There is vulnerability in the current NewtonSoft Json library version used in Pact.net source code, not sure if it is issue. Details under the thread

Can't see how a dos issue would be an issue for a test tool. Is it just needing a version bump?

yes it is

Mind opening a pr?

We should probably enable dependabot for that repo.