RicoSaupe
commented
1 month ago will there be an update to this? Mend scanner is also recognizing this.
Open martinbryant opened 4 months ago
RicoSaupe
commented
1 month ago will there be an update to this? Mend scanner is also recognizing this.
kerams
commented
1 month ago I'm not sure how this is a Fable.Remoting concern. There is nothing preventing you from bumping Giraffe as far as I can see. And for that matter, Giraffe 5 doesn't restrict you to Newtonsoft.Json 12 either.
RicoSaupe
commented
1 month ago In my case its not about giraffe. its about fable remoting using the "older" Newtonsoft library and the request to bump this up to the latest version
kerams
commented
1 month ago Sorry, but the argument still stands. You can use 13 if you want - Remoting does not hold you back.
RicoSaupe
commented
1 month ago Yes. I understand that i can use a higher version. Just wondering about the reason of the 12.x version. Is it for compatibility?
Zaid-Ajaj
commented
1 week ago Just wondering about the reason of the 12.x version. Is it for compatibility?
@RicoSaupe We can update it, I don't think there is a reason not to
Package 'Newtonsoft.Json' 12.0.2 has a known high severity vulnerability, https://github.com/advisories/GHSA-5crp-9r3c-p9vr
Package 'System.Security.Cryptography.Pkcs' 6.0.1 has a known high severity vulnerability, https://github.com/advisories/GHSA-555c-2p6r-68mm
It looks like Giraffe needs updating to 6.x to be able to get Newtonsoft 13.x