Bump MessagePack.Annotations from 2.5.301 to 3.1.7

[dependabot]

Updated MessagePack.Annotations from 2.5.301 to 3.1.7.

Release notes

Sourced from MessagePack.Annotations's releases.

3.1.7

What's Changed

• Add scoped to MessagePackWriter.Write(ReadOnlySpan<T>) methods by @​AArnott in Add scoped to MessagePackWriter.Write(ReadOnlySpan<T>) methods MessagePack-CSharp/MessagePack-CSharp#2271
• Fix security issues in master by @​AArnott in Fix security issues in master MessagePack-CSharp/MessagePack-CSharp#2274

Security release details

This release fixes 3 high severity and 9 moderate severity security vulnerabilities.

High severity advisory fixes

• 26d4e743 GHSA-382j-8mxh-c7x2 Reject invalid DateTime ext lengths for CWE-789
• b9cb6050 GHSA-vh6j-jc39-fggf Use iteration for skipping msgpack structures for CWE-674
• 719e690a GHSA-hv8m-jj95-wg3x Bound LZ4 input reads for CWE-125

Moderage severity advisory fixes

• 2b5a500a GHSA-v72x-2h86-7f8m Guard LZ4 decompression length for CWE-409
• f093bdc1 GHSA-qhmf-xw27-6rqr Reject nested typeless blocklist bypass for CWE-502
• f077798e GHSA-2f33-pr97-265q Default MVC input formatter to UntrustedData for CWE-1188
• 25a3493e GHSA-2x83-8g95-xh59 Limit untrusted ExpandoObject maps for CWE-407
• b414e6df GHSA-wfr3-xj75-pfwh Guard dynamic union depth for CWE-674
• 0555f07c GHSA-w567-gjr2-hm5j Validate Unity blit lengths for CWE-789
• 9b5783a7 GHSA-cxmj-83gh-fp49 Fix CWE-789 multidimensional array allocation validation
• f96fcf05 GHSA-q2h6-ghwm-5qm8 Use secure lookup comparer for CWE-407
• b3af7cf7 GHSA-cj9g-3mj2-g8vv Guard JSON conversion depth for CWE-674
• 66ad0894 GHSA-cj9g-3mj2-g8vv Avoid JSON separator recursion for CWE-674
• 082ba7da GHSA-cj9g-3mj2-g8vv Guard typeless JSON depth for CWE-674

Fixes with no security advisory

• fb0fe9f0 Honor TypeFormatter options hooks for CWE-470
• c1c06a6f Fix WriteRawX methods to advance by written length
• 46c6a0fe Fix CWE-190 map header length overflow

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.1.6...v3.1.7

3.1.6

What's Changed

• Add several known unsafe 'gadgets' to the disallow list by @​AArnott in Add several known unsafe 'gadgets' to the disallow list MessagePack-CSharp/MessagePack-CSharp#2270

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.1.5...v3.1.6

3.1.5

What's Changed

• Remove unneeded GetTypeInfo() calls by @​Bykiev in Remove unneeded GetTypeInfo() calls MessagePack-CSharp/MessagePack-CSharp#2206
• Use 'Write' instead of 'WriteInt32' for union type keys by @​VictorNicollet in Use 'Write' instead of 'WriteInt32' for union type keys MessagePack-CSharp/MessagePack-CSharp#2212
• Fix various disposable issues by @​Bykiev in Fix various disposable issues MessagePack-CSharp/MessagePack-CSharp#2224
• fix: prevent StackOverflow in Equals with recursive generic constraints by @​khuongntrd in fix: prevent StackOverflow in Equals with recursive generic constraints MessagePack-CSharp/MessagePack-CSharp#2226
• Add more types to the default disallow list of named types to be deserialized by @​AArnott in Add more types to the default disallow list of named types to be deserialized MessagePack-CSharp/MessagePack-CSharp#2256
• Fix release workflow by @​AArnott in Fix release workflow MessagePack-CSharp/MessagePack-CSharp#2268
• Fix Incorrect DateTimeOffset Serializer by @​T0PP1ng in Fix Incorrect DateTimeOffset Serializer MessagePack-CSharp/MessagePack-CSharp#2225
• Revert DateTimeOffset encoding change by @​AArnott in Revert DateTimeOffset encoding change MessagePack-CSharp/MessagePack-CSharp#2262

New Contributors

• @​Bykiev made their first contribution in Remove unneeded GetTypeInfo() calls MessagePack-CSharp/MessagePack-CSharp#2206
• @​VictorNicollet made their first contribution in Use 'Write' instead of 'WriteInt32' for union type keys MessagePack-CSharp/MessagePack-CSharp#2212
• @​T0PP1ng made their first contribution in Fix Incorrect DateTimeOffset Serializer MessagePack-CSharp/MessagePack-CSharp#2225
• @​khuongntrd made their first contribution in fix: prevent StackOverflow in Equals with recursive generic constraints MessagePack-CSharp/MessagePack-CSharp#2226

