High severity vulnerabilities - Newtonsoft, System.Security.Cryptography.Pkcs #363
Comments
|
will there be an update to this? Mend scanner is also recognizing this.
|
|
I'm not sure how this is a Fable.Remoting concern. There is nothing preventing you from bumping Giraffe as far as I can see. And for that matter, Giraffe 5 doesn't restrict you to Newtonsoft.Json 12 either. |
|
In my case its not about giraffe. its about fable remoting using the "older" Newtonsoft library and the request to bump this up to the latest version |
|
Sorry, but the argument still stands. You can use 13 if you want - Remoting does not hold you back.
|
|
Yes. I understand that i can use a higher version. Just wondering about the reason of the 12.x version. Is it for compatibility? |
@RicoSaupe We can update it, I don't think there is a reason not to |
Package 'Newtonsoft.Json' 12.0.2 has a known high severity vulnerability, GHSA-5crp-9r3c-p9vr
Package 'System.Security.Cryptography.Pkcs' 6.0.1 has a known high severity vulnerability, GHSA-555c-2p6r-68mm
It looks like Giraffe needs updating to 6.x to be able to get Newtonsoft 13.x
The text was updated successfully, but these errors were encountered: