Merge pull request #951 from eventflow/upgrade-newtonsoft-json

Upgrade Newtonsoft.Json to 13.0.1
eventflow · Jun 24, 2022 · 3690420 · 3690420
2 parents 52f18f0 + 6bc5eb3
commit 3690420
Show file tree

Hide file tree

Showing 4 changed files with 11 additions and 3 deletions.
diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
@@ -14,6 +14,10 @@ Changes since 1.0.5001-alpha
   adds the current source ID that triggered the snapshot. This causes the
   `DuplicateOperationException` to be correctly thrown if a duplicate source
   ID as added before a snapshot was taken
+* Fix: Upgrade `Newtonsoft.Json` from `11.0.2` to `13.0.1` to fix DoS
+  vulnerability
+  - https://github.com/advisories/GHSA-5crp-9r3c-p9vr
+  - https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678
 
 Complete 1.0 change log
 
@@ -55,6 +59,10 @@ Complete 1.0 change log
   adds the current source ID that triggered the snapshot. This causes the
   `DuplicateOperationException` to be correctly thrown if a duplicate source
   ID as added before a snapshot was taken
+* Fix: Upgrade `Newtonsoft.Json` from `11.0.2` to `13.0.1` to fix DoS
+  vulnerability
+  - https://github.com/advisories/GHSA-5crp-9r3c-p9vr
+  - https://security.snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678
 * Version of 0.x included: `0.83.4713`. 0.x changes are merged to 1.x at regular
   intervals, but might be one or two releases behind
 

diff --git a/Source/EventFlow.Elasticsearch/EventFlow.Elasticsearch.csproj b/Source/EventFlow.Elasticsearch/EventFlow.Elasticsearch.csproj
@@ -23,7 +23,7 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0" PrivateAssets="All" />
     <PackageReference Include="NEST" Version="7.8.2" />
-    <PackageReference Include="newtonsoft.json" Version="11.0.2" />    
+    <PackageReference Include="newtonsoft.json" Version="13.0.1" />    
   </ItemGroup>
 
   <ItemGroup>

diff --git a/Source/EventFlow.Hangfire/EventFlow.Hangfire.csproj b/Source/EventFlow.Hangfire/EventFlow.Hangfire.csproj
@@ -23,7 +23,7 @@
   <ItemGroup>
     <PackageReference Include="Hangfire.Core" Version="1.6.20" />
     <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0" PrivateAssets="All" />
-    <PackageReference Include="newtonsoft.json" Version="11.0.2" />
+    <PackageReference Include="newtonsoft.json" Version="13.0.1" />
   </ItemGroup>
 
   <ItemGroup>

diff --git a/Source/EventFlow/EventFlow.csproj b/Source/EventFlow/EventFlow.csproj
@@ -31,7 +31,7 @@
   <ItemGroup>
     <PackageReference Include="Microsoft.CSharp" Version="4.7.0" />
     <PackageReference Include="Microsoft.SourceLink.GitHub" Version="1.0.0" PrivateAssets="All" />
-    <PackageReference Include="Newtonsoft.Json" Version="11.0.2" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
     <PackageReference Include="JetBrains.Annotations" Version="2021.1.0">
       <PrivateAssets>All</PrivateAssets>
     </PackageReference>