Bump newtonsoft dependency to 13.0.1 to respond to vulnerability

.ci/DockerFile

@@ -1,4 +1,4 @@
-ARG DOTNET_VERSION=5.0.103
+ARG DOTNET_VERSION=5.0.408
 FROM mcr.microsoft.com/dotnet/sdk:${DOTNET_VERSION} AS elasticsearch-net-build
 
 ARG USER_ID

.ci/make.sh

@@ -42,7 +42,7 @@ OUTPUT_DIR="$repo/${output_folder}"
 REPO_BINDING="${OUTPUT_DIR}:/sln/${output_folder}"
 mkdir -p "$OUTPUT_DIR"
 
-DOTNET_VERSION=${DOTNET_VERSION-5.0.103}
+DOTNET_VERSION=${DOTNET_VERSION-5.0.408}
 
 echo -e "\033[34;1mINFO:\033[0m PRODUCT ${product}\033[0m"
 echo -e "\033[34;1mINFO:\033[0m VERSION ${STACK_VERSION}\033[0m"

.ci/readme.md

@@ -30,7 +30,7 @@ $ STACK_VERSION=7.x-SNAPSHOT ELASTICSEARCH_VERSION=7.x-SNAPSHOT ./.ci/run-tests
 |-------------------------|-------------|-------------|
 | `STACK_VERSION` | `N/A`       | The elasticsearch version to target
 | `TEST_SUITE`            | `basic`     | `free` or `platinum` sets which test suite to run and which container to run against. |
-| `DOTNET_VERSION`        | `5.0.103`   | The .NET sdk version used to grab the proper container |
+| `DOTNET_VERSION`        | `5.0.408`   | The .NET sdk version used to grab the proper container |
 
 
 If you want to manually spin up elasticsearch for these tests and call the runner afterwards you can use

.ci/run-repository.ps1

@@ -14,7 +14,7 @@ param(
     $NODE_NAME,
 
     [string]
-    $DOTNET_VERSION = "5.0.103"
+    $DOTNET_VERSION = "5.0.408"
 )
 
 $ESC = [char]27

.ci/run-repository.sh

@@ -9,7 +9,7 @@ script_path=$(dirname $(realpath -s $0))
 source $script_path/functions/imports.sh
 set -euo pipefail
 
-DOTNET_VERSION=${DOTNET_VERSION-5.0.103}
+DOTNET_VERSION=${DOTNET_VERSION-5.0.408}
 ELASTICSEARCH_URL=${ELASTICSEARCH_URL-"$elasticsearch_url"}
 elasticsearch_container=${elasticsearch_container-}
 

.ci/run-tests.ps1

@@ -8,7 +8,7 @@ param (
     $TEST_SUITE = "free",
 
     [string]
-    $DOTNET_VERSION = "5.0.103"
+    $DOTNET_VERSION = "5.0.408"
 )
 
 $ESC = [char]27

.ci/test-matrix.yml

@@ -8,6 +8,6 @@ TEST_SUITE:
   - platinum
 
 DOTNET_VERSION:
-  - 5.0.103
+  - 5.0.408
 
 exclude: ~

.github/workflows/integration-jobs.yml

@@ -50,7 +50,7 @@ jobs:
         uses: actions/checkout@v2
       - uses: actions/setup-dotnet@v1
         with:
-          dotnet-version: '5.0.100'
+          dotnet-version: '5.0.408'
       - uses: actions/cache@v2
         with:
           path: ~/.nuget/packages

.github/workflows/make-bump.yml

@@ -35,7 +35,7 @@ jobs:
       # Add version and backport labels automatically
       - uses: actions/setup-dotnet@v1
         with:
-          dotnet-version: '5.0.100'
+          dotnet-version: '5.0.408'
       - name: Install dotnet-script
         run: dotnet tool install release-notes --tool-path dotnet-tool
 

.github/workflows/make-release-notes.yml

@@ -51,7 +51,7 @@ jobs:
 
       - uses: actions/setup-dotnet@v1
         with:
-          dotnet-version: '5.0.100'
+          dotnet-version: '5.0.408'
       - name: Install dotnet-script
         run: dotnet tool install release-notes --tool-path dotnet-tool
 

.github/workflows/stale-jobs.yml

@@ -25,7 +25,7 @@ jobs:
         uses: actions/checkout@v2
       - uses: actions/setup-dotnet@v1
         with:
-          dotnet-version: '5.0.100'
+          dotnet-version: '5.0.408'
       - uses: actions/cache@v2
         with:
           path: ~/.nuget/packages

