Bump the non-security-updates group with 25 updates

[dependabot]

Updated coverlet.collector from 10.0.0 to 10.0.1.

Release notes

Sourced from coverlet.collector's releases.

10.0.1

Improvements

• Coverlet with MTP 2 doesn't show test coverage statistic in console #​1907
• Avoid unnecessary testhost restarts #​1912 by https://github.com/mawosoft

Fixed

• Fix inconsistent paths in cobertura reports #​1723
• Fix when using "is" with "and" in pattern matching, branch coverage is lower than normal #​1313
• Fix Coverlet flagging a branch for an async functions finally block where none exists #​1337
• Fix Coverlet Tracker Missing CompilerGeneratedAttribute #​1828

Maintenance

• Add architecture docs and diagrams for all integrations #​1927
• Update NuGet packages and .NET SDK versions #​1933

Diff between 10.0.0 and 10.0.1

Commits viewable in compare view.

Updated ErrorOr from 2.0.1 to 2.1.1.

Release notes

Sourced from ErrorOr's releases.

2.1.1

new Release with many new features:

• Some minor Fixes
• Support for .NET 8 was added
• Support for .NET 10 was added
• Added missing async versions of FailIf methods
• Added FailIf method overloads that allow to use value in error definition using Func<TValue, Error> error builder
• Added ElseDo and ElseDoAsync methods
• Added Else/ElseAsync overloads returning ErrorOr
• Added Else/ElseAsync overloads returning ErrorOr
• Added ToErrorOrAsync method
• Added missing ErrorOrFactory.From methods
• Added missing collection expression support
• Added FromAsync and missing ToErrorOrAsync methods
• Added ThenEnsure and ThenEnsureAsync methods
• Added IsSuccess property to ErrorOr

Commits viewable in compare view.

Updated FluentAssertions from 8.9.0 to 8.10.0.

Release notes

Sourced from FluentAssertions's releases.

8.10.0

What's Changed

Improvements

• Fail with a descriptive error when path-based rules are used on value-semantic types by @​dennisdoomen in Fail with a descriptive error when path-based rules are used on value-semantic types fluentassertions/fluentassertions#3187
• Significantly speed up BeEquivalentTo for large unordered collections by @​dennisdoomen in Significantly speed up BeEquivalentTo for large unordered collections fluentassertions/fluentassertions#3188
• Add ComparingNullCollectionsAsEmpty and ComparingNullStringsAsEmpty options to BeEquivalentTo by @​dennisdoomen in Add ComparingNullCollectionsAsEmpty and ComparingNullStringsAsEmpty options to BeEquivalentTo fluentassertions/fluentassertions#3202
• Include original index in extraneous item failure messages by @​dennisdoomen in Include original index in extraneous item failure messages fluentassertions/fluentassertions#3203

Documentation

• Reroute the docs link to Xceed by @​dennisdoomen in Reroute the docs link to Xceed fluentassertions/fluentassertions#3183
• Fix typo in release notes by @​jnyrup in Fix typo in release notes fluentassertions/fluentassertions#3194
• Fix typos in docs by @​jnyrup in Fix typos in docs fluentassertions/fluentassertions#3197

