fix: update System.Text.Json and others for vulnerabilities (#7)

stiefeljackal · Jul 9, 2024 · 0107a0f · 0107a0f
1 parent 141a2c8
commit 0107a0f
Show file tree

Hide file tree

Showing 10 changed files with 54 additions and 47 deletions.
diff --git a/AccountDownloader/AccountDownloader.csproj b/AccountDownloader/AccountDownloader.csproj
@@ -50,35 +50,36 @@
     <Content Include="Assets\AppIcon.ico" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Avalonia" Version="11.0.4" />
-    <PackageReference Include="Avalonia.Desktop" Version="11.0.4" />
+    <PackageReference Include="Avalonia" Version="11.0.11" />
+    <PackageReference Include="Avalonia.Desktop" Version="11.0.11" />
 
-    <PackageReference Include="Avalonia.Controls.ItemsRepeater" Version="11.0.4" />
-    <PackageReference Include="Avalonia.Controls.DataGrid" Version="11.0.4" />
+    <PackageReference Include="Avalonia.Controls.ItemsRepeater" Version="11.0.11" />
+    <PackageReference Include="Avalonia.Controls.DataGrid" Version="11.0.11" />
 
-    <PackageReference Include="Avalonia.Themes.Fluent" Version="11.0.4" />
-    <PackageReference Include="Avalonia.Themes.Simple" Version="11.0.4" />
+    <PackageReference Include="Avalonia.Themes.Fluent" Version="11.0.11" />
+    <PackageReference Include="Avalonia.Themes.Simple" Version="11.0.11" />
 
     <!--Condition below is needed to remove Avalonia.Diagnostics package from build output in Release configuration.-->
-    <PackageReference Condition="'$(Configuration)' == 'Debug'" Include="Avalonia.Diagnostics" Version="11.0.4" />
+    <PackageReference Condition="'$(Configuration)' == 'Debug'" Include="Avalonia.Diagnostics" Version="11.0.11" />
 
     <!-- Reactive UI Stuff-->
-    <PackageReference Include="Avalonia.ReactiveUI" Version="11.0.4" />
-    <PackageReference Include="ReactiveUI.Fody" Version="19.4.1" />
-    <PackageReference Include="ReactiveUI.Validation" Version="3.1.7" />
+    <PackageReference Include="Avalonia.ReactiveUI" Version="11.0.11" />
+    <PackageReference Include="ReactiveUI.Fody" Version="19.5.41" />
+    <PackageReference Include="ReactiveUI.Validation" Version="4.0.9" />
+    <PackageReference Include="SkiaSharp" Version="2.88.8" />
 
-    <PackageReference Include="Splat" Version="14.7.1" />
+    <PackageReference Include="Splat" Version="15.1.1" />
 
     <!-- Logging -->
-    <PackageReference Include="Serilog" Version="3.0.1" />
-    <PackageReference Include="Serilog.Extensions.Logging" Version="7.0.0" />
-    <PackageReference Include="Serilog.Sinks.File" Version="5.0.0" />
+    <PackageReference Include="Serilog" Version="4.0.0" />
+    <PackageReference Include="Serilog.Extensions.Logging" Version="8.0.0" />
+    <PackageReference Include="Serilog.Sinks.File" Version="6.0.0" />
     <PackageReference Include="SerilogTraceListener" Version="3.2.1-dev-00011" />
 
     <!-- Avalonia addons -->
-    <PackageReference Include="AsyncImageLoader.Avalonia" Version="3.2.0" />
-    <PackageReference Include="MessageBox.Avalonia" Version="3.1.4" />
-    <PackageReference Include="Deadpikle.AvaloniaProgressRing" Version="0.10.1" />
+    <PackageReference Include="AsyncImageLoader.Avalonia" Version="3.2.1" />
+    <PackageReference Include="MessageBox.Avalonia" Version="3.1.5.1" />
+    <PackageReference Include="Deadpikle.AvaloniaProgressRing" Version="0.10.6" />
     <ProjectReference Include="..\AccountDownloaderLibrary.NeosFetch\AccountDownloaderLibrary.NeosFetch.csproj" />
 
     <ProjectReference Include="..\AccountDownloaderLibrary\AccountDownloaderLibrary.csproj" />
@@ -114,11 +115,11 @@
 
     <!-- Reference some dependencies that CloudX.Shared needs -->
     <!-- TODO: Is there a smarterway to include them? -->
-    <PackageReference Include="System.Text.Json" Version="[7.0.0,7.0.0]" />
-    <PackageReference Include="System.Security.Permissions" Version="7.0.0" />
-    <PackageReference Include="System.Threading.Tasks.Dataflow" Version="7.0.0" />
+    <PackageReference Include="System.Text.Json" Version="8.0.4" />
+    <PackageReference Include="System.Security.Permissions" Version="8.0.0" />
+    <PackageReference Include="System.Threading.Tasks.Dataflow" Version="8.0.1" />
     <PackageReference Include="SignalR.Strong" Version="0.3.0.0" />
-    <PackageReference Include="MessageFormat" Version="7.0.0" />
+    <PackageReference Include="MessageFormat" Version="7.1.0" />
 
