Closed matthewtquinn1 closed 11 months ago
@BlaiseD I'm happy to create a pull request for this fix if you can add me as a contributor? :)
I think you become a contributor once your PR gets merged. PRs welcome.
@BlaiseD Can you allow me to push my branch please? :)
I cloned the repo, made a branch based off of master, but am getting fatal: unable to access 'https://github.com/AutoMapper/AutoMapper.Extensions.OData.git/': The requested URL returned error: 403
I believe the usual approach is to create the PR from a fork. GitHub has instructions if you search for the following "Creating a pull request from a fork".
BTW you can install the latest version of System.Linq.Dynamic.Core
or LogicBuilder.Expressions.Utils
into your project (along with AutoMapper.Extensions.OData
) to to use the version you need (without doing the PR).
@BlaiseD Done now and PR created thanks.
Would prefer not to have the extra dependency installed locally for us to manage :)
The issue
This library relies on
LogicBuilder.Expressions.Utils v5.0.6
which relies onSystem.Linq.Dynamic.Core v1.2.14
.Why is this an issue?
System.Linq.Dynamic.Core
contains a severe vulnerability in version1.2.14
.What is LogicBuilder.Expressions.Utils doing about it?
They updated the dependency to a safer version as seen in this commit.
What can do?
We should update
LogicBuilder.Expressions.Utils
to5.0.10
(fixed in 5.0.9, but better to get latest patch) to get the fix.