Skip to content

.Net: Fix Recent Vulnerabilities Warnings #9732

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
RogerBarreto opened this issue Nov 18, 2024 · 0 comments · Fixed by #9733
Closed

.Net: Fix Recent Vulnerabilities Warnings #9732

RogerBarreto opened this issue Nov 18, 2024 · 0 comments · Fixed by #9733
Assignees
@RogerBarreto
Labels
.NET Issue or Pull requests regarding .NET code

Comments

@RogerBarreto
Copy link
Member

Problem

Build pipeline started to fail with Vulnerability warning

Solution

Fix all identified vulnerability warnings

D:\a\semantic-kernel\semantic-kernel\dotnet\src\Plugins\Plugins.Document\Plugins.Document.csproj : error NU1903: Package 'System.IO.Packaging' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-f32c-w444-8ppv [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Plugins\Plugins.Document\Plugins.Document.csproj : error NU1903: Package 'System.IO.Packaging' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-qj66-m88j-hmgj [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Plugins\Plugins.MsGraph\Plugins.MsGraph.csproj : error NU1902: Package 'Microsoft.Identity.Client' 4.52.0 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-m5vv-6r4h-3vj9 [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Plugins\Plugins.MsGraph\Plugins.MsGraph.csproj : error NU1901: Package 'Microsoft.Identity.Client' 4.52.0 has a known low severity vulnerability, https://github.com/advisories/GHSA-x674-v45j-fwxw [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Plugins\Plugins.MsGraph\Plugins.MsGraph.csproj : error NU1902: Package 'Microsoft.IdentityModel.JsonWebTokens' 6.23.1 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-59j7-ghrg-fj52 [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Plugins\Plugins.MsGraph\Plugins.MsGraph.csproj : error NU1902: Package 'System.IdentityModel.Tokens.Jwt' 6.23.1 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-59j7-ghrg-fj52 [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Plugins\Plugins.UnitTests\Plugins.UnitTests.csproj : error NU1902: Package 'Microsoft.Identity.Client' 4.52.0 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-m5vv-6r4h-3vj9 [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Plugins\Plugins.UnitTests\Plugins.UnitTests.csproj : error NU[190](https://github.com/microsoft/semantic-kernel/actions/runs/11893220329/job/33137741111?pr=9702#step:4:191)1: Package 'Microsoft.Identity.Client' 4.52.0 has a known low severity vulnerability, https://github.com/advisories/GHSA-x674-v45j-fwxw [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Plugins\Plugins.UnitTests\Plugins.UnitTests.csproj : error NU1902: Package 'Microsoft.IdentityModel.JsonWebTokens' 6.23.1 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-59j7-ghrg-fj52 [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Plugins\Plugins.UnitTests\Plugins.UnitTests.csproj : error NU1902: Package 'System.IdentityModel.Tokens.Jwt' 6.23.1 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-59j7-ghrg-fj52 [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Plugins\Plugins.UnitTests\Plugins.UnitTests.csproj : error NU1903: Package 'System.IO.Packaging' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-f32c-w444-8ppv [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Plugins\Plugins.UnitTests\Plugins.UnitTests.csproj : error NU1903: Package 'System.IO.Packaging' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-qj66-m88j-hmgj [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Functions\Functions.UnitTests\Functions.UnitTests.csproj : error NU1902: Package 'Microsoft.Identity.Client' 4.52.0 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-m5vv-6r4h-3vj9 [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Functions\Functions.UnitTests\Functions.UnitTests.csproj : error NU1901: Package 'Microsoft.Identity.Client' 4.52.0 has a known low severity vulnerability, https://github.com/advisories/GHSA-x674-v45j-fwxw [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Functions\Functions.OpenApi\Functions.OpenApi.csproj : error NU1902: Package 'Microsoft.Identity.Client' 4.52.0 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-m5vv-6r4h-3vj9 [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Functions\Functions.OpenApi\Functions.OpenApi.csproj : error NU1901: Package 'Microsoft.Identity.Client' 4.52.0 has a known low severity vulnerability, https://github.com/advisories/GHSA-x674-v45j-fwxw [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Functions\Functions.OpenApi.Extensions\Functions.OpenApi.Extensions.csproj : error NU1902: Package 'Microsoft.Identity.Client' 4.52.0 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-m5vv-6r4h-3vj9 [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Functions\Functions.OpenApi.Extensions\Functions.OpenApi.Extensions.csproj : error NU1901: Package 'Microsoft.Identity.Client' 4.52.0 has a known low severity vulnerability, https://github.com/advisories/GHSA-x674-v45j-fwxw [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\IntegrationTests\IntegrationTests.csproj : error NU1903: Package 'Npgsql' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-x9vc-6hfv-hg8c [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\samples\Demos\CreateChatGptPlugin\Solution\CreateChatGptPlugin.csproj : error NU1902: Package 'Microsoft.Identity.Client' 4.52.0 has a known moderate severity vulnerability, https://github.com/advisories/GHSA-m5vv-6r4h-3vj9 [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\samples\Demos\CreateChatGptPlugin\Solution\CreateChatGptPlugin.csproj : error NU1901: Package 'Microsoft.Identity.Client' 4.52.0 has a known low severity vulnerability, https://github.com/advisories/GHSA-x674-v45j-fwxw [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\samples\Demos\VectorStoreRAG\VectorStoreRAG.csproj : error NU1903: Package 'Newtonsoft.Json' 10.0.2 has a known high severity vulnerability, https://github.com/advisories/GHSA-5crp-9r3c-p9vr [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\samples\Demos\VectorStoreRAG\VectorStoreRAG.csproj : error NU1903: Package 'System.Net.Http' 4.3.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-7jgj-8wvc-jh57 [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Connectors\Connectors.UnitTests\Connectors.UnitTests.csproj : error NU1903: Package 'Npgsql' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-x9vc-6hfv-hg8c [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\samples\Concepts\Concepts.csproj : error NU1903: Package 'Npgsql' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-x9vc-6hfv-hg8c [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Connectors\Connectors.UnitTests\Connectors.UnitTests.csproj : error NU1903: Package 'System.Formats.Asn1' 5.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-447r-wph3-92pm [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\samples\Concepts\Concepts.csproj : error NU1903: Package 'System.Formats.Asn1' 5.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-447r-wph3-92pm [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Connectors\Connectors.Memory.Postgres\Connectors.Memory.Postgres.csproj : error NU1903: Package 'Npgsql' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-x9vc-6hfv-hg8c [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Connectors\Connectors.Memory.Kusto\Connectors.Memory.Kusto.csproj : error NU1903: Package 'System.Formats.Asn1' 5.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-447r-wph3-92pm [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Connectors\Connectors.Memory.AzureCosmosDBNoSQL\Connectors.Memory.AzureCosmosDBNoSQL.csproj : error NU1903: Package 'Newtonsoft.Json' 10.0.2 has a known high severity vulnerability, https://github.com/advisories/GHSA-5crp-9r3c-p9vr [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Connectors\Connectors.Memory.AzureCosmosDBNoSQL\Connectors.Memory.AzureCosmosDBNoSQL.csproj : error NU1903: Package 'System.Net.Http' 4.3.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-7jgj-8wvc-jh57 [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
D:\a\semantic-kernel\semantic-kernel\dotnet\src\Connectors\Connectors.Memory.AzureCosmosDBNoSQL\Connectors.Memory.AzureCosmosDBNoSQL.csproj : error NU1903: Package 'System.Text.RegularExpressions' 4.3.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-cmhx-cq75-c4mj [D:\a\semantic-kernel\semantic-kernel\dotnet\SK-dotnet.sln]
@RogerBarreto RogerBarreto self-assigned this Nov 18, 2024
@markwallace-microsoft markwallace-microsoft added .NET Issue or Pull requests regarding .NET code triage labels Nov 18, 2024
@RogerBarreto RogerBarreto moved this to Sprint: In Progress in Semantic Kernel Nov 18, 2024
@RogerBarreto RogerBarreto mentioned this issue Nov 18, 2024
Merged
github-merge-queue bot pushed a commit that referenced this issue Nov 18, 2024
@RogerBarreto
.Net: Fix vulnerabilities (#9733)
5c998f2 
### Motivation and Context

- Fixes #9732
@github-project-automation github-project-automation bot moved this from Sprint: In Progress to Sprint: Done in Semantic Kernel Nov 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@RogerBarreto RogerBarreto

Labels
.NET Issue or Pull requests regarding .NET code
Projects
Semantic Kernel
Archived in project
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

.Net: Fix vulnerabilities RogerBarreto/semantic-kernel
2 participants
@RogerBarreto @markwallace-microsoft