Skip to content

Update Npgsql #2207

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 10, 2024
Merged

Update Npgsql #2207

merged 1 commit into from
May 10, 2024

Conversation

seantleonard
Copy link
Contributor

@seantleonard seantleonard commented May 10, 2024
edited
Loading

Why make this change?

  • dotnet restore (via dotnet format implicitly) raises NU1903 warning as an error because older versions of npgsql are tagged as vulnerable due to a high severity vulnerability.

What is this change?

  • Updates build-pipeline yaml to include -v d for detailed verbose logging in dotnet restore step so actual error messages are shown instead of generic failure.
  • Sets separate versions of npgsql for .net6 and .net8:
    • .NET6 -> Npgsql 7.0.7 (set to 8.0.3, until nuget no longer reports 7.0.7 as vulnerable) tracked via npgsql 7.0.7 for .net6 #2206
    • .NET8 -> Npgsql 8.0.3
  • ignores TestDictionaryDatabaseObjectSerializationDeserialization() for .net6 until npgsql 7.0.7 for .net6 #2206 is addressed because npgsql 8.0.3 depends on system.text.json from .net8 which breaks behavior in the test.

How was this tested?

  • Integration Tests
  • Unit Tests

@seantleonard
temp use only npgsql 8.0.3 to avoid NU1903 erroneous error saying 7.0…
d06ea20 
….7 is vulnerable even when updated advisory sent saying 7.0.7 is patched.
@seantleonard seantleonard added this to the 1.1rc milestone May 10, 2024
@seantleonard
Copy link
Contributor Author

/azp run

Aniruddh25
Aniruddh25 approved these changes May 10, 2024
View reviewed changes
Copy link
Collaborator

@Aniruddh25 Aniruddh25 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@seantleonard seantleonard enabled auto-merge (squash) May 10, 2024 21:51
aaronburtle
aaronburtle reviewed May 10, 2024
View reviewed changes
aaronburtle
aaronburtle approved these changes May 10, 2024
View reviewed changes
Copy link
Contributor

@aaronburtle aaronburtle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good I just had a question about the versions.

@seantleonard seantleonard merged commit 49184a3 into main May 10, 2024
@seantleonard seantleonard deleted the dev/sean/npgsql_workaround branch May 10, 2024 22:23
@seantleonard seantleonard mentioned this pull request May 13, 2024
Merged
1 task
seantleonard added a commit that referenced this pull request May 14, 2024
@seantleonard
Update Npgsql to 7.0.7 for net6 (#2214)
da16701 
## Why make this change?

- Closes #2206
- As noted in #2207, now that false positive vulnerability alert no
longer shows due to correct patched versions being recognized by dotnet
restore.
- Merging Directory to 1.1 branch.

## What is this change?

- For .net6 updates npgsql to 7.0.7.
- Removes "ignore" tag on serialization/deserialization test that broke
because of the npgsql version used.

## How was this tested?
- [x] Unit Tests 
- `dotnet format` step passes without dotnet restore vulnerability
alert.
- unit test `TestDictionaryDatabaseObjectSerializationDeserialization`
unignored
ayush3797 pushed a commit that referenced this pull request May 14, 2024
@seantleonard @ayush3797
Update Npgsql to 7.0.7 for net6 (#2214)
372dd25 
## Why make this change?

- Closes #2206
- As noted in #2207, now that false positive vulnerability alert no
longer shows due to correct patched versions being recognized by dotnet
restore.
- Merging Directory to 1.1 branch.

## What is this change?

- For .net6 updates npgsql to 7.0.7.
- Removes "ignore" tag on serialization/deserialization test that broke
because of the npgsql version used.

## How was this tested?
- [x] Unit Tests 
- `dotnet format` step passes without dotnet restore vulnerability
alert.
- unit test `TestDictionaryDatabaseObjectSerializationDeserialization`
unignored
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Aniruddh25 Aniruddh25 Aniruddh25 approved these changes

@aaronburtle aaronburtle aaronburtle approved these changes

@mbhaskar mbhaskar Awaiting requested review from mbhaskar

@Mathos1432 Mathos1432 Awaiting requested review from Mathos1432

@gledis69 gledis69 Awaiting requested review from gledis69

@tarazou9 tarazou9 Awaiting requested review from tarazou9

@ayush3797 ayush3797 Awaiting requested review from ayush3797

@abhishekkumams abhishekkumams Awaiting requested review from abhishekkumams

@aaronpowell aaronpowell Awaiting requested review from aaronpowell

@severussundar severussundar Awaiting requested review from severussundar

@ravishetye ravishetye Awaiting requested review from ravishetye

@rohkhann rohkhann Awaiting requested review from rohkhann

@neeraj-sharma2592 neeraj-sharma2592 Awaiting requested review from neeraj-sharma2592 neeraj-sharma2592 is a code owner

@sourabh1007 sourabh1007 Awaiting requested review from sourabh1007 sourabh1007 is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
1.1rc
Development

Successfully merging this pull request may close these issues.
3 participants
@seantleonard @Aniruddh25 @aaronburtle