Newtonsoft.Json.Bson

[lanesCSO]

is there any plan to get rid of Newtonsoft.Json.Bson so that a non vulnerable version of Newtonsoft.Json can be used?

[cnblogs-dudu]

I suggest to use MessagePackTranscoder.

[lanesCSO]

whilst the suggestion is great, it still means that their is a vulnerable package in the library. Can this be removed as a dependency?

[cnblogs-dudu]

Use MongoDB.Bson instead?

[lanesCSO]

the project would need to be built against this, but is BSON even needed if using the MessagePackTranscoder is your suggestion

[lanesCSO]

@cnblogs-dudu is there a plan for BSON going forward

[cnblogs-dudu]

@lanesCSO No plan in the near future.