matthewtquinn1
commented
11 months ago @BlaiseD I'm happy to create a pull request for this fix if you can add me as a contributor? :)
Closed matthewtquinn1 closed 11 months ago
matthewtquinn1
commented
11 months ago @BlaiseD I'm happy to create a pull request for this fix if you can add me as a contributor? :)
BlaiseD
commented
11 months ago I think you become a contributor once your PR gets merged. PRs welcome.
matthewtquinn1
commented
11 months ago @BlaiseD Can you allow me to push my branch please? :)
I cloned the repo, made a branch based off of master, but am getting fatal: unable to access 'https://github.com/AutoMapper/AutoMapper.Extensions.OData.git/': The requested URL returned error: 403
BlaiseD
commented
11 months ago I believe the usual approach is to create the PR from a fork. GitHub has instructions if you search for the following "Creating a pull request from a fork".
BlaiseD
commented
11 months ago BTW you can install the latest version of System.Linq.Dynamic.Core or LogicBuilder.Expressions.Utils into your project (along with AutoMapper.Extensions.OData) to to use the version you need (without doing the PR).
matthewtquinn1
commented
11 months ago @BlaiseD Done now and PR created thanks.
Would prefer not to have the extra dependency installed locally for us to manage :)
The issue
This library relies on
LogicBuilder.Expressions.Utils v5.0.6which relies onSystem.Linq.Dynamic.Core v1.2.14.Why is this an issue?
System.Linq.Dynamic.Corecontains a severe vulnerability in version1.2.14.What is LogicBuilder.Expressions.Utils doing about it?
They updated the dependency to a safer version as seen in this commit.
What can do?
We should update
LogicBuilder.Expressions.Utilsto5.0.10(fixed in 5.0.9, but better to get latest patch) to get the fix.