Skip to content

Commit d85fadc

Browse files
author
Timothy Mothra
authored
Update dependencies to remove Newtonsoft.Json. (GHSA-5crp-9r3c-p9vr) (#2615)
* testing * remove dependency * changelog * update changelog
1 parent 9c76e4a commit d85fadc

File tree

3 files changed

+7
-3
lines changed

3 files changed

+7
-3
lines changed

CHANGELOG.md

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,11 @@
11
# Changelog
22

33
## VNext
4+
- Address vulnerability in `Newtonsoft.Json` ([GHSA-5crp-9r3c-p9vr](https://github.com/advisories/GHSA-5crp-9r3c-p9vr)).
5+
Mitigation is to upgrade dependencies in `Microsoft.ApplicationInsights.AspNetCore` ([#2615](https://github.com/microsoft/ApplicationInsights-dotnet/pull/2615))
6+
- Upgrade `Microsoft.Extensions.Configuration.Json` from v2.1.0 to v3.1.0.
7+
- Upgrade `System.Text.Encodings.Web` from 4.5.1 to 4.7.2.
8+
49

510
## Version 2.21.0-beta2
611
- [LOGGING: Make TelemetryConfiguration configurable in ApplicationInsightsLoggingBuilderExtensions](https://github.com/microsoft/ApplicationInsights-dotnet/issues/1944)

NETCORE/src/Microsoft.ApplicationInsights.AspNetCore/Microsoft.ApplicationInsights.AspNetCore.csproj

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -34,7 +34,7 @@
3434
<ProjectReference Include="..\..\..\LOGGING\src\ILogger\ILogger.csproj" />
3535

3636
<PackageReference Include="Microsoft.AspNetCore.Hosting" Version="2.1.1" />
37-
<PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="2.1.0" />
37+
<PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="3.1.0" />
3838
</ItemGroup>
3939

4040
<ItemGroup>
@@ -57,7 +57,7 @@
5757
<!--
5858
We must take a temporary dependency on this newer version until Microsoft.AspNetCore.Hosting updates their dependencies.
5959
-->
60-
<PackageReference Include="System.Text.Encodings.Web" Version="4.5.1" />
60+
<PackageReference Include="System.Text.Encodings.Web" Version="4.7.2" />
6161
</ItemGroup>
6262

6363
<ItemGroup>

NETCORE/test/FunctionalTests.WebApi.Tests/FunctionalTests.WebApi.Tests.csproj

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,6 @@
2626
<PackageReference Include="Microsoft.AspNetCore.Mvc" Version="2.1.1" />
2727
<PackageReference Include="Microsoft.AspNetCore.Mvc.WebApiCompatShim" Version="2.1.1" />
2828
<PackageReference Include="Microsoft.AspNetCore.StaticFiles" Version="2.2.0" />
29-
<PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="2.1.1" />
3029
<PackageReference Include="Microsoft.AspNetCore.Diagnostics" Version="2.1.1" />
3130
<PackageReference Include="Microsoft.AspNetCore.Server.Kestrel" Version="2.2.0" />
3231
<PackageReference Include="Microsoft.NET.Test.Sdk" Version="16.11.0" />

0 commit comments

Comments
 (0)