Azure · ealsur · Jun 28, 2022 · Jun 28, 2022 · Jun 28, 2022 · Jun 28, 2022
@@ -452,6 +452,7 @@ private static JObject RetrieveItem(
                 JsonSerializerSettings jsonSerializerSettings = new JsonSerializerSettings()
                 {
                     DateParseHandling = DateParseHandling.None,
+                    MaxDepth = 64, // https://github.com/advisories/GHSA-5crp-9r3c-p9vr
                 };
 
                 itemJObj = JsonSerializer.Create(jsonSerializerSettings).Deserialize<JObject>(jsonTextReader);

@@ -25,7 +25,7 @@
     <PackageReference Include="Moq" Version="4.8.2" />
     <PackageReference Include="MSTest.TestAdapter" Version="1.3.2" />
     <PackageReference Include="MSTest.TestFramework" Version="1.3.2" />
-    <PackageReference Include="Newtonsoft.Json" Version="10.0.2" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
     <PackageReference Include="System.Linq.Dynamic.Core" Version="1.0.8.11" />
     <PackageReference Include="System.Reflection" Version="4.3.0" />
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />

@@ -20,7 +20,7 @@
     <PackageReference Include="Moq" Version="4.8.3" />
     <PackageReference Include="MSTest.TestAdapter" Version="1.2.0" />
     <PackageReference Include="MSTest.TestFramework" Version="1.2.0" />
-    <PackageReference Include="Newtonsoft.Json" Version="10.0.2" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
   </ItemGroup>
 
   <ItemGroup>

@@ -22,6 +22,7 @@ internal static class EncryptionProcessor
             new JsonSerializerSettings()
             {
                 DateParseHandling = DateParseHandling.None,
+                MaxDepth = 64, // https://github.com/advisories/GHSA-5crp-9r3c-p9vr
             });
 
         private static readonly SqlSerializerFactory SqlSerializerFactory = SqlSerializerFactory.Default;
@@ -408,6 +409,7 @@ private static JObject RetrieveItem(
                 JsonSerializerSettings jsonSerializerSettings = new JsonSerializerSettings()
                 {
                     DateParseHandling = DateParseHandling.None,
+                    MaxDepth = 64, // https://github.com/advisories/GHSA-5crp-9r3c-p9vr
                 };
 
                 itemJObj = JsonSerializer.Create(jsonSerializerSettings).Deserialize<JObject>(jsonTextReader);

@@ -25,7 +25,7 @@
     <PackageReference Include="Moq" Version="4.8.2" />
     <PackageReference Include="MSTest.TestAdapter" Version="1.3.2" />
     <PackageReference Include="MSTest.TestFramework" Version="1.3.2" />
-    <PackageReference Include="Newtonsoft.Json" Version="10.0.2" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
     <PackageReference Include="System.Linq.Dynamic.Core" Version="1.0.8.11" />
     <PackageReference Include="System.Reflection" Version="4.3.0" />
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.5.4" />

@@ -20,7 +20,7 @@
     <PackageReference Include="Moq" Version="4.8.3" />
     <PackageReference Include="MSTest.TestAdapter" Version="1.2.0" />
     <PackageReference Include="MSTest.TestFramework" Version="1.2.0" />
-    <PackageReference Include="Newtonsoft.Json" Version="10.0.2" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
   </ItemGroup>
 
   <ItemGroup>

@@ -77,7 +77,8 @@ internal static CosmosSerializer CreateSqlQuerySpecSerializer(
 
             JsonSerializerSettings settings = new JsonSerializerSettings()
             {
-                Converters = new List<JsonConverter>() { new CosmosSqlQuerySpecJsonConverter(cosmosSerializer ?? propertiesSerializer) }
+                Converters = new List<JsonConverter>() { new CosmosSqlQuerySpecJsonConverter(cosmosSerializer ?? propertiesSerializer) },
+                MaxDepth = 64, // https://github.com/advisories/GHSA-5crp-9r3c-p9vr
             };
 
             return new CosmosJsonSerializerWrapper(new CosmosJsonDotNetSerializer(settings));

@@ -130,7 +130,8 @@ internal static CosmosSerializer CreatePatchOperationsSerializer(
                 Converters = new List<JsonConverter>()
                 {
                     new PatchOperationsJsonConverter(cosmosSerializer)
-                }
+                },
+                MaxDepth = 64, // https://github.com/advisories/GHSA-5crp-9r3c-p9vr
             };
 
             return new CosmosJsonSerializerWrapper(new CosmosJsonDotNetSerializer(settings));

@@ -276,7 +276,8 @@ internal TryCatch<PartitionedQueryExecutionInfoInternal> TryGetPartitionedQueryE
                    serializedQueryExecutionInfo,
                    new JsonSerializerSettings
                    {
-                       DateParseHandling = DateParseHandling.None
+                       DateParseHandling = DateParseHandling.None,
+                       MaxDepth = 64, // https://github.com/advisories/GHSA-5crp-9r3c-p9vr
                    });
 
             return TryCatch<PartitionedQueryExecutionInfoInternal>.FromResult(queryInfoInternal);

