Bump the dependencies group with 12 updates by dependabot[bot] · Pull Request #936 · guibranco/CrispyWaffle

dependabot · 2026-06-12T15:35:08Z

Updated csharpier from 1.2.6 to 1.3.0.

Release notes

1.3.0

Breaking Changes

Change xml formatting to return error when it runs into syntax error so it is consistent with c# #1854

Previously CSharpier treated an invalid xml file as a warning instead of an error. This was inconsistent with how it treated c# files.
Invalid c# or xml files are not treated as errors.
The --compilation-errors-as-warnings argument has been renamed to --syntax-errors-as-warnings and can be used to return warnings instead of errors when encountering invalid files.

What's Changed

Feature: Configurable whitespace handling for xml #1790

CSharpier now supports two types of xml whitespace formatting strict or ignore.
By default all xml except xaml or axaml is treated as strict whitespace. See details

Feature: Move closing bracket for xml elements to the same line. #1598

With strict xml whitespace handling, csharpier now keeps the closing bracket for an element on the same line instead of breaking it to a new line.

<!-- input & expected output -->
<ElementWithAttribute Attribute="AttributeValue__________________"
  >TextValue</ElementWithAttribute>

<!-- 1.2.6 -->
<ElementWithAttribute Attribute="AttributeValue__________________"
  >TextValue</ElementWithAttribute
>

Feature: Support for csharpier-ignore with XML formatter #1788

CSharpier now supports csharpier-ignore in xml files. See details

Feature: Add MSBuild transitive and multi-target support #1833

CSharpier.MSBuild can now work as a transitive dependency.

Feature: allow checking formatting with cache #1830

The csharpier check command now supports a --use-cache option.

Feature: remove dependency on Microsoft.AspNetCore.App #1508

Previously CSharpier required that Microsoft.AspNetCore.App be installed. CSharpier has been modified to use an HttpListener when it is run using server to remove the need for this dependency.

Fix: csharpier-ignore comment removes linespaces before block #1867

CSharpier was removing blank lines before csharpier-ignore comments in some cases

// input and expected output
var x = 1;
    
// csharpier-ignore
var y=1;

/// 1.2.6
var x = 1;
// csharpier-ignore
var y=1;
 ... (truncated)

Commits viewable in [compare view](https://github.com/belav/csharpier/compare/1.2.6...1.3.0).
</details>

Updated [Elastic.Clients.Elasticsearch](https://github.com/elastic/elasticsearch-net) from 9.3.4 to 9.4.2.

<details>
<summary>Release notes</summary>

_Sourced from [Elastic.Clients.Elasticsearch's releases](https://github.com/elastic/elasticsearch-net/releases)._

## 9.4.2

## What's Changed

* Add plugin-defined (non-exhaustive) variant registry by @flobernd in https://github.com/elastic/elasticsearch-net/pull/8911
  * Unknown discriminators on variant union families (properties, analyzers, char filters, token filters, tokenizers, repositories, similarity settings, aggregations, queries, etc.) now deserialize into an `Unknown*` carrier and re-serialize losslessly — no data is dropped for plugin-defined or future variants the client doesn't model
  * Opt into strong typing by registering a CLR type for a discriminator: `settings.Variants.Register<IProperty, MyPluginProperty>("my_plugin")`; registrations are scoped per client instance and AOT-safe — see the [Plugin-defined variant types](https://www.elastic.co/docs/reference/elasticsearch/clients/dotnet/plugin-defined-variants) documentation for details
* Regenerate client by @flobernd in https://github.com/elastic/elasticsearch-net/pull/8908 and https://github.com/elastic/elasticsearch-net/pull/8917
  * Generated `Unknown*` carrier types for all variant families (properties, analyzers, char filters, token filters, tokenizers, repositories, similarity settings, aggregations, queries, suggesters, rescorers) to support the non-exhaustive variant registry
  * Improved XML documentation coverage across generated client methods, request/response types, and type members that previously had no IntelliSense descriptions

**Full Changelog**: https://github.com/elastic/elasticsearch-net/compare/9.4.1...9.4.2


## 9.4.1

## What's Changed

* Regenerate client by @flobernd in https://github.com/elastic/elasticsearch-net/pull/8899 and https://github.com/elastic/elasticsearch-net/pull/8907
  * Fixes (de-)serialization of unions with three or more variants — previously, hand-rolled union converters could fail to select the correct variant
  * Search response shape fix in `InnerHits`: the `Fields` property is split into `Field` (single-field selector using `Fields`) and a new `Fields` collection of `FieldAndFormat` — existing usages of `InnerHits.Fields = …` may need to be retargeted to `Field`
  * `DataStreamLifecycle` gains `EffectiveRetention` and `RetentionDeterminedBy`; new `GlobalRetention` and `RetentionSource` types; `GetDataLifecycleResponse` now exposes `GlobalRetention`
  * Reindex rethrottle response now models parent task progress via the new `ParentReindexStatus` type
  * Inference and `_mvt` content-type alignment: `chat_completion_unified` / `stream_completion` send `Content-Type: application/json`; `_mvt` uses the versioned `application/vnd.elasticsearch+vnd.mapbox-vector-tile` Accept header


**Full Changelog**: https://github.com/elastic/elasticsearch-net/compare/9.4.0...9.4.1


## 9.4.0

## What's Changed

Initial 9.4.x release.