Others

• Bump flatted from 3.4.1 to 3.4.2 in the npm_and_yarn group across 1 directory by @​dependabot[bot] in Bump flatted from 3.4.1 to 3.4.2 in the npm_and_yarn group across 1 directory fluentassertions/fluentassertions#3184
• Add AI assistant instruction file (agents.md) for Copilot, Claude, and JetBrains Junie by @​Copilot in Add AI assistant instruction file (agents.md) for Copilot, Claude, and JetBrains Junie fluentassertions/fluentassertions#3176
• Bump smol-toml from 1.6.0 to 1.6.1 in the npm_and_yarn group across 1 directory by @​dependabot[bot] in Bump smol-toml from 1.6.0 to 1.6.1 in the npm_and_yarn group across 1 directory fluentassertions/fluentassertions#3185
• Bump the npm_and_yarn group across 1 directory with 2 updates by @​dependabot[bot] in Bump the npm_and_yarn group across 1 directory with 2 updates fluentassertions/fluentassertions#3186
• Bump cspell from 9.7.0 to 10.0.0 by @​dependabot[bot] in Bump cspell from 9.7.0 to 10.0.0 fluentassertions/fluentassertions#3189
• Update nugets by @​jnyrup in Update nugets fluentassertions/fluentassertions#3192
• Fixup Qodana issues by @​jnyrup in Fixup Qodana issues fluentassertions/fluentassertions#3193
• Fix Qodana argument separator by @​jnyrup in Fix Qodana argument separator fluentassertions/fluentassertions#3195
• Use new Qodana linter option by @​jnyrup in Use new Qodana linter option fluentassertions/fluentassertions#3196
• Fix flaky BeLessThanOrEqualTo execution time test by @​Copilot in Fix flaky BeLessThanOrEqualTo execution time test fluentassertions/fluentassertions#3200
• Bump JetBrains/qodana-action from 2025.3 to 2026.1 by @​dependabot[bot] in Bump JetBrains/qodana-action from 2025.3 to 2026.1 fluentassertions/fluentassertions#3201
• Use long for hashCode in ReferentialComparer to avoid overflow by @​dennisdoomen in Use long for hashCode in ReferentialComparer to avoid overflow fluentassertions/fluentassertions#3204

Full Changelog: fluentassertions/fluentassertions@8.9.0...8.10.0

Commits viewable in compare view.

Updated Google.Protobuf from 3.34.1 to 3.35.1.

Release notes

Sourced from Google.Protobuf's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Grpc.Tools from 2.80.0 to 2.81.1.

Release notes

Sourced from Grpc.Tools's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Identity.EntityFrameworkCore from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.AspNetCore.Identity.EntityFrameworkCore's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Mvc.Testing from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.AspNetCore.Mvc.Testing's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.OpenApi from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.AspNetCore.OpenApi's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.EntityFrameworkCore's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.Design from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.EntityFrameworkCore.Design's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.InMemory from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.EntityFrameworkCore.InMemory's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.Tools from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.EntityFrameworkCore.Tools's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.ApiDescription.Server from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.ApiDescription.Server's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.IdentityModel.Tokens from 8.18.0 to 8.19.1.

Release notes

Sourced from Microsoft.IdentityModel.Tokens's releases.

8.19.1

Bug Fixes

• Update JwtSecurityTokenHandler for IssuerSigningKeyResolverUsingConfiguration to take priority over IssuerSigningKeyResolver, matching the documented contract and the correct behavior already present in JsonWebTokenHandler. See PR #​3519.

8.19.0

New Features

• Add ML-DSA (FIPS 204) post-quantum signature support. See PR #​3479.
• Cache custom crypto providers in CryptoProviderFactory. See PR #​3489.

Bug Fixes

• Disable automatic redirects on default HttpClient for JKU retrieval. See PR #​3494.
• Adjust rented buffer handling in claim set parsing. See PR #​3493.
• Tidy null handling in SAML conditions validation. See PR #​3491.
• Improve validation of jku claim. See PR #​3481.
• Limit telemetry algorithm dimension cardinality. See PR #​3490.
• Add defensive copy of collections in ValidationParameters. See PR #​3492.
• Update TokenValidationParameter copy constructor to make a deep copy. See PR #​3488.
• Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #​3505.
• Apply RFC 3986 section 6.2.2 normalization to DPoP htu comparison. See PR #​3509.

Commits viewable in compare view.

Updated Microsoft.NET.Test.Sdk from 18.5.1 to 18.6.0.

Release notes

Sourced from Microsoft.NET.Test.Sdk's releases.

