Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update Grpc.AspNetCore.Server.Reflection to a more recent version #218

Open
pierskarsenbarg opened this issue Jan 4, 2024 · 5 comments · Fixed by #219 · May be fixed by #256
Open

Update Grpc.AspNetCore.Server.Reflection to a more recent version #218

pierskarsenbarg opened this issue Jan 4, 2024 · 5 comments · Fixed by #219 · May be fixed by #256
Assignees
@Frassle
Labels
customer/feedback Feedback from customers impact/security kind/engineering Work that is not visible to an external user

Comments

@pierskarsenbarg
Copy link
Member

pierskarsenbarg commented Jan 4, 2024
edited

Customer has pointed out that we're on v2.37.0 of this nuget package and it's throwing alerts in their static analysis tooling.

The version we're using is dated 20/04/2021 so it is nearly 3 years old now

DependencyTree
Vulnerability
@pierskarsenbarg pierskarsenbarg added needs-triage Needs attention from the triage team customer/feedback Feedback from customers impact/security labels Jan 4, 2024
@Frassle Frassle removed the needs-triage Needs attention from the triage team label Jan 4, 2024
Frassle added a commit that referenced this issue Jan 4, 2024
@Frassle
Update Grpc dependencies
2810b7b 
Fixes #218.
@Frassle Frassle mentioned this issue Jan 4, 2024
Merged
Frassle added a commit that referenced this issue Jan 4, 2024
@Frassle
Update Grpc dependencies
1caaee4 
Fixes #218.
Frassle added a commit that referenced this issue Jan 4, 2024
@Frassle
Update Grpc dependencies
5a543fb 
Fixes #218.
Frassle added a commit that referenced this issue Jan 4, 2024
@Frassle
Update Grpc dependencies
e8664fa 
Fixes #218.
@Frassle Frassle self-assigned this Jan 4, 2024
github-merge-queue bot pushed a commit that referenced this issue Jan 4, 2024
@Frassle
Update Grpc dependencies (#219)
d87f6a0 
Fixes #218.
@pulumi-bot pulumi-bot added the resolution/fixed This issue was fixed label Jan 4, 2024
@pulumi-bot pulumi-bot reopened this Jan 4, 2024
@pulumi-bot
Copy link

Cannot close issue:

  • does not have required labels: kind/

Please fix these problems and try again.

@pierskarsenbarg pierskarsenbarg added the kind/engineering Work that is not visible to an external user label Jan 4, 2024
@ttvrdon
Copy link

ttvrdon commented Jan 4, 2024

@pierskarsenbarg Thanks Pier for really quick action with this fix. I reviewed the PR and this will not help...
Vulnerability was fixed in version 2.59.0

@Frassle Frassle reopened this Jan 4, 2024
@Frassle
Copy link
Member

Frassle commented Jan 4, 2024

That's going to be trickier because it drops support for dotnet 3. I'll talk to the team about what we can do here.

@pierskarsenbarg pierskarsenbarg removed the resolution/fixed This issue was fixed label Jan 4, 2024
@mikhailshilkov
Copy link
Member

@Frassle Why is dropping dotnet 3 a problem? It's not a supported version for 1.5 years, right?

@Frassle
Copy link
Member

Frassle commented Apr 1, 2024

Why is dropping dotnet 3 a problem?

We broke a load of downstream provider builds last time, it was technically a few months out of support even then. It should be fine, but I haven't been able to get anyone to confirm it's ok to make this break change.

Frassle added a commit that referenced this issue Apr 16, 2024
@Frassle
Update Grpc dependency
41146a3 
Fixes #218.
@Frassle Frassle linked a pull request Apr 16, 2024 that will close this issue
Open
Frassle added a commit that referenced this issue Apr 16, 2024
@Frassle
Update Grpc dependency
bb73e48 
Fixes #218.
Frassle added a commit that referenced this issue Apr 16, 2024
@Frassle
Update Grpc dependency
8a0fbca 
Fixes #218.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Frassle Frassle

Labels
customer/feedback Feedback from customers impact/security kind/engineering Work that is not visible to an external user
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update Grpc dependencies pulumi/pulumi-dotnet
Update Grpc dependency pulumi/pulumi-dotnet
5 participants
@pierskarsenbarg @Frassle @mikhailshilkov @ttvrdon @pulumi-bot