**Full Changelog**: https://github.com/elastic/elasticsearch-net/compare/9.3.7...9.4.0


## 9.3.7

## What's Changed

* Regenerate client by @flobernd in https://github.com/elastic/elasticsearch-net/pull/8898
  * Set explicit `ContentType: application/json` for `ChatCompletionUnified` and `StreamCompletion` streaming inference requests
  * Switch `SearchMvt` `Accept` header to `application/vnd.elasticsearch+vnd.mapbox-vector-tile` (Elasticsearch product-flavored content-type)
  * Bump `Elastic.Transport` to 0.17.1
  * Document default `max_page_search_size` values for `pivot` (500) and `latest` (5000) transforms

**Full Changelog**: https://github.com/elastic/elasticsearch-net/compare/9.3.6...9.3.7


## 9.3.6

## What's Changed

* Remove obsolete ElasticsearchClientProductRegistration overrides by @flobernd in https://github.com/elastic/elasticsearch-net/pull/8891
  * Fixes https://github.com/elastic/elasticsearch-net/issues/8890

**Full Changelog**: https://github.com/elastic/elasticsearch-net/compare/9.3.5...9.3.6

## 9.3.5

## What's Changed

* Hand-craft IndexSettingsTimeSeriesConverter to handle out-of-range dates by @flobernd in https://github.com/elastic/elasticsearch-net/pull/8873
* Fix DefaultMappingFor not consuming `IdPropertyName` and `DisableIdInference` by @flobernd in https://github.com/elastic/elasticsearch-net/pull/8877
* Regenerate client by @flobernd in https://github.com/elastic/elasticsearch-net/pull/8883
  * Fixes `FieldType` enum doesnt have `Wildcard` value" (#8826)
  * Fixes `SearchMvtAsync` throws `TransportException` on successful `HTTP 200 _mvt` responses with valid binary tile payload (#8867)
* Align LINQ-to-ES|QL integration with `Elastic.Esql` 0.11.0 by @flobernd in https://github.com/elastic/elasticsearch-net/pull/8886

**Full Changelog**: https://github.com/elastic/elasticsearch-net/compare/9.3.4...9.3.5

Commits viewable in [compare view](https://github.com/elastic/elasticsearch-net/compare/9.3.4...9.4.2).
</details>

Updated [log4net](https://github.com/apache/logging-log4net) from 3.3.0 to 3.3.1.

<details>
<summary>Release notes</summary>

_Sourced from [log4net's releases](https://github.com/apache/logging-log4net/releases)._

## 3.3.1

## What's Changed
* #281 fix hints and warnings by @FreeAndNil in https://github.com/apache/logging-log4net/pull/281
* Bump picomatch by @dependabot[bot] in https://github.com/apache/logging-log4net/pull/284
* Bump convict from 6.2.4 to 6.2.5 by @dependabot[bot] in https://github.com/apache/logging-log4net/pull/285
* Bump handlebars from 4.7.8 to 4.7.9 by @dependabot[bot] in https://github.com/apache/logging-log4net/pull/286
* Reduce silent log event loss during XmlConfigurator reconfiguration by @N0tre3l in https://github.com/apache/logging-log4net/pull/287
* bump internal log4net version for https://github.com/advisories/GHSA-4f7c-pmjv-c25w #289 by @FreeAndNil in https://github.com/apache/logging-log4net/pull/289
* preserve UTF-16 surrogate pairs in MaskXmlInvalidCharacters - fixes #290 by @FreeAndNil in https://github.com/apache/logging-log4net/pull/291

## New Contributors
* @N0tre3l made their first contribution in https://github.com/apache/logging-log4net/pull/287

**Full Changelog**: https://github.com/apache/logging-log4net/compare/rel/3.3.0...rel/3.3.1
**Nuget**: https://www.nuget.org/packages/log4net/3.3.1

Commits viewable in [compare view](https://github.com/apache/logging-log4net/compare/rel/3.3.0...rel/3.3.1).
</details>

Updated [Microsoft.Extensions.Http](https://github.com/dotnet/dotnet) from 10.0.8 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.Extensions.Http's releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits).
</details>

Updated [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 18.5.1 to 18.6.0.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.NET.Test.Sdk's releases](https://github.com/microsoft/vstest/releases)._

## 18.6.0

## What's Changed
* Revert removal of Video Recorder by @nohwnd in https://github.com/microsoft/vstest/pull/15336
* Speed up blame by filtering non-.NET processes from dump collection by @nohwnd in https://github.com/microsoft/vstest/pull/15518 
* Add README.md to NuGet packages by @nohwnd in https://github.com/microsoft/vstest/pull/15550
* Report child process info on connection timeout by @nohwnd in https://github.com/microsoft/vstest/pull/15603