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.1.4...v3.1.5

3.1.4

What's Changed

• Fix SkipClrVisibilityChecks to notice private fields in base classes by @​AArnott in Fix SkipClrVisibilityChecks to notice private fields in base classes MessagePack-CSharp/MessagePack-CSharp#2153
• Promote analyzers to AnalyzerReleases.Shipped.md by @​hanachiru in Promote analyzers to AnalyzerReleases.Shipped.md MessagePack-CSharp/MessagePack-CSharp#2169
• Add memory size check to GetMemoryCheckResult by @​AArnott in Add memory size check to GetMemoryCheckResult MessagePack-CSharp/MessagePack-CSharp#2172
• AccessModifier was added to generated code. by @​Nirklav in AccessModifier was added to generated code. MessagePack-CSharp/MessagePack-CSharp#2185

New Contributors

• @​hanachiru made their first contribution in Promote analyzers to AnalyzerReleases.Shipped.md MessagePack-CSharp/MessagePack-CSharp#2169

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.1.3...v3.1.4

3.1.3

What's Changed

• Fix stackoverflow on analyzer by @​neuecc in Fix stackoverflow on analyzer MessagePack-CSharp/MessagePack-CSharp#2150

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.1.2...v3.1.3

3.1.2

What's Changed

• Add missing recursion guard to CodeAnalysisUtilities.GetTypeParameters by @​AArnott in Add missing recursion guard to CodeAnalysisUtilities.GetTypeParameters MessagePack-CSharp/MessagePack-CSharp#2123
• Remove FluentAssertions, Use Shouldly by @​neuecc in Remove FluentAssertions, Use Shouldly MessagePack-CSharp/MessagePack-CSharp#2124
• Fix issues about Double.MaxValue by @​guojiancong in Fix issues about Double.MaxValue MessagePack-CSharp/MessagePack-CSharp#2135
• GitHubActions, prevent run build-unity on external contributor by @​neuecc in GitHubActions, prevent run build-unity on external contributor MessagePack-CSharp/MessagePack-CSharp#2138
• Protects the generated resolver type metadata from trimmer by @​mayuki in Protects the generated resolver type metadata from trimmer MessagePack-CSharp/MessagePack-CSharp#2134
• Add PreserveAttribute to generic formatters for Unity IL2CPP by @​neuecc in Add PreserveAttribute to generic formatters for Unity IL2CPP MessagePack-CSharp/MessagePack-CSharp#2136
• Change ByteListFormatter behaviour to keep binary compatibility for List by @​neuecc in Change ByteListFormatter behaviour to keep binary compatibility for List<byte> MessagePack-CSharp/MessagePack-CSharp#2139

New Contributors

• @​guojiancong made their first contribution in Fix issues about Double.MaxValue MessagePack-CSharp/MessagePack-CSharp#2135

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.1.1...v3.1.2

3.1.1

What's Changed

• README.md: ÌntKey -> IntKey by @​stanoddly in README.md: ÌntKey -> IntKey MessagePack-CSharp/MessagePack-CSharp#2098
• allow DynamicGenericResolver to StandardResolver in DynamicAssembly.AvoidDynamicCode by @​neuecc in allow DynamicGenericResolver to StandardResolver in DynamicAssembly.AvoidDynamicCode MessagePack-CSharp/MessagePack-CSharp#2105
• Remove PublicApiAnalyzers by @​neuecc in Remove PublicApiAnalyzers MessagePack-CSharp/MessagePack-CSharp#2104
• Fix source generator, don't generate when abstract/interface is not union by @​neuecc in Fix source generator, don't generate when abstract/interface is not union MessagePack-CSharp/MessagePack-CSharp#2103
• enable analyze union / stop collect field when object marked SuppressSourceGeneration by @​neuecc in enable analyze union / stop collect field when object marked SuppressSourceGeneration MessagePack-CSharp/MessagePack-CSharp#2106

New Contributors

• @​stanoddly made their first contribution in README.md: ÌntKey -> IntKey MessagePack-CSharp/MessagePack-CSharp#2098

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.1.0...v3.1.1

3.1.0

What's Changed

• Relaxed the conditions in editor.config by @​neuecc in Relaxed the conditions in editor.config MessagePack-CSharp/MessagePack-CSharp#2088
• Add .NET 9 by @​neuecc in Add .NET 9 MessagePack-CSharp/MessagePack-CSharp#2090
• Add Int128, UInt128, Rune. OrderedDictionary<T, V>. ReadOnlySet<T> serialization support
• Check IsGenericType before call ConstructUnboundGenericType() by @​neuecc in Check IsGenericType before call ConstructUnboundGenericType() MessagePack-CSharp/MessagePack-CSharp#2093
• Remove NerdBank.GitVersioning by @​neuecc in Remove NerdBank.GitVersioning MessagePack-CSharp/MessagePack-CSharp#2094
• Current all apis to shipped.txt by @​neuecc in Current all apis to shipped.txt MessagePack-CSharp/MessagePack-CSharp#2095

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.0.301...v3.1.0

3.0.301

Note

Tag and Unity's version is 3.0.301 but published NuGet version is 3.0.308.
The version mismatch due to release process inconsistencies will be fixed in the next release.

What's Changed

• Touch-ups to master by @​AArnott in Touch-ups to master MessagePack-CSharp/MessagePack-CSharp#2084
• Fix Source Generator doesnt work in Unity by @​neuecc in Fix Source Generator doesnt work in Unity MessagePack-CSharp/MessagePack-CSharp#2087

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.0.300...v3.0.301

3.0.300

Fixed version, release notes see v3.0.3.

