Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(dependencies): bump System.Text.Json to 8.0.4 #46

Merged
merged 1 commit into from
Jul 29, 2024
Merged

chore(dependencies): bump System.Text.Json to 8.0.4 #46

merged 1 commit into from
Jul 29, 2024

Conversation

ntruchsess
Copy link
Contributor

@ntruchsess ntruchsess commented Jul 26, 2024
edited
Loading

Description

dependency to Microsoft.EntityFrameworkCore was changed to Microsoft.EntityFrameworkCore.Design 8.0.7
dependency to frameworks was upgraded to 2.4.2

Why

System.Text.Json 8.0.0 has a vulnerability that must be fixed. It is references as an implicit dependency. Referencing Microsoft.EntityFrameworkCore.Design 8.0.7 instead of Microsoft.EntityFrameworkCore implicitly upgrades System.Json.Text to 8.0.4 which solves the security-issue.
Same with frameworks - upgrading to latest 2.4.2 resolves outdated references to System.Text.Json 8.0.0

Issue

eclipse-tractusx/portal#369

Checklist

Please delete options that are not relevant.

  • I have followed the contributing guidelines
  • I have performed a self-review of my own code
  • I have successfully tested my changes locally
  • I have checked that new and existing tests pass locally with my changes

@ntruchsess ntruchsess marked this pull request as ready for review July 26, 2024 14:58
@ntruchsess ntruchsess requested a review from evegufy July 26, 2024 14:58
Phil91
Phil91 requested changes Jul 29, 2024
View reviewed changes
Copy link
Member

@Phil91 Phil91 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should wait until PR eclipse-tractusx/portal-backend#875 is merged and the framework nuget packages are updated. We than can directly update the nuget packages for this project as well.

@ntruchsess ntruchsess requested a review from Phil91 July 29, 2024 12:54
@Phil91 Phil91 self-requested a review July 29, 2024 13:15
Phil91
Phil91 requested changes Jul 29, 2024
View reviewed changes
Copy link
Member

@Phil91 Phil91 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

please update the dependency file

@ntruchsess
upgrade dependencies to bump System.Text.Json 8.0.4
65518f8 
* reference efcore.design
* upgrade framework to 2.4.2
@Phil91 Phil91 self-requested a review July 29, 2024 13:26
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@ntruchsess ntruchsess merged commit a2a18a4 into release/v1.0.0-rc.2 Jul 29, 2024
10 checks passed
@ntruchsess ntruchsess deleted the core/text-json branch July 29, 2024 14:09
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evegufy evegufy evegufy approved these changes

@Phil91 Phil91 Phil91 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ntruchsess @Phil91 @evegufy