Skip to content

chore: bump dependencies to fix a .NET Denial of Service Vulnerability#962

Merged
vbreuss merged 1 commit intomainfrom
chore/bump-dependencies
Mar 13, 2026
Merged

chore: bump dependencies to fix a .NET Denial of Service Vulnerability#962
vbreuss merged 1 commit intomainfrom
chore/bump-dependencies

Conversation

@vbreuss
Copy link
Copy Markdown
Member

@vbreuss vbreuss commented Mar 13, 2026
edited
Loading

This pull request updates several package dependencies to newer versions and introduces a new package reference for certain target frameworks. The main focus is on keeping dependencies up to date, addressing security advisories, and ensuring compatibility with newer .NET targets.

General dependency updates:

  • Updated System.Threading.Channels to version 10.0.5 for non-net6.0/net8.0 targets.
  • Updated SharpCompress to 0.47.0, Microsoft.Extensions.DependencyInjection to 10.0.5, and Microsoft.Testing.Extensions.CodeCoverage to 18.5.2.
  • Updated several test and utility dependencies: aweXpect.Mockolate to 1.2.0, Mockolate to 1.5.4, TUnit.Engine to 1.19.22, and Polyfill to 9.18.0.

New package references:

@vbreuss vbreuss self-assigned this Mar 13, 2026
Copilot AI review requested due to automatic review settings March 13, 2026 14:37
@vbreuss vbreuss added the dependencies Update of dependencies label Mar 13, 2026
Copilot AI reviewed Mar 13, 2026
View reviewed changes
Copy link
Copy Markdown

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates centrally-managed NuGet package versions to newer patch/minor releases, keeping the repo’s dependency set current while preserving existing TFM-specific pinning behavior (e.g., net6/net8 special-cased package versions).

Changes:

  • Bump System.Threading.Channels for non-net6/non-net8 TFMs to 10.0.5.
  • Update several tooling/test/build dependencies (e.g., SharpCompress, Microsoft.Testing.Extensions.CodeCoverage, TUnit.Engine, Polyfill, Mockolate).

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 13, 2026

Test Results

0 files   -     102  0 suites   - 102   0s ⏱️ - 2h 55m 43s
0 tests  - 112 438  0 ✅  -  99 835  0 💤  - 12 603  0 ❌ ±0 
0 runs   - 267 282  0 ✅  - 230 802  0 💤  - 36 480  0 ❌ ±0 

Results for commit b3fc840. ± Comparison against base commit f1bf648.

@vbreuss vbreuss force-pushed the chore/bump-dependencies branch 3 times, most recently from 9812ac2 to b23c3ef Compare March 13, 2026 14:50
@vbreuss vbreuss force-pushed the chore/bump-dependencies branch from b23c3ef to 5133b4b Compare March 13, 2026 14:52
@vbreuss vbreuss enabled auto-merge (squash) March 13, 2026 14:56
@vbreuss vbreuss changed the title chore: bump dependencies chore: bump dependencies to fix a .NET Denial of Service Vulnerability Mar 13, 2026
@vbreuss vbreuss disabled auto-merge March 13, 2026 14:57
@vbreuss vbreuss enabled auto-merge (squash) March 13, 2026 14:58
@vbreuss vbreuss disabled auto-merge March 13, 2026 15:18
@vbreuss vbreuss enabled auto-merge (squash) March 13, 2026 15:18
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud bot commented Mar 13, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@vbreuss vbreuss merged commit ea80395 into main Mar 13, 2026
13 checks passed
@vbreuss vbreuss deleted the chore/bump-dependencies branch March 13, 2026 15:33
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 24, 2026

This is addressed in release v6.0.0.

This was referenced Mar 24, 2026
Open
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@vbreuss vbreuss

Labels

dependencies Update of dependencies state: released

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@vbreuss