3.0.238-rc.1

What's Changed

• Fix simplified name for ValueTuple by @​AlanLiu90 in Fix simplified name for ValueTuple<T> MessagePack-CSharp/MessagePack-CSharp#2033
• Avoid crashing with stack overflow on recursive generic type parameter constraints by @​AArnott in Avoid crashing with stack overflow on recursive generic type parameter constraints MessagePack-CSharp/MessagePack-CSharp#2036

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.0.233-rc.1...v3.0.238-rc.1

3.0.233-rc.1

Changes

Enhancements

• #​2013: Secure by default

Fixes

• #​2031: Use generic type argument used for custom formatters
• #​2029: Apply scoped in more places
• #​2030: Support nesting formatters within generic data types
• #​2024: Source code generation fails for generic type with private member serialization
• #​2028: Avoid collecting fields with custom formatter recusively
• #​2023: Suppress MsgPack004 on private base members when only public is interesting
• #​2022: Ignore abstract implementations of IMessagePackFormatter<T>
• #​2012: MsgPack004 Analyzer triggering on not attributed private property on base class eventhough source generator shouldn't include private properties
• #​2017: MsgPack013 should not report diagnostics on abstract classes
• #​2021: Add scoped modifier to in parameters of ref struct
• #​2016: Avoid collecting members when it doesn't have [Key]
• #​2005: custom formatters code source generator error

Others

• #​2032: Use simpler C# syntax for nullable value types

3.0.214-rc.1

Changes:

• #​2015: Use a collision-resistant hash algorithm for untrusted data to address GHSA-4qm4-8hg2-g2xm
• #​2009: Build nuget package with semver v2

This list of changes was auto generated.

3.0.208-rc.1

Breaking changes

• Drop .NET 6 support by @​AArnott in Drop .NET 6 support MessagePack-CSharp/MessagePack-CSharp#1991

Enhancements

• Lower language version requirement of source generated resolver by @​AlanLiu90 in Lower language version requirement of source generated resolver MessagePack-CSharp/MessagePack-CSharp#1926
• Add ignore case option to EnumAsStringFormatter by @​iguskov1810 in Add ignore case option to EnumAsStringFormatter MessagePack-CSharp/MessagePack-CSharp#1936
• Adjusted MsgPack004 to support records by @​N-Olbert in Adjusted MsgPack004 to support records MessagePack-CSharp/MessagePack-CSharp#1932 and Adjusted MsgPack004 to support records MessagePack-CSharp/MessagePack-CSharp#1946
• Add MessagePackSerializer.Typeless.Deserialize overload that takes ReadOnlyMemory<byte> by @​AArnott in Add MessagePackSerializer.Typeless.Deserialize overload that takes ReadOnlyMemory<byte> MessagePack-CSharp/MessagePack-CSharp#1959
• Make CompositeResolverAttribute much more useful by @​AArnott in Make CompositeResolverAttribute much more useful MessagePack-CSharp/MessagePack-CSharp#1968
• Add MsgPack014 analyzer and code fix by @​AArnott in Add MsgPack014 analyzer and code fix MessagePack-CSharp/MessagePack-CSharp#1969
• Reconcile AllowPrivate behavior by @​AArnott in Reconcile AllowPrivate behavior MessagePack-CSharp/MessagePack-CSharp#1990
• Add analyzers to help recognize breaking changes by @​AArnott in Add analyzers to help recognize breaking changes MessagePack-CSharp/MessagePack-CSharp#2003
• Add AOT formatter support for init properties and required members by @​AArnott in Add AOT formatter support for init properties and required members MessagePack-CSharp/MessagePack-CSharp#1980
• Support formatters for CompositeResolverAttribute by @​AlanLiu90 in Support formatters for CompositeResolverAttribute MessagePack-CSharp/MessagePack-CSharp#1922

Fixes

• Fix diagnostic and code fix for MsgPack011 on nesting types by @​AArnott in Fix diagnostic and code fix for MsgPack011 on nesting types MessagePack-CSharp/MessagePack-CSharp#1910
• Fix some source generator issues by @​AlanLiu90 in Fix some source generator issues MessagePack-CSharp/MessagePack-CSharp#1921
• Improve handling of array types in source generation by @​AArnott in Improve handling of array types in source generation MessagePack-CSharp/MessagePack-CSharp#1960
• Honor key name overrides in source-generated formatters by @​AArnott in Honor key name overrides in source-generated formatters MessagePack-CSharp/MessagePack-CSharp#1962
• MPC String Value From Key Attribute Fix by @​alimakki in MPC String Value From Key Attribute Fix MessagePack-CSharp/MessagePack-CSharp#1963
• Update DynamicAssembly usage to honor different AssemblyLoadContext's by @​BertanAygun in Update DynamicAssembly usage to honor different AssemblyLoadContext's MessagePack-CSharp/MessagePack-CSharp#1978
• Fix pack to include analyzers (more reliably) by @​AArnott in Fix pack to include analyzers (more reliably) MessagePack-CSharp/MessagePack-CSharp#1994
• Migration improvements: deserializing constructors and less-frequent partial requirements by @​AArnott in Migration improvements: deserializing constructors and less-frequent partial requirements MessagePack-CSharp/MessagePack-CSharp#2002
• Fix analyzers to not mis-interpret source generated formatters as user-defined by @​AArnott in Fix analyzers to not mis-interpret source generated formatters as user-defined MessagePack-CSharp/MessagePack-CSharp#1982
• Fix embedded types being generated in resolver by @​AlanLiu90 in Fix embedded types being generated in resolver MessagePack-CSharp/MessagePack-CSharp#2000
• Fix handling of name collisions in type hierarchies by @​AArnott in Fix handling of name collisions in type hierarchies MessagePack-CSharp/MessagePack-CSharp#2006
• Fix detecting duplicate keys by @​pkindruk in Fix detecting duplicate keys MessagePack-CSharp/MessagePack-CSharp#1971

