[BUG]: CG Alert: Upgrade System.IdentityModel.Tokens.Jwt to latest version on Microsoft.Azure.WebJobs.Extensions.SignalRService namespace #44015
Labels
Client
This issue points to a problem in the data-plane of the library.
customer-reported
Issues that are reported by GitHub users external to the Azure organization.
needs-team-attention
This issue needs attention from Azure service team or SDK team
question
The issue doesn't require a change to the product in order to be resolved. Most issues start as that
Service Attention
This issue is responsible by Azure service team.
SignalR
Library name and version
Microsoft.Azure.WebJobs.Extensions.SignalRService 1.13.0
Describe the bug
I've received cg alert on following package reference coming through latest version of Microsoft.Azure.WebJobs.Extensions.SignalRService
Upgrade System.IdentityModel.Tokens.Jwt from 6.5.0 to 6.34.0 to fix the vulnerability.
Kindly upgrade the dependecy to latest version and release the newer version for downstream consumption
Expected behavior
Security vulnerability fix by upgrading mentioning package
Actual behavior
Older version of System.IdentityModel.Tokens.Jwt is used which seems to be flagged with security issue
Reproduction Steps
Check the dependent packages versions
Environment
No response
The text was updated successfully, but these errors were encountered: