[Space-Age] Warning on vulnerability in transitive dependency Newtonsoft.Json 9.0.1 #1302
Description
Hi !
First thanks for you work on the F# track, it's a pleasure to learn the language on Exercism !
When building the exercise space-age, I have the following warnings:
Restore succeeded with 1 warning(s) in 0.6s
/exercism_workspace/fsharp/space-age/SpaceAge.fsproj : warning NU1903: Package 'Newtonsoft.Json' 9.0.1 has a known high severity vulnerability, https://github.com/advisories/GHSA-5crp-9r3c-p9vr
SpaceAge succeeded with 1 warning(s) (2.3s) → bin/Debug/net8.0/SpaceAge.dll
/exercism_workspace/fsharp/space-age/SpaceAge.fsproj : warning NU1903: Package 'Newtonsoft.Json' 9.0.1 has a known high severity vulnerability, https://github.com/advisories/GHSA-5crp-9r3c-p9vr
It appears that Newtonsoft.Json is a dependency of Microsoft.TestPlatform.TestHost/16.8.3 which in turn is a dependency of Microsoft.NET.Test.Sdk/16.8.3.
dotnet-outdated output that some packages could benefit from being bumped, and bumping Microsoft.NET.Test.Sdk to the latest version would remove the previous warning because Newtonsoft.Json is no longer a dependency.
❯ dotnet outdated
» SpaceAge
[net8.0]
FsUnit.xUnit 4.0.4 -> 6.0.1
Microsoft.NET.Test.Sdk 16.8.3 -> 17.12.0
xunit 2.4.1 -> 2.9.2
xunit.runner.visualstudio 2.4.3 -> 2.8.2 What do you think about it ?
I can make a PR to bump these packages if you agree.
Have a nice day :)