Other changes

• Update test project to ensure default language version of generated code is C# 7.3 by @​AlanLiu90 in Update test project to ensure default language version of generated code is C# 7.3 MessagePack-CSharp/MessagePack-CSharp#1934
• Make source generation cancellable by @​AlanLiu90 in Make source generation cancellable MessagePack-CSharp/MessagePack-CSharp#1912
• Drop unused System.CodeDom package version by @​AArnott in Drop unused System.CodeDom package version MessagePack-CSharp/MessagePack-CSharp#1965
• Fix AOT README anchor by @​alimakki in Fix AOT README anchor MessagePack-CSharp/MessagePack-CSharp#1967
• Avoid GetSemanticModel in analyzer by @​AArnott in Avoid GetSemanticModel in analyzer MessagePack-CSharp/MessagePack-CSharp#1970
• Rename test class for improved discoverability by @​AArnott in Rename test class for improved discoverability MessagePack-CSharp/MessagePack-CSharp#1984
• Replace DynamicMethod use with private-capable Ref.Emit by @​AArnott in Replace DynamicMethod use with private-capable Ref.Emit MessagePack-CSharp/MessagePack-CSharp#1981
• Reader/Writer touch-ups by @​AArnott in Reader/Writer touch-ups MessagePack-CSharp/MessagePack-CSharp#1987
• Allow trimming of benchmarked frameworks by @​AArnott in Allow trimming of benchmarked frameworks MessagePack-CSharp/MessagePack-CSharp#1988
• Build 3.0-rc.1 by @​AArnott in Build 3.0-rc.1 MessagePack-CSharp/MessagePack-CSharp#2004

New Contributors

• @​N-Olbert made their first contribution in Adjusted MsgPack004 to support records MessagePack-CSharp/MessagePack-CSharp#1932
• @​iguskov1810 made their first contribution in Add ignore case option to EnumAsStringFormatter MessagePack-CSharp/MessagePack-CSharp#1936
• @​alimakki made their first contribution in MPC String Value From Key Attribute Fix MessagePack-CSharp/MessagePack-CSharp#1963
  ... (truncated)

3.0.134-beta

What's Changed

• Fix and improve generated formatters by @​AArnott in Fix and improve generated formatters MessagePack-CSharp/MessagePack-CSharp#1905
• Honor ExcludeFormatterFromSourceGeneratedResolverAttribute by suppressing certain warnings by @​AArnott in Honor ExcludeFormatterFromSourceGeneratedResolverAttribute by suppressing certain warnings MessagePack-CSharp/MessagePack-CSharp#1907

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.0.129-beta...v3.0.134-beta

3.0.129-beta

What's Changed

• Fix some source generator issues by @​AlanLiu90 in Fix some source generator issues MessagePack-CSharp/MessagePack-CSharp#1873
• Faster multi-element serialization for primitive types by @​pCYSl5EDgo in Faster multi-element serialization for primitive types MessagePack-CSharp/MessagePack-CSharp#1872
• Remove Unity related symbols from Nuget projects by @​pCYSl5EDgo in Remove Unity related symbols from Nuget projects MessagePack-CSharp/MessagePack-CSharp#1888
• Simd Accelerated bool[] deserialize by @​pCYSl5EDgo in Simd Accelerated bool[] deserialize MessagePack-CSharp/MessagePack-CSharp#1890
• Avoid regenerating all formatters when only one object/union/enum changes by @​AlanLiu90 in Avoid regenerating all formatters when only one object/union/enum changes MessagePack-CSharp/MessagePack-CSharp#1884
• Fix UnsafeBlitFormatter for the case of endianess mismatch by @​pCYSl5EDgo in Fix UnsafeBlitFormatter for the case of endianess mismatch MessagePack-CSharp/MessagePack-CSharp#1894
• Offer code fix for MsgPack011: partial modifier required by @​AArnott in Offer code fix for MsgPack011: partial modifier required MessagePack-CSharp/MessagePack-CSharp#1893
• Build beta instead of alpha by @​AArnott in Build beta instead of alpha MessagePack-CSharp/MessagePack-CSharp#1896
• Offer code fix to ignore unattribute members of MessagePackObject types by @​AArnott in Offer code fix to ignore unattribute members of MessagePackObject types MessagePack-CSharp/MessagePack-CSharp#1898
• Fix UnsafeBlitFormatterBase by @​pCYSl5EDgo in Fix UnsafeBlitFormatterBase MessagePack-CSharp/MessagePack-CSharp#1900

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.0.111-alpha...v3.0.129-beta