### Changes to tests and infra
* Brand as 18.6 by @nohwnd in https://github.com/microsoft/vstest/pull/15423
* Upgrading code coverage version to 18.5.1, by @fhnaseer in https://github.com/microsoft/vstest/pull/15422
* Updating System.Collections.Immutable to 9.0.11 by @MSLukeWest in https://github.com/microsoft/vstest/pull/15425
* Fix attachVS when used for debugging integration tests by @nohwnd in https://github.com/microsoft/vstest/pull/15451
* Replace dotnet.config, with global.json by @nohwnd in https://github.com/microsoft/vstest/pull/15449
* Document debugging integration tests with AttachVS by @Copilot in https://github.com/microsoft/vstest/pull/15452
* Fix stack overflow tests by @nohwnd in https://github.com/microsoft/vstest/pull/15461
* Make TestAssets.sln buildable locally by @Youssef1313 in https://github.com/microsoft/vstest/pull/15466
* Try filtering out tests by @nohwnd in https://github.com/microsoft/vstest/pull/15463
* Build just once when tfms run in parallel by @nohwnd in https://github.com/microsoft/vstest/pull/15465
* Review simplify compatibility sources, deduplicate tests by @nohwnd in https://github.com/microsoft/vstest/pull/15472
* Cleanup dead TRX code by @Youssef1313 in https://github.com/microsoft/vstest/pull/15474
* Update .NET runtimes to 8.0.25, 9.0.14, and 10.0.4 by @nohwnd in https://github.com/microsoft/vstest/pull/15481
* Compat matrix checker by @nohwnd in https://github.com/microsoft/vstest/pull/15480
* Add trx analysis skill by @nohwnd in https://github.com/microsoft/vstest/pull/15486
* Split integration tests to single tfm and multi tfm project by @nohwnd in https://github.com/microsoft/vstest/pull/15484
* Update matrix by @nohwnd in https://github.com/microsoft/vstest/pull/15477
* Break infinite restore loop in VS by @nohwnd in https://github.com/microsoft/vstest/pull/15503
* Use global package cache for build, and local for running integration tests by @nohwnd in https://github.com/microsoft/vstest/pull/15500
* Update contributing by @nohwnd in https://github.com/microsoft/vstest/pull/15505
* Reduce test wall-clock time by increasing minThreads by @drognanar in https://github.com/microsoft/vstest/pull/15502
* Indicator flakiness by @nohwnd in https://github.com/microsoft/vstest/pull/15513
* Fix ci build by @nohwnd in https://github.com/microsoft/vstest/pull/15515
* Fix thread safety issues by @Evangelink in https://github.com/microsoft/vstest/pull/15512
* Optimize DotnetSDKSimulation_PostProcessing test (163s → 61s) by @nohwnd in https://github.com/microsoft/vstest/pull/15516
* Build isolated test assets for single TFM instead of 7 by @nohwnd in https://github.com/microsoft/vstest/pull/15517
* Remove unused dependencies from Library.IntegrationTests by @nohwnd in https://github.com/microsoft/vstest/pull/15527
* Remove printing _attachments content to console by @nohwnd in https://github.com/microsoft/vstest/pull/15520
* Add Linux/macOS test filtering guide to CONTRIBUTING.md by @nohwnd in https://github.com/microsoft/vstest/pull/15521
* Change integration test parallelization from ClassLevel to MethodLevel by @nohwnd in https://github.com/microsoft/vstest/pull/15526
* Unify target framework checks with IsNetFrameworkTarget/IsNetTarget by @nohwnd in https://github.com/microsoft/vstest/pull/15523
* Add unattended work instructions to copilot-instructions.md by @nohwnd in https://github.com/microsoft/vstest/pull/15531
* Reduce code style rule severity from warning to suggestion by @nohwnd in https://github.com/microsoft/vstest/pull/15522
* Remove Debug/Release line number branching from tests by @nohwnd in https://github.com/microsoft/vstest/pull/15519
* Revise unattended work instructions in copilot-instructions.md by @nohwnd in https://github.com/microsoft/vstest/pull/15532
* Improve CompatibilityRowsBuilder error message with diagnostic details by @nohwnd in https://github.com/microsoft/vstest/pull/15529
* docs: add git worktree and upstream sync workflow to copilot-instructions.md by @nohwnd in https://github.com/microsoft/vstest/pull/15538
* Add VSIX runner to smoke tests by @nohwnd in https://github.com/microsoft/vstest/pull/15541
* Remove deprecated WebTest and TMI test methods by @nohwnd in https://github.com/microsoft/vstest/pull/15525
* Fix compatibility test failures for legacy vstest.console and MSTest adapter by @nohwnd in https://github.com/microsoft/vstest/pull/15534
* Convert TestPlatform.sln to slnx format by @nohwnd in https://github.com/microsoft/vstest/pull/15551
* Convert test/TestAssets .sln files to .slnx format by @nohwnd in https://github.com/microsoft/vstest/pull/15557
 ... (truncated)

Commits viewable in [compare view](https://github.com/microsoft/vstest/compare/v18.5.1...v18.6.0).
</details>

Updated [RabbitMQ.Client](https://github.com/rabbitmq/rabbitmq-dotnet-client) from 6.8.1 to 7.2.1.

<details>
<summary>Release notes</summary>

_Sourced from [RabbitMQ.Client's releases](https://github.com/rabbitmq/rabbitmq-dotnet-client/releases)._

## 7.2.1

[GitHub milestone](https://github.com/rabbitmq/rabbitmq-dotnet-client/milestone/77?closed=1)

## What's Changed
* Add 'contents: read' to workflow permissions to increase the OpenSSF scorecard of the repo by @pavlofilatov1 in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1880
* Add workflow to check for GHA updates by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1887
* Update GHA via `actions-up` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1886
* Added TryComplete instead of comple during channel shutdown by @patriktiain in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1885
* Catch all exceptions in HeartbeatWriteTimerCallback and HeartbeatReadTimerCallback to avoid crash by @klettier in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1876
* Use dependabot to update actions refs by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1896
* Bump github/codeql-action from 3 to 4 by @dependabot[bot] in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1898
* Bump actions/checkout from 6.0.1 to 6.0.2 by @dependabot[bot] in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1897
* Bump actions/cache from 5.0.2 to 5.0.3 by @dependabot[bot] in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1899
* Fix unconditional semaphore release in BasicPublishAsync when Cancell… by @EvheniyHlushko in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1901
* Connection recovery: remove recorded bindings of auto-delete entities by @michaelklishin in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1906
* Pre-7.2.1 release preparation by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1909

## New Contributors
* @pavlofilatov1 made their first contribution in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1880
* @patriktiain made their first contribution in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1885
* @klettier made their first contribution in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1876
* @dependabot[bot] made their first contribution in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1898
* @EvheniyHlushko made their first contribution in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1901

**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.2.0...v7.2.1

## 7.2.0

[GitHub milestone](https://github.com/rabbitmq/rabbitmq-dotnet-client/milestone/72?closed=1)

