search

HangfireIO / Hangfire

An easy way to perform background job processing in .NET and .NET Core applications. No Windows Service or separate process required
https://www.hangfire.io
Other
9.43k stars 1.7k forks source link

Vulnerable Newtonsoft.Json dependency #2472

Open mikernet opened 1 day ago

mikernet commented 1 day ago

Please fix the reference to vulnerable Newtonsoft.Json versions, which cause build warnings/errors when building on .NET 9:

Package 'Newtonsoft.Json' 11.0.1 has a known high severity vulnerability, https://github.com/advisories/GHSA-5crp-9r3c-p9vr

[net9.0]
   │
   ├─ Hangfire.AspNetCore (v1.8.15)
   │  └─ Hangfire.NetCore (v1.8.15)
   │     └─ Hangfire.Core (v1.8.15)
   │        └─ Newtonsoft.Json (v11.0.1)
   ├─ Hangfire.Core (v1.8.15)
   │  └─ Newtonsoft.Json (v11.0.1)
   └─ Hangfire.SqlServer (v1.8.15)
      └─ Hangfire.Core (v1.8.15)
         └─ Newtonsoft.Json (v11.0.1)
abarducci commented 23 hours ago

Hi @mikernet, the very same issue is reported here: https://github.com/HangfireIO/Hangfire/issues/2468