18.6.0

What's Changed

• Revert removal of Video Recorder by @​nohwnd in Revert removal of Video Recorder microsoft/vstest#15336
• Speed up blame by filtering non-.NET processes from dump collection by @​nohwnd in Speed up blame tests by filtering non-.NET processes from dump collection microsoft/vstest#15518
• Add README.md to NuGet packages by @​nohwnd in Add README.md to NuGet packages microsoft/vstest#15550
• Report child process info on connection timeout by @​nohwnd in Report child process info on connection timeout microsoft/vstest#15603

Changes to tests and infra

• Brand as 18.6 by @​nohwnd in Brand as 18.6 microsoft/vstest#15423
• Upgrading code coverage version to 18.5.1, by @​fhnaseer in Upgrading code coverage version to 18.5.1, microsoft/vstest#15422
• Updating System.Collections.Immutable to 9.0.11 by @​MSLukeWest in Updating System.Collections.Immutable to 9.0.11 microsoft/vstest#15425
• Fix attachVS when used for debugging integration tests by @​nohwnd in Fix attachVS when used for debugging integration tests microsoft/vstest#15451
• Replace dotnet.config, with global.json by @​nohwnd in Replace dotnet.config, with global.json microsoft/vstest#15449
• Document debugging integration tests with AttachVS by @​Copilot in Document debugging integration tests with AttachVS microsoft/vstest#15452
• Fix stack overflow tests by @​nohwnd in Fix stack overflow tests microsoft/vstest#15461
• Make TestAssets.sln buildable locally by @​Youssef1313 in Make TestAssets.sln buildable locally microsoft/vstest#15466
• Try filtering out tests by @​nohwnd in Try filtering out tests microsoft/vstest#15463
• Build just once when tfms run in parallel by @​nohwnd in Build just once when tfms run in parallel microsoft/vstest#15465
• Review simplify compatibility sources, deduplicate tests by @​nohwnd in Review simplify compatibility sources, deduplicate tests microsoft/vstest#15472
• Cleanup dead TRX code by @​Youssef1313 in Cleanup dead TRX code microsoft/vstest#15474
• Update .NET runtimes to 8.0.25, 9.0.14, and 10.0.4 by @​nohwnd in Update .NET runtimes to 8.0.25, 9.0.14, and 10.0.4 microsoft/vstest#15481
• Compat matrix checker by @​nohwnd in Compat matrix checker microsoft/vstest#15480
• Add trx analysis skill by @​nohwnd in Add trx analysis skill microsoft/vstest#15486
• Split integration tests to single tfm and multi tfm project by @​nohwnd in Split integration tests to single tfm and multi tfm project microsoft/vstest#15484
• Update matrix by @​nohwnd in Update matrix microsoft/vstest#15477
• Break infinite restore loop in VS by @​nohwnd in Break infinite restore loop in VS microsoft/vstest#15503
• Use global package cache for build, and local for running integration tests by @​nohwnd in Use global package cache for build, and local for running integration tests microsoft/vstest#15500
• Update contributing by @​nohwnd in Update contributing microsoft/vstest#15505
• Reduce test wall-clock time by increasing minThreads by @​drognanar in Reduce test wall-clock time by increasing minThreads microsoft/vstest#15502