## What's Changed
* Ensure that disposable instances are always disposed. by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1814
* Ship OAuth2 client version 2 by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1824
* Add dedicated exception for `basic.return` messages. by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1832
* Pin .NET SDK versions for CI/CD runs by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1842
* Prevent downstream dependencies to pickup MinVer as a depencency by @romerod in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1838
* Cancel recovery CTS on connection Dispose by @AndreReise in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1839
* Improve AsyncManualResetEvent implementation to address races by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1843
* Allow parent/child relationship in Opentelemetry spans by @meum in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1779
* Investigate & fix `SemaphoreFullException` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1819
* fix: prevent possible connection leak in AutorecoveringConnection during creation by @krisz2000 in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1857
* Closes#1849:  include a message id tag in rabbitmqactivitysource for published messages by @YayBurritos in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1852
* Bump versions by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1872
* Do not handle publisher confirms when disposed by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1873
* Ensure Connection and Channel cancellation token properly float into handlers by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1740
* Added option to specify ClientCertificateContext in .NET 8+ by @tyb-dev in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1866
* Prepare PublicAPI for next release by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1874
* v7.2.0 CHANGELOG by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1875

## New Contributors
* @romerod made their first contribution in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1838
* @AndreReise made their first contribution in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1839
* @meum made their first contribution in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1779
* @krisz2000 made their first contribution in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1857
* @YayBurritos made their first contribution in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1852

**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.1.2...v7.2.0

## 7.1.2

[GitHub milestone](https://github.com/rabbitmq/rabbitmq-dotnet-client/milestone/74?closed=1)

## What's Changed
* Serialize sequence number as `long` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1806
* Skip flaky test by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1810
* Address `ObjectDisposedException` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1809


**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.1.1...v7.1.2

## 7.1.1

[GitHub milestone](https://github.com/rabbitmq/rabbitmq-dotnet-client/milestone/73?closed=1)

## What's Changed
* Fix bug in `IntervalList` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1785
* Demonstrate handling of `Channel.Close` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1791
* Port `IntAllocator` from `rabbitmq-java-client` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1790
* Fix handling when rate limit lease can't be acquired. by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1794


**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.1.0...v7.1.1

## 7.1.0

[GitHub milestone](https://github.com/rabbitmq/rabbitmq-dotnet-client/milestone/68?closed=1)

## What's Changed
* chore: bump regular System.Text.RegularExpressions due to a known CVE in earlier versions by @aygalinc in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1735
* Simplify preprocessor directives by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1741
* Address flaky integration tests by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1742
* Toxiproxy manager change by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1744
* Set TestTfmsInParallel to false for Integration tests by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1745
* More updates for the current OTel (OpenTelemetry) conventions by @iinuwa in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1717
* Update NuGet packages by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1748
* Update copyright year to 2025 by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1755
* Ensure broker-originated channel closure completes by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1764
* Remove whitespaces from csproj files by @sungam3r in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1768
* Misc items by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1766
* Fix typos by @sungam3r in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1770
* Handle `OperationCanceledException` in RPC continuations by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1753
* Allow setting heartbeat timeout to `TimeSpan.Zero` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1773
* Create cancellation token from `timeout` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1775
* Track down `ObjectDisposedExceptions` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1772
* Fix very rare deadlock by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1771
* Fix #1777 by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1781
* Fix rare deadlock, second try by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1782

## New Contributors
* @aygalinc made their first contribution in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1735

**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0...v7.1.0

## 7.1.0-alpha.1

[GitHub milestone](https://github.com/rabbitmq/rabbitmq-dotnet-client/milestone/68?closed=1)

## What's Changed
* chore: bump regular System.Text.RegularExpressions due to a known CVE in earlier versions by @aygalinc in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1735
* Simplify preprocessor directives by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1741
* Address flaky integration tests by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1742
* Toxiproxy manager change by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1744
* Set TestTfmsInParallel to false for Integration tests by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1745
* More updates for the current OTel (OpenTelemetry) conventions by @iinuwa in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1717
* Update NuGet packages by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1748
* Update copyright year to 2025 by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1755
* Ensure broker-originated channel closure completes by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1764
* Remove whitespaces from csproj files by @sungam3r in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1768
* Misc items by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1766
* Fix typos by @sungam3r in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1770
* Handle `OperationCanceledException` in RPC continuations by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1753
* Allow setting heartbeat timeout to `TimeSpan.Zero` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1773
* Create cancellation token from `timeout` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1775
* Track down `ObjectDisposedExceptions` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1772
* Fix very rare deadlock by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1771
* Fix #1777 by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1781

## New Contributors
* @aygalinc made their first contribution in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1735

**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0...v7.1.0-alpha.1

## 7.1.0-alpha.0

[GitHub milestone](https://github.com/rabbitmq/rabbitmq-dotnet-client/milestone/68)

## What's Changed
* chore: bump regular System.Text.RegularExpressions due to a known CVE in earlier versions by @aygalinc in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1735
* Simplify preprocessor directives by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1741
* Address flaky integration tests by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1742
* Toxiproxy manager change by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1744
* Set TestTfmsInParallel to false for Integration tests by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1745
* More updates for the current OTel (OpenTelemetry) conventions by @iinuwa in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1717
* Update NuGet packages by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1748
* Update copyright year to 2025 by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1755
* Ensure broker-originated channel closure completes by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1764
* Remove whitespaces from csproj files by @sungam3r in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1768
* Misc items by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1766
* Fix typos by @sungam3r in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1770
* Handle `OperationCanceledException` in RPC continuations by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1753

## New Contributors
* @aygalinc made their first contribution in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1735

**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0...v7.1.0-alpha.0

## 7.0.0

[GitHub milestone for `RabbitMQ.Client` version `7.0.0`](https://github.com/rabbitmq/rabbitmq-dotnet-client/milestone/53?closed=1)

