Security Issue because of < 13.0.1

JamesNK / Newtonsoft.Json.Bson

Json.NET BSON adds support for reading and writing BSON to Json.NET

MIT License

55 stars 23 forks source link

Security Issue because of < 13.0.1 #35

Closed iamrahul127 closed 2 years ago

iamrahul127 commented 2 years ago

Hi, Our SCA tool is reporting high severity security issue as Newtonsoft.Json.Bson is referring to Newtonsoft.Json version < 13.0.1. We have noticed that you have fixed the issue under https://github.com/JamesNK/Newtonsoft.Json/issues/2535 for Newtonsoft.Json.

Could you please let us know if you have plan to upgrade Newtonsoft.Json used by Newtonsoft.Json.Bson to 13.0.1?

JamesNK commented 2 years ago

Could you please let us know if you have plan to upgrade Newtonsoft.Json used by Newtonsoft.Json.Bson to 13.0.1?

Yes. No date.

Our SCA tool is reporting high severity security issue as Newtonsoft.Json.Bson is referring to Newtonsoft.Json version < 13.0.1.

Newtonsoft.Json.Bson has a reference to the minimum version required. There is nothing stopping an app from referencing Newtonsoft.Json 13.0.1 itself.

JamesNK commented 2 years ago

Done https://github.com/JamesNK/Newtonsoft.Json.Bson/pull/36