LINQPad has identified vulnerabilities in NuGet package
LINQPad 8.6.6 is showing this text in red:
Warning: LINQPad has identified vulnerabilities in NuGet package Microsoft.Extensions.Caching.Memory. Click for details.
How can I fix the source of this issue? My script isn't explicitly using that package, so I'm guessing it is a transitive dependency. Is it even possible to fix this, until the problematic package has been updated, like using an assembly redirect...?
Comments
I think it already has been updated.
My error/warning went away when I updated my database connection to Microsoft.Data.Sqlite.Core version 9 which in turn updates Microsoft.EntityFrameworkCore which updates Microsoft.Extensions.Caching.Memory
It's also a general question, I have seen such errors many times before.
How can I update the database connection?
8.7.4 is now RTM, which supports the latest versions of EF Core.
@JoeAlbahari So updating LINQPad is the only way to make this error go away?
Yes, unless you want to manually reference the newer transitives.
Ok. But what if it's not related to EF Core, but rather some other Nuget package?
For example, I may be using Nuget packages A, B, and C, and get a warning about a vulnerability in package D.
And maybe A, B and C are all up to date.
What can I do then? Would I have to explicitly reference D? How can I tell which of the packages has a dependency on D?
Press F4, advanced, and click "Show assembly resolution log". It includes a full dependency graph.
Also note that you can suppress any NuGet package warning by adding an exclusion for that package ID, as instructed in the message.
Thank you!