## What's Changed
* Fall back to rabbitmqctl (or rabbitmqctl.bat) if RABBITMQ_RABBITMQCTL_PATH or umbrella path are not available by @michaelklishin in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/818
* Switch to Verify for API approval test by @bording in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/820
* AutorecoveringConnection uses ContinuationTimeout from ConnectionFactory by @AndrzejKrol in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/823
* Do not throw on invalid ReplyTo address by @ig-sinicyn in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/828
* Introduce PublicationAddress.TryParse and switch BasicProperties.ReplyToAddress to use it by @michaelklishin in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/831
* Throw ObjectDisposedException when required by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/832
* Restore Constants class as public by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/833
* Move Constants to RabbitMQ.Client by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/834
* Replacing usage of ManualResetEvent with ManualResetEventSlim by @stebet in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/837
* Optimizing memory usage even further. by @stebet in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/824
* Using a linked list for fast efficient tracking of [publisher confirm] delivery tags by @stebet in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/836
* Adding System.Threading.Channels for simplified, better performing code. by @stebet in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/835
* Using interpolated strings for better code readability. by @stebet in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/840
* getting rid of a Func allocation by @bollhals in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/841
* Making sure AsyncEventHandlers are all run. Fixes issue #838. by @stebet in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/839
* simplify WriteShortstr by @bollhals in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/845
* Deletion of unreachable code by @Pliner in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/847
* Deletion of unused UseBackgroundThreadsForIO by @Pliner in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/846
* eliminate allocations from InboundFrame by @bollhals in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/848
* Frame optimizations by @stebet in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/844
* Delete AutoClose from SessionManager by @Pliner in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/852
* Fixing rethrown exceptions to properly preserve stackframes. by @stebet in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/850
* throw ArgumentOutOfRangeException when table key is too long (> 255) by @bollhals in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/849
* Adding BinaryPrimitives support for NETSTANDARD targets by @stebet in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/851
* Minor improvements and optimizations by @bollhals in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/842
* simplify missed heartbeat recognition by @bollhals in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/854
* remove task yield by @bollhals in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/855
* Fix RabbitMQ version parsing by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/862
* Report a Uri scheme of "amqps" in AmqpTcpEndpoint.ToString() iff SslOption is enabled in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/864
* Re-merge pull request #855 from bollhals/remove.task.yield by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/863
* Prep for 6.1.1 by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/870
* Fix AppVeyor build by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/871
* Move BinaryTableValue to public section by @BenBorn in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/880
* Ability to do concurrent dispatches both on the async as well as the sync consumer by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/866
* Refactor: extracted RabbitMQ node management functions from IntegrationFixture by @pergh in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/884
* Switch WorkPool of ConsumerWorkService to channels by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/882
* use cached empty BasicProperties when null by @bollhals in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/887
* add size hint variable for PublishBatch creation by @bollhals in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/888
* fix issue 868 by @bollhals in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/878
* Implement BasicPublishBatch with ReadOnlyMemory by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/865
* 7.x: remove deprecated message publishing method overloads by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/895
* precompute sizes and and simplify BasicProperties presence by @bollhals in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/890
* Edit docs by @JeremyMahieu in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/896
* Do DNS resolution before connection attempt by @JeremyMahieu in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/893
* Unify on IModel by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/858
* Missing ConfigureAwait in TcpClientAdapter by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/897
* Pull ProcessingConcurrency into connection factory interface by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/899
 ... (truncated)

## 7.0.0-rc.14

This is release candidate 14, suitable for testing in pre-production environments

## What's Changed
* Safeguarding against duplicate sequence numbers by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1709
* Xml doc updates for the rate limiting by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1711
* Only add `x-dotnet-pub-seq-no` when tracking enabled by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1710
* Remove `ChannelOptions` internal class by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1712


**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-rc.13...v7.0.0-rc.14

## 7.0.0-rc.13

This is release candidate 13, suitable for testing in pre-production environments

## What's Changed
* Integrate `Channel` into `ChannelBase` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1700
* Isolate publisher confirmation code by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1702
* Enforce maximum outstanding publisher confirms, if set by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1703
* Upgrade NET6.0 to NET8.0 since NET6.0 is soon EOL by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1707
* Leverage `System.Threading.RateLimiting` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1706
* Address some more TODOs by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1708


**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-rc.12...v7.0.0-rc.13

## 7.0.0-rc.12

This is release candidate 12, suitable for testing in pre-production environments

## What's Changed
* Try to address some test flakes by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1672
* Sequence Number non-blocking by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1675
* Make connection events async by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1677
* Use unique queue and exchange names by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1678
* Make session events async by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1679
* Make channel events async by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1680
* Async flow control by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1681
* Event args cancellation by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1683
* Move code to appropriate directories that match namespace structure by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1685
* AsyncDisposable by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1684
* Fix exception when refreshing oauth2 token by @BreakingBread0 in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1690
* Track publisher confirmations automatically by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1687

## New Contributors
* @BreakingBread0 made their first contribution in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1690

**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-rc.11...v7.0.0-rc.12

## 7.0.0-rc.11

This is release candidate 11, suitable for testing in pre-production environments

## What's Changed
* Minor cleanup in AutoRecovery classes by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1670
* Allow the dispatcher concurrency to be overriden per channel by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1669
* Follow-up to #1669 - per-channel dispatch concurrency by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1671


**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-rc.10...v7.0.0-rc.11

## 7.0.0-rc.10

This is release candidate 10, suitable for testing in pre-production environments

## What's Changed
* Add test to demonstrate `IChannel` thread-safety by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1665
* Require `IChannel` for `AsyncDefaultBasicConsumer` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1667