3.0.111-alpha

What's Changed

• fixing issue with backing field naming and serialization failing by @​epitka in fixing issue with backing field naming and serialization failing MessagePack-CSharp/MessagePack-CSharp#1785
• Feature/1804 locate formatters only if has elements inside by @​nmi-relewise in Feature/1804 locate formatters only if has elements inside MessagePack-CSharp/MessagePack-CSharp#1805
• Enable ignoring fields by using [NonSerialized] by @​mookid8000 in Enable ignoring fields by using [NonSerialized] MessagePack-CSharp/MessagePack-CSharp#1808
• Reduce nuget dependencies by @​thompson-tomo in Reduce nuget dependencies MessagePack-CSharp/MessagePack-CSharp#1812
• Merge master and dependency updates into develop by @​AArnott in Merge master and dependency updates into develop MessagePack-CSharp/MessagePack-CSharp#1814
• Fix source generator handling of inaccessible custom formatters by @​AArnott in Fix source generator handling of inaccessible custom formatters MessagePack-CSharp/MessagePack-CSharp#1818
• Activate analyzers and source generator by default by @​AArnott in Activate analyzers and source generator by default MessagePack-CSharp/MessagePack-CSharp#1822
• Add ExcludeFormatterFromSourceGeneratedResolverAttribute by @​AArnott in Add ExcludeFormatterFromSourceGeneratedResolverAttribute MessagePack-CSharp/MessagePack-CSharp#1824
• Raise perf tracking events when formatters are dynamically generated by @​AArnott in Raise perf tracking events when formatters are dynamically generated MessagePack-CSharp/MessagePack-CSharp#1829
• Bump Microsoft.NET.StringTools from 17.9.5 to 17.10.4 by @​dependabot in Bump Microsoft.NET.StringTools from 17.9.5 to 17.10.4 MessagePack-CSharp/MessagePack-CSharp#1840
• Eliminate #if regions related to unity by @​AArnott in Eliminate #if regions related to unity MessagePack-CSharp/MessagePack-CSharp#1825
• Preserve code comments when adding attributes to fields by @​AArnott in Preserve code comments when adding attributes to fields MessagePack-CSharp/MessagePack-CSharp#1842
• Add .NET 8 target to mpc by @​AArnott in Add .NET 8 target to mpc MessagePack-CSharp/MessagePack-CSharp#1832
• Fix handling of formatters following the singleton pattern by @​AArnott in Fix handling of formatters following the singleton pattern MessagePack-CSharp/MessagePack-CSharp#1850
• Report missing [MessagePackObject] attribute for generic types by @​AArnott in Report missing [MessagePackObject] attribute for generic types  MessagePack-CSharp/MessagePack-CSharp#1859
• Unity consumes messagepack as a nuget package instead of source by @​neuecc in Unity consumes messagepack as a nuget package instead of source MessagePack-CSharp/MessagePack-CSharp#1734
• Allow writing to init property setters of generic classes on .NET 6+ by @​AArnott in Allow writing to init property setters of generic classes on .NET 6+ MessagePack-CSharp/MessagePack-CSharp#1879
• Fix issues about the equality of AnalyzerOptions and FormatterDescriptor by @​AlanLiu90 in Fix issues about the equality of AnalyzerOptions and FormatterDescriptor MessagePack-CSharp/MessagePack-CSharp#1874

New Contributors

• @​epitka made their first contribution in fixing issue with backing field naming and serialization failing MessagePack-CSharp/MessagePack-CSharp#1785
• @​nmi-relewise made their first contribution in Feature/1804 locate formatters only if has elements inside MessagePack-CSharp/MessagePack-CSharp#1805
• @​mookid8000 made their first contribution in Enable ignoring fields by using [NonSerialized] MessagePack-CSharp/MessagePack-CSharp#1808
• @​thompson-tomo made their first contribution in Reduce nuget dependencies MessagePack-CSharp/MessagePack-CSharp#1812

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.0.54-alpha...v3.0.111-alpha

3.0.54-alpha

What's Changed

High level

• mpc tool is gone. We use roslyn source generators now.
• Source generation is enabled by default. At runtime MessagePack v3 will look for these source generated formatters and avoid generating them dynamically if found.