• Indicator flakiness by @​nohwnd in Indicator flakiness microsoft/vstest#15513
• Fix ci build by @​nohwnd in Fix ci build microsoft/vstest#15515
• Fix thread safety issues by @​Evangelink in Fix thread safety issues microsoft/vstest#15512
• Optimize DotnetSDKSimulation_PostProcessing test (163s → 61s) by @​nohwnd in Optimize DotnetSDKSimulation_PostProcessing test (163s → 61s) microsoft/vstest#15516
• Build isolated test assets for single TFM instead of 7 by @​nohwnd in Build isolated test assets for single TFM instead of 7 microsoft/vstest#15517
• Remove unused dependencies from Library.IntegrationTests by @​nohwnd in Remove unused dependencies from Library.IntegrationTests microsoft/vstest#15527
• Remove printing _attachments content to console by @​nohwnd in Remove printing _attachments content to console microsoft/vstest#15520
• Add Linux/macOS test filtering guide to CONTRIBUTING.md by @​nohwnd in Add Linux/macOS test filtering guide to CONTRIBUTING.md microsoft/vstest#15521
• Change integration test parallelization from ClassLevel to MethodLevel by @​nohwnd in Change integration test parallelization from ClassLevel to MethodLevel microsoft/vstest#15526
• Unify target framework checks with IsNetFrameworkTarget/IsNetTarget by @​nohwnd in Unify target framework checks with IsNetFrameworkTarget/IsNetTarget microsoft/vstest#15523
• Add unattended work instructions to copilot-instructions.md by @​nohwnd in Add unattended work instructions to copilot-instructions.md microsoft/vstest#15531
• Reduce code style rule severity from warning to suggestion by @​nohwnd in Reduce code style rule severity from warning to suggestion microsoft/vstest#15522
• Remove Debug/Release line number branching from tests by @​nohwnd in Remove Debug/Release line number branching from tests microsoft/vstest#15519
• Revise unattended work instructions in copilot-instructions.md by @​nohwnd in Revise unattended work instructions in copilot-instructions.md microsoft/vstest#15532
• Improve CompatibilityRowsBuilder error message with diagnostic details by @​nohwnd in Improve CompatibilityRowsBuilder error message with diagnostic details microsoft/vstest#15529
• docs: add git worktree and upstream sync workflow to copilot-instructions.md by @​nohwnd in docs: add git worktree and upstream sync workflow to copilot-instructions.md microsoft/vstest#15538
• Add VSIX runner to smoke tests by @​nohwnd in Add VSIX runner to smoke tests microsoft/vstest#15541
• Remove deprecated WebTest and TMI test methods by @​nohwnd in Remove deprecated WebTest and TMI test methods microsoft/vstest#15525
• Fix compatibility test failures for legacy vstest.console and MSTest adapter by @​nohwnd in Fix compatibility test failures for legacy vstest.console and MSTest adapter microsoft/vstest#15534
• Convert TestPlatform.sln to slnx format by @​nohwnd in Convert TestPlatform.sln to slnx format microsoft/vstest#15551
• Convert test/TestAssets .sln files to .slnx format by @​nohwnd in Convert test/TestAssets .sln files to .slnx format microsoft/vstest#15557
  ... (truncated)

