System.Text.Json vulnerability CVE-2024-43485 #672
Description
the version of System.Text.Json being used (6.0.9 by default) has a vulnerability (CVE-2024-43485). it looks like #671 fixed the issue (updated to 6.0.11) but no new Microsoft.NET.Sdk.Functions package was released (the latest version 4.6.0 still has the old System.Text.Json reference).
because Microsoft.NET.Sdk.Functions is used by the generated WorkerExtensions.csproj, we cant update the dependency directly.
can a new version of Microsoft.NET.Sdk.Functions be released to address this?