英文:
Transitive dependency `microsoft.netcore.platforms 5.0.0` for EF Core SqlServer package
问题
Checking my CSPROJ file, I noticed a warning (blue squiggly) on this package.
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.4" />
The error points out Microsoft.EntityFrameworkCore.SqlServer as the culprit and mentions the following.
> Transitive dependency microsoft.netcore.platforms 5.0.0 contains vulnerabilities according to checkmarx(c).
I've never noticed that before, and googling it produced rather little (this one, not really addressing it, and this one, not really answering the question, as far as my understanding goes).
How can I eliminate the warning?
When I selected the suggested change, a new line appeared in the CSPROJ file, like this.
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.4" />
<PackageReference Include="Microsoft.NETCore.Platforms" Version="7.0.1" />
However, the blue squiggly warning still persists. I'm confused.
英文:
Checking my CSPROJ file, I noticed a warning (blue squirly) on this package.
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.4" />
The error points out Microsoft.EntityFrameworkCore.SqlServer as the culprit and mentions the floowing.
> Transitive dependency microsoft.netcore.platforms 5.0.0 contains vulnerabilities according to checkmarx(c).
I've never noticed that before and googling it produced rather little (this one, not really addressing it, and this one, not really answering the question, as far my undertstanding goes).
How can I kill the warning?
When I selected the suggested change, a new line appeared in the CSPROJ file, like this.
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.4" />
<PackageReference Include="Microsoft.NETCore.Platforms" Version="7.0.1" />
However, the blur squirly warning keeps showing still. I'm confused.
答案1
得分: 3
I'm assuming you use ReSharper? Because underlining vulnerable packages in a .csproj-file is a feature of ReSharper.
You can disable this warning once with a comment:
<!-- ReSharper disable once VulnerablePackage -->
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.4" />
If you do not want to use the vulnerability detection feature at all go to Extensions > ReSharper > Options > Environment > Products & Features > Uncheck: Package Checker.
英文:
I'm asuming you use ReSharper? Because underlining vulnerable packages in a .csproj-file is a feature of ReSharper.
You can disable this warning once with a comment:
<!-- ReSharper disable once VulnerablePackage -->
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.4" />
If you do not want to use the vulnerability detection feature at all go to Extensions > ReSharper > Options > Environment > Products & Features > Uncheck: Package Checker.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论