   </ItemGroup>
   <ItemGroup>

diff --git a/AccountDownloader/ViewModels/Authentication/LoginViewModel.cs b/AccountDownloader/ViewModels/Authentication/LoginViewModel.cs
@@ -25,6 +25,8 @@ public class LoginViewModel : ViewModelBase, IValidatableViewModel
 
     public ReactiveCommand<Unit, AuthResult> Login { get; set; }
 
+    IValidationContext IValidatableViewModel.ValidationContext => ValidationContext;
+
     private readonly IAppCloudService CloudService;
     public LoginViewModel()
     {

diff --git a/AccountDownloader/ViewModels/Authentication/MultiFactorAuthViewModel.cs b/AccountDownloader/ViewModels/Authentication/MultiFactorAuthViewModel.cs
@@ -26,6 +26,8 @@ public class MultiFactorAuthViewModel : ViewModelBase, IValidatableViewModel
 
     public Interaction<string?, Unit> ShowError { get; }
 
+    IValidationContext IValidatableViewModel.ValidationContext => ValidationContext;
+
     public MultiFactorAuthViewModel()
     {
         CloudService = Locator.Current.GetService<IAppCloudService>() ?? throw new ArgumentNullException("Cannot login without an app service");

diff --git a/AccountDownloader/Views/DownloadSelectionView.axaml.cs b/AccountDownloader/Views/DownloadSelectionView.axaml.cs
@@ -31,7 +31,7 @@ private void InitializeComponent()
         AvaloniaXamlLoader.Load(this);
     }
 
-    private async Task ShowOpenFolderDialog(InteractionContext<FolderPickerOpenOptions, InteractionResult<Uri>> interaction)
+    private async Task ShowOpenFolderDialog(IInteractionContext<FolderPickerOpenOptions, InteractionResult<Uri>> interaction)
     {
         Window? w = null;
 

diff --git a/AccountDownloader/Views/Windows/MainWindowView.axaml.cs b/AccountDownloader/Views/Windows/MainWindowView.axaml.cs
@@ -54,7 +54,7 @@ public MainWindowView()
             this.Closing += MainWindow_Closing;
         }
 
-        private async Task OpenFolderLocation(InteractionContext<string, Unit> obj)
+        private async Task OpenFolderLocation(IInteractionContext<string, Unit> obj)
         {
             obj.SetOutput(Unit.Default);            
             var res = IOService.OpenFolderDialog(obj.Input);
@@ -101,16 +101,16 @@ private void SafelyCloseWindow()
             this.Close();
         }
 
-        private async Task ShowInfoBox(InteractionContext<MessageBoxRequest, Unit> message)
+        private async Task ShowInfoBox(IInteractionContext<MessageBoxRequest, Unit> message)
         {
             await ShowBox(message, BoxType.Info);
         }
-        private async Task ShowErrorBox(InteractionContext<MessageBoxRequest, Unit> message)
+        private async Task ShowErrorBox(IInteractionContext<MessageBoxRequest, Unit> message)
         {
             await ShowBox(message, BoxType.Error);
         }
 
-        private async Task ShowBox(InteractionContext<MessageBoxRequest, Unit> message, BoxType type)
+        private async Task ShowBox(IInteractionContext<MessageBoxRequest, Unit> message, BoxType type)
         {
             // Always, set the output before we show the box.
             message.SetOutput(Unit.Default);
@@ -135,7 +135,7 @@ private async Task ShowBox(InteractionContext<MessageBoxRequest, Unit> message,
             await box.ShowWindowDialogAsync(this);
         }
 
-        private async Task ShowYesNoBox(InteractionContext<MessageBoxRequest, InteractionResult<YesNo>> message)
+        private async Task ShowYesNoBox(IInteractionContext<MessageBoxRequest, InteractionResult<YesNo>> message)
         {
             var messageBoxStandardWindow = MessageBoxManager.GetMessageBoxCustom(new MessageBoxCustomParams()
             {
@@ -159,7 +159,7 @@ private async Task ShowYesNoBox(InteractionContext<MessageBoxRequest, Interactio
             message.SetOutput(InteractionResult<YesNo>.WithResult(res));
         }
 
