search

belav / csharpier

CSharpier is an opinionated code formatter for c#.
https://csharpier.com
MIT License
1.41k stars 98 forks source link

System.Text.Json has high severity vulnerability #1303

Closed jamesfoster-excelpoint closed 4 months ago

jamesfoster-excelpoint commented 4 months ago

I've just tried building from source and get the following error

Warning As Error: Package 'System.Text.Json' 8.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-hh2w-p6rv-4g7w

after updating visual studio and installing the latest version of the dotnet SDK (as per the link) I still get this when building the solution. I realise this might not be a problem with csharpier, per se. I removed the reference and only the netstandard2.0 target failed to build. Would it be possible to conditionally include the reference?

Any idea why I'm still getting this error after updating?

Environments:

belav commented 4 months ago

If you update the version of system.text.json in the Directory.Packages.props file you can resolve the warning. I have the warning fixed in my most recent unrelated PR and probably should have just split it off and gotten it merged before going out of town.