Transitive dependencies have high/critical security vulnerabilities

[mattjohnsonpint]

Add this package to a blank project and run dotnet list package --vulnerable --include-transitive

Project `MyApp` has the following vulnerable packages
   [net6.0]: 
   Transitive Package               Resolved   Severity   Advisory URL                                     
   > Newtonsoft.Json                9.0.1      High       https://github.com/advisories/GHSA-5crp-9r3c-p9vr
   > System.Text.Encodings.Web      4.5.0      Critical   https://github.com/advisories/GHSA-ghhp-997w-qr28

[jskeet]

Will sort this out on Monday, thanks.

[jskeet]

I think these are both actually via CloudNative.CloudEvents.AspNetCore. I'll update that and re-release, then update the dependency here to that new version.

[jskeet]

@mattjohnsonpint: Please could you see whether cloudevents/sdk-csharp#239 and cloudevents/sdk-csharp#240 look like the right approach to you?

[mattjohnsonpint]

Yes, that seems right to me.

[mattjohnsonpint]

This is fixed with version 1.1.0. Thanks!