High severity vulnerabilities - Newtonsoft

thoth-org / Thoth.Json

Library for working with JSON in a type safe manner, this libs is targeting Fable

https://thoth-org.github.io/Thoth.Json/

MIT License

150 stars 36 forks source link

High severity vulnerabilities - Newtonsoft #195

Closed RicoSaupe closed 6 months ago

RicoSaupe commented 6 months ago

Any chance to upgrade to use the latest newtonsoft package?

Package 'Newtonsoft.Json' before 13.0.1 has a known high severity vulnerability, https://github.com/advisories/GHSA-5crp-9r3c-p9vr

Also Mend scanner shows the vulnerability.

MangelMaxime commented 6 months ago

In theory, you can use any version of Newtonsoft.Json you want we don't force a specific version.

But I release version 12.0.0, which makes Newtonsoft.Json 13.0.1 the lowest version allowed. Hopefully, it will not breaking anything. I remember choosing the version of Newtonsoft.Json for compatibility with Azure functions.