.github/workflows/test-jobs.yml

@@ -25,7 +25,7 @@ jobs:
         uses: actions/checkout@v2
       - uses: actions/setup-dotnet@v1
         with:
-          dotnet-version: '5.0.100'
+          dotnet-version: '5.0.408'
       - uses: actions/cache@v2
         with:
           path: ~/.nuget/packages
@@ -55,7 +55,7 @@ jobs:
         uses: actions/checkout@v2
       - uses: actions/setup-dotnet@v1
         with:
-          dotnet-version: '5.0.100'
+          dotnet-version: '5.0.408'
       - uses: actions/cache@v2
         with:
           path: ~/.nuget/packages

.github/workflows/unified-release.yml

@@ -30,7 +30,7 @@ jobs:
         uses: actions/checkout@v2
       - uses: actions/setup-dotnet@v1
         with:
-          dotnet-version: '5.0.100'
+          dotnet-version: '5.0.408'
 
       - run: "./.ci/make.sh assemble ${{ matrix.stack_version }}"
         name: Assemble ${{ matrix.stack_version }}

build/scripts/packages.lock.json

@@ -92,9 +92,9 @@
       },
       "Newtonsoft.Json": {
         "type": "Direct",
-        "requested": "[12.0.1, )",
-        "resolved": "12.0.1",
-        "contentHash": "pBR3wCgYWZGiaZDYP+HHYnalVnPJlpP1q55qvVb+adrDHmFMDc1NAKio61xTwftK3Pw5h7TZJPJEEVMd6ty8rg=="
+        "requested": "[13.0.1, )",
+        "resolved": "13.0.1",
+        "contentHash": "ppPFpBcvxdsfUonNcvITKqLl3bqxWbDCZIzDWHzjpdAHRFfZe0Dw9HmA0+za13IdyrgJwpkDTDA9fHaxOrt20A=="
       },
       "Octokit": {
         "type": "Direct",

build/scripts/scripts.fsproj

@@ -1,4 +1,4 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <TargetFramework>net5.0</TargetFramework>
     <OutputType>Exe</OutputType>
@@ -35,18 +35,14 @@
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="FSharp.Core" Version="5.0.0" />
-
     <PackageReference Include="Bullseye" Version="3.3.0" />
     <PackageReference Include="Elastic.Elasticsearch.Managed" Version="0.2.6" />
-
     <PackageReference Include="Fake.Core.Environment" Version="5.15.0" />
     <PackageReference Include="Fake.Core.SemVer" Version="5.15.0" />
     <PackageReference Include="Fake.IO.FileSystem" Version="5.15.0" />
     <PackageReference Include="Fake.IO.Zip" Version="5.15.0" />
     <PackageReference Include="Fake.Tools.Git" Version="5.15.0" />
-
-    <PackageReference Include="Newtonsoft.Json" Version="12.0.1" />
-
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
     <PackageReference Include="Octokit" Version="0.32.0" />
     <PackageReference Include="Proc" Version="0.6.1" />
   </ItemGroup>

global.json

@@ -1,6 +1,6 @@
 {
   "sdk": {
-    "version": "5.0.100",
+    "version": "5.0.408",
     "rollForward": "latestFeature",
     "allowPrerelease": false
   },

src/ApiGenerator/ApiGenerator.csproj

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <OutputType>Exe</OutputType>
@@ -15,7 +15,7 @@
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="3.1.0-beta3-final" />
-    <PackageReference Include="Newtonsoft.Json" Version="12.0.1" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
     <PackageReference Include="ShellProgressBar" Version="5.0.0" />
     <PackageReference Include="CsQuery.Core" Version="2.0.1" />
     <!-- https://github.com/toddams/RazorLight/issues/172 -->

src/ApiGenerator/packages.lock.json

@@ -29,9 +29,9 @@
       },
       "Newtonsoft.Json": {
         "type": "Direct",
-        "requested": "[12.0.1, )",
-        "resolved": "12.0.1",
-        "contentHash": "pBR3wCgYWZGiaZDYP+HHYnalVnPJlpP1q55qvVb+adrDHmFMDc1NAKio61xTwftK3Pw5h7TZJPJEEVMd6ty8rg=="
+        "requested": "[13.0.1, )",
+        "resolved": "13.0.1",
+        "contentHash": "ppPFpBcvxdsfUonNcvITKqLl3bqxWbDCZIzDWHzjpdAHRFfZe0Dw9HmA0+za13IdyrgJwpkDTDA9fHaxOrt20A=="
       },
       "RazorLight.Unofficial": {
         "type": "Direct",

src/DocGenerator/DocGenerator.csproj

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <OutputType>Exe</OutputType>
@@ -19,7 +19,7 @@
     <PackageReference Include="Microsoft.CodeAnalysis.Workspaces.Common" Version="2.9.0" />
     <PackageReference Include="Microsoft.Composition" Version="1.0.31" />
     <PackageReference Include="Microsoft.Extensions.Logging" Version="1.1.2" />
-    <PackageReference Include="Newtonsoft.Json" Version="12.0.1" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
     <PackageReference Include="NuDoq" Version="1.2.5" />
     <PackageReference Include="BuildAlyzer" Version="2.4.0" />
     <PackageReference Include="BuildAlyzer.Workspaces" Version="2.4.0" />

