Update SystemTextJsonVersion

[am11]

Fix:

$ ./build.sh
...
dotnet-install: To check the list of dependencies, go to https://learn.microsoft.com/dotnet/core/install, select your operating system and check the "Dependencies" section.
Restore complete (43.7s)
  diagnostics failed with 19 error(s) (86.1s)
    /foo77/diagnostics/src/Microsoft.Diagnostics.DebugServices.Implementation/Microsoft.Diagnostics.DebugServices.Implementation.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.4 has a known high severity vulnerability, https://github.com/advisories/GHSA-8g4q-xg66-9fp4
    /foo77/diagnostics/src/SOS/SOS.Extensions/SOS.Extensions.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.4 has a known high severity vulnerability, https://github.com/advisories/GHSA-8g4q-xg66-9fp4
    /foo77/diagnostics/src/Tools/dotnet-symbol/dotnet-symbol.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 6.0.9 has a known high severity vulnerability, https://github.com/advisories/GHSA-8g4q-xg66-9fp4
    /foo77/diagnostics/src/Tools/dotnet-trace/dotnet-trace.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.4 has a known high severity vulnerability, https://github.com/advisories/GHSA-8g4q-xg66-9fp4
    /foo77/diagnostics/src/Tools/dotnet-counters/dotnet-counters.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.4 has a known high severity vulnerability, https://github.com/advisories/GHSA-8g4q-xg66-9fp4
    /foo77/diagnostics/src/Tools/dotnet-dsrouter/dotnet-dsrouter.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 6.0.0 has a known high severity vulnerability, https://github.com/advisories/GHSA-8g4q-xg66-9fp4
    /foo77/diagnostics/src/Microsoft.Diagnostics.Monitoring.EventPipe/Microsoft.Diagnostics.Monitoring.EventPipe.csproj : error NU1903: Warning As Error: Package 'System.Text.Json' 8.0.4 has a known high severity vulnerability, https://github.com/advisories/GHSA-8g4q-xg66-9fp4

related PR dotnet/runtime#108704

[calexander3]

Hey everyone. Can you release this? CVE-2024-43485 is giving me some trouble and this would resolve it.

[mikem8361]

We will be doing another release in November.

[calexander3]

OK. That is unfortunate news as I can't use these tools while there is a high CVE present.

[tomkerkhove]

+1 on being unfortunate. We'll need to pull it out of our image.

[mikem8361]

You can install the latest builds with this fix with this feed: https://dev.azure.com/dnceng/public/_artifacts/feed/dotnet-tools

For example:

dotnet tool install -g dotnet-sos --add-source https://dev.azure.com/dnceng/public/_artifacts/feed/dotnet-tools

[mikem8361]

This fix has official been released now in 9.0.553101.