-        public async Task ShowAboutWindow(InteractionContext<Unit, Unit> obj)
+        public async Task ShowAboutWindow(IInteractionContext<Unit, Unit> obj)
         {
             obj.SetOutput(Unit.Default);
 

diff --git a/AccountDownloaderLibrary.Mime/AccountDownloaderLibrary.Mime.csproj b/AccountDownloaderLibrary.Mime/AccountDownloaderLibrary.Mime.csproj
@@ -7,8 +7,8 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Mime-Detective.Definitions.Exhaustive" Version="23.6.1" />
-    <PackageReference Include="System.IO.Abstractions" Version="19.2.67" />
+    <PackageReference Include="Mime-Detective.Definitions.Exhaustive" Version="24.5.1" />
+    <PackageReference Include="System.IO.Abstractions" Version="21.0.22" />
   </ItemGroup>
 
 </Project>
diff --git a/AccountDownloaderLibrary.NeosFetch/AccountDownloaderLibrary.NeosFetch.csproj b/AccountDownloaderLibrary.NeosFetch/AccountDownloaderLibrary.NeosFetch.csproj
@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
 
   <PropertyGroup>
     <TargetFramework>net7.0</TargetFramework>
@@ -7,7 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="SharpCompress" Version="0.33.0" />
+    <PackageReference Include="SharpCompress" Version="0.37.2" />
   </ItemGroup>
 
 </Project>
diff --git a/AccountDownloaderLibrary.NeosFetch/NeosFetcher.cs b/AccountDownloaderLibrary.NeosFetch/NeosFetcher.cs
@@ -53,6 +53,8 @@ public static async Task EnsureNeosAssemblies()
             foreach (var entry in archive.Entries.Where(entry => !entry.IsDirectory))
             {
                 var key = entry.Key;
+                if (key == null) { continue; }
+
                 var matches = DATA_MANAGED_ASSEMBLY_REGEX.Matches(key);
 
                 if (matches.Count <= 0) {  continue; }

diff --git a/AccountDownloaderLibrary.Test/AccountDownloaderLibrary.Test.csproj b/AccountDownloaderLibrary.Test/AccountDownloaderLibrary.Test.csproj
@@ -24,18 +24,18 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="coverlet.msbuild" Version="6.0.0">
+    <PackageReference Include="coverlet.msbuild" Version="6.0.2">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
-    <PackageReference Include="Microsoft.AspNet.WebApi.Client" Version="5.2.9" />
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.7.1" />
-    <PackageReference Include="Moq" Version="4.20.69" />
-    <PackageReference Include="SoloX.CodeQuality.Test.Helpers" Version="2.0.16" />
-    <PackageReference Include="System.IO.Abstractions" Version="19.2.67" />
-    <PackageReference Include="System.IO.Abstractions.TestingHelpers" Version="19.2.67" />
-    <PackageReference Include="xunit" Version="2.5.0" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.5.0">
+    <PackageReference Include="Microsoft.AspNet.WebApi.Client" Version="6.0.0" />
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.10.0" />
+    <PackageReference Include="Moq" Version="4.20.70" />
+    <PackageReference Include="SoloX.CodeQuality.Test.Helpers" Version="2.1.0" />
+    <PackageReference Include="System.IO.Abstractions" Version="21.0.22" />
+    <PackageReference Include="System.IO.Abstractions.TestingHelpers" Version="21.0.22" />
+    <PackageReference Include="xunit" Version="2.9.0" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="2.8.2">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>

diff --git a/AccountDownloaderLibrary/AccountDownloaderLibrary.csproj b/AccountDownloaderLibrary/AccountDownloaderLibrary.csproj
@@ -28,10 +28,10 @@
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="ConcurrentHashSet" Version="1.3.0" />
-    <PackageReference Include="DistributedLock.FileSystem" Version="1.0.1" />
+    <PackageReference Include="DistributedLock.FileSystem" Version="1.0.2" />
     <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
     <PackageReference Include="PropertyChanged.Fody" Version="4.1.0" PrivateAssets="All" />
-    <PackageReference Include="System.IO.Abstractions" Version="19.2.67" />
+    <PackageReference Include="System.IO.Abstractions" Version="21.0.22" />
   </ItemGroup>
   <ItemGroup>
     <Reference Include="CodeX">
@@ -44,10 +44,10 @@
       <HintPath>..\ExternalLibraries\CloudX.Shared.dll</HintPath>
     </Reference>
 
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client.Core" Version="5.0.1.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Http.Connections.Client" Version="5.0.1.0" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="5.0.1.0" />
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Common" Version="5.0.1.0" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client.Core" Version="8.0.7" />
+    <PackageReference Include="Microsoft.AspNetCore.Http.Connections.Client" Version="8.0.7" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="8.0.7" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Common" Version="8.0.7" />
   </ItemGroup>
   <ItemGroup>
     <ProjectReference Include="..\AccountDownloaderLibrary.Mime\AccountDownloaderLibrary.Mime.csproj" />