serilog-mssql
Referencing a vulnerable version of Azure.Identity
Bug Report / Support Request Template
If you are opening a feature request, you can ignore this template. Bug reports and requests for assistance usually require the same basic information described below. This will help us more quickly reproduce and investigate the problem you're reporting. (If you are using Serilog.Sinks.MSSqlServerCore, that package is deprecated, please switch to Serilog.Sinks.MSSqlServer before reporting an issue.)
Please clearly describe what the SQL Sink is doing incorrectly: The sink is referencing a vulnerable version of Azure.Identity which results in a high vulnerability score for my project
Please clearly describe the expected behavior: The sink needs to be updated to use a newer version (10.x.x) of the package The error can be seen by using the dotnet list tool:
dotnet list package --vulnerable --include-transitive
List the names and versions of all Serilog packages used in the project:
- Serilog: 3.1.1
- Serilog.Sinks.MSSqlServer: 6.5.0
- (configuration, etc.)
Target framework and operating system:
[x] .NET 8 [ ] .NET 6 [ ] .NET Framework 4.8 [ ] .NET Framework 4.7 [ ] .NET Framework 4.6 OS: Windows
