- Notifications
You must be signed in to change notification settings - Fork311
Fix Wave Analysis issues#3403
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Pull Request Overview
This PR pins explicit versions for System.Text.Json and other dependencies to address transitive vulnerabilities, reorders and updates package references, and adjusts project files to improve Linux build support.
- Add System.Text.Json dependencies and bump SqlManagementObjects to mitigate vulnerabilities
- Sort and standardize
<PackageReference>entries and version props - Update netfx csproj (SDK name, code analysis rule, remove COM reference, adjust compile includes)
Reviewed Changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| tools/specs/Microsoft.Data.SqlClient.nuspec | Add System.Text.Json dependency for net7.0, net9.0, netstandard2.0 |
| tools/props/VersionsNet9OrLater.props | IntroduceSystemTextJsonVersion and fix property ordering |
| tools/props/Versions.props | RelocateSystemTextJsonVersion and bump SqlManagementObjects |
| src/Microsoft.Data.SqlClient/netfx/...csproj | Change SDK, update code analysis rule condition, rename files, remove COM reference, reorder packages |
| src/Microsoft.Data.SqlClient/netcore/...csproj | RenameSqlMetadataFactory toSqlMetaDataFactory, reorder packages |
| src/Microsoft.Data.SqlClient/netcore/ref/...csproj | Reorder package references to match new standard |
Comments suppressed due to low confidence (2)
src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj:951
- Verify that the source file and its class declaration have been renamed to "DBConnectionString.cs" (uppercase 'DB') on disk; otherwise the case-sensitive Linux build may fail due to a mismatch.
<Compile Include="Microsoft\Data\Common\DBConnectionString.cs" />src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj:663
- Ensure the file and class name have been updated to "SqlMetaDataFactory.cs" (capital 'D') so the project reference matches the actual file on a case-sensitive filesystem.
<Compile Include="$(CommonSourceRoot)Microsoft\Data\SqlClient\SqlMetaDataFactory.cs">There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Leaving some notes for reviewers.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
src/Microsoft.Data.SqlClient/netcore/ref/Microsoft.Data.SqlClient.csproj OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
codecovbot commentedJun 9, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@## main #3403 +/- ##======================================= Coverage 65.34% 65.34% ======================================= Files 301 301 Lines 65625 65625 =======================================+ Hits 42880 42882 +2+ Misses 22745 22743 -2
Flags with carried forward coverage won't be shown.Click here to find out more. ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
Uh oh!
There was an error while loading.Please reload this page.
I have this addressed in#3333 |
- Updated .NET to explicitly use System.Text.Json 8.0.5 or 9.0.5 to avoid transitive vulnerabilities.- Sorted PackageReference entries alphabetically by package name.- Updated test tools to use Microsoft.SqlServer.SqlManagementObjects 172.76.0 to avoid transitive vulnerabilities.- Updated .NET Framework project to build on Linux.
427b65a to541300eCompareMerging in#3333 was a mess, so I had to rebase instead - sorry! The diffs are pretty small now though. |
LGTM |
src/Microsoft.Data.SqlClient/netcore/src/Microsoft.Data.SqlClient.csproj OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Microsoft.Data.SqlClient/netfx/src/Microsoft.Data.SqlClient.csproj OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
- Added System.Text.Json 9.0.5 to .NET 9.0.- Fixed System.Formats.Asn1 transitive vulnerability.
- Removed unnecessary PackageReference Version attributes.
260940b intomainUh oh!
There was an error while loading.Please reload this page.
| <PackageReference Include="Microsoft.Bcl.Cryptography" /> | ||
| <!-- Transitive dependencies that would otherwise bring in older, vulnerable versions. --> | ||
| <PackageReference Include="System.Text.Json" /> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
What references are pulling in the vulnerable version? Might make sense to add a comment so it will be easier to check when this can be removed.
Description
Issues
ADO 37675
Testing