Pull requests

• Rollback package dependency versions for analyzers by @​AArnott in Rollback package dependency versions for analyzers MessagePack-CSharp/MessagePack-CSharp#1641
• move code depending on UnityEditor into separate assembly by @​NorbertNemec in move code depending on UnityEditor into separate assembly MessagePack-CSharp/MessagePack-CSharp#1649
• remove MessagePackWindow in Unity by @​neuecc in remove MessagePackWindow in Unity MessagePack-CSharp/MessagePack-CSharp#1651
• Union type collect by @​Scormave in Union type collect MessagePack-CSharp/MessagePack-CSharp#1634
• Switch from MSBuild properties to an AdditionalFiles json file by @​AArnott in Switch from MSBuild properties to an AdditionalFiles json file MessagePack-CSharp/MessagePack-CSharp#1667
• Fix analyzer when only MessagePack.Annotations is referenced by @​AArnott in Fix analyzer when only MessagePack.Annotations is referenced MessagePack-CSharp/MessagePack-CSharp#1674
• Allow applying [MessagePackFormatter] on parameters by @​AArnott in Allow applying [MessagePackFormatter] on parameters MessagePack-CSharp/MessagePack-CSharp#1678
• Revert "Allow applying [MessagePackFormatter] on parameters" by @​AArnott in Revert "Allow applying [MessagePackFormatter] on parameters" MessagePack-CSharp/MessagePack-CSharp#1679
• Allow applying [MessagePackFormatter] on parameters and return values by @​AArnott in Allow applying [MessagePackFormatter] on parameters and return values MessagePack-CSharp/MessagePack-CSharp#1680
• Remove long to int truncation of stream position by @​AArnott in Remove long to int truncation of stream position MessagePack-CSharp/MessagePack-CSharp#1685
• Fix releases links in README text by @​KonH in Fix releases links in README text MessagePack-CSharp/MessagePack-CSharp#1688
• Better constrain dictionary detection by @​AArnott in Better constrain dictionary detection MessagePack-CSharp/MessagePack-CSharp#1687
• Create FUNDING.yml by @​AArnott in Create FUNDING.yml MessagePack-CSharp/MessagePack-CSharp#1693
• Workaround mono runtime bug by @​AArnott in Workaround mono runtime bug MessagePack-CSharp/MessagePack-CSharp#1696
• Support to analyze records by @​nenoNaninu in Support to analyze records MessagePack-CSharp/MessagePack-CSharp#1698
• Add MESSAGEPACK_FORCE_AOT preprocessor directive by @​brwhelan-msft in Add MESSAGEPACK_FORCE_AOT preprocessor directive MessagePack-CSharp/MessagePack-CSharp#1701
• .NET 8 Update(1): stylecop related small update by @​pCYSl5EDgo in .NET 8 Update(1): stylecop related small update MessagePack-CSharp/MessagePack-CSharp#1727
• .NET 8 Update(0): global.json, Dockerfile, Packages by @​pCYSl5EDgo in .NET 8 Update(0): global.json, Dockerfile, Packages MessagePack-CSharp/MessagePack-CSharp#1726
• .NET 8 Update(2): TargetFrameworks by @​pCYSl5EDgo in .NET 8 Update(2): TargetFrameworks MessagePack-CSharp/MessagePack-CSharp#1728
• .NET 8 Update(3): Microsoft.CodeAnalysis.Analyzers v3.3.4 by @​pCYSl5EDgo in .NET 8 Update(3): Microsoft.CodeAnalysis.Analyzers v3.3.4 MessagePack-CSharp/MessagePack-CSharp#1729
• .NET 8 Update(4): System.Collections.Frozen by @​pCYSl5EDgo in .NET 8 Update(4): System.Collections.Frozen MessagePack-CSharp/MessagePack-CSharp#1730
• .NET 8 Update(5): System.Collections.Generic.PriorityQueue<TElement, TPriority> by @​pCYSl5EDgo in .NET 8 Update(5): System.Collections.Generic.PriorityQueue<TElement, TPriority> MessagePack-CSharp/MessagePack-CSharp#1731
• .NET 8 Update(6): CollectionsMarshal for ListFormatter by @​pCYSl5EDgo in .NET 8 Update(6): CollectionsMarshal for ListFormatter MessagePack-CSharp/MessagePack-CSharp#1732
• Source Generator configuration via attributes instead of .json file by @​AArnott in Source Generator configuration via attributes instead of .json file MessagePack-CSharp/MessagePack-CSharp#1736
• Improved UnityShims for better code sharing by @​Scormave in Improved UnityShims for better code sharing MessagePack-CSharp/MessagePack-CSharp#1585
• Drop support for roslyn 3.8 by @​AArnott in Drop support for roslyn 3.8 MessagePack-CSharp/MessagePack-CSharp#1749
• IEnumerable serialize improvement: Enumerable.TryGetNonEnumeratedCount by @​pCYSl5EDgo in IEnumerable<T> serialize improvement: Enumerable.TryGetNonEnumeratedCount MessagePack-CSharp/MessagePack-CSharp#1751
• AOT by default by @​AArnott in AOT by default MessagePack-CSharp/MessagePack-CSharp#1743
• Add a [CompositeResolver] attribute that triggers source generation by @​AArnott in Add a [CompositeResolver] attribute that triggers source generation MessagePack-CSharp/MessagePack-CSharp#1754
• .NET 8 Update(8): Update Benchmarks not using Dynamic PGO and BinaryFormatter by @​pCYSl5EDgo in .NET 8 Update(8): Update Benchmarks not using Dynamic PGO and BinaryFormatter MessagePack-CSharp/MessagePack-CSharp#1746
• Include all hand-written formatters in the source generated resolver by @​AArnott in Include all hand-written formatters in the source generated resolver MessagePack-CSharp/MessagePack-CSharp#1796
• Fix source generated formatters for records with string keys by @​dmitry-bym in Fix source generated formatters for records with string keys MessagePack-CSharp/MessagePack-CSharp#1798
• Use LangVersion=12 everywhere except code that Unity compiles by @​AArnott in Use LangVersion=12 everywhere except code that Unity compiles MessagePack-CSharp/MessagePack-CSharp#1801
• Source generated formatters that support private members by @​AArnott in Source generated formatters that support private members MessagePack-CSharp/MessagePack-CSharp#1802

