Add Suppot for .net 5 so we can remove Microsoft.Extensions.DependencyModel 1.1.0

[xrkolovos]

We had issues in a project running in net 5 with Microsoft.Extensions.DependencyModel 1.1.0.

[amedee]

Can you undo the change to the license text in itext.tests/itext.forms.tests/itext/forms/FlatteningWithNullKidElementTest.cs?

[xrkolovos]

Ok Done the license text issue.
I find it odd, that i have found 3 issues in while loops. They seem to have wrong termination conditions. We used the latest nuget version, and we didn't had issues. Can you explain this?
Thank you.

[mark-mybaggage]

Is this likely to get merged? Microsoft.Extensions.DependencyModel is pulling in Newtonsoft.Json 9.0.1 which is marked as vulnerable

[vitali-pr]

@mark-mybaggage , is it still an issue in the latest version? We don't use Newtonsoft.Json for netstandard2.0 target anymore.

[mark-mybaggage]

@vitali-pr, that you for your response. I've a .net 9 application that uses itext. Using dotnet list package --include-transitive --vulnerable shows Newtonsoft.Json v 9.0.1

[vitali-pr]

@mark-mybaggage ,
Ok I see. In fact Newtonsoft 13.0.1 is used. To fix this report you could add a direct package dependency to Newtonsoft 13.0.1 in your csproj file as follows:

<PackageReference Include="Newtonsoft.Json" Version="13.0.1" />

Please, let me know if it helps.

[mark-mybaggage]

@vitali-pr, is there a screenshot or content missing from you comment? What I did was just add the reference for Newtonsoft to my csproj

[vitali-pr]

@mark-mybaggage , sorry updated. Indeed, this is exactly what I suggested. Does it help to get rid of the vulnerability in the report?

[mark-mybaggage]

@vitali-pr, yes that fixes the issue. I was concerned that there might have been an issue using the latest version of Newtonsoft but there isn't - thanks