[Snyk] Security upgrade CrispyWaffle from 8.2.149 to 8.2.185

[guibranco]

User description

Snyk has created this PR to fix 1 vulnerabilities in the nuget dependencies of this project.

Snyk changed the following file(s):

• Src/VTEX.API/VTEX.API.csproj

Vulnerabilities that will be fixed with an upgrade:

	Issue	Score
	Inefficient Algorithmic Complexity SNYK-DOTNET-SYSTEMTEXTJSON-8168848	721

---

Important

• Check the changes in this PR to ensure they won't cause issues with your project.
• Max score is 1000. Note that the real score may have changed since the PR was raised.
• This PR was automatically created by Snyk using the credentials of a real user.

---

Note: You are seeing this because you or someone else with access to this repository has authorized Snyk to open fix PRs.

For more information:
🧐 View latest project report
📜 Customise PR templates
🛠 Adjust project settings
📚 Read about Snyk's upgrade logic

---

Learn how to fix vulnerabilities with free interactive lessons:

🦉 Learn about vulnerability in an interactive lesson of Snyk Learn.

---

Description

• Upgraded CrispyWaffle from version 8.2.149 to 8.2.185 to address security vulnerabilities.
• This upgrade resolves the issue identified as SNYK-DOTNET-SYSTEMTEXTJSON-8168848 with a score of 721.

---

Changes walkthrough 📝

	Relevant files
Dependencies	VTEX.API.csproj Upgrade CrispyWaffle package to fix vulnerabilities            Src/VTEX.API/VTEX.API.csproj Upgraded CrispyWaffle package from version 8.2.149 to 8.2.185. +1/-1

---

💡 Penify usage:
Comment /help on the PR to get a list of all available Penify tools and their descriptions

[penify-dev]

PR Review 🔍

⏱️ Estimated effort to review [1-5]	1, because the change is a simple version upgrade of a package with no complex logic or additional code.
🧪 Relevant tests	No
⚡ Possible issues	No
🔒 Security concerns	No

[penify-dev]

PR Code Suggestions ✨

Category	Suggestion	Score
Maintainability	Lock the package version to prevent unintended future upgrades Consider locking the version of CrispyWaffle to avoid unexpected updates in the future that could break compatibility. Src/VTEX.API/VTEX.API.csproj [9] -<PackageReference Include="CrispyWaffle" Version="8.2.185" /> +<PackageReference Include="CrispyWaffle" Version="[8.2.185]" /> Suggestion importance[1-10]: 9 Why: Locking the package version is a strong recommendation for maintainability and preventing future compatibility issues, making this a significant suggestion.	9
Best practice	Conduct tests to verify that the upgrade does not cause any regressions in functionality Ensure that the project is tested after the upgrade to confirm that the new package version does not introduce any regressions. Src/VTEX.API/VTEX.API.csproj [9] +<PackageReference Include="CrispyWaffle" Version="8.2.185" /> - Suggestion importance[1-10]: 8 Why: This suggestion emphasizes the importance of testing after an upgrade, which is crucial for maintaining code stability and functionality.	8
Possible issue	Ensure compatibility with existing dependencies when upgrading package versions Consider verifying compatibility of the new version with existing dependencies to avoid potential runtime issues. Src/VTEX.API/VTEX.API.csproj [9] +<PackageReference Include="CrispyWaffle" Version="8.2.185" /> - Suggestion importance[1-10]: 7 Why: This suggestion addresses a valid concern regarding potential runtime issues, but it does not directly impact the code itself.	7
Enhancement	Review the changelog for the updated package to understand any breaking changes or new features It may be beneficial to check the changelog or release notes for CrispyWaffle to understand the changes introduced in version 8.2.185. Src/VTEX.API/VTEX.API.csproj [9] +<PackageReference Include="CrispyWaffle" Version="8.2.185" /> - Suggestion importance[1-10]: 6 Why: While reviewing changelogs is a good practice, it is not a direct code improvement and does not affect the functionality of the code.	6

[github-actions]

Infisical secrets check: ✅ No secrets leaked!

💻 Scan logs

1:49AM INF scanning for exposed secrets...
1:49AM INF 292 commits scanned.
1:49AM INF scan completed in 239ms
1:49AM INF no leaks found

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ +0.00% (target: -1.00%)	✅ ∅

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (a730e4a)	1774	4	0.23%
Head commit (b3c44eb)	1774 (+0)	4 (+0)	0.23% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#328)	0	0	∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

_{Codacy stopped sending the deprecated coverage status on June 5th, 2024. Learn more}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[AppVeyorBot]

✅ Build VTEX-SDK-dotnet 2.3.1136 completed (commit 292d9a9735 by @snyk-bot)

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 0.22%. Comparing base (a730e4a) to head (b3c44eb).
Report is 1 commits behind head on main.

Additional details and impacted files

@@          Coverage Diff          @@
##            main    #328   +/-   ##
=====================================
  Coverage   0.22%   0.22%           
=====================================
  Files        117     117           
  Lines       1774    1774           
  Branches      75      75           
=====================================
  Hits           4       4           
+ Misses      1770    1768    -2     
- Partials       0       2    +2     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.