Open jithuin opened 2 weeks ago
If you install the package directly, it should be picked up as a reference.
The minimum required version is set to 8.04 for .net471, net48 and netstandard2.0 which is vulnarable. Vulnaribilty checks like osv-scanner marks the package as vulnarable cause of the dependency
Yeah but scanning by certain tools and avoiding dependency on a vulnerable package are two different things. If 8.0.5 is referenced directly, the application won't have that vulnerability.
Please update to 8.0.5! Because of the way our apps are loaded into a seperate app domain I cannot redirect to 8.0.5 and get the error
System.IO.FileLoadException: Could not load file or assembly 'System.Text.Json, Version=8.0.0.4, Culture=neutral, PublicKeyToken=cc7b13ffcd2ddd51' or one of its dependencies. The located assembly's manifest definition does not match the assembly reference. (Exception from HRESULT: 0x80131040)
.
The only way to avoid this is using the vulnerable 8.0.4
System.Text.Json version 8.0.4 has marked as vulnerable so i just upgraded to 8.0.5
Project type Dotnet Framework V 4.6
System.Text.Json version 8.0.5 not detecting while upgrading from 8.0.4
i expect to upgrade to 8.0.5