search

eBay / ebay-oauth-csharp-client

eBay OAuth C# Client Library
Apache License 2.0
54 stars 40 forks source link

Out of date dependencies #27

Closed bounav closed 10 months ago

bounav commented 1 year ago

Hello,

Would the maintainers be open to accept a pull request that updating the dependencies of this project? I'd be happy to submit one.

Proposed change:

diff --git a/ebay-oauth-csharp-client/ebay-oauth-csharp-client.csproj b/ebay-oauth-csharp-client/ebay-oauth-csharp-client.csproj
index 74ed47f..fd6a976 100644
--- a/ebay-oauth-csharp-client/ebay-oauth-csharp-client.csproj
+++ b/ebay-oauth-csharp-client/ebay-oauth-csharp-client.csproj
@@ -4,12 +4,9 @@
     <RootNamespace>eBay.ApiClient.Auth.oAuth2</RootNamespace>
   </PropertyGroup>
   <ItemGroup>
-    <Folder Include="eBay\ApiClient\Auth\" />
-  </ItemGroup>
-  <ItemGroup>
-    <PackageReference Include="YamlDotNet" Version="5.3.0" />
-    <PackageReference Include="RestSharp" Version="106.5.4" />
-    <PackageReference Include="log4net" Version="2.0.8" />
-    <PackageReference Include="Newtonsoft.Json" Version="12.0.1" />
+    <PackageReference Include="YamlDotNet" Version="13.1.0" />
+    <PackageReference Include="RestSharp" Version="108.0.2" />
+    <PackageReference Include="log4net" Version="2.0.15" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
   </ItemGroup>
 </Project>

The main driver for this is that YamlDotNet is very out of date and the current nuget package referenced doesn't has its publicKeyToken assembly property to set and this is causing FileNotFound exceptions if you happen to also reference a more recent version of the package (that will have a publicKeyTokenVaue.

The referenced version of Newtonsoft.Json and log4net have some known vulnerabilities.

The other updates are just general housekeeping.

lucasgonze commented 1 year ago

If you submit a PR, I will try to get it merged.

However, I am not a dev on this project, so we will need to find somebody to run the tests. @bounav I assume you have that ability, is that correct?

In the absence of somebody to check that your PR doesn't break anything, we may want to merge anyway.

lucasgonze commented 11 months ago

Three out of these four updates span breaking changes. They are almost certain to cause breakage. Unless somebody (@bounav?) is offering to fix the breakage, we should archive this repo.

lucasgonze commented 11 months ago

After several tries to get this updated, I think it is time to archive.

bounav commented 11 months ago

Hi @lucasgonze just saw your replies.

Three out of these four updates span breaking changes.

Can you elaborate? In my PR #28 I included minor code changes needed to run with the updated dependencies. In the pull request the code runs fine from what I can tell: We use that code to get oauth tokens and it works fine...

bounav commented 10 months ago

I'm closing this issue as PR #30 updated dependencies.