Newtonsoft.Json vulnerability to DoS attacks in versions before 13.0.1

[SiwinskiK]

Newtonsoft.Json prior to version 13.0.1 is vulnerable to Insecure Defaults due to improper handling of StackOverFlow exception (SOE) whenever nested expressions are being processed. Exploiting this vulnerability results in Denial Of Service (DoS), and it is exploitable when an attacker sends 5 requests that cause SOE in time frame of 5 minutes. This vulnerability affects Internet Information Services (IIS) Applications. The vulnerability is severe and renders coverlet unusable.
Coverlet in version 2.0.9 references an older version of aforementioned library. Upgrade to version Newtonsoft.Json - 13.0.1

[petli]

@SiwinskiK coverlet packages should only be referenced by unit test projects, which generally ought not to be run in IIS, at least not in production. Given that, is this vulnerability still relevant for coverlet? I think, but am not sure, that the older version of Newtonsoft.Json is referenced because of compatiblity with .NET Framework.

[MarcoRossignoli]

@petli is true, anyway we're running inside CI so I think that the bump will be good, I don't know but I think that we'll need to bump also the object model used by collectors because test platform already did the bump and so we could break something but it's ok.
We have an open PR #1358 but I didn't had time yet to take a look.