**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-rc.9...v7.0.0-rc.10

## 7.0.0-rc.9

This is release candidate 9, suitable for testing in pre-production environments

## What's Changed
* Consistently use `Task` or `ValueTask` in APIs by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1646
* Added ability to use Issuer to receive Token Endpoint for the OAuth2ClientBuilder by @Lyphion in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1656
* Finish up version 7 release by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1661
* Fix `NextPublishSeqNo` when retrieved concurrently by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1662
* Clean up `IChannelExtensions` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1664

## New Contributors
* @Lyphion made their first contribution in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1656

**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-rc.8...v7.0.0-rc.9

## 7.0.0-rc.8

This is release candidate 8, suitable for testing in pre-production environments

## What's Changed
* Refactor credential refresh by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1649


**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-rc.7...v7.0.0-rc.8

## 7.0.0-rc.7

This is release candidate 7, suitable for testing in pre-production environments

## What's Changed
* use async consumer only by @bollhals in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1638
* Add cancellation token overload to channel extensions by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1641
* Support cancellation on the flow control block by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1643
* Align Reject with Ack/Nack by @danielmarbach in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1642
* Fix object disposed exception during channel Recovery by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1648


**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-rc.6...v7.0.0-rc.7

## 7.0.0-rc.6

This is release candidate 6, suitable for testing in pre-production environments

## What's Changed
* Move `Deliver` OTEL activity to consumer dispatchers by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1633
* simplify IncomingCommand.ReturnBuffers handling by @bollhals in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1636


**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-rc.5...v7.0.0-rc.6

## 7.0.0-rc.5

This is release candidate 5, suitable for testing in pre-production environments

## What's Changed
* make IncomingCommand a class and simplify code around it by @bollhals in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1628
* Replace ReadOnlyBasicProperties with IReadOnlyBasicProperties by @Tornhoof in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1631
* Add NRT for the whole client assembly by @bollhals in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1626


**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-rc.4...v7.0.0-rc.5

## 7.0.0-rc.4

This is release candidate 4, suitable for testing in pre-production environments

## What's Changed
* Avoid boxing in IEndpointResolverExtensions.cs by @lechu445 in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1619
* Fix issue when recovery takes longer than recovery interval by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1624

## New Contributors
* @lechu445 made their first contribution in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1619

**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-rc.3...v7.0.0-rc.4

## 7.0.0-rc.3

This is release candidate 3, suitable for testing in pre-production environments

## What's Changed
* Make `BasicProperties` a class by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1609
* change InboundFrame to a class by @bollhals in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1613
* Add `DispatchConsumersAsyncEnabled` property on `IConnection` (#1611) by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1615
* Ensure that arguments passed to recorded entities are copied. by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1616


**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-rc.2...v7.0.0-rc.3

## 7.0.0-rc.2

This is release candidate 2, suitable for testing in pre-production environments

## What's Changed
* Fix ShutdownInitiator in `CloseAsync` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1574
* Misc changes from lukebakken/amqp-string by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1575
* Truncate long client provided names by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1576
* Add test that creates `IChannel` within async consumer callback by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1578
* Remove two unnecessary `.Cast<>()` usages by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1577
* Use ConcurrentDictionary by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1580
* Fix two flaky tests by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1579
* Handle AppDomain unload by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1583
* Demonstrate that #1038 is fixed by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1585
* Can't close channel from consumer dispatcher by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1568
* Add test demonstrating that #1573 is fixed by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1587
* Change test to match code provided by @neilgreatorex by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1588
* Update copyright message by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1589
* Adding proper OpenTelemetry integration via. registration helpers and better context propagation by @stebet in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1528
* Add test to demonstrate that #825 is fixed by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1590
* Ensure OpenTelemetry project is set up like OAuth2 by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1592
* Ship PublicAPI by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1593
* Use default value for `RabbitMQActivitySource.UseRoutingKeyAsOperationName` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1595
* downgrade dependencies by @WeihanLi in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1594
* Update CHANGELOG by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1598
* Remove in from async methods by @Tornhoof in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1602
* nuget CPM support by @WeihanLi in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1599
* fix some quick wins by @bollhals in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1603
* docs: update badge by @WeihanLi in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1608
* remove CancellationTokenSource from DispatcherChannelBase by @bollhals in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1606
* Make `ReadonlyBasicProperties` a class. by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1607

## New Contributors
* @Tornhoof made their first contribution in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1602

**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-alpha.6...v7.0.0-rc.2

## 7.0.0-rc.1

This is release candidate 1, suitable for testing in pre-production environments

## What's Changed
* Fix ShutdownInitiator in `CloseAsync` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1574
* Misc changes from lukebakken/amqp-string by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1575
* Truncate long client provided names by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1576
* Add test that creates `IChannel` within async consumer callback by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1578
* Remove two unnecessary `.Cast<>()` usages by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1577
* Use ConcurrentDictionary by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1580
* Fix two flaky tests by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1579
* Handle AppDomain unload by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1583
* Demonstrate that #1038 is fixed by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1585
* Can't close channel from consumer dispatcher by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1568
* Add test demonstrating that #1573 is fixed by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1587
* Change test to match code provided by @neilgreatorex by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1588
* Update copyright message by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1589
* Adding proper OpenTelemetry integration via. registration helpers and better context propagation by @stebet in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1528
* Add test to demonstrate that #825 is fixed by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1590
* Ensure OpenTelemetry project is set up like OAuth2 by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1592
* Ship PublicAPI by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1593


**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-alpha.6...v7.0.0-rc.1

## 7.0.0-alpha.6

This is an early alpha release, suitable for testing in pre-production environments

## What's Changed
* Separate out connection recovery tests by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1549
* `TestPublishRpcRightAfterReconnect` improvements by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1553
* Better exception message when a continuation times out by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1552
* Fix `TestThatDeletedQueueBindingsDontReappearOnRecovery` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1554
* More `CancellationToken` todos by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1555
* Enable `rabbitmq-client` event logging when tests are verbose by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1559
* Misc changes by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1560
* Various editor suggestions by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1563
* Enforce max message size with mutiple content frames by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1566


