Reduce delay to make build faster. Fix unsafe json serialization. (#2879)

Author: Thorium

src/app/Fake.Core.Process/Process.fs

@@ -1,4 +1,4 @@
-namespace Fake.Core
+namespace Fake.Core
 
 open System
 open System.Diagnostics
@@ -815,7 +815,7 @@ module Process =
 
         while DateTime.Now <= endTime && not (getAllByName name |> Seq.isEmpty) do
             Trace.tracefn "Waiting for %s to stop (Timeout: %A)" name endTime
-            Thread.Sleep 1000
+            Thread.Sleep 100
 
         if not (getAllByName name |> Seq.isEmpty) then
             failwithf "The process %s has not stopped (check the logs for errors)" name

src/app/Fake.Core.Vault/Vault.fs

@@ -16,7 +16,8 @@ module Vault =
 
     let private aesCtrTransform (key: byte[], salt: byte[], inputStream: Stream, outputStream: Stream) =
         // https://stackoverflow.com/a/51188472/1269722
-        let aes = new AesManaged(Mode = CipherMode.ECB, Padding = PaddingMode.None)
+        // Use Aes.Create() instead of deprecated AesManaged
+        use aes = Aes.Create(Mode = CipherMode.ECB, Padding = PaddingMode.None)
         let blockSize = aes.BlockSize / 8
 
         if (salt.Length <> blockSize) then
@@ -187,12 +188,14 @@ module Vault =
           Variables = Map.empty }
 
     /// <summary>
-    /// Read in a vault from a given json string, make sure to delete the source of the json after using this API
+    /// Read a vault from a JSON string
     /// </summary>
     ///
     /// <param name="str">The JSON string of the vault to read</param>
     let fromJson str =
-        let vars = JsonConvert.DeserializeObject<Variables>(str)
+        // Secure JSON deserialization: disable type name handling to prevent deserialization attacks
+        let settings = JsonSerializerSettings(TypeNameHandling = TypeNameHandling.None)
+        let vars = JsonConvert.DeserializeObject<Variables>(str, settings)
         fromEncryptedVariables { KeyFile = vars.keyFile; Iv = vars.iv } vars.values
 
     /// <summary>