Bump Microsoft.Extensions.Caching.Memory for CVE by DaveTryon · Pull Request #758 · microsoft/sbom-tool (original) (raw)
CVE-2024-43483 requires that we bump Microsoft.Extensions.Caching.Memory from 8.0.0 to 8.0.1. This is a transitive dependency from Component Detection. that they are likely to eventually pick up, at which time we can revert this change.
Redacted output from dotnet nuget why before the change -- version of Microsoft.Extensions.Caching.Memory is 8.0.0:
>dotnet nuget why Microsoft.Sbom.sln Microsoft.Extensions.Caching.Memory
Project 'Microsoft.Sbom.Tool' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
├─ Microsoft.Sbom.Api (v1.0.0)
│ ├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
│ └─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
└─ Microsoft.Sbom.Extensions.DependencyInjection (v1.0.0)
└─ Microsoft.Sbom.Api (v1.0.0)
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
└─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
└─ Microsoft.ComponentDetection.Detectors (v5.1.5)
└─ Microsoft.Extensions.Caching.Memory (v8.0.0)
Project 'Microsoft.Sbom.Api' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
└─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
└─ Microsoft.ComponentDetection.Detectors (v5.1.5)
└─ Microsoft.Extensions.Caching.Memory (v8.0.0)
Project 'Microsoft.Sbom.Api.Tests' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
└─ Microsoft.Sbom.Api (v1.0.0)
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
└─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
└─ Microsoft.ComponentDetection.Detectors (v5.1.5)
└─ Microsoft.Extensions.Caching.Memory (v8.0.0)
Project 'Microsoft.Sbom.DotNetTool' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
├─ Microsoft.Sbom.Api (v1.0.0)
│ ├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
│ └─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
└─ Microsoft.Sbom.Extensions.DependencyInjection (v1.0.0)
└─ Microsoft.Sbom.Api (v1.0.0)
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
└─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
└─ Microsoft.ComponentDetection.Detectors (v5.1.5)
└─ Microsoft.Extensions.Caching.Memory (v8.0.0)
Project 'Microsoft.Sbom.Extensions.DependencyInjection' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
└─ Microsoft.Sbom.Api (v1.0.0)
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
└─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
└─ Microsoft.ComponentDetection.Detectors (v5.1.5)
└─ Microsoft.Extensions.Caching.Memory (v8.0.0)
Project 'Microsoft.Sbom.Extensions.DependencyInjection.Tests' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
└─ Microsoft.Sbom.Extensions.DependencyInjection (v1.0.0)
└─ Microsoft.Sbom.Api (v1.0.0)
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
└─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
└─ Microsoft.ComponentDetection.Detectors (v5.1.5)
└─ Microsoft.Extensions.Caching.Memory (v8.0.0)
Project 'Microsoft.Sbom.Targets' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
├─ Microsoft.Sbom.Extensions.DependencyInjection (v1.0.0)
│ └─ Microsoft.Sbom.Api (v1.0.0)
│ ├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
│ └─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
└─ Microsoft.Sbom.Tool (v1.0.0)
├─ Microsoft.Sbom.Api (v1.0.0)
│ ├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
│ └─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
└─ Microsoft.Sbom.Extensions.DependencyInjection (v1.0.0)
└─ Microsoft.Sbom.Api (v1.0.0)
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
└─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
└─ Microsoft.ComponentDetection.Detectors (v5.1.5)
└─ Microsoft.Extensions.Caching.Memory (v8.0.0)
Project 'Microsoft.Sbom.Targets.Tests' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
├─ Microsoft.Sbom.Extensions.DependencyInjection (v1.0.0)
│ └─ Microsoft.Sbom.Api (v1.0.0)
│ ├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
│ └─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
└─ Microsoft.Sbom.Tool (v1.0.0)
├─ Microsoft.Sbom.Api (v1.0.0)
│ ├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
│ └─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
└─ Microsoft.Sbom.Extensions.DependencyInjection (v1.0.0)
└─ Microsoft.Sbom.Api (v1.0.0)
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
└─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
└─ Microsoft.ComponentDetection.Detectors (v5.1.5)
└─ Microsoft.Extensions.Caching.Memory (v8.0.0)
Project 'Microsoft.Sbom.Tool.Tests' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
└─ Microsoft.Sbom.Tool (v1.0.0)
├─ Microsoft.Sbom.Api (v1.0.0)
│ ├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
│ └─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
└─ Microsoft.Sbom.Extensions.DependencyInjection (v1.0.0)
└─ Microsoft.Sbom.Api (v1.0.0)
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
└─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
└─ Microsoft.ComponentDetection.Detectors (v5.1.5)
└─ Microsoft.Extensions.Caching.Memory (v8.0.0)
Project 'Microsoft.Sbom.Targets.E2E.Tests' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
└─ Microsoft.Sbom.Tool (v1.0.0)
├─ Microsoft.Sbom.Api (v1.0.0)
│ ├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
│ └─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
└─ Microsoft.Sbom.Extensions.DependencyInjection (v1.0.0)
└─ Microsoft.Sbom.Api (v1.0.0)
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.0)
└─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