**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-alpha.5...v7.0.0-alpha.6

## 7.0.0-alpha.5

This is an early alpha release, suitable for testing in pre-production environments

**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-alpha.4...v7.0.0-alpha.5

## 7.0.0-alpha.4

This is an early alpha release, suitable for testing in pre-production environments

## What's Changed
* Remove more synchronous code by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1504
* Use RabbitMQ 3.13 on Windows GHA by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1505
* Continue removing sync API by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1506
* Continue simplifying code by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1507
* Make handling of server-originated methods async by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1508


**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-alpha.3...v7.0.0-alpha.4

## 7.0.0-alpha.3

This is an early alpha release, suitable for testing in pre-production environments

## What's Changed
* Use `Microsoft.CodeAnalysis.PublicApiAnalyzers` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1447
* Retry more connections in test suite by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1449
* Add test that demonstrates the current behavior of a recovered channe… by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1450
* Enable long running tests by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1451
* Ensure delivery tag is decremented for client-side exception by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1453
* Trimming and AOT compatibility by @eerhardt in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1411
* Add test to prove bindings are restored by topology recovery by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1460
* Remove synchronous API by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1473
* Add OpenTelemetry support via ActivitySource by @stebet in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1261
* Add more use of CancellationToken in Async methods. by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1468
* Re-organize test projects by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1491
* InternalsVisibleTo enhancements by @WeihanLi in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1488
* Port #1494 to `main` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1495
* Update codeql.yml by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1499
* Address lack of Socket read timeout for async reads by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1497
* Remove more synchronous code. by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1501
* Add test code for issue #1464 by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1466


**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-alpha.2...v7.0.0-alpha.3

## 7.0.0-alpha.2

## What's Changed

This is an early alpha release, suitable for testing in pre-production environments. This release fixes a stack overflow error in `ExchangeDeclareAsync` that was reported several times:
* https://github.com/rabbitmq/rabbitmq-dotnet-client/issues/1444
* https://github.com/rabbitmq/rabbitmq-dotnet-client/discussions/1435

Other fixes:

* Ensure that the underlying timer for `Task.Delay` is canceled. by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1426
* Fix #1429 by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1431
* Port #1434 to `main` by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1442
* Add cancellation to initial socket connection by @lukebakken in https://github.com/rabbitmq/rabbitmq-dotnet-client/pull/1428


**Full Changelog**: https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v7.0.0-alpha.1...v7.0.0-alpha.2


## 7.0.0-alpha.1

[GitHub Milestone](https://github.com/rabbitmq/rabbitmq-dotnet-client/milestone/53)

This alpha release includes changes from #1347, which adds async methods to the public API, and is appropriate to test in your pre-production environments.


## 7.0.0-alpha.0

This is a very early pre-release of version 7. The goal is to test publishing the NuGet package from GitHub Actions.

https://www.nuget.org/packages/RabbitMQ.Client/7.0.0-alpha.0

Commits viewable in [compare view](https://github.com/rabbitmq/rabbitmq-dotnet-client/compare/v6.8.1...v7.2.1).
</details>

Updated [SonarAnalyzer.CSharp](https://github.com/SonarSource/sonar-dotnet) from 10.22.0.136894 to 10.27.0.140913.

<details>
<summary>Release notes</summary>

_Sourced from [SonarAnalyzer.CSharp's releases](https://github.com/SonarSource/sonar-dotnet/releases)._

## 10.27.0.140913

# Release notes - .NET Analyzers - 10.27

### Feature
[NET-1285](https://sonarsource.atlassian.net/browse/NET-1285) S2629: Add custom message for Log4Net and Castle.Core
[NET-3666](https://sonarsource.atlassian.net/browse/NET-3666) Deprecate S5042 and move it from HotSpots to Code Smell
[NET-3783](https://sonarsource.atlassian.net/browse/NET-3783) Update RSPEC before 10.27 release

### False Positive
[NET-2696](https://sonarsource.atlassian.net/browse/NET-2696) Fix S4260 FP: Extension Properties always raise

### False Negative
[NET-230](https://sonarsource.atlassian.net/browse/NET-230) Fix S4056 FN: SpecifyIFormatProviderOrCultureInfo for C#13 compatibility
[NET-2692](https://sonarsource.atlassian.net/browse/NET-2692) Fix S2190 FN: Recursive extension properties
[NET-2705](https://sonarsource.atlassian.net/browse/NET-2705) Fix S3343 FN: Partial Constructor with attribute in definition
[NET-2732](https://sonarsource.atlassian.net/browse/NET-2732) Fix S1172 FN: Extension blocks
[NET-2745](https://sonarsource.atlassian.net/browse/NET-2745) Fix S4144 FN: Extension Members
[NET-2829](https://sonarsource.atlassian.net/browse/NET-2829) Fix S3241 FN: Extension methods and extension blocks
[NET-3541](https://sonarsource.atlassian.net/browse/NET-3541) Fix S1117 FN: add CatchDeclaration coverage and adopt LocalDeclarationKinds




## 10.26.0.140279

# Release notes - .NET Analyzers - 10.26

### Feature
[NET-3694](https://sonarsource.atlassian.net/browse/NET-3694) Update RSPEC before 10.26 release

### False Positive
[NET-2346](https://sonarsource.atlassian.net/browse/NET-2346) Fix S1854 FP: Variable used after another assignment in finally
[NET-2347](https://sonarsource.atlassian.net/browse/NET-2347) Fix S1168 FP: Do not report on value types
[NET-3698](https://sonarsource.atlassian.net/browse/NET-3698) Fix S1210 FP: file-scoped types should be exempt 

