search

coverlet-coverage / coverlet

Cross platform code coverage for .NET
MIT License
2.93k stars 385 forks source link

Coverlet.collector: upgraded from 3.1.0 to 6.0.0 but still Newtonsoft.Json.9.0.1 is coming in coverlet.collector.deps.json #1611

Closed shaikhdastgir91 closed 4 months ago

shaikhdastgir91 commented 4 months ago

Newtonsoft.Json.9.0.1 has some security issues. when Vera code is scanning our application then it is finding Newtonsoft.Json.9.0.1 in coverlet.collector.deps.json. please remove these dependencies or upgrade to latest version of Newtonsoft.json

"Microsoft.Extensions.DependencyModel/2.1.0": { "dependencies": { "Microsoft.DotNet.PlatformAbstractions": "2.1.0", "Newtonsoft.Json": "9.0.1", "System.Diagnostics.Debug": "4.0.11", "System.Dynamic.Runtime": "4.0.11", "System.Linq": "4.1.0" }, "runtime": { "lib/netstandard1.6/Microsoft.Extensions.DependencyModel.dll": { "assemblyVersion": "2.1.0.0", "fileVersion": "2.1.0.0" } } }, "Newtonsoft.Json/9.0.1": { "dependencies": { "Microsoft.CSharp": "4.0.1", "System.Collections": "4.0.11", "System.Diagnostics.Debug": "4.0.11", "System.Dynamic.Runtime": "4.0.11", "System.Globalization": "4.0.11", "System.IO": "4.1.0", "System.Linq": "4.1.0", "System.Linq.Expressions": "4.1.0", "System.ObjectModel": "4.0.12", "System.Reflection": "4.1.0", "System.Reflection.Extensions": "4.0.1", "System.Resources.ResourceManager": "4.0.1", "System.Runtime": "4.1.0", "System.Runtime.Extensions": "4.1.0", "System.Runtime.Serialization.Primitives": "4.1.1", "System.Text.Encoding": "4.0.11", "System.Text.Encoding.Extensions": "4.0.11", "System.Text.RegularExpressions": "4.1.0", "System.Threading": "4.0.11", "System.Threading.Tasks": "4.0.11", "System.Xml.ReaderWriter": "4.0.11", "System.Xml.XDocument": "4.0.11" }, "runtime": { "lib/netstandard1.0/Newtonsoft.Json.dll": { "assemblyVersion": "9.0.0.0", "fileVersion": "9.0.1.19813" } } },

Bertk commented 4 months ago

duplicate issue #1505

the next coverlet release will not use Newtonsoft.Json anymore.

Duranom commented 4 months ago

Bit rude to ask, but any idea around when to expect that release? The package issue raised can be flagged as trivial due how it is used, but would be nice to remove that rule 😊

akutuev commented 4 months ago

Bit rude to ask, but any idea around when to expect that release? The package issue raised can be flagged as trivial due how it is used, but would be nice to remove that rule 😊

We have the similar problem, but apparently it was fixed today in version 6.0.1

Many thanks!

Bertk commented 4 months ago

coverlet V6.0.1 is released.

akutuev commented 4 months ago

coverlet V6.0.1 is released.

Sorry, any ideas when it will be published to Nuget?

daveMueller commented 4 months ago

Sorry, any ideas when it will be published to Nuget?

It's now also available in the NuGet Gallery.