Replies: 1 comment 1 reply
-
Beta Was this translation helpful? Give feedback.
1 reply
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
I am using NJsonSchema in a project with .NET Framework 4.7.1.
Thanks for the good work.
I checked my project for vulnerable NuGet packages including transitive packages:
dotnet list package --vulnerable --source nuget.org --include-transitive
I get a report for a vulnerability of System.Text.Encodings.Web.
The reported version of System.Text.Encodings.Web is 4.7.1.
System.Text.Encodings.Web 4.7.1 Critical
GHSA-ghhp-997w-qr28I detected that System.Text.Json 4.7.2 (referenced in NJsonSchema) is using System.Text.Encodings.Web 4.7.1.
For testing purposes, I referenced System.Text.Json 6.0.0 in my project which removed the vulnerability report.
Does it make sense to upgrade System.Text.Json to a newer version ?
I am referring to https://github.com/RicoSuter/NJsonSchema/blob/9bf8f695b373410e8b51e1363270c08dda7b8127/Directory.Packages.props#L19C1-L19C66
Beta Was this translation helpful? Give feedback.
All reactions