Serraniel/DiscordMediaLoader
1
0
Fork 0
Code Issues 30 Pull requests 16 Packages Projects Releases 18 Wiki Activity

[Snyk] Security upgrade Newtonsoft.Json from 12.0.2 to 13.0.1 #117

Open
Serraniel wants to merge 1 commit from snyk-fix-768f3f40820a0776a039141249c31abf into master
pull from: snyk-fix-768f3f40820a0776a039141249c31abf
merge into: Serraniel:master
Conversation 0 Commits 1 Files changed 1 +1 -1
Serraniel commented 2022-04-25 05:28:27 +02:00 (Migrated from github.com)
Copy link

This PR was automatically created by Snyk using the credentials of a real user.


Snyk has created this PR to fix one or more vulnerable packages in the `nuget` dependencies of this project.

Changes included in this PR

  • Changes to the following files to upgrade the vulnerable dependencies to a fixed version:
    • Discord Media Loader.Application/packages.config

Vulnerabilities that will be fixed

With an upgrade:
Severity Priority Score (*) Issue Breaking Change Exploit Maturity
high severity 768/1000
Why? Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5		 Insecure Defaults
SNYK-DOTNET-NEWTONSOFTJSON-2774678		 Yes Proof of Concept

(*) Note that the real score may have changed since the PR was raised.

Check the changes in this PR to ensure they won't cause issues with your project.

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report

🛠 Adjust project settings

📚 Read more about Snyk's upgrade and patch logic

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

<p>This PR was automatically created by Snyk using the credentials of a real user.</p><br /><h3>Snyk has created this PR to fix one or more vulnerable packages in the `nuget` dependencies of this project.</h3> #### Changes included in this PR - Changes to the following files to upgrade the vulnerable dependencies to a fixed version: - Discord Media Loader.Application/packages.config #### Vulnerabilities that will be fixed ##### With an upgrade: Severity | Priority Score (*) | Issue | Breaking Change | Exploit Maturity :-------------------------:|-------------------------|:-------------------------|:-------------------------|:------------------------- ![high severity](https://res.cloudinary.com/snyk/image/upload/w_20,h_20/v1561977819/icon/h.png "high severity") | **768/1000** <br/> **Why?** Proof of Concept exploit, Recently disclosed, Has a fix available, CVSS 7.5 | Insecure Defaults <br/>[SNYK-DOTNET-NEWTONSOFTJSON-2774678](https://snyk.io/vuln/SNYK-DOTNET-NEWTONSOFTJSON-2774678) | Yes | Proof of Concept (*) Note that the real score may have changed since the PR was raised. Check the changes in this PR to ensure they won't cause issues with your project. ------------ **Note:** *You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.* For more information: <img src="https://api.segment.io/v1/pixel/track?data=eyJ3cml0ZUtleSI6InJyWmxZcEdHY2RyTHZsb0lYd0dUcVg4WkFRTnNCOUEwIiwiYW5vbnltb3VzSWQiOiIwMGMxM2I3ZS03MTFjLTQxYjEtOTMzMC0xM2ZiZDQ2ZWJjNDIiLCJldmVudCI6IlBSIHZpZXdlZCIsInByb3BlcnRpZXMiOnsicHJJZCI6IjAwYzEzYjdlLTcxMWMtNDFiMS05MzMwLTEzZmJkNDZlYmM0MiJ9fQ==" width="0" height="0"/> 🧐 [View latest project report](https://app.snyk.io/org/serraniel/project/514fc92f-16a1-42cd-8446-b8234591c59a?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr) 🛠 [Adjust project settings](https://app.snyk.io/org/serraniel/project/514fc92f-16a1-42cd-8446-b8234591c59a?utm_source&#x3D;github&amp;utm_medium&#x3D;referral&amp;page&#x3D;fix-pr/settings) 📚 [Read more about Snyk's upgrade and patch logic](https://support.snyk.io/hc/en-us/articles/360003891078-Snyk-patches-to-fix-vulnerabilities) [//]: # (snyk:metadata:{"prId":"00c13b7e-711c-41b1-9330-13fbd46ebc42","prPublicId":"00c13b7e-711c-41b1-9330-13fbd46ebc42","dependencies":[{"name":"Newtonsoft.Json","from":"12.0.2","to":"13.0.1"}],"packageManager":"nuget","projectPublicId":"514fc92f-16a1-42cd-8446-b8234591c59a","projectUrl":"https://app.snyk.io/org/serraniel/project/514fc92f-16a1-42cd-8446-b8234591c59a?utm_source=github&utm_medium=referral&page=fix-pr","type":"auto","patch":[],"vulns":["SNYK-DOTNET-NEWTONSOFTJSON-2774678"],"upgrade":["SNYK-DOTNET-NEWTONSOFTJSON-2774678"],"isBreakingChange":true,"env":"prod","prType":"fix","templateVariants":["updated-fix-title","priorityScore"],"priorityScoreList":[768]}) --- **Learn how to fix vulnerabilities with free interactive lessons:** 🦉 [Learn about vulnerability in an interactive lesson of Snyk Learn.](https://learn.snyk.io?loc&#x3D;fix-pr)
This pull request can be merged automatically.
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin snyk-fix-768f3f40820a0776a039141249c31abf:snyk-fix-768f3f40820a0776a039141249c31abf
git checkout snyk-fix-768f3f40820a0776a039141249c31abf

Merge

Merge the changes and update on Forgejo.
git checkout master
git merge --no-ff snyk-fix-768f3f40820a0776a039141249c31abf
git checkout master
git merge --ff-only snyk-fix-768f3f40820a0776a039141249c31abf
git checkout snyk-fix-768f3f40820a0776a039141249c31abf
git rebase master
git checkout master
git merge --no-ff snyk-fix-768f3f40820a0776a039141249c31abf
git checkout master
git merge --squash snyk-fix-768f3f40820a0776a039141249c31abf
git checkout master
git merge --ff-only snyk-fix-768f3f40820a0776a039141249c31abf
git checkout master
git merge snyk-fix-768f3f40820a0776a039141249c31abf
git push origin master
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
beta

This feature will be implemented in the beta branch first

  
bug

Something isn't working

  
dependencies

Pull requests that update a dependency file

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
invalid

This doesn't seem right

  
postponed

This issue has been postponed to a later release

  
question

Further information is requested

  
release: bugfix

This issue will be closed with the next bugfix release

  
release: major

This issue will be closed with the next major release

  
release: minor

This issue will be closed with the next minor release

  
repository improvment

This is an improvment to the repository only

  
required

This issue is required to be closed for the next release

  
unclear

This issue is unclear

  
wontfix

This will not be worked on

No labels
beta
bug
dependencies
duplicate
enhancement
invalid
postponed
question
release: bugfix
release: major
release: minor
repository improvment
required
unclear
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Serraniel/DiscordMediaLoader#117
No description provided.
Delete branch "snyk-fix-768f3f40820a0776a039141249c31abf"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?