search

microsoft / sbom-tool

The SBOM tool is a highly scalable and enterprise ready tool to create SPDX 2.2 compatible SBOMs for any variety of artifacts.
MIT License
1.63k stars 133 forks source link

Address CVE-2024-43485 by updating System.Text.Json #748

Closed DaveTryon closed 1 month ago

DaveTryon commented 1 month ago

CVE-2024-43485 is showing up as a CG alert and is blocking PR builds from succeeding. This bumps System.Text.Json from 8.0.4 to 8.0.5, as called out at https://github.com/dotnet/announcements/issues/329 and https://github.com/advisories/GHSA-8g4q-xg66-9fp4

codecov-commenter commented 1 month ago

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Project coverage is 70.06%. Comparing base (18571b9) to head (973e00a). Report is 1 commits behind head on main.

Additional details and impacted files ```diff @@ Coverage Diff @@ ## main #748 +/- ## ======================================= Coverage 70.06% 70.06% ======================================= Files 277 277 Lines 8622 8622 Branches 1002 1002 ======================================= Hits 6041 6041 Misses 2063 2063 Partials 518 518 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.