Does Dapper have a dependency on library System.Data.SqlClient?

From link this it seems so. And if so, the version pointed out in the link, version 4.8.5, is a version considered vulnerable by the code CVE-2024-0056.