[Snyk] Security upgrade CrispyWaffle from 8.2.149 to 8.2.185

[guibranco]

User description

Snyk has created this PR to fix 1 vulnerabilities in the nuget dependencies of this project.

Snyk changed the following file(s):

• Src/VTEX/VTEX.csproj

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Inefficient Algorithmic Complexity SNYK-DOTNET-SYSTEMTEXTJSON-8168848	721

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

---

Description

• Upgraded CrispyWaffle to version 8.2.185 to fix a security vulnerability.
• The vulnerability addressed is related to inefficient algorithmic complexity.
• This change improves the overall security posture of the project.

---

Changes walkthrough 📝

	Relevant files
Enhancement	VTEX.csproj Upgrade CrispyWaffle package to enhance security                  Src/VTEX/VTEX.csproj Upgraded CrispyWaffle package from version 8.2.149 to 8.2.185. This upgrade addresses a vulnerability related to inefficient algorithmic complexity. +1/-1

---

💡 Penify usage:
Comment /help on the PR to get a list of all available Penify tools and their descriptions

[penify-dev]

PR Review 🔍

⏱️ Estimated effort to review [1-5]	1, because the change is straightforward and involves a simple version upgrade of a package.
🧪 Relevant tests	No
⚡ Possible issues	No
🔒 Security concerns	No

[github-actions]

Infisical secrets check: ✅ No secrets leaked!

💻 Scan logs

2:20AM INF scanning for exposed secrets...
2:20AM INF 290 commits scanned.
2:20AM INF scan completed in 230ms
2:20AM INF no leaks found

[penify-dev]

PR Code Suggestions ✨

Category	Suggestion	Score
Testing	Execute tests to confirm that the application functions correctly with the upgraded package After upgrading, run tests to ensure that the application behaves as expected with the new version of CrispyWaffle. Src/VTEX/VTEX.csproj [25] +<PackageReference Include="CrispyWaffle" Version="8.2.185" /> - Suggestion importance[1-10]: 9 Why: Running tests after an upgrade is critical to ensure that the application functions correctly, making this suggestion highly relevant and important.	9
Compatibility	Verify compatibility of the upgraded package version with the current application Ensure that the upgrade to CrispyWaffle version 8.2.185 is compatible with the existing codebase and does not introduce breaking changes or vulnerabilities. Src/VTEX/VTEX.csproj [25] +<PackageReference Include="CrispyWaffle" Version="8.2.185" /> - Suggestion importance[1-10]: 8 Why: This suggestion addresses a crucial aspect of package management by ensuring compatibility, which is essential to prevent potential issues in the application.	8
Maintainability	Check for and update any related dependencies for compatibility with the new package version Ensure that any dependencies of CrispyWaffle version 8.2.185 are also updated if necessary to maintain compatibility. Src/VTEX/VTEX.csproj [25] +<PackageReference Include="CrispyWaffle" Version="8.2.185" /> - Suggestion importance[1-10]: 8 Why: This suggestion is important for maintainability, as it emphasizes the need to check related dependencies, which can prevent runtime errors.	8
Best practice	Review the changelog for the upgraded package to identify any significant changes Consider reviewing the release notes or changelog for CrispyWaffle version 8.2.185 to understand the changes made since version 8.2.149. Src/VTEX/VTEX.csproj [25] +<PackageReference Include="CrispyWaffle" Version="8.2.185" /> - Suggestion importance[1-10]: 7 Why: Reviewing release notes is a good practice that helps developers understand changes, but it is a more general suggestion and not as critical as ensuring compatibility.	7

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ +0.00% (target: -1.00%)	✅ ∅

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (54e8328)	1774	4	0.23%
Head commit (8b189c6)	1774 (+0)	4 (+0)	0.23% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#326)	0	0	∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

_{Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[AppVeyorBot]

✅ Build VTEX-SDK-dotnet 2.3.1128 completed (commit 4cfa5e8e87 by @snyk-bot)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 0.22%. Comparing base (54e8328) to head (8b189c6).
Report is 1 commits behind head on main.

Additional details and impacted files

@@          Coverage Diff          @@
##            main    #326   +/-   ##
=====================================
  Coverage   0.22%   0.22%           
=====================================
  Files        117     117           
  Lines       1774    1774           
  Branches      75      75           
=====================================
  Hits           4       4           
+ Misses      1770    1768    -2     
- Partials       0       2    +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.