From adef12f8d6101cc3774130eff8ce86ebeefd4952 Mon Sep 17 00:00:00 2001
From: Paul Astbury-Thomas <slalFe@outlook.com>
Date: Mon, 13 Nov 2023 17:40:19 +0000
Subject: [PATCH] Replacing deprecated Confluent packages in Squidex.Extensions
 (#1039)

- Confluent.Apache.Avro has a dependency on log4net 2.0.8 that has been flagged as having a critical vulnerability (CVE-2018-1285)
- This also means Confluent.Kafka (now a transitive dependency) has been implicitly upgraded to 2.3.0
---
 .../extensions/Squidex.Extensions/Squidex.Extensions.csproj | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/backend/extensions/Squidex.Extensions/Squidex.Extensions.csproj b/backend/extensions/Squidex.Extensions/Squidex.Extensions.csproj
index 202974e454..63646d3a9a 100644
--- a/backend/extensions/Squidex.Extensions/Squidex.Extensions.csproj
+++ b/backend/extensions/Squidex.Extensions/Squidex.Extensions.csproj
@@ -13,11 +13,9 @@
     <PackageReference Include="Algolia.Search" Version="6.14.0" />
 	<PackageReference Include="Azure.Monitor.OpenTelemetry.Exporter" Version="1.0.0-beta.3" />
 	<PackageReference Include="Azure.Search.Documents" Version="11.4.0" />
-	<PackageReference Include="Confluent.Apache.Avro" Version="1.7.7.7" />
-	<PackageReference Include="Confluent.Kafka" Version="2.1.1" />
-	<PackageReference Include="Confluent.SchemaRegistry.Serdes" Version="1.3.0" />
+	<PackageReference Include="Confluent.SchemaRegistry.Serdes.Avro" Version="2.3.0" />
 	<PackageReference Include="CoreTweet" Version="1.0.0.483" />
-	<PackageReference Include="Elasticsearch.Net" Version="7.17.5" /> 
+	<PackageReference Include="Elasticsearch.Net" Version="7.17.5" />
 	<PackageReference Include="Google.Cloud.Diagnostics.Common" Version="4.4.0" />
 	<PackageReference Include="Google.Cloud.Logging.V2" Version="3.6.0" />
 	<PackageReference Include="Meziantou.Analyzer" Version="2.0.62">