search

aws / aws-dotnet-deploy

Opinionated tooling that simplifies deployment of .NET applications to AWS.
https://aws.github.io/aws-dotnet-deploy/
Apache License 2.0
140 stars 32 forks source link

Update Microsoft.AspNetCore.SignalR.Client version to fix System.Text.Json vulnerability #883

Closed gcbeattyAWS closed 2 weeks ago

gcbeattyAWS commented 2 weeks ago

Issue #, if available:

Description of changes: When building with .NET 9 we were getting 

Severity    Code    Description Project File    Line    Suppression State
Error (active)  NU1903  Warning As Error: Package 'System.Text.Json' 6.0.8 has a known high severity vulnerability, https://github.com/advisories/GHSA-8g4q-xg66-9fp4   AWS.Deploy.ServerMode.Client

The System.Text.Json dependency comes from Microsoft.AspNetCore.SignalR.Client

image

This change updates the Microsoft.AspNetCore.SignalR.Client version that includes the patched System.Text.Json version (6.0.11)

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

codecov[bot] commented 2 weeks ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 62.81%. Comparing base (589d9b9) to head (6aa5366). Report is 3 commits behind head on dev.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## dev #883 +/- ## ========================================== + Coverage 62.39% 62.81% +0.42% ========================================== Files 279 282 +3 Lines 10908 10922 +14 Branches 1515 1517 +2 ========================================== + Hits 6806 6861 +55 + Misses 3565 3523 -42 - Partials 537 538 +1 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.