Transitive dependency with high security vulnerabilities (Newtonsoft.Json)

[Misiu]

I've run dotnet list package --vulnerable --include-transitive
and got this output:

Użyto następujących źródeł:
   https://api.nuget.org/v3/index.json

Projekt „Test.Consumer” ma następujące pakiety podatne na zagrożenia
   [net7.0]:
   Pakiet przechodni      Rozpoznane   Ważność   Adres URL porady
   > Newtonsoft.Json      12.0.3       High      https://github.com/advisories/GHSA-5crp-9r3c-p9vr

I'm currently using FirebaseAdmin version 2.3.0

Ideally, Newtonsoft.Json should be removed in favor of System.Text.Json (or maybe we could pick the serializer that we want to use).

[google-oss-bot]

I found a few problems with this issue:

• I couldn't figure out how to label this issue, so I've labeled it for a human to triage. Hang tight.
• This issue does not seem to follow the issue template. Make sure you provide all the required information.

[josbol]

Any updates on this? The dependencies on Google.API.* are pointing to very old versions (2020).