Skip to content

Upgrade MongoDB.Driver to 3.9.0 to fix Snappier and SharpCompress vulnerabilities#281

Open
Thynix wants to merge 1 commit into
madelson:masterfrom
Thynix:upgrade-mongodb
Open

Upgrade MongoDB.Driver to 3.9.0 to fix Snappier and SharpCompress vulnerabilities#281
Thynix wants to merge 1 commit into
madelson:masterfrom
Thynix:upgrade-mongodb

Conversation

@Thynix

@Thynix Thynix commented Jul 12, 2026

Copy link
Copy Markdown

See https://github.com/mongodb/mongo-csharp-driver/releases/tag/v3.8.1 and https://github.com/mongodb/mongo-csharp-driver/releases/tag/v3.9.0

This commit was generated by running

dotnet package update MongoDB.Driver@3.9.0 --project src/DistributedLock.MongoDB/DistributedLock.MongoDB.csproj

The vulnerabilities in question are GHSA-pggp-6c3x-2xmx and GHSA-6c8g-7p36-r338

Here is an example of building with Nuget auditing and TreatWarningsAsErrors enabled, which causes dotnet restore to fail:

error NU1903: Warning As Error: Package 'Snappier' 1.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-pggp-6c3x-2xmx

…nerabilities

See https://github.com/mongodb/mongo-csharp-driver/releases/tag/v3.8.1
and https://github.com/mongodb/mongo-csharp-driver/releases/tag/v3.9.0

This commit was generated by running

    dotnet package update MongoDB.Driver@3.9.0 --project src/DistributedLock.MongoDB/DistributedLock.MongoDB.csproj

The vulnerabilities in question are GHSA-pggp-6c3x-2xmx
and GHSA-6c8g-7p36-r338

Here is an example of building with Nuget auditing and
`TreatWarningsAsErrors` enabled, which causes `dotnet restore` to fail:

    error NU1903: Warning As Error: Package 'Snappier' 1.0.0 has a known high severity vulnerability, GHSA-pggp-6c3x-2xmx
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant