Comments (8)
Microsoft.DotNet.Scaffolding.Shared 8.0.2 has released and this was fixed 🥳 Thanks everyone for helping get this out!
from scaffolding.
Microsoft.VisualStudio.Web.CodeGeneration.Design
also references NuGet packages (.Common
, .Protocol
) with that vulnerability, even the recently released version 8.
from scaffolding.
You are correct the affected package is a transitive dependency of many packages often many packages deep.
from scaffolding.
Any news on this? Microsoft.VisualStudio.Web.CodeGeneration.Design
uses version 6.3.1, and 6.8.0 is available with no vulnerabilities. I think the references could be updated safely and repackage. A severe vulnerability will make us to uninstall this feature, and I don't know if it's possible.
Is there a workaround to update it manually?
from scaffolding.
@mcurros2 the workaround is to add the affected package as an explicit dependency which will update the transitive package.
from scaffolding.
6.8.0 is now being classified as impacted. Package should be updated to atleast 6.8.1
from scaffolding.
Please push a new version of the package with the update of NuGet.* packages
from scaffolding.
Looks good, hence closing issue.
from scaffolding.
Related Issues (20)
- Microsoft.DotNet.Scaffolding.Shared 8.0.0 depends on prerelease version of Microsoft.CodeAnalysis.CSharp.Features HOT 9
- If Program.Main calls extension methods, dotnet aspnet-codegenerator -dc fails with "Could not get the reflection type for DbContext" HOT 4
- Can't get CRUD scaffolding to work after running Reverse Engineer from EF Core Power Tools, throws breaking error HOT 2
- Input select not being generated from Enum HOT 1
- Input Check styling HOT 1
- Input Text Accessibility HOT 1
- List Grid & Updating data
- Update the Blazor CRUD scaffolder to use IDbContextFactory instead of injecting the DbContext directly in to components HOT 1
- Scaffolding exceptions for Blazor Web App HOT 8
- Question: How can one roll their own scaffolders based on this tooling?
- Latest 6.* and 7.* versions of Microsoft.VisualStudio.Web.CodeGeneration.Design result in vulnerable version of NuGet.Packaging being installed CVE-2024-0057. HOT 1
- Microsoft Identity 8.0.2 HOT 2
- Update the Blazor Identity scaffolder to exclude scaffolded pages from interactive routing when targeting .NET 9
- Update Blazor Identity scaffolder to use built-in AuthenticationStateProviders once available
- API Scaffolding Fails for ASP.Net Core Api Controller
- Make all projects nullable friendly
- Converge `Microsoft.DotNet.Scaffolding.Shared` and `Microsoft.DotNet.Scaffolding.Helpers`
- Identity (not `msidentity`) scaffolding doens't work with `InteractiveServer` render mode on Blazor server
- Blazor CRUD scaffolding updates HOT 13
- Lowercase the model path segment for the Edit component of the CRUD set HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from scaffolding.