Replies: 1 comment 1 reply
-
Beta Was this translation helpful? Give feedback.
1 reply
-
|
Thanks. |
Beta Was this translation helpful? Give feedback.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
I am using NJsonSchema in a project with .NET Framework 4.7.1.
Thanks for the good work.
I checked my project for vulnerable NuGet packages including transitive packages:
dotnet list package --vulnerable --source nuget.org --include-transitive
I get a report for a vulnerability of System.Text.Encodings.Web.
The reported version of System.Text.Encodings.Web is 4.7.1.
System.Text.Encodings.Web 4.7.1 CriticalGHSA-ghhp-997w-qr28I detected that System.Text.Json 4.7.2 (referenced in NJsonSchema) is using System.Text.Encodings.Web 4.7.1.
For testing purposes, I referenced System.Text.Json 6.0.0 in my project which removed the vulnerability report.
Does it make sense to upgrade System.Text.Json to a newer version ?
I am referring to https://github.com/RicoSuter/NJsonSchema/blob/9bf8f695b373410e8b51e1363270c08dda7b8127/Directory.Packages.props#L19C1-L19C66
Beta Was this translation helpful? Give feedback.
All reactions