Skip to content

Commit

Permalink
Update System.Text.Json in the fakerunner group to 8.0.4 to fix vulne…
Browse files Browse the repository at this point in the history 
…rability (fsprojects#2805)

Update System.Text.Json in the fakerunner group to 8.0.4 to fix GHSA-hh2w-p6rv-4g7w

### Description

fake-cli has a transitive dependency on System.Text.Json, via Microsoft.Deployment.DotNet.Releases.

The fake-cli 6.1.0 nuget package contains a v7.0.x copy of that, which is listed as suffering from GHSA-hh2w-p6rv-4g7w

This is an attempt at fixing that, by updating to the fixed 8.0.4 version.

I'm not sure if this is the best way to do the update, as I'm still not getting to grips with managing transitive dependencies with Paket :-(
  • Loading branch information
@Numpsy
Numpsy authored Aug 30, 2024
1 parent eeae957 commit 7ef3837
Show file tree
Hide file tree
Showing 2 changed files with 14 additions and 15 deletions.
1 change: 1 addition & 0 deletions paket.dependencies
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,7 @@ group fakerunner
nuget FSharp.Core
nuget FSharp.Compiler.Service
nuget Microsoft.Deployment.DotNet.Releases
nuget System.Text.Json 8.0.4 # Update the ref in Microsoft.Deployment.DotNet.Releases to fix https://github.com/advisories/GHSA-hh2w-p6rv-4g7w
nuget NuGet.Packaging
nuget Paket.Core 8.1.0-alpha004
nuget Mono.Cecil
Expand Down
28 changes: 13 additions & 15 deletions paket.lock
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1328,7 +1328,7 @@ NUGET
System.Reflection.Metadata (>= 7.0)
System.Runtime.CompilerServices.Unsafe (>= 6.0)
FSharp.Core (8.0.301)
Microsoft.Bcl.AsyncInterfaces (7.0) - restriction: || (== net472) (&& (== net6.0) (>= net462)) (== netcoreapp2.1) (== netstandard2.0)
Microsoft.Bcl.AsyncInterfaces (8.0) - restriction: || (== net472) (&& (== net6.0) (>= net462)) (== netcoreapp2.1) (== netstandard2.0)
System.Threading.Tasks.Extensions (>= 4.5.4) - restriction: || (== net472) (&& (== net6.0) (>= net462)) (&& (== net6.0) (< netstandard2.1)) (== netcoreapp2.1) (== netstandard2.0)
Microsoft.Deployment.DotNet.Releases (1.0)
System.Text.Json (>= 7.0.1)
Expand Down Expand Up @@ -1438,10 +1438,9 @@ NUGET
Microsoft.NETCore.Platforms (>= 1.1) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
Microsoft.NETCore.Targets (>= 1.1) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Runtime (>= 4.3) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Formats.Asn1 (8.0.1)
System.Formats.Asn1 (8.0.1) - restriction: || (&& (== net472) (>= net5.0)) (&& (== net472) (>= netcoreapp3.0)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Buffers (>= 4.5.1) - restriction: || (== net472) (&& (== net6.0) (>= net462)) (== netcoreapp2.1) (== netstandard2.0)
System.Memory (>= 4.5.5) - restriction: || (== net472) (&& (== net6.0) (>= net462)) (== netcoreapp2.1) (== netstandard2.0)
System.ValueTuple (>= 4.5) - restriction: || (== net472) (&& (== net6.0) (>= net462)) (&& (== netcoreapp2.1) (>= net462)) (&& (== netstandard2.0) (>= net462))
System.Globalization (4.3) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
Microsoft.NETCore.Platforms (>= 1.1) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
Microsoft.NETCore.Targets (>= 1.1) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
Expand Down Expand Up @@ -1483,7 +1482,7 @@ NUGET
System.Runtime.Extensions (>= 4.3) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Memory (4.5.5)
