Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
[QUERY] Azure.MixedReality.Authentication transitive dependency on Newtonsoft.Json 10.0.1
See original GitHub issueLibrary name and version
Azure.MixedReality.Authentication
Query/Question
I’m the current maintainer for Azure.MixedReality.Authentication. It currently depends on System.IdentityModel.Tokens.Jwt 5.4.0 to perform JWT validation. That version of System.IdentityModel.Tokens.Jwt also depends on Newtonsoft.Json 10.0.1, which contains a vulnerability that gets flagged by scanners. The version of System.IdentityModel.Tokens.Jwt is dictated here. Newer versions (6.x) of System.IdentityModel.Tokens.Jwt have actually removed the Newtonsoft.Json dependency. Is there any interest in updating the common version, should I override the version I use in Azure.MixedReality.Authentication, or do you have suggestions for a replacement for this functionality?
Environment
No response
Issue Analytics
- State:
- Created a year ago
- Comments:8 (8 by maintainers)
Top Results From Across the Web
Top Related Medium Post
Top Related StackOverflow Question
Troubleshoot Live Code
Top Related Reddit Thread
Top Related Hackernoon Post
Top Related Tweet
Top Related Dev.to Post
Top Related Hashnode Post
But, in general, we don’t want SDKs using
@OverrideVersionunless absolutely necessary because it breaks central management of dependencies, which is done to improve compatibility between our SDKs and other partners like theAzPowerShell modules.Per your suggestion, i’ve updated the common version since I believe we’re the only Track 2 SDK shipping a dependency on that library. See #29822.