Open Misiu opened 1 year ago
I've run dotnet list package --vulnerable --include-transitive and got this output:
dotnet list package --vulnerable --include-transitive
Użyto następujących źródeł: https://api.nuget.org/v3/index.json Projekt „Test.Consumer” ma następujące pakiety podatne na zagrożenia [net7.0]: Pakiet przechodni Rozpoznane Ważność Adres URL porady > Newtonsoft.Json 12.0.3 High https://github.com/advisories/GHSA-5crp-9r3c-p9vr
I'm currently using FirebaseAdmin version 2.3.0
Ideally, Newtonsoft.Json should be removed in favor of System.Text.Json (or maybe we could pick the serializer that we want to use).
I found a few problems with this issue:
Any updates on this? The dependencies on Google.API.* are pointing to very old versions (2020).
I've run
dotnet list package --vulnerable --include-transitive
and got this output:I'm currently using FirebaseAdmin version 2.3.0
Ideally, Newtonsoft.Json should be removed in favor of System.Text.Json (or maybe we could pick the serializer that we want to use).