Commits viewable in compare view.

Updated Npgsql.EntityFrameworkCore.PostgreSQL from 10.0.1 to 10.0.2.

Release notes

Sourced from Npgsql.EntityFrameworkCore.PostgreSQL's releases.

10.0.2

Milestone issue

What's Changed

• Translate bytea.Any() as length > 0 by @​georg-jung in Translate bytea.Any() as length > 0 npgsql/efcore.pg#3817

Full Changelog: npgsql/efcore.pg@v10.0.1...v10.0.2

Commits viewable in compare view.

Updated Polly from 8.6.6 to 8.7.0.

Release notes

Sourced from Polly's releases.

8.7.0

Highlights

• Adds caller cancellation token propagation in hedging and timeout strategies by @​DaRosenberg in Adds caller cancellation token propagation in hedging and timeout strategies App-vNext/Polly#3094
• Telemetry refactoring by @​martincostello in Telemetry refactoring App-vNext/Polly#2985

What's Changed

• Update zizmor to 1.22.0 by @​martincostello in Update zizmor to 1.22.0 App-vNext/Polly#2955
• Increase test timeout by @​martincostello in Increase test timeout App-vNext/Polly#2956
• Disable secrets-outside-env audit by @​martincostello in Disable secrets-outside-env audit App-vNext/Polly#2969
• Update zizmor to 1.23.1 by @​martincostello in Update zizmor to 1.23.1 App-vNext/Polly#2970
• Update .NET NuGet packages by @​martincostello in Update .NET NuGet packages App-vNext/Polly#2982
• Add AGENTS.md by @​martincostello in Add AGENTS.md App-vNext/Polly#2983
• Fix typo in HTTP client integrations documentation by @​alexravenna in Fix typo in HTTP client integrations documentation App-vNext/Polly#2984
• Remove unused constant by @​martincostello in Remove unused constant App-vNext/Polly#2986
• Fix non-deterministic branch coverage in HedgingExecutionContext hedging delay tests by @​Copilot in Fix non-deterministic branch coverage in HedgingExecutionContext hedging delay tests App-vNext/Polly#2997
• Bump GitHubActionsTestLogger to 3.0.2 by @​martincostello in Bump GitHubActionsTestLogger to 3.0.2 App-vNext/Polly#3000
• Bump actionlint to v1.7.12 by @​martincostello in Bump actionlint to v1.7.12 App-vNext/Polly#3006
• Bump sign by @​martincostello in Bump sign App-vNext/Polly#3008
• Move Public API baselines by @​martincostello in Move Public API baselines App-vNext/Polly#3016
• Formatting tweaks by @​martincostello in Formatting tweaks App-vNext/Polly#3017
• Formatting tweaks by @​martincostello in Formatting tweaks App-vNext/Polly#3018
• Remove ZIZMOR_VERSION by @​martincostello in Remove ZIZMOR_VERSION App-vNext/Polly#3025
• Assert nullable has result by @​martincostello in Assert nullable has result App-vNext/Polly#3028
• Update deprecated action input by @​martincostello in Update deprecated action input App-vNext/Polly#3035
• Move dependabot to Friday by @​martincostello in Move dependabot to Friday App-vNext/Polly#3044
• Fix tag comment by @​martincostello in Fix tag comment App-vNext/Polly#3045
• Fix dependabot group by @​martincostello in Fix dependabot group App-vNext/Polly#3047
• Pin runner images by @​martincostello in Pin runner images App-vNext/Polly#3065
• Bump Refit to 10.2.0 by @​martincostello in Bump Refit to 10.2.0 App-vNext/Polly#3096
• Disable Azure deployments by @​martincostello in Disable Azure deployments App-vNext/Polly#3105

New Contributors

• @​alexravenna made their first contribution in Fix typo in HTTP client integrations documentation App-vNext/Polly#2984
• @​DaRosenberg made their first contribution in Adds caller cancellation token propagation in hedging and timeout strategies App-vNext/Polly#3094

Full Changelog: App-vNext/Polly@8.6.6...8.7.0

Commits viewable in compare view.

Updated QuestPDF from 2026.2.4 to 2026.6.0.

Release notes

Sourced from QuestPDF's releases.

2026.6.0

• Substantially revised the QuestPDF legal documents to better support enterprise procurement and compliance requirements and to define usage terms more clearly.
• Introduced native support for Windows ARM64 (win-arm64) environments.
• Improved compatibility with older Linux distributions (glibc 2.28 and newer).
• Reduced the NuGet package size by optimizing native dependencies.
• Renamed the TranslateX / TranslateY methods to OffsetX / OffsetY to improve discoverability.
• SVG rendering improvements:
  • Prevented zero-width strokes from being rendered as hairlines, aligning behavior with the SVG specification.
  • Added support for embedded Base64 images that use the modern href attribute instead of xlink:href.
  • Added support for the #RGBA and #RRGGBBAA color formats.
  • Added support for the transparent named color.
• Fixed PDF bookmark titles so they include only text from the associated paragraph, excluding the alternative text of images.
• Fixed SectionLink behaving incorrectly when target Section is placed in page header.
• Updated the Skia native dependency to version m149.
• Updated the qpdf native dependency to version 12.3.2.
• Modernized the build system for native dependencies, including how QuestPDF-specific patches are applied.
• Updated all GitHub Actions workflows to use standard runners, reducing costs and making it easier for everyone to contribute to the project.

