From a72501989d5b03f3f22257d41416d59695f1bd3c Mon Sep 17 00:00:00 2001
From: Erik Mavrinac <erikmav@microsoft.com>
Date: Tue, 5 Nov 2024 09:00:16 -0800
Subject: [PATCH] Downgrade System.Text.Json to 8.0.4 (#590)

Insecure version needed for package compatibility with downlevel Visual Studio versions. VS team working on a general fix. Upgrade tracked in #591
---
 Directory.Packages.props | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/Directory.Packages.props b/Directory.Packages.props
index afd80ff..08b2ce0 100644
--- a/Directory.Packages.props
+++ b/Directory.Packages.props
@@ -15,7 +15,12 @@
     <PackageVersion Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageVersion Include="System.CodeDom" Version="8.0.0" />
     <PackageVersion Include="System.Collections.Immutable" Version="8.0.0" />
-    <PackageVersion Include="System.Text.Json" Version="8.0.5" />
+
+    <!-- Suppress high vuln Component Governance alert. >8.0.4 breaks downlevel VS installations. VS team working to fix. -->
+    <!-- https://github.com/microsoft/MSBuildSdks/issues/591 -->
+    <NuGetAuditSuppress Include="https://github.com/advisories/GHSA-8g4q-xg66-9fp4" />
+    <PackageVersion Include="System.Text.Json" Version="8.0.4" />
+
     <PackageVersion Include="System.Threading.Tasks.Dataflow" Version="8.0.1" /> 
 
     <!-- Pinning vulnerable packages -->