DavidAJohn
commented
5 months ago Here's a link to the Stripe API upgrade guide: https://docs.stripe.com/upgrades
Open DavidAJohn opened 5 months ago
DavidAJohn
commented
5 months ago Here's a link to the Stripe API upgrade guide: https://docs.stripe.com/upgrades
DavidAJohn
commented
4 months ago As a temporary measure, I've updated the version of Newtonsoft.Json that was installed with that version of the Stripe sdk, until such time as I can properly test the combined Stripe SDK and API update.
It was a high severity vulnerability for a version that was published in November 2019, so I didn't want to leave it unaddressed.
The Blazor store project (Store.BlazorWasm) currently uses v39 of the Stripe SDK. The latest version is v45.
However, each version of the SDK is tied to a particular version of Stripe's API, which can be selected in the Stripe dashboard. You have a 72 hour window in which you can revert back to your previous API version if you update it.
In order to move to v40> of the SDK, I would need to update the API as well. There are quite a few breaking changes that have been introduced and while on the face of it there don't appear to be any changes that affect FotoStorio, it's always better to be safe than sorry with something like this.
This came to light because v39 of the Stripe SDK installs a version of Newtonsoft.Json that is now considered vulnerable (v12.0.3).
I may just update Newtonsoft.Json itself to a non-vulnerable version for the time being, then I'll look at updating the Stripe SDK and API at a later time.