Transitive dependency `microsoft.netcore.platforms 5.0.0` for EF Core SqlServer package.

huangapple go评论79阅读模式
英文:

Transitive dependency `microsoft.netcore.platforms 5.0.0` for EF Core SqlServer package

问题

Checking my CSPROJ file, I noticed a warning (blue squiggly) on this package.

<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.4" />

The error points out Microsoft.EntityFrameworkCore.SqlServer as the culprit and mentions the following.

> Transitive dependency microsoft.netcore.platforms 5.0.0 contains vulnerabilities according to checkmarx(c).

I've never noticed that before, and googling it produced rather little (this one, not really addressing it, and this one, not really answering the question, as far as my understanding goes).

How can I eliminate the warning?

When I selected the suggested change, a new line appeared in the CSPROJ file, like this.

<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.4" />
<PackageReference Include="Microsoft.NETCore.Platforms" Version="7.0.1" />

However, the blue squiggly warning still persists. I'm confused.

英文:

Checking my CSPROJ file, I noticed a warning (blue squirly) on this package.

<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.4" />

The error points out Microsoft.EntityFrameworkCore.SqlServer as the culprit and mentions the floowing.

> Transitive dependency microsoft.netcore.platforms 5.0.0 contains vulnerabilities according to checkmarx(c).

I've never noticed that before and googling it produced rather little (this one, not really addressing it, and this one, not really answering the question, as far my undertstanding goes).

How can I kill the warning?

When I selected the suggested change, a new line appeared in the CSPROJ file, like this.

<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.4" />
<PackageReference Include="Microsoft.NETCore.Platforms" Version="7.0.1" />

However, the blur squirly warning keeps showing still. I'm confused.

答案1

得分: 3

I'm assuming you use ReSharper? Because underlining vulnerable packages in a .csproj-file is a feature of ReSharper.

You can disable this warning once with a comment:

<!-- ReSharper disable once VulnerablePackage -->
<PackageReference Include="Microsoft.EntityFrameworkCore.SqlServer" Version="7.0.4" />

If you do not want to use the vulnerability detection feature at all go to Extensions > ReSharper > Options > Environment > Products & Features > Uncheck: Package Checker.

英文:

I'm asuming you use ReSharper? Because underlining vulnerable packages in a .csproj-file is a feature of ReSharper.

You can disable this warning once with a comment:

&lt;!-- ReSharper disable once VulnerablePackage --&gt;
&lt;PackageReference Include=&quot;Microsoft.EntityFrameworkCore.SqlServer&quot; Version=&quot;7.0.4&quot; /&gt;

If you do not want to use the vulnerability detection feature at all go to Extensions &gt; ReSharper &gt; Options &gt; Environment &gt; Products &amp; Features &gt; Uncheck: Package Checker.

huangapple
  • 本文由 发表于 2023年4月10日 23:08:12
  • 转载请务必保留本文链接:https://go.coder-hub.com/75978263.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定