chore: Update Newtonsoft.Json to version 13.0.1

[nspruit]

Hi,

First of all: thanks a lot for making this package available! It has been working just fine in production for us. Recently, we executed a BlackDuck scan on our codebase and found that Newtonsoft.Json has a potential security issues that is now fixed in version 13.0.1, see e.g. this issue.

These changes will update the Newtonsoft.Json dependency to 13.0.1 and everything still seems to work fine.

We'd be very grateful if you could include these changes and publish a new package version.

[DarkLiKally]

Hello, sure I'll do that. I'll publish a new version this weekend

[nspruit]

That would be great!

[DrakezulsMinimalism]

@nspruit does 13.0.1 really already include the fixing commit? According to BlackDuck it doesn't and it seems that the release (13.0.1) was created on 17th of March, while the fix was only commited on the 31st of March.

[nspruit]

@DrakezulsMinimalism this PR that was merged on 31st of January introduces a default max depth that should fix the issue. It seems like another bug was introduced by those changes (see e.g. this PR description) that was indeed committed on 31st of March and is not in 13.0.1.

[DrakezulsMinimalism]

@nspruit Thanks for the clarification and pointers. I tried to read a few other issues and I think that:

1. the DOS is indeed fixed
2. currently (13.0.1) the maxDepth is (sometimes?) effectively stuck at 64 and it might not be possible to set it to null or anything greater than 64.

[nspruit]

@DarkLiKally do you perhaps have an update on the publishing of the new version?

[csmith1983]

@DarkLiKally Do you have any news on the planned update and new version for resolving this PR?