New Contributors

• @​NorbertNemec made their first contribution in move code depending on UnityEditor into separate assembly MessagePack-CSharp/MessagePack-CSharp#1649
• @​nenoNaninu made their first contribution in Support to analyze records MessagePack-CSharp/MessagePack-CSharp#1698
• @​brwhelan-msft made their first contribution in Add MESSAGEPACK_FORCE_AOT preprocessor directive MessagePack-CSharp/MessagePack-CSharp#1701
• @​dmitry-bym made their first contribution in Fix source generated formatters for records with string keys MessagePack-CSharp/MessagePack-CSharp#1798

... (truncated)

3.0.3

See our migration guide.
Details blog article

What's new

• AOT source generation of formatters by default using roslyn source generators. mpc is no longer available. Dynamic formatters still exist (for runtimes that support them), but code that compiles against v3 are unlikely to need them, resulting in better startup performance and improved debugging experience.
• AOT source generation is hugely improved.
  • Support most or all of the data types that DynamicObjectResolver supported.
  • Support for serializing private members.
• [MessagePackObject] types can serialize private members without the application having to switch to DynamicObjectResolverAllowPrivate.
• Analyzers are on by default, with many new ones to help ensure your code is correct and ready for AOT source generated formatters.
• Custom formatters are automatically used for the data types they format when defined in the same assembly, by default. No need to attribute your data types to point to the custom formatter. Opt out by attributing the formatter with [ExcludeFormatterFromSourceGeneratedResolverAttribute].
• New CompositeResolverAttribute offers a faster runtime alternative to the CompositeResolver class.

Unity

• Consume through NuGetForUnity and UPM instead of through .unitypackage

What's Changed

• Fix bug unsafe formatter by @​pCYSl5EDgo in Fix bug unsafe formatter MessagePack-CSharp/MessagePack-CSharp#1584
• Bump Microsoft.NET.StringTools from 17.4.0 to 17.5.0 by @​dependabot in Bump Microsoft.NET.StringTools from 17.4.0 to 17.5.0 MessagePack-CSharp/MessagePack-CSharp#1588
• Add built-in formatters for several more System.Numerics types by @​AArnott in Add built-in formatters for several more System.Numerics types MessagePack-CSharp/MessagePack-CSharp#1597
• Bump ReactiveProperty from 8.2.0 to 9.1.2 by @​dependabot in Bump ReactiveProperty from 8.2.0 to 9.1.2 MessagePack-CSharp/MessagePack-CSharp#1592
• Set nullable in unity by @​Y-YoL in Set nullable in unity MessagePack-CSharp/MessagePack-CSharp#1600
• Convert mpc and msbuild task package to a roslyn source generator by @​AArnott in Convert mpc and msbuild task package to a roslyn source generator MessagePack-CSharp/MessagePack-CSharp#1599
• Merge master into develop by @​AArnott in Merge master into develop MessagePack-CSharp/MessagePack-CSharp#1601
• Bring back support for the additional allow types by @​AArnott in Bring back support for the additional allow types MessagePack-CSharp/MessagePack-CSharp#1602
• Report diagnostics instead of throw from TypeCollector by @​AArnott in Report diagnostics instead of throw from TypeCollector MessagePack-CSharp/MessagePack-CSharp#1605
• Enable P2P generic test by @​AArnott in Enable P2P generic test MessagePack-CSharp/MessagePack-CSharp#1604
• Avoid copying data twice in MessagePackWriter.MemoryCopy when running… by @​AlanLiu90 in Avoid copying data twice in MessagePackWriter.MemoryCopy when running… MessagePack-CSharp/MessagePack-CSharp#1607
• Bump Nerdbank.GitVersioning from 3.5.119 to 3.6.128 by @​dependabot in Bump Nerdbank.GitVersioning from 3.5.119 to 3.6.128 MessagePack-CSharp/MessagePack-CSharp#1615
• Bump Microsoft.Build.Locator from 1.4.1 to 1.5.5 by @​dependabot in Bump Microsoft.Build.Locator from 1.4.1 to 1.5.5 MessagePack-CSharp/MessagePack-CSharp#1613
• Bump Microsoft.CodeAnalysis.PublicApiAnalyzers from 3.3.3 to 3.3.4 by @​dependabot in Bump Microsoft.CodeAnalysis.PublicApiAnalyzers from 3.3.3 to 3.3.4 MessagePack-CSharp/MessagePack-CSharp#1612
• Merge master into develop by @​AArnott in Merge master into develop MessagePack-CSharp/MessagePack-CSharp#1620
• Bump NUnit3TestAdapter from 4.3.1 to 4.4.2 by @​dependabot in Bump NUnit3TestAdapter from 4.3.1 to 4.4.2 MessagePack-CSharp/MessagePack-CSharp#1614
• Bump System.Collections.Immutable from 6.0.0 to 7.0.0 by @​dependabot in Bump System.Collections.Immutable from 6.0.0 to 7.0.0 MessagePack-CSharp/MessagePack-CSharp#1611
• Fix the errant package dependency in source generator package by @​AArnott in Fix the errant package dependency in source generator package MessagePack-CSharp/MessagePack-CSharp#1622
• Fix ILookup<TKey, TElement> deserialized behavior by @​AArnott in Fix ILookup<TKey, TElement> deserialized behavior MessagePack-CSharp/MessagePack-CSharp#1623
• Merge latest Library.Template by @​AArnott in Merge latest Library.Template MessagePack-CSharp/MessagePack-CSharp#1640
• Bump Microsoft.NET.StringTools from 17.5.0 to 17.6.3 by @​dependabot in Bump Microsoft.NET.StringTools from 17.5.0 to 17.6.3 MessagePack-CSharp/MessagePack-CSharp#1629
• Rollback package dependency versions for analyzers by @​AArnott in Rollback package dependency versions for analyzers MessagePack-CSharp/MessagePack-CSharp#1641
• move code depending on UnityEditor into separate assembly by @​NorbertNemec in move code depending on UnityEditor into separate assembly MessagePack-CSharp/MessagePack-CSharp#1649
• remove MessagePackWindow in Unity by @​neuecc in remove MessagePackWindow in Unity MessagePack-CSharp/MessagePack-CSharp#1651
• Union type collect by @​Scormave in Union type collect MessagePack-CSharp/MessagePack-CSharp#1634
• Switch from MSBuild properties to an AdditionalFiles json file by @​AArnott in Switch from MSBuild properties to an AdditionalFiles json file MessagePack-CSharp/MessagePack-CSharp#1667
• Fix analyzer when only MessagePack.Annotations is referenced by @​AArnott in Fix analyzer when only MessagePack.Annotations is referenced MessagePack-CSharp/MessagePack-CSharp#1674
• Allow applying [MessagePackFormatter] on parameters by @​AArnott in Allow applying [MessagePackFormatter] on parameters MessagePack-CSharp/MessagePack-CSharp#1678
• Revert "Allow applying [MessagePackFormatter] on parameters" by @​AArnott in Revert "Allow applying [MessagePackFormatter] on parameters" MessagePack-CSharp/MessagePack-CSharp#1679
• Allow applying [MessagePackFormatter] on parameters and return values by @​AArnott in Allow applying [MessagePackFormatter] on parameters and return values MessagePack-CSharp/MessagePack-CSharp#1680
• Remove long to int truncation of stream position by @​AArnott in Remove long to int truncation of stream position MessagePack-CSharp/MessagePack-CSharp#1685
• Fix releases links in README text by @​KonH in Fix releases links in README text MessagePack-CSharp/MessagePack-CSharp#1688
  ... (truncated)

