Update System.Text.Json from 8.0.4 to 8.0.5 #6101
Conversation
|
@marcpopMSFT - This change is going into 17.13. Is this good to merge now? |
|
MSBuild has been updated, its probably safe: https://github.com/dotnet/msbuild/pull/10776/files#diff-af84f50fd5aa2e8bfc3479cb6ddf7882bc084ce1af01de6dd49ff93aa2d1718cR138 |
Should we not wait for VS as well? |
There was a problem hiding this comment.
We need confirmation this isn't going to cause problems, before we merge. See also:
I still need to port a more advanced version of this PR to the dev branch:
See the PR description of this last PR for more details about why we can't upgrade some packages (like this one) until our downstream components are ready to take the change
|
Apex tests were useful in this case. We can see that VS main branch is still shipping an older version of System.Text.Json, so NuGet in VS is failing because of an assembly load failure. |
Yep, super useful! @zivkan, should I close this PR? |
|
@rainersigwald has been traying to coordinate the update of VS on STJ. I believe it's too late for 17.11, he plans to talk to the QB for 17.12, and we definitely want it for 17.13 but it has to be coordinated with MS Build AND VS. Not sure if the VS work for 17.13 is done yet. |
|
We MUST NOT reference STJ 8.0.5 for NuGet 6.12/SDK 9.0.100/VS 17.12. For 17.13/9.0.200/6.13 you will be clear to reference 8.0.5 as soon as MSBuild can manage to insert (any minute now; currently that's https://dev.azure.com/devdiv/DevDiv/_git/VS/pullrequest/585290). So I wouldn't close, but maybe pause for a day or two? |
There was a problem hiding this comment.
Yup, 
cc @YuliiaKovalova -- yell at NuGet if we have to revert STJ in VS for some reason.
This reverts commit fbb1d63.
Bug
Fixes: NuGet/Home#13857
Description
This change updates System.Text.Json from 8.0.4 (with security vulnerability) to 8.0.5 (latest release).
PR Checklist
Added testsN/ALink to an issue or pull request to update docs if this PR changes settings, environment variables, new feature, etc.N/A