Skip to content

Commit

Permalink
[release/7.0] Bump Microsoft.Data.SqlClient to 5.1.1 (#31286)
Browse files Browse the repository at this point in the history 
Bump Microsoft.Data.SqlClient to 5.1.1, because the current version (5.0.2) has an insecure dependency and has not been patched because it is going out of support. (We should not have taken a dependency on a non-LTS SqlClient even in a non-LTS EF, since their support still ends before ours. Going forward, we will only ever depend on LTS SqlClient.

Ensures customers get a secure release of SqlClient by default.

Security issue in dependency.

No.

Existing tests

The reason this isn’t just a tell-mode update is that we have to jump to a new _minor_ version of SqlClient in a _patch_ release. This has some risk, but the 5.1.1 version has been out for four months now, and looks solid.
  • Loading branch information
@ajcvickers
ajcvickers authored Aug 2, 2023
1 parent d40c9bc commit 0de06ee
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion src/EFCore.SqlServer/EFCore.SqlServer.csproj
View file
Original file line number Diff line number Diff line change
Expand Up @@ -48,7 +48,7 @@
</ItemGroup>

<ItemGroup>
<PackageReference Include="Microsoft.Data.SqlClient" Version="5.0.2" />
<PackageReference Include="Microsoft.Data.SqlClient" Version="5.1.1" />
</ItemGroup>

<ItemGroup>
Expand Down

0 comments on commit 0de06ee

Please sign in to comment.