src/DocGenerator/packages.lock.json

@@ -121,9 +121,9 @@
       },
       "Newtonsoft.Json": {
         "type": "Direct",
-        "requested": "[12.0.1, )",
-        "resolved": "12.0.1",
-        "contentHash": "pBR3wCgYWZGiaZDYP+HHYnalVnPJlpP1q55qvVb+adrDHmFMDc1NAKio61xTwftK3Pw5h7TZJPJEEVMd6ty8rg=="
+        "requested": "[13.0.1, )",
+        "resolved": "13.0.1",
+        "contentHash": "ppPFpBcvxdsfUonNcvITKqLl3bqxWbDCZIzDWHzjpdAHRFfZe0Dw9HmA0+za13IdyrgJwpkDTDA9fHaxOrt20A=="
       },
       "NuDoq": {
         "type": "Direct",

src/Nest.JsonNetSerializer/Nest.JsonNetSerializer.csproj

@@ -1,4 +1,4 @@
-<?xml version="1.0" encoding="utf-8"?>
+<?xml version="1.0" encoding="utf-8"?>
 <Project Sdk="Microsoft.NET.Sdk" ToolsVersion="15.0">
   <PropertyGroup>
     <PackageId>NEST.JsonNetSerializer</PackageId>
@@ -16,6 +16,6 @@
     <ProjectReference Include="$(SolutionRoot)\src\Nest\Nest.csproj" />
   </ItemGroup>
   <ItemGroup>
-    <PackageReference Include="Newtonsoft.Json" Version="12.0.1" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
   </ItemGroup>
 </Project>

src/Nest.JsonNetSerializer/packages.lock.json

@@ -29,9 +29,9 @@
       },
       "Newtonsoft.Json": {
         "type": "Direct",
-        "requested": "[12.0.1, )",
-        "resolved": "12.0.1",
-        "contentHash": "pBR3wCgYWZGiaZDYP+HHYnalVnPJlpP1q55qvVb+adrDHmFMDc1NAKio61xTwftK3Pw5h7TZJPJEEVMd6ty8rg=="
+        "requested": "[13.0.1, )",
+        "resolved": "13.0.1",
+        "contentHash": "ppPFpBcvxdsfUonNcvITKqLl3bqxWbDCZIzDWHzjpdAHRFfZe0Dw9HmA0+za13IdyrgJwpkDTDA9fHaxOrt20A=="
       },
       "Microsoft.Build.Tasks.Git": {
         "type": "Transitive",
@@ -137,9 +137,9 @@
       },
       "Newtonsoft.Json": {
         "type": "Direct",
-        "requested": "[12.0.1, )",
-        "resolved": "12.0.1",
-        "contentHash": "pBR3wCgYWZGiaZDYP+HHYnalVnPJlpP1q55qvVb+adrDHmFMDc1NAKio61xTwftK3Pw5h7TZJPJEEVMd6ty8rg=="
+        "requested": "[13.0.1, )",
+        "resolved": "13.0.1",
+        "contentHash": "ppPFpBcvxdsfUonNcvITKqLl3bqxWbDCZIzDWHzjpdAHRFfZe0Dw9HmA0+za13IdyrgJwpkDTDA9fHaxOrt20A=="
       },
       "Microsoft.Build.Tasks.Git": {
         "type": "Transitive",

tests/Tests.Benchmarking/packages.lock.json

@@ -274,8 +274,8 @@
       },
       "Newtonsoft.Json": {
         "type": "Transitive",
-        "resolved": "12.0.1",
-        "contentHash": "pBR3wCgYWZGiaZDYP+HHYnalVnPJlpP1q55qvVb+adrDHmFMDc1NAKio61xTwftK3Pw5h7TZJPJEEVMd6ty8rg=="
+        "resolved": "13.0.1",
+        "contentHash": "ppPFpBcvxdsfUonNcvITKqLl3bqxWbDCZIzDWHzjpdAHRFfZe0Dw9HmA0+za13IdyrgJwpkDTDA9fHaxOrt20A=="
       },
       "NuGet.Frameworks": {
         "type": "Transitive",
@@ -1401,7 +1401,7 @@
         "type": "Project",
         "dependencies": {
           "NEST": "7.0.0",
-          "Newtonsoft.Json": "12.0.1"
+          "Newtonsoft.Json": "13.0.1"
         }
       },
       "tests.configuration": {
@@ -1431,7 +1431,7 @@
           "Bogus": "22.1.2",
           "Elastic.Elasticsearch.Managed": "0.2.6",
           "NEST": "7.0.0",
-          "Newtonsoft.Json": "12.0.1",
+          "Newtonsoft.Json": "13.0.1",
           "Tests.Configuration": "7.0.0"
         }
       }

