Open martinbryant opened 4 months ago
will there be an update to this? Mend scanner is also recognizing this.
I'm not sure how this is a Fable.Remoting concern. There is nothing preventing you from bumping Giraffe as far as I can see. And for that matter, Giraffe 5 doesn't restrict you to Newtonsoft.Json 12 either.
In my case its not about giraffe. its about fable remoting using the "older" Newtonsoft library and the request to bump this up to the latest version
Sorry, but the argument still stands. You can use 13 if you want - Remoting does not hold you back.
Yes. I understand that i can use a higher version. Just wondering about the reason of the 12.x version. Is it for compatibility?
Just wondering about the reason of the 12.x version. Is it for compatibility?
@RicoSaupe We can update it, I don't think there is a reason not to
Package 'Newtonsoft.Json' 12.0.2 has a known high severity vulnerability, https://github.com/advisories/GHSA-5crp-9r3c-p9vr
Package 'System.Security.Cryptography.Pkcs' 6.0.1 has a known high severity vulnerability, https://github.com/advisories/GHSA-555c-2p6r-68mm
It looks like Giraffe needs updating to 6.x to be able to get Newtonsoft 13.x