Reputation: 851
How to update Microsoft.Data.SqlClient 1.1.3 to 3.1.7 referred indirectly Microsoft.EntityFrameworkCore.SqlServer without updatiing this Nuget
I have a .NET Framework web app that has service and data layer targeting both .NET 4.7.1 and .NET Core 8.0.
The blackduck identifies a vulnerability in Microsoft.Data.SqlClient 1.1.3. Updates Microsoft.Data.SqlClient from v1.1.3 to v3.7.1 which works with both .NET 4.7.1, and .NET Core 8.0.
But some project where Microsoft.EntityFrameworkCore.SqlServer is referenced has a dependency on Microsoft.Data.SqlClient v1.1.3 which cannot be updated without updating the main library but if I update Microsoft.EntityFrameworkCore.SqlServer to latest, it won't work with .NET 4.7.1.
I tried adding Microsoft.Data.SqlClient v3.7.1 this to those project where it referred indirectly but even then project.asset.json has reference of Microsoft.Data.SqlClient v1.1.3
Please advise best way to overcome this issue.
Upvotes: 0
Views: 60
Answers (1)
Reputation: 89396
Add a direct package dependency to the version of Microsoft.Data.SqlClient you need.
Then Nuget will apply the "Direct Dependency Wins" rule to load right version.
Upvotes: 0
Related Questions
- Azure CI/CD build Pipeline fails refers old Microsoft.Data.SqlClient.SNI 1.1.0 but it was updated to 3.0.2 in feature branch
- Need to update all Nuget packages to latest version in a solution that has projects which targets both .NET 4.7.1 and .NET 8
- .Net 8 Function App doesn't load functions from dependencies
- You must add a reference to assembly 'netstandard, Version=2.0.0.0
- How to create ASP.NET Core web application for existing Azure database with identity tables
- How to configure EF Core connection context to decouple packages dependencies?
- System.Net.Http MethodNotFoundException when executing method on .NET Framework 4.7.1 library loaded through Reflection