System.Buffers (>= 4.5.1) - restriction: || (== net472) (&& (== net6.0) (>= monotouch)) (&& (== net6.0) (>= net461)) (&& (== net6.0) (< netcoreapp2.0)) (&& (== net6.0) (< netstandard1.1)) (&& (== net6.0) (< netstandard2.0)) (&& (== net6.0) (>= xamarinios)) (&& (== net6.0) (>= xamarinmac)) (&& (== net6.0) (>= xamarintvos)) (&& (== net6.0) (>= xamarinwatchos)) (&& (== netcoreapp2.1) (>= monotouch)) (&& (== netcoreapp2.1) (>= net461)) (&& (== netcoreapp2.1) (< netcoreapp2.0)) (&& (== netcoreapp2.1) (< netstandard1.1)) (&& (== netcoreapp2.1) (< netstandard2.0)) (&& (== netcoreapp2.1) (>= xamarinios)) (&& (== netcoreapp2.1) (>= xamarinmac)) (&& (== netcoreapp2.1) (>= xamarintvos)) (&& (== netcoreapp2.1) (>= xamarinwatchos)) (== netstandard2.0)
System.Numerics.Vectors (>= 4.4) - restriction: || (&& (== net472) (== net6.0)) (&& (== net472) (== netcoreapp2.1)) (&& (== net472) (< net45)) (&& (== net6.0) (< netcoreapp2.0)) (&& (== netcoreapp2.1) (< netcoreapp2.0)) (== netstandard2.0)
System.Numerics.Vectors (>= 4.4) - restriction: || (&& (== net472) (< net45)) (&& (== net6.0) (< netcoreapp2.0)) (&& (== netcoreapp2.1) (< netcoreapp2.0)) (== netstandard2.0)
System.Numerics.Vectors (>= 4.5) - restriction: || (== net472) (&& (== net6.0) (>= net461)) (&& (== netcoreapp2.1) (>= net461)) (&& (== netstandard2.0) (>= net461))
System.Runtime.CompilerServices.Unsafe (>= 4.5.3) - restriction: || (== net472) (&& (== net6.0) (>= monotouch)) (&& (== net6.0) (>= net461)) (&& (== net6.0) (< netcoreapp2.0)) (&& (== net6.0) (< netcoreapp2.1)) (&& (== net6.0) (< netstandard1.1)) (&& (== net6.0) (< netstandard2.0)) (&& (== net6.0) (>= uap10.1)) (&& (== net6.0) (>= xamarinios)) (&& (== net6.0) (>= xamarinmac)) (&& (== net6.0) (>= xamarintvos)) (&& (== net6.0) (>= xamarinwatchos)) (&& (== netcoreapp2.1) (>= monotouch)) (&& (== netcoreapp2.1) (>= net461)) (&& (== netcoreapp2.1) (< netcoreapp2.0)) (&& (== netcoreapp2.1) (< netstandard1.1)) (&& (== netcoreapp2.1) (< netstandard2.0)) (&& (== netcoreapp2.1) (>= uap10.1)) (&& (== netcoreapp2.1) (>= xamarinios)) (&& (== netcoreapp2.1) (>= xamarinmac)) (&& (== netcoreapp2.1) (>= xamarintvos)) (&& (== netcoreapp2.1) (>= xamarinwatchos)) (== netstandard2.0)
System.Net.Http (4.3.4) - restriction: || (&& (== net472) (< net461)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
Expand Down Expand Up @@ -1521,15 +1520,15 @@ NUGET
Microsoft.NETCore.Targets (>= 1.1.3) - restriction: || (&& (== net472) (< net45)) (&& (== net472) (< netstandard1.1)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Runtime (>= 4.3.1) - restriction: || (&& (== net472) (< net45)) (&& (== net472) (< netstandard1.1)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Runtime.Handles (>= 4.3) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Numerics.Vectors (4.5) - restriction: || (== net472) (&& (== net6.0) (>= net461)) (&& (== net6.0) (>= net462)) (&& (== net6.0) (< netcoreapp2.0)) (== netcoreapp2.1) (== netstandard2.0)
System.Numerics.Vectors (4.5) - restriction: || (== net472) (&& (== net6.0) (>= net461)) (&& (== net6.0) (< netcoreapp2.0)) (&& (== netcoreapp2.1) (>= net461)) (&& (== netcoreapp2.1) (< netcoreapp2.0)) (== netstandard2.0)
System.Reflection (4.3) - restriction: || (&& (== net472) (< net462)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
Microsoft.NETCore.Platforms (>= 1.1) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
Microsoft.NETCore.Targets (>= 1.1) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.IO (>= 4.3) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Reflection.Primitives (>= 4.3) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Runtime (>= 4.3) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Reflection.Emit (4.7)