2.6.100-alpha

What's Changed

• Avoid copying data twice in MessagePackWriter.MemoryCopy when running… by @​AlanLiu90 in Avoid copying data twice in MessagePackWriter.MemoryCopy when running… MessagePack-CSharp/MessagePack-CSharp#1607
• Bump System.Collections.Immutable from 6.0.0 to 7.0.0 by @​dependabot in Bump System.Collections.Immutable from 6.0.0 to 7.0.0 MessagePack-CSharp/MessagePack-CSharp#1611
• Fix the errant package dependency in source generator package by @​AArnott in Fix the errant package dependency in source generator package MessagePack-CSharp/MessagePack-CSharp#1622
• Fix ILookup<TKey, TElement> deserialized behavior by @​AArnott in Fix ILookup<TKey, TElement> deserialized behavior MessagePack-CSharp/MessagePack-CSharp#1623

New Contributors

• @​AlanLiu90 made their first contribution in Avoid copying data twice in MessagePackWriter.MemoryCopy when running… MessagePack-CSharp/MessagePack-CSharp#1607

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v2.6.95-alpha...v2.6.100-alpha

2.6.95-alpha

What's Changed

• Convert mpc and msbuild task package to a roslyn source generator by @​AArnott in Convert mpc and msbuild task package to a roslyn source generator MessagePack-CSharp/MessagePack-CSharp#1599
• Fix bug unsafe formatter by @​pCYSl5EDgo in Fix bug unsafe formatter MessagePack-CSharp/MessagePack-CSharp#1584
• Bump Microsoft.NET.StringTools from 17.4.0 to 17.5.0 by @​dependabot in Bump Microsoft.NET.StringTools from 17.4.0 to 17.5.0 MessagePack-CSharp/MessagePack-CSharp#1588
• Add built-in formatters for several more System.Numerics types by @​AArnott in Add built-in formatters for several more System.Numerics types MessagePack-CSharp/MessagePack-CSharp#1597
• Set nullable in unity by @​Y-YoL in Set nullable in unity MessagePack-CSharp/MessagePack-CSharp#1600
• Bring back support for the additional allow types by @​AArnott in Bring back support for the additional allow types MessagePack-CSharp/MessagePack-CSharp#1602
• Report diagnostics instead of throw from TypeCollector by @​AArnott in Report diagnostics instead of throw from TypeCollector MessagePack-CSharp/MessagePack-CSharp#1605
• Enable P2P generic test by @​AArnott in Enable P2P generic test MessagePack-CSharp/MessagePack-CSharp#1604

New Contributors

• @​Y-YoL made their first contribution in Set nullable in unity MessagePack-CSharp/MessagePack-CSharp#1600

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v2.5.108...v2.6.95-alpha

2.5.302

This is a merge release, combining the security fix from the https://github.com/MessagePack-CSharp/MessagePack-CSharp/releases/tag/v2.5.205 release with the several security fixes from the https://github.com/MessagePack-CSharp/MessagePack-CSharp/releases/tag/v2.5.301 release.

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.