From a72501989d5b03f3f22257d41416d59695f1bd3c Mon Sep 17 00:00:00 2001 From: Erik Mavrinac <erikmav@microsoft.com> Date: Tue, 5 Nov 2024 09:00:16 -0800 Subject: [PATCH] Downgrade System.Text.Json to 8.0.4 (#590) Insecure version needed for package compatibility with downlevel Visual Studio versions. VS team working on a general fix. Upgrade tracked in #591 --- Directory.Packages.props | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/Directory.Packages.props b/Directory.Packages.props index afd80ff..08b2ce0 100644 --- a/Directory.Packages.props +++ b/Directory.Packages.props @@ -15,7 +15,12 @@ <PackageVersion Include="Newtonsoft.Json" Version="13.0.3" /> <PackageVersion Include="System.CodeDom" Version="8.0.0" /> <PackageVersion Include="System.Collections.Immutable" Version="8.0.0" /> - <PackageVersion Include="System.Text.Json" Version="8.0.5" /> + + <!-- Suppress high vuln Component Governance alert. >8.0.4 breaks downlevel VS installations. VS team working to fix. --> + <!-- https://github.com/microsoft/MSBuildSdks/issues/591 --> + <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-8g4q-xg66-9fp4" /> + <PackageVersion Include="System.Text.Json" Version="8.0.4" /> + <PackageVersion Include="System.Threading.Tasks.Dataflow" Version="8.0.1" /> <!-- Pinning vulnerable packages -->