System.Reflection.Emit.ILGeneration (>= 4.7) - restriction: || (&& (== net472) (== net6.0)) (&& (== net472) (== netcoreapp2.1)) (&& (== net472) (< net45)) (&& (== net472) (< netstandard1.1)) (&& (== net472) (< netstandard2.0) (>= wpa81)) (&& (== net472) (>= uap10.1)) (&& (== net6.0) (< netcoreapp2.0) (< netstandard2.1)) (&& (== net6.0) (< netstandard1.1)) (&& (== net6.0) (< netstandard2.0)) (&& (== net6.0) (>= uap10.1)) (&& (== netcoreapp2.1) (< netcoreapp2.0)) (&& (== netcoreapp2.1) (< netstandard1.1)) (&& (== netcoreapp2.1) (< netstandard2.0)) (&& (== netcoreapp2.1) (>= uap10.1)) (== netstandard2.0)
System.Reflection.Emit.ILGeneration (>= 4.7) - restriction: || (&& (== net472) (< net45)) (&& (== net472) (< netstandard1.1)) (&& (== net472) (< netstandard2.0) (>= wpa81)) (&& (== net472) (>= uap10.1)) (&& (== net6.0) (< netcoreapp2.0) (< netstandard2.1)) (&& (== net6.0) (< netstandard1.1)) (&& (== net6.0) (< netstandard2.0)) (&& (== net6.0) (>= uap10.1)) (&& (== netcoreapp2.1) (< netcoreapp2.0)) (&& (== netcoreapp2.1) (< netstandard1.1)) (&& (== netcoreapp2.1) (< netstandard2.0)) (&& (== netcoreapp2.1) (>= uap10.1)) (== netstandard2.0)
System.Reflection.Emit.ILGeneration (4.7) - restriction: || (&& (== net472) (== net6.0)) (&& (== net472) (== netcoreapp2.1)) (&& (== net472) (< net45)) (&& (== net472) (< netstandard1.1)) (&& (== net472) (< netstandard2.0) (>= wpa81)) (&& (== net472) (>= uap10.1)) (&& (== net6.0) (< netcoreapp2.0) (< netstandard2.1)) (&& (== net6.0) (< netstandard1.1)) (&& (== net6.0) (< netstandard2.0)) (&& (== net6.0) (>= uap10.1)) (&& (== netcoreapp2.1) (< netcoreapp2.0)) (&& (== netcoreapp2.1) (< netstandard1.1)) (&& (== netcoreapp2.1) (< netstandard2.0)) (&& (== netcoreapp2.1) (>= uap10.1)) (== netstandard2.0)
System.Reflection.Metadata (8.0)
System.Collections.Immutable (>= 8.0)
Expand Down Expand Up @@ -1618,10 +1617,10 @@ NUGET
System.Security.Cryptography.OpenSsl (5.0) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Formats.Asn1 (>= 5.0) - restriction: || (&& (== net472) (>= netcoreapp3.0)) (== net6.0) (&& (== netcoreapp2.1) (>= netcoreapp3.0)) (&& (== netstandard2.0) (>= netcoreapp3.0))
System.Security.Cryptography.Pkcs (7.0.3) - restriction: || (&& (== net472) (>= net5.0)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Buffers (>= 4.5.1) - restriction: || (&& (== net472) (== net6.0)) (&& (== net472) (< net462)) (&& (== net6.0) (< netstandard2.1)) (== netcoreapp2.1) (== netstandard2.0)
System.Buffers (>= 4.5.1) - restriction: || (&& (== net472) (< net462)) (&& (== net6.0) (< netstandard2.1)) (== netcoreapp2.1) (== netstandard2.0)
System.Formats.Asn1 (>= 7.0) - restriction: || (&& (== net472) (< net462)) (&& (== net472) (>= netstandard2.1)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Memory (>= 4.5.5) - restriction: || (&& (== net472) (== net6.0)) (&& (== net472) (< net462)) (&& (== net6.0) (< netstandard2.1)) (== netcoreapp2.1) (== netstandard2.0)
System.Security.Cryptography.Cng (>= 5.0) - restriction: || (&& (== net472) (== net6.0)) (&& (== net472) (< net462)) (&& (== net472) (>= netstandard2.1)) (&& (== net6.0) (< netstandard2.1)) (== netcoreapp2.1) (== netstandard2.0)
System.Memory (>= 4.5.5) - restriction: || (&& (== net472) (< net462)) (&& (== net6.0) (< netstandard2.1)) (== netcoreapp2.1) (== netstandard2.0)
System.Security.Cryptography.Cng (>= 5.0) - restriction: || (&& (== net472) (< net462)) (&& (== net472) (>= netstandard2.1)) (&& (== net6.0) (< netstandard2.1)) (== netcoreapp2.1) (== netstandard2.0)
System.Security.Cryptography.Primitives (4.3) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Diagnostics.Debug (>= 4.3) - restriction: || (&& (== net472) (< net46)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Globalization (>= 4.3) - restriction: || (&& (== net472) (< net46)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
Expand All @@ -1631,7 +1630,7 @@ NUGET
System.Threading (>= 4.3) - restriction: || (&& (== net472) (< net46)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Threading.Tasks (>= 4.3) - restriction: || (&& (== net472) (< net46)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Security.Cryptography.ProtectedData (6.0)
System.Memory (>= 4.5.4) - restriction: || (&& (== net472) (== net6.0)) (&& (== net472) (< net461)) (== netcoreapp2.1) (== netstandard2.0)
System.Memory (>= 4.5.4) - restriction: || (&& (== net472) (< net461)) (== netcoreapp2.1) (== netstandard2.0)
System.Security.Cryptography.X509Certificates (4.3.2) - restriction: || (&& (== net472) (< net45)) (&& (== net472) (< net461)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
Microsoft.NETCore.Platforms (>= 1.1) - restriction: || (&& (== net472) (< net46)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
runtime.native.System (>= 4.3) - restriction: || (&& (== net472) (< net46)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
Expand Down Expand Up @@ -1662,17 +1661,16 @@ NUGET
Microsoft.NETCore.Platforms (>= 1.1) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
Microsoft.NETCore.Targets (>= 1.1) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Runtime (>= 4.3) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
System.Text.Encodings.Web (7.0)
System.Text.Encodings.Web (8.0)
System.Buffers (>= 4.5.1) - restriction: || (== net472) (&& (== net6.0) (>= net462)) (== netcoreapp2.1) (== netstandard2.0)
System.Memory (>= 4.5.5) - restriction: || (== net472) (&& (== net6.0) (>= net462)) (== netcoreapp2.1) (== netstandard2.0)
System.Runtime.CompilerServices.Unsafe (>= 6.0)
System.Text.Json (7.0.3)
Microsoft.Bcl.AsyncInterfaces (>= 7.0) - restriction: || (== net472) (&& (== net6.0) (>= net462)) (== netcoreapp2.1) (== netstandard2.0)
System.Text.Json (8.0.4)
Microsoft.Bcl.AsyncInterfaces (>= 8.0) - restriction: || (== net472) (&& (== net6.0) (>= net462)) (== netcoreapp2.1) (== netstandard2.0)
System.Buffers (>= 4.5.1) - restriction: || (== net472) (&& (== net6.0) (>= net462)) (== netcoreapp2.1) (== netstandard2.0)
System.Memory (>= 4.5.5) - restriction: || (== net472) (&& (== net6.0) (>= net462)) (== netcoreapp2.1) (== netstandard2.0)
System.Numerics.Vectors (>= 4.5) - restriction: || (== net472) (&& (== net6.0) (>= net462)) (== netcoreapp2.1) (== netstandard2.0)
System.Runtime.CompilerServices.Unsafe (>= 6.0)
System.Text.Encodings.Web (>= 7.0)
System.Text.Encodings.Web (>= 8.0)
System.Threading.Tasks.Extensions (>= 4.5.4) - restriction: || (== net472) (&& (== net6.0) (>= net462)) (== netcoreapp2.1) (== netstandard2.0)
System.ValueTuple (>= 4.5) - restriction: || (== net472) (&& (== net6.0) (>= net462)) (&& (== netcoreapp2.1) (>= net462)) (&& (== netstandard2.0) (>= net462))
System.Threading (4.3) - restriction: || (&& (== net472) (< net45)) (== net6.0) (== netcoreapp2.1) (== netstandard2.0)
Expand Down

0 comments on commit 7ef3837

Please sign in to comment.