@@ -51,7 +51,8 @@ internal CosmosJsonDotNetSerializer(CosmosSerializationOptions cosmosSerializerO
                 Formatting = cosmosSerializerOptions.Indented ? Formatting.Indented : Formatting.None,
                 ContractResolver = cosmosSerializerOptions.PropertyNamingPolicy == CosmosPropertyNamingPolicy.CamelCase
                     ? new CamelCasePropertyNamesContractResolver()
-                    : null
+                    : null,
+                MaxDepth = 64, // https://github.com/advisories/GHSA-5crp-9r3c-p9vr
             };
 
             this.SerializerSettings = jsonSerializerSettings;

@@ -8,6 +8,9 @@ namespace Microsoft.Azure.Cosmos
 
     internal static class DefaultJsonSerializationSettings
     {
-        public static readonly JsonSerializerSettings Value = new JsonSerializerSettings();
+        public static readonly JsonSerializerSettings Value = new JsonSerializerSettings()
+        {
+            MaxDepth = 64, // https://github.com/advisories/GHSA-5crp-9r3c-p9vr
+        };
     }
 }
@@ -86,7 +86,11 @@ internal static class ClientTelemetryOptions
 
         internal static readonly ResourceType AllowedResourceTypes = ResourceType.Document;
 
-        internal static readonly JsonSerializerSettings JsonSerializerSettings = new JsonSerializerSettings { NullValueHandling = NullValueHandling.Ignore };
+        internal static readonly JsonSerializerSettings JsonSerializerSettings = new JsonSerializerSettings 
+        { 
+            NullValueHandling = NullValueHandling.Ignore,
+            MaxDepth = 64, // https://github.com/advisories/GHSA-5crp-9r3c-p9vr
+        };
 
         private static Uri clientTelemetryEndpoint;
         private static string environmentName;

@@ -571,7 +571,7 @@ public static JsonSerializerSettings GetSerializerWithCustomConverterAndBinder()
                 MissingMemberHandling = MissingMemberHandling.Ignore
             };
 
-            serializerSettings.Binder = new CommonSerializationBinder();
+            serializerSettings.SerializationBinder = new CommonSerializationBinder();
             serializerSettings.Converters =
                 serializerSettings.Converters.Concat(
                     new JsonConverter[]
@@ -734,7 +734,7 @@ public override object ReadJson(
         }
 
 #pragma warning disable CS0618 
-        private sealed class CommonSerializationBinder : Newtonsoft.Json.SerializationBinder
+        private sealed class CommonSerializationBinder : ISerializationBinder
 #pragma warning restore CS0618 
         {
             private readonly ConcurrentDictionary<Type, string> _typeToNameMapping;
@@ -746,7 +746,7 @@ public CommonSerializationBinder()
                 this._nameToTypeMapping = new ConcurrentDictionary<string, Type>();
             }
 
-            public override Type BindToType(string assemblyName, string typeName)
+            public Type BindToType(string assemblyName, string typeName)
             {
                 if (assemblyName == null)
                 {
@@ -771,7 +771,7 @@ public override Type BindToType(string assemblyName, string typeName)
                 return Type.GetType(string.Format("{0}, {1}", typeName, assemblyName), true);
             }
 
-            public override void BindToName(Type serializedType, out string assemblyName, out string typeName)
+            public void BindToName(Type serializedType, out string assemblyName, out string typeName)
             {
                 assemblyName = null;
                 typeName = this._typeToNameMapping.GetOrAdd(serializedType, _ =>

@@ -129,7 +129,7 @@ internal class DataObject : LinqTestObject
             // of the enum definition
             public TestEnum2 EnumNumber;
 
-            [JsonConverter(typeof(UnixDateTimeConverter))]
+            [JsonConverter(typeof(Documents.UnixDateTimeConverter))]
             public DateTime UnixTime;
 
             [JsonConverter(typeof(IsoDateTimeConverter))]

@@ -49,7 +49,7 @@
     <PackageReference Include="Moq" Version="4.8.2" />
     <PackageReference Include="MSTest.TestAdapter" Version="1.3.2" />
     <PackageReference Include="MSTest.TestFramework" Version="1.3.2" />
-    <PackageReference Include="Newtonsoft.Json" Version="10.0.2" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
     <PackageReference Include="System.Linq.Dynamic.Core" Version="1.0.8.11" />
     <PackageReference Include="System.Reflection" Version="4.3.0" />
     <PackageReference Include="Azure.Core" Version="1.19.0" />

@@ -54,7 +54,7 @@
     <PackageReference Include="Moq" Version="4.8.3" />
     <PackageReference Include="MSTest.TestAdapter" Version="1.2.0" />
     <PackageReference Include="MSTest.TestFramework" Version="1.2.0" />
-    <PackageReference Include="Newtonsoft.Json" Version="10.0.2" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
     <PackageReference Include="coverlet.msbuild" Version="2.8.1">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>