Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Out of date dependencies #27

Closed
bounav opened this issue Jun 22, 2023 · 5 comments
Closed

Out of date dependencies #27

bounav opened this issue Jun 22, 2023 · 5 comments

Comments

@bounav
Copy link

bounav commented Jun 22, 2023
edited
Loading

Hello,

Would the maintainers be open to accept a pull request that updating the dependencies of this project? I'd be happy to submit one.

Proposed change:

diff --git a/ebay-oauth-csharp-client/ebay-oauth-csharp-client.csproj b/ebay-oauth-csharp-client/ebay-oauth-csharp-client.csproj
index 74ed47f..fd6a976 100644
--- a/ebay-oauth-csharp-client/ebay-oauth-csharp-client.csproj
+++ b/ebay-oauth-csharp-client/ebay-oauth-csharp-client.csproj
@@ -4,12 +4,9 @@
     <RootNamespace>eBay.ApiClient.Auth.oAuth2</RootNamespace>
   </PropertyGroup>
   <ItemGroup>
-    <Folder Include="eBay\ApiClient\Auth\" />
-  </ItemGroup>
-  <ItemGroup>
-    <PackageReference Include="YamlDotNet" Version="5.3.0" />
-    <PackageReference Include="RestSharp" Version="106.5.4" />
-    <PackageReference Include="log4net" Version="2.0.8" />
-    <PackageReference Include="Newtonsoft.Json" Version="12.0.1" />
+    <PackageReference Include="YamlDotNet" Version="13.1.0" />
+    <PackageReference Include="RestSharp" Version="108.0.2" />
+    <PackageReference Include="log4net" Version="2.0.15" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.3" />
   </ItemGroup>
 </Project>

The main driver for this is that YamlDotNet is very out of date and the current nuget package referenced doesn't has its publicKeyToken assembly property to set and this is causing FileNotFound exceptions if you happen to also reference a more recent version of the package (that will have a publicKeyTokenVaue.

The referenced version of Newtonsoft.Json and log4net have some known vulnerabilities.

The other updates are just general housekeeping.
This was referenced Jun 22, 2023
Closed
Open
Open
@lucasgonze
Copy link

lucasgonze commented Jul 3, 2023
edited
Loading

If you submit a PR, I will try to get it merged.

However, I am not a dev on this project, so we will need to find somebody to run the tests. @bounav I assume you have that ability, is that correct?

In the absence of somebody to check that your PR doesn't break anything, we may want to merge anyway.

@lucasgonze
Copy link

lucasgonze commented Jul 11, 2023
edited
Loading

Three out of these four updates span breaking changes. They are almost certain to cause breakage. Unless somebody (@bounav?) is offering to fix the breakage, we should archive this repo.

@lucasgonze
Copy link

After several tries to get this updated, I think it is time to archive.

@bounav
Copy link
Author

bounav commented Jul 17, 2023
edited
Loading

Hi @lucasgonze just saw your replies.

Three out of these four updates span breaking changes.

Can you elaborate? In my PR #28 I included minor code changes needed to run with the updated dependencies.
In the pull request the code runs fine from what I can tell: We use that code to get oauth tokens and it works fine...

@bounav
Copy link
Author

bounav commented Aug 16, 2023

I'm closing this issue as PR #30 updated dependencies.

@bounav bounav closed this as completed Aug 16, 2023
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@lucasgonze @bounav