### False Negative
[NET-1265](https://sonarsource.atlassian.net/browse/NET-1265) Fix S2930 FN: raise issues on non-disposed RegistryKeys
[NET-2685](https://sonarsource.atlassian.net/browse/NET-2685) Fix S3604 FN: Field Keyword, Partial Constructors, NullConditional Assignment
[NET-2812](https://sonarsource.atlassian.net/browse/NET-2812) Fix S4275 FN: Field Keyword
[NET-2999](https://sonarsource.atlassian.net/browse/NET-2999) Fix S6672 FN: Mismatch in primary constructor is not recognized




## 10.25

?
### Feature

* [NET-3613](https://sonarsource.atlassian.net/browse/NET-3613) - Support Cobertura coverage file format
  * Cobertura report paths can be passed via the `sonar.cs.cobertura.reportsPaths` parameter 
* [NET-3665](https://sonarsource.atlassian.net/browse/NET-3665) - Update RSPEC before 10.25 release

### False Positive

* [NET-3640](https://sonarsource.atlassian.net/browse/NET-3640) - Fix S3400 FP: Don't report function with conditional compilation body




## 10.24

  This release brings a batch of false negative fixes and analyzer crash fixes.

  **Bug Fixes**
  - [NET-3596](https://sonarsource.atlassian.net/browse/NET-3596) - Fix S1144 AD0001: Index out of range exception with type named Nullable
  - [NET-3522](https://sonarsource.atlassian.net/browse/NET-3522) - Fix S1215 AD0001: ArgumentOutOfRangeException
  - [NET-3521](https://sonarsource.atlassian.net/browse/NET-3521) - Fix S2053 AD0001: NRE
  - [NET-3520](https://sonarsource.atlassian.net/browse/NET-3520) - Fix S3267 AD0001: NRE

  **False Positives**
  - [NET-2276](https://sonarsource.atlassian.net/browse/NET-2276) - Fix S1192 FP: EF migration classes

  **False Negatives**
  - [NET-3569](https://sonarsource.atlassian.net/browse/NET-3569) - Fix T0008 and T0009 FN: Support extension blocks
  - [NET-2875](https://sonarsource.atlassian.net/browse/NET-2875) - Fix S2092 FN: Null Conditional Assignment
  - [NET-2857](https://sonarsource.atlassian.net/browse/NET-2857) - Fix S3330 FN: Null Conditional Assignment
  - [NET-2719](https://sonarsource.atlassian.net/browse/NET-2719) - Fix S4136 FN: Extension methods
  - [NET-2688](https://sonarsource.atlassian.net/browse/NET-2688) - Fix S4433 FN: Null-conditional assignment in tracker
  - [NET-2675](https://sonarsource.atlassian.net/browse/NET-2675) - Fix S6418 FN: Field keyword
  - [NET-2667](https://sonarsource.atlassian.net/browse/NET-2667) - Fix S2934 FN: Null-conditional assignment and field keyword
  - [NET-2658](https://sonarsource.atlassian.net/browse/NET-2658) - Fix S127 FN: BitShiftCompound



## 10.23

This release brings a bunch of fixes! Enjoy.

  ### Bug Fixes

  - [NET-3557](https://sonarsource.atlassian.net/browse/NET-3557) - Fix SE AD0001 when SyntaxTreeOptionsProvider is null
  - [NET-3519](https://sonarsource.atlassian.net/browse/NET-3519) - Fix AD0001: NRE in PropertiesAccessCorrectField

  ### False Positives

  - [NET-3532](https://sonarsource.atlassian.net/browse/NET-3532) - Fix S2583 FP: Any called two times
  - [NET-3468](https://sonarsource.atlassian.net/browse/NET-3468) - Fix S1144 FP: Erroneously flagged Add() method used in Collection Initializer
  - [NET-3454](https://sonarsource.atlassian.net/browse/NET-3454) - Fix S3267 FP: ref struct in foreach body cannot be captured in LINQ lambda
  - [NET-3164](https://sonarsource.atlassian.net/browse/NET-3164) - Fix S125 FP: Improve semicolon heuristic
  - [NET-2559](https://sonarsource.atlassian.net/browse/NET-2559) - Fix S5944 FP: When method name is also a class name of generic argument
  - [NET-2438](https://sonarsource.atlassian.net/browse/NET-2438) - Fix S1067 FP: Do not raise an issue inside Equals() implementation
  - [NET-1565](https://sonarsource.atlassian.net/browse/NET-1565) - Fix S1192 FP: Shouldn't raise on Dapper parameters
  - [NET-1168](https://sonarsource.atlassian.net/browse/NET-1168) - Fix S1172 FP: When parameter conditionally used in local function
  - [NET-52](https://sonarsource.atlassian.net/browse/NET-52) - Fix S4017 FP: Do not raise when implementing abstract class/interface

  ### False Negatives

  - [NET-1642](https://sonarsource.atlassian.net/browse/NET-1642) - Fix S3415, S2701, S2699, S2187 FN: Support NUnit 4.0
  - [NET-348](https://sonarsource.atlassian.net/browse/NET-348) - Fix S4144 FN: Methods with generic return types


Commits viewable in [compare view](https://github.com/SonarSource/sonar-dotnet/commits/10.27.0.140913).
</details>

Updated [StackExchange.Redis](https://github.com/StackExchange/StackExchange.Redis/) from 2.12.14 to 2.13.17.

<details>
<summary>Release notes</summary>

_Sourced from [StackExchange.Redis's releases](https://github.com/StackExchange/StackExchange.Redis//releases)._

No release notes found for this version range.

Commits viewable in [compare view](https://github.com/StackExchange/StackExchange.Redis//commits).
</details>

Updated [System.Diagnostics.EventLog](https://github.com/dotnet/dotnet) from