Using Vulnerable Version of Newtonsoft (12.0.2)

[elitegibson]

When I use the nuget package in Linqpad, it notifies that the package is using a version of Newtonsoft.Json that has a vulnerability (12.0.2). See: https://github.com/advisories/GHSA-5crp-9r3c-p9vr

Recommend updating to a newer version of newtonsoft.json or switching to system.text.json.

Great package overall though!

[bgmulinari]

Hi, @elitegibson. Thanks for the heads-up.

Unfortunately, the Newtonsoft library is not referenced by B1SLayer directly, but rather by Flurl.Http as you can see below:

Flurl.Http 4.0.0 is dropping Newtonsoft.Json in favor of System.Text.Json, but it's still in development and only pre-release versions are available for now. This change would also be a breaking change for B1SLayer as it relies on Newtonsoft.Json for some things, so this would be something for B1SLayer 2.0.0 down the line when Flurl.Http 4.0.0 is fully released and stable.

[elitegibson]

Sorry I totally missed that it was Flurl's dependency. Thanks for the quick reply.