Question Problem with NuGet Package in MudBlazor app

Pablo

Well-known member
Joined
Aug 12, 2021
Messages
73
Programming Experience
10+
Hello,
I managed to install in my VS the MudBlazor Template (updated to .Net 8) for creating projects with MudBlazor already setup, and it works fine.
Then I installed the NuGet Packages Microsoft.EntityFrameworkCore version 8.0.6, the *.SqlServer, and the *.Tools. When I wrote the classic ApplicationDbContext.cs file (which refers to EF Core), it threw errors about DbContext and other stuff from EF Core was not defined. I didn't understand, and went to the project's installed Packages to see if they were right, and then I saw what you can see in the image: on Installed tab, a yellow warning triangle that when I locate the mouse pointer over appears a letter that says: "You have 2 vulnerable Package versions installed". I located the EF Core Packages into de Server Project as well as the Model and ApplicationDbContext cs files.
I would appreciate any help on how to solve this issue, thank you.
Best regards
Pablo
vs.png
 
I'm not sure what problem you're asking for help with. Is it issues with DbContext in code or is it vulnerable packages? There's no reason to believe that the two are related.
 
I'm not sure what problem you're asking for help with. Is it issues with DbContext in code or is it vulnerable packages? There's no reason to believe that the two are related.

Hi jmcilhinney
The issue is "vulnerable packages" and that (I suppose) causes that DbContext stuff is not accepted and throws errors. But if you say that the two are not related, then why all DbContext stuff throws "not recognized" errors?
Thank you very much.
 
The vulnerability will not break existing code. It's only updating to a non-vulnerable version that might potentially have a breaking change.

I suspect that your DbContext problems are something else completely unrelated. If the template you are using is the same one that was linked to in your other thread, as I recall I didn't have any problems compiling or running the code even with the vulnerability warning.
 
The vulnerability will not break existing code. It's only updating to a non-vulnerable version that might potentially have a breaking change.

I suspect that your DbContext problems are something else completely unrelated. If the template you are using is the same one that was linked to in your other thread, as I recall I didn't have any problems compiling or running the code even with the vulnerability warning.

Hi Skydiver
The vulnerability is not breaking existing but new code. It didn't update to a non vulnerable version, actually it did not change anything and the istalled version is the newest (Microsoft.EntityFrameworkCore 8.0.8). The project I'm using is not the one on that Stack Overflow answer. What I did is this:
In the Terminal Console:
dotnet new install MudBlazor.Templates
Then I created a MudBlazor project (Auto: Server and Webassembly) with this template that doesn't need to configure MudBlazor because it is already done.
Then occurred the errors already described.
The compiler error messages say something like this: "The name of the type or namespace 'DbContext' WAS NOT FOUND. Is a using directive or an assembly reference MISSING? (translated from Spanish).
I appreciate your replies and your help.
 
But if you say that the two are not related, then why all DbContext stuff throws "not recognized" errors?

I don't know but that's why I was asking what problem you actually wanted help with. Why would a security vulnerability in a package cause it to not expose types? Given that it's a transitive package, i.e. one that you are not referencing directly but is referenced by one that you are, you may well not even be using types from it directly anyway.
 
As for the issue, where do you think that the DbContext class you're trying to access should be found? What package do you think it is declared in and what namespace do you think it's a member of? Have you installed that package and imported that namespace?
 
I don't know but that's why I was asking what problem you actually wanted help with. Why would a security vulnerability in a package cause it to not expose types? Given that it's a transitive package, i.e. one that you are not referencing directly but is referenced by one that you are, you may well not even be using types from it directly anyway.

It's not a transitive package, it is "direct". They are EF Core, EF Core.SqlServer, and EF Core.Tools.
 
As for the issue, where do you think that the DbContext class you're trying to access should be found? What package do you think it is declared in and what namespace do you think it's a member of? Have you installed that package and imported that namespace?

1) In the 3 packages I mentioned I installed.
2) In the package EF Core and so.
3) Yes, the 3 packages I mentioned I installed.

Thanks for your help.
 
It's not a transitive package, it is "direct". They are EF Core, EF Core.SqlServer, and EF Core.Tools.

If it's a direct dependency, where in post #5 did you install those three packages? In post #5 you wrote just these steps:
What I did is this:
In the Terminal Console:
dotnet new install MudBlazor.Templates
Then I created a MudBlazor project (Auto: Server and Webassembly) with this template that doesn't need to configure MudBlazor because it is already done.
 
The package with the vulnerability is transitive. It's right there in your screen shot.

Ah, yes! You're right! I hadn't realized of the yellow triangle there. So, then, why the EF Core doesn't work? Would it be because it needs that vulnerable package? What can I do to get the DbContext and EF Core to work?
Thank you
 
If it's a direct dependency, where in post #5 did you install those three packages? In post #5 you wrote just these steps:
Hi
I installed the 3 packages after that, with the NuGet Package Manager. But I saw, as jmcilhinney told me, that the vulnerable packages are not them, that are transitive.
 
The package with the vulnerability is transitive. It's right there in your screen shot.

Hi
I took a new screenshot where you can see that beside the tab Instalado (Installed) there is the warning icon, which says there are 2 vulnerable packages, but in the list there is none with the icon. What does all of this mean? Does it have a solution?
Thanks
vul.png
 
Back
Top Bottom