Closed lkempton-boomi closed 1 month ago
nozzlegear
commented
1 month ago Thanks for the heads up! I'll update the package and publish today. I'll have to check why I didn't get any dependabot alerts for this vulnerability, maybe my settings are misconfigured.
lkempton-boomi
commented
1 month ago Thanks for the heads up! I'll update the package and publish today. I'll have to check why I didn't get any dependabot alerts for this vulnerability, maybe my settings are misconfigured.
Nice one. Thank you for the quick turnaround.
nozzlegear
commented
1 month ago @lkempton-boomi Okay, fixed and published in 6.19.0 on Nuget. All dependencies have been updated to their latest versions, and I've got the Dependabot alerts sorted too. Thanks again for spotting this and letting me know about it!
There is currently a high level vulnerability that is being caused by one of the dependencies of ShopifySharp@6.18.0. I have tried updating the pre-release version but this issue persists there too.
According to Synk the specific problem dependency is System.Text.Json and the recommended remediation is to update this package to 8.0.4.