Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Update dependency LogicBuilder.Expressions.Utils

See original GitHub issue

The issue

This library relies on LogicBuilder.Expressions.Utils v5.0.6 which relies on System.Linq.Dynamic.Core v1.2.14.

Why is this an issue?

System.Linq.Dynamic.Core contains a severe vulnerability in version 1.2.14.

What is LogicBuilder.Expressions.Utils doing about it?

They updated the dependency to a safer version as seen in this commit.

What can do?

We should update LogicBuilder.Expressions.Utils to 5.0.10 (fixed in 5.0.9, but better to get latest patch) to get the fix.

Issue Analytics

  • State:closed
  • Created a month ago
  • Comments:6 (6 by maintainers)

github_iconTop GitHub Comments

1reaction
BlaiseDcommented, Aug 17, 2023

I believe the usual approach is to create the PR from a fork. GitHub has instructions if you search for the following “Creating a pull request from a fork”.

0reactions
matthewtquinn1commented, Aug 17, 2023

@BlaiseD Done now and PR created thanks.

Would prefer not to have the extra dependency installed locally for us to manage 😃

Read more comments on GitHub >

github_iconTop Results From Across the Web

LogicBuilder.Expressions.Utils 5.0.9
LogicBuilder.Expressions.Utils 5.0.9. The ID prefix of this package has been reserved for one of the owners of this Prefix Reserved .NET Standard 2.0....
Read more >
LogicBuilder.EntityFrameworkCore.SqlServer 5.0.8
Given an EF Core DBContext, LogicBuilder. ... dotnet add package LogicBuilder. ... README; Frameworks; Dependencies; Used By; Versions; Release Notes.
Read more >
How to update dependencies of dependencies using npm
Your best bet is to update npm to version >= 7.0. Please see the answer from xeos for more details. If that is...
Read more >
Is it possible to update only one package and its ...
whenever you update a direct dependency, poetry needs to rebuild the dependency tree. Is the same true if I add a direct dependency?...
Read more >
Managing dependencies
Upgrade or downgrade dependency versions as needed over time. ... Avoid common terms such as widgets , utilities , or app . For...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

ExecutionEngineException thrown when mapping with IDataReader to DTO with a different datatype for a property

Next page

$skip is not applied when $orderby is not defined