.Data.SqlClient to 5.1.1, because the current version (5.0.2) has an insecure dependency and has not been patched because it is going out of support. (We should not have taken a dependency on a non-LTS SqlClient even in a non-LTS EF, since their support still ends before ours. Going forward, we will only ever depend on LTS SqlClient. Ensures customers get a secure release of SqlClient by default. Security issue in dependency. No. Existing tests The reason this isn’t just a tell-mode update is that we have to jump to a new _minor_ version of SqlClient in a _patch_ release. This has some risk, but the 5.1.1 version has been out for four months now, and looks solid.
- Loading branch information