tests/Tests.ClusterLauncher/packages.lock.json

@@ -144,8 +144,8 @@
       },
       "Newtonsoft.Json": {
         "type": "Transitive",
-        "resolved": "12.0.1",
-        "contentHash": "pBR3wCgYWZGiaZDYP+HHYnalVnPJlpP1q55qvVb+adrDHmFMDc1NAKio61xTwftK3Pw5h7TZJPJEEVMd6ty8rg=="
+        "resolved": "13.0.1",
+        "contentHash": "ppPFpBcvxdsfUonNcvITKqLl3bqxWbDCZIzDWHzjpdAHRFfZe0Dw9HmA0+za13IdyrgJwpkDTDA9fHaxOrt20A=="
       },
       "NuGet.Frameworks": {
         "type": "Transitive",
@@ -875,7 +875,7 @@
         "type": "Project",
         "dependencies": {
           "NEST": "7.0.0",
-          "Newtonsoft.Json": "12.0.1"
+          "Newtonsoft.Json": "13.0.1"
         }
       },
       "tests.configuration": {
@@ -905,7 +905,7 @@
           "Bogus": "22.1.2",
           "Elastic.Elasticsearch.Managed": "0.2.6",
           "NEST": "7.0.0",
-          "Newtonsoft.Json": "12.0.1",
+          "Newtonsoft.Json": "13.0.1",
           "Tests.Configuration": "7.0.0"
         }
       }

tests/Tests.Configuration/tests.default.yaml

@@ -18,10 +18,10 @@ force_reseed: true
 # this is opt in during development in CI we never want to see our tests running against an already running node
 test_against_already_running_elasticsearch: true
 
-#random_source_serializer: true
+random_source_serializer: true
 #random_old_connection: true
 #random_http_compresssion: true
-random_api_versioning: true
+#random_api_versioning: true
 #seed: 74337
 
 # Can be helpful to speed up tests runs as setting this to true only randomly tests a single overload of the api rather than all 4.

tests/Tests.Core/packages.lock.json

@@ -191,8 +191,8 @@
       },
       "Newtonsoft.Json": {
         "type": "Transitive",
-        "resolved": "12.0.1",
-        "contentHash": "pBR3wCgYWZGiaZDYP+HHYnalVnPJlpP1q55qvVb+adrDHmFMDc1NAKio61xTwftK3Pw5h7TZJPJEEVMd6ty8rg=="
+        "resolved": "13.0.1",
+        "contentHash": "ppPFpBcvxdsfUonNcvITKqLl3bqxWbDCZIzDWHzjpdAHRFfZe0Dw9HmA0+za13IdyrgJwpkDTDA9fHaxOrt20A=="
       },
       "runtime.debian.8-x64.runtime.native.System.Security.Cryptography.OpenSsl": {
         "type": "Transitive",
@@ -1322,7 +1322,7 @@
         "type": "Project",
         "dependencies": {
           "NEST": "7.0.0",
-          "Newtonsoft.Json": "12.0.1"
+          "Newtonsoft.Json": "13.0.1"
         }
       },
       "tests.configuration": {
@@ -1337,7 +1337,7 @@
           "Bogus": "22.1.2",
           "Elastic.Elasticsearch.Managed": "0.2.6",
           "NEST": "7.0.0",
-          "Newtonsoft.Json": "12.0.1",
+          "Newtonsoft.Json": "13.0.1",
           "Tests.Configuration": "7.0.0"
         }
       }

tests/Tests.Domain/Tests.Domain.csproj

@@ -1,18 +1,17 @@
-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">
   <PropertyGroup>
     <TargetFramework>netstandard2.0</TargetFramework>
   </PropertyGroup>
   <ItemGroup Condition="'$(TestPackageVersion)'!=''">
     <PackageReference Include="NEST" Version="$(TestPackageVersion)" />
-    <PackageReference Include="Newtonsoft.Json" Version="12.0.1" />
   </ItemGroup>
   <ItemGroup Condition="'$(TestPackageVersion)'==''">
     <ProjectReference Include="$(SolutionRoot)\src\Nest\Nest.csproj" />
   </ItemGroup>
   <ItemGroup>
     <PackageReference Include="Bogus" Version="22.1.2" />
     <PackageReference Include="Elastic.Elasticsearch.Managed" Version="0.2.6" />
-    <PackageReference Include="Newtonsoft.Json" Version="12.0.1" />
+    <PackageReference Include="Newtonsoft.Json" Version="13.0.1" />
     <ProjectReference Include="$(SolutionRoot)\tests\Tests.Configuration\Tests.Configuration.csproj" />
   </ItemGroup>
 </Project>