Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgraded Newtonsoft Json dependency to fix severe vulnerability issue #340

Merged
merged 1 commit into from
Jul 14, 2022
Merged

Upgraded Newtonsoft Json dependency to fix severe vulnerability issue #340

merged 1 commit into from
Jul 14, 2022

Conversation

MiroKentico
Copy link
Contributor

@MiroKentico MiroKentico commented Jun 30, 2022
edited
Loading

Motivation

Updated Newtonsoft.Json dependency to recommended version to fix severe vulnerability issue. Fixes #338.

@codecov
Copy link

codecov bot commented Jun 30, 2022

Codecov Report

Merging #340 (ce790d5) into master (8f43f7f) will decrease coverage by 4.55%.
The diff coverage is n/a.

@@            Coverage Diff             @@
##           master     #340      +/-   ##
==========================================
- Coverage   93.66%   89.10%   -4.56%     
==========================================
  Files         120      120              
  Lines        2589     2589              
  Branches      321      318       -3     
==========================================
- Hits         2425     2307     -118     
- Misses        157      163       +6     
- Partials        7      119     +112
Impacted Files Coverage Δ
Kentico.Kontent.Delivery.Caching/StringHelpers.cs 83.33% <0.00%> (-16.67%) ⬇️
Kentico.Kontent.Delivery.Caching/CacheHelpers.cs 81.53% <0.00%> (-14.62%) ⬇️
Kentico.Kontent.Delivery/DeliveryException.cs 57.14% <0.00%> (-14.29%) ⬇️
...ontent.Delivery.Caching/DistributedCacheManager.cs 61.36% <0.00%> (-13.64%) ⬇️
...livery/Extensions/HttpResponseHeadersExtensions.cs 88.88% <0.00%> (-11.12%) ⬇️
...ico.Kontent.Delivery.Rx/DeliveryObservableProxy.cs 78.94% <0.00%> (-10.53%) ⬇️
...y/ContentItems/ContentLinks/ContentLinkResolver.cs 73.46% <0.00%> (-10.21%) ⬇️
...co.Kontent.Delivery.Caching/DeliveryClientCache.cs 85.50% <0.00%> (-10.15%) ⬇️
...nt.Urls/Delivery/QueryParameters/OrderParameter.cs 90.00% <0.00%> (-10.00%) ⬇️
...ico.Kontent.Delivery.Caching/MemoryCacheManager.cs 71.42% <0.00%> (-9.90%) ⬇️
... and 17 more

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 8f43f7f...ce790d5. Read the comment docs.

@MiroKentico MiroKentico changed the title Upgraded Newtonsoft Json dependency to fix severe vlunerability issue Upgraded Newtonsoft Json dependency to fix severe vulnerability issue Jun 30, 2022
@MiroKentico MiroKentico marked this pull request as ready for review June 30, 2022 14:12
@MiroKentico MiroKentico requested a review from a team June 30, 2022 14:12
This was referenced Jul 11, 2022
Closed
Closed
Closed
@Simply007 Simply007 requested a review from Sevitas July 14, 2022 07:32
Sevitas
Sevitas approved these changes Jul 14, 2022
View reviewed changes
Copy link
Contributor

@Sevitas Sevitas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved, with a suggestion.
Have you thought about updating other packages as well? There is quite a lot of packages needing an upgrade, some of them require consolidation.

@MiroKentico MiroKentico mentioned this pull request Jul 14, 2022
Closed
@MiroKentico
Copy link
Contributor Author

Approved, with a suggestion. Have you thought about updating other packages as well? There is quite a lot of packages needing an upgrade, some of them require consolidation.

To be honest, I didn't thought of this, but I created separated #342 for this. Feel free to suggest packages that you have in mind to this issue.

@MiroKentico MiroKentico merged commit f890e04 into master Jul 14, 2022
@MiroKentico MiroKentico deleted the isssue/338_update_newtonsoft_json_to_patch_vulnerability branch July 14, 2022 11:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Sevitas Sevitas Sevitas approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@MiroKentico @Sevitas