Skip to content

Upgrade Newtonsoft.Json to 13.0.2 #1028

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 8, 2022
Merged

Upgrade Newtonsoft.Json to 13.0.2 #1028

merged 1 commit into from
Dec 8, 2022

Conversation

@Aniruddh25
Copy link
Collaborator

@Aniruddh25 Aniruddh25 commented Dec 8, 2022
edited
Loading

Why make this change?

  • Component governance detected a high severity security alert while doing static analysis. This PR is to fix that alert and unblock pipeline merges

_

[INFO] |Security Alerts |
[INFO] |_______________________|
[INFO] |Alert title |Affected component |Severity |Due date |
[INFO] |||||
[INFO] |GHSA-5crp-9r3c-p9vr |Newtonsoft.Json 13.0.1 |High | |
[INFO] |||||
[INFO]
##[error]Component Governance failed due to the presence of 1 security alerts at or above 'Medium' severity. Microsoft’s Open Source policy requires that all high and critical security vulnerabilities found by this task be addressed by upgrading vulnerable components. Vulnerabilities in indirect dependencies should be addressed by upgrading the root dependency.

What is this change?

  • Upgrade the version of Newtonsoft.Json to 13.0.2

@Aniruddh25 Aniruddh25 changed the title Upgrade Newtonsoft.Json Upgrade Newtonsoft.Json to 13.0.2 Dec 8, 2022
@Aniruddh25 Aniruddh25 changed the title Upgrade Newtonsoft.Json to 13.0.2 Upgrade Newtonsoft.Json to 13.0.2 Dec 8, 2022
@Aniruddh25 Aniruddh25 enabled auto-merge (squash) December 8, 2022 05:32
aaronburtle
aaronburtle approved these changes Dec 8, 2022
View reviewed changes
Copy link
Contributor

@aaronburtle aaronburtle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the quick fix

@Aniruddh25 Aniruddh25 merged commit 53c0c58 into main Dec 8, 2022
@Aniruddh25 Aniruddh25 deleted the dev/anmunde/upgradeNewtonsoft branch December 8, 2022 05:47
seantleonard
seantleonard reviewed Dec 8, 2022
View reviewed changes
Copy link
Contributor

@seantleonard seantleonard left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@seantleonard seantleonard seantleonard left review comments

@aaronburtle aaronburtle aaronburtle approved these changes

@mbhaskar mbhaskar Awaiting requested review from mbhaskar

@JelteF JelteF Awaiting requested review from JelteF

@jarupatj jarupatj Awaiting requested review from jarupatj

@Mathos1432 Mathos1432 Awaiting requested review from Mathos1432

@gledis69 gledis69 Awaiting requested review from gledis69

@milismsft milismsft Awaiting requested review from milismsft

@junsu0ms junsu0ms Awaiting requested review from junsu0ms

@tarazou9 tarazou9 Awaiting requested review from tarazou9

@abhishekkumams abhishekkumams Awaiting requested review from abhishekkumams

@aaronpowell aaronpowell Awaiting requested review from aaronpowell

@severussundar severussundar Awaiting requested review from severussundar

@ravishetye ravishetye Awaiting requested review from ravishetye

+1 more reviewer

@ayush3797 ayush3797 ayush3797 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@Aniruddh25 @seantleonard @ayush3797 @aaronburtle