└─ Microsoft.ComponentDetection.Detectors (v5.1.5)
└─ Microsoft.Extensions.Caching.Memory (v8.0.0)
Redacted output from dotnet nuget why before the change -- version of Microsoft.Extensions.Caching.Memory is 8.0.1:
>dotnet nuget why Microsoft.Sbom.sln Microsoft.Extensions.Caching.Memory
Project 'Microsoft.Sbom.Tool' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
├─ Microsoft.Sbom.Api (v1.0.0)
│ ├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
│ ├─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ │ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
└─ Microsoft.Sbom.Extensions.DependencyInjection (v1.0.0)
└─ Microsoft.Sbom.Api (v1.0.0)
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
├─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
└─ Microsoft.Extensions.Caching.Memory (v8.0.1)
Project 'Microsoft.Sbom.Api' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
├─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
└─ Microsoft.Extensions.Caching.Memory (v8.0.1)
Project 'Microsoft.Sbom.Api.Tests' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
└─ Microsoft.Sbom.Api (v1.0.0)
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
├─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
└─ Microsoft.Extensions.Caching.Memory (v8.0.1)
Project 'Microsoft.Sbom.DotNetTool' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
├─ Microsoft.Sbom.Api (v1.0.0)
│ ├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
│ ├─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ │ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
└─ Microsoft.Sbom.Extensions.DependencyInjection (v1.0.0)
└─ Microsoft.Sbom.Api (v1.0.0)
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
├─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
└─ Microsoft.Extensions.Caching.Memory (v8.0.1)
Project 'Microsoft.Sbom.Extensions.DependencyInjection' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
└─ Microsoft.Sbom.Api (v1.0.0)
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
├─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
└─ Microsoft.Extensions.Caching.Memory (v8.0.1)
Project 'Microsoft.Sbom.Extensions.DependencyInjection.Tests' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
└─ Microsoft.Sbom.Extensions.DependencyInjection (v1.0.0)
└─ Microsoft.Sbom.Api (v1.0.0)
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
├─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
└─ Microsoft.Extensions.Caching.Memory (v8.0.1)
Project 'Microsoft.Sbom.Targets' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
├─ Microsoft.Sbom.Extensions.DependencyInjection (v1.0.0)
│ └─ Microsoft.Sbom.Api (v1.0.0)
│ ├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
│ ├─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ │ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
└─ Microsoft.Sbom.Tool (v1.0.0)
├─ Microsoft.Sbom.Api (v1.0.0)
│ ├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
│ ├─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ │ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
└─ Microsoft.Sbom.Extensions.DependencyInjection (v1.0.0)
└─ Microsoft.Sbom.Api (v1.0.0)
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
├─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
└─ Microsoft.Extensions.Caching.Memory (v8.0.1)
Project 'Microsoft.Sbom.Targets.Tests' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
├─ Microsoft.Sbom.Extensions.DependencyInjection (v1.0.0)
│ └─ Microsoft.Sbom.Api (v1.0.0)
│ ├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
│ ├─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ │ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
└─ Microsoft.Sbom.Tool (v1.0.0)
├─ Microsoft.Sbom.Api (v1.0.0)
│ ├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
│ ├─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ │ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
└─ Microsoft.Sbom.Extensions.DependencyInjection (v1.0.0)
└─ Microsoft.Sbom.Api (v1.0.0)
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
├─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
└─ Microsoft.Extensions.Caching.Memory (v8.0.1)
Project 'Microsoft.Sbom.Tool.Tests' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
└─ Microsoft.Sbom.Tool (v1.0.0)
├─ Microsoft.Sbom.Api (v1.0.0)
│ ├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
│ ├─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ │ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
└─ Microsoft.Sbom.Extensions.DependencyInjection (v1.0.0)
└─ Microsoft.Sbom.Api (v1.0.0)
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
├─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
└─ Microsoft.Extensions.Caching.Memory (v8.0.1)
Project 'Microsoft.Sbom.Targets.E2E.Tests' has the following dependency graph(s) for 'Microsoft.Extensions.Caching.Memory':
[net8.0]
│
└─ Microsoft.Sbom.Tool (v1.0.0)
├─ Microsoft.Sbom.Api (v1.0.0)
│ ├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
│ ├─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ │ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ │ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
└─ Microsoft.Sbom.Extensions.DependencyInjection (v1.0.0)
└─ Microsoft.Sbom.Api (v1.0.0)
├─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
├─ Microsoft.ComponentDetection.Orchestrator (v5.1.5)
│ └─ Microsoft.ComponentDetection.Detectors (v5.1.5)
│ └─ Microsoft.Extensions.Caching.Memory (v8.0.1)
└─ Microsoft.Extensions.Caching.Memory (v8.0.1)