Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore(dependencies): bump System.Text.Json to 8.0.4 #875

Merged
merged 1 commit into from
Jul 29, 2024
Merged

chore(dependencies): bump System.Text.Json to 8.0.4 #875

merged 1 commit into from
Jul 29, 2024

Conversation

ntruchsess
Copy link
Contributor

@ntruchsess ntruchsess commented Jul 26, 2024
edited
Loading

Description

Set Framework.Logging dependency on Serilog.Settings.Configuration to 8.0.2
Remove redundant dependencies on Microsoft.Extensions.Hosting

Why

System.Text.Json 8.0.0 has a vulnerability that must be fixed. Serilog.Settings.Configuration 8.0.0 is implicitly depending on System.Text.Json 8.0.0. Upgrading to 8.0.2 implicitly updates the dependency on System.Text.Json to 8.0.4 which solves the security-issue.
Microsoft.Extensions.Hosting also depends on System.Text.Json 8.0.0

Issue

eclipse-tractusx/portal#369

Checklist

Please delete options that are not relevant.

  • I have followed the contributing guidelines
  • I have performed a self-review of my own code
  • I have successfully tested my changes locally
  • I have checked that new and existing tests pass locally with my changes

@ntruchsess ntruchsess changed the base branch from main to release/v2.1.0-RC2 July 26, 2024 11:58
@ntruchsess ntruchsess changed the title Chore/json text chore(dependencies): upgrade Serilog.Settings.Configuration to 8.0.2 Jul 26, 2024
@ntruchsess ntruchsess marked this pull request as ready for review July 26, 2024 12:00
@ntruchsess ntruchsess requested a review from evegufy July 26, 2024 12:02
@ntruchsess
upgrade implicit dependencies on System.Text.Json
ac3481f 
* Serilog.Settings.Configuration to 8.0.2
* remove redundant dependencies on Microsoft.Extensions.Hosting
@ntruchsess ntruchsess changed the title chore(dependencies): upgrade Serilog.Settings.Configuration to 8.0.2 chore(dependencies): bump System.Text.Json to 8.0.2 Jul 26, 2024
@ntruchsess ntruchsess changed the title chore(dependencies): bump System.Text.Json to 8.0.2 chore(dependencies): bump System.Text.Json to 8.0.4 Jul 26, 2024
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@evegufy evegufy requested a review from Phil91 July 29, 2024 06:27
This was referenced Jul 29, 2024
Merged
Merged
Merged
@ntruchsess ntruchsess merged commit 237ef9b into release/v2.1.0-RC2 Jul 29, 2024
13 checks passed
@ntruchsess ntruchsess deleted the chore/json-text branch July 29, 2024 09:27
ntruchsess added a commit that referenced this pull request Jul 29, 2024
@ntruchsess
upgrade implicit dependencies on System.Text.Json (#875)
0b180d9 
* Serilog.Settings.Configuration to 8.0.2
* remove redundant dependencies on Microsoft.Extensions.Hosting
ntruchsess added a commit that referenced this pull request Jul 29, 2024
@ntruchsess
Merge pull request #884 from eclipse-tractusx/chore/merge_to_main
9dfa228 
* fix(apps): remove leading '/' from the activate subscription endpoint (#861)
Refs: #856
* bug(offersubscription): suppress activation of external serviceaccounts in keycloak on subscription-activation (#864)
Refs: #856
* fix(dim): fix callback logic for dim requests (#863)
Refs: #862
chore(dependencies): bump efcore to 8.0.7 (#857)
* increase efcore version to latest 8.0.7 to resolve security-issue in transitive dependency in System.Text.Json
* fix(offersubscription): skip optional autosetupprovidercallback  if it is not configured (#865)
* add clientPrefix  to workers appsettings (#870)
* fix: enhance subscription/provider endpoint with external Service data (#867)
Refs: #841
* fix(sdDoc): set process step to skipped if ClearinghouseConnectDisabled is true (#874)
Refs: #792
* build(deps): bump MimeKit from 4.3.0 to 4.7.1 (#833)
eclipse-tractusx/portal#369
* build(deps): bump MimeKit from 4.3.0 to 4.7.1 in /tests/endtoend
Bumps MimeKit from 4.3.0 to 4.7.1.
---
updated-dependencies:
- dependency-name: MimeKit
  dependency-type: direct:production
...
* chore: upgrade mimekit in sendmail project
* chore: update dependencies file
---------
* upgrade implicit dependencies on System.Text.Json (#875)
* Serilog.Settings.Configuration to 8.0.2
* remove redundant dependencies on Microsoft.Extensions.Hosting
* bump framework version to 2.4.2 after merge of main
---------
Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Norbert Truchsess <[email protected]>
Co-authored-by: Phil Schneider <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Evelyn Gurschler <[email protected]>
Reviewed-By: Evelyn Gurschler <[email protected]>
Reviewed-By: Norbert Truchsess <[email protected]>
Reviewed-By: Phil Schneider <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@evegufy evegufy evegufy approved these changes

@Phil91 Phil91 Phil91 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ntruchsess @Phil91 @evegufy