2026.5.0

• Fixed a bug where Table elements with RowSpan could render incorrectly or break when spanning across pages.
• Fixed visual rendering artifacts that could appear in complex or very large paragraphs.
• Improved error message when native dependency versions are mismatched — the error now includes step-by-step guidance for updating manually copied native files.
• Updated the underlying Skia native dependency to version m146.

Commits viewable in compare view.

Updated Scalar.AspNetCore from 2.14.9 to 2.16.3.

Release notes

Sourced from Scalar.AspNetCore's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Scriban from 7.1.0 to 7.2.4.

Release notes

Sourced from Scriban's releases.

7.2.4

Changes

🐛 Bug Fixes

• Fix build warning (4ca0455a)

🧰 Misc

• Clarify URL escaping semantics (99cc7c61)

Full Changelog: 7.2.3...7.2.4

_{Published with dotnet-releaser}

7.2.3

Changes

🧰 Misc

• Document safe include file loading (34d1cd12)
• Restrict reflected writes to public setters (c7377a60)

Full Changelog: 7.2.2...7.2.3

_{Published with dotnet-releaser}

7.2.2

Changes

🐛 Bug Fixes

• Fix parametric function variable scope (#​676) (54b781ec)

🧰 Misc

• Clarify variable scope documentation (390db7ff)
• Clarify MemberFilter sandbox limitations (29294e1b)

Full Changelog: 7.2.1...7.2.2

_{Published with dotnet-releaser}

7.2.1

Changes

🧰 Misc

• Limit array multiplication growth (205ca6a7)
• Stop parsing at expression depth limit (8fdbd687)
• Document member filters as reflection-only (d45f7f03)

Full Changelog: 7.2.0...7.2.1

_{Published with dotnet-releaser}

7.2.0

Changes

🐛 Bug Fixes

• Fix readme with source embedding (#​671) (c8094b09)

🧰 Misc

• Merge commit from fork (7fdf19df)

Full Changelog: 7.1.0...7.2.0

_{Published with dotnet-releaser}

Commits viewable in compare view.

Updated System.IdentityModel.Tokens.Jwt from 8.18.0 to 8.19.1.

Release notes

Sourced from System.IdentityModel.Tokens.Jwt's releases.

8.19.1

Bug Fixes

• Update JwtSecurityTokenHandler for IssuerSigningKeyResolverUsingConfiguration to take priority over IssuerSigningKeyResolver, matching the documented contract and the correct behavior already present in JsonWebTokenHandler. See PR #​3519.

8.19.0

New Features

• Add ML-DSA (FIPS 204) post-quantum signature support. See PR #​3479.
• Cache custom crypto providers in CryptoProviderFactory. See PR #​3489.

Bug Fixes

• Disable automatic redirects on default HttpClient for JKU retrieval. See PR #​3494.
• Adjust rented buffer handling in claim set parsing. See PR #​3493.
• Tidy null handling in SAML conditions validation. See PR #​3491.
• Improve validation of jku claim. See PR #​3481.
• Limit telemetry algorithm dimension cardinality. See PR #​3490.
• Add defensive copy of collections in ValidationParameters. See PR #​3492.
• Update TokenValidationParameter copy constructor to make a deep copy. See PR #​3488.
• Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #​3505.
• Apply RFC 3986 section 6.2.2 normalization to DPoP htu comparison. See PR #​3509.

Commits viewable in compare view.

Updated TickerQ from 10.3.0 to 10.4.0.

Release notes

Sourced from TickerQ's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated TickerQ.Dashboard from 10.3.0 to 10.4.0.

Release notes

Sourced from TickerQ.Dashboard's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated TickerQ.EntityFrameworkCore from 10.3.0 to 10.4.0.

Release notes

Sourced from TickerQ.EntityFrameworkCore's releases.

No release notes found for this version range.

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: security. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.