System.Text.Json.7.0.3 - Outdated - Vulnerable - Githubissues

unoplatform / Uno.UITest

Unified UI Testing Framework for Uno Platform based applications

https://platform.uno

Other

12 stars 6 forks source link

System.Text.Json.7.0.3 - Outdated - Vulnerable #90

Open guyulmaz opened 2 months ago

guyulmaz commented 2 months ago

I'm submitting a...

Current behavior

System.Text.Json.7.0.3 - Outdated - Vulnerable: [ Severity: 2, https://github.com/advisories/GHSA-hh2w-p6rv-4g7w ] Uno.UITest.Selenium.1.1.0-dev.70 Uno.UITest.Helpers.1.1.0-dev.70

Expected behavior

pump up System.Text.Json version

Minimal reproduction of the problem with instructions

I'm using nugetmonitor extention at vs 2022, it is giving hifgliting this vulnerability warning.

Environment

Package Version(s): 

Visual Studio
- [ x] 2022 (version: )
- [ ] 2019 Preview (version: )
- [ ] for Mac (version: )

jeromelaban commented 2 months ago

Thanks for the report. Dealing with transitive vulnerabilities is a hot topic lately, particularly with net9, and the policy for now is to not update the dependencies for libraries unless there's a binary breaking change, as the apps can do it explicitly. We're expecting changes with https://github.com/NuGet/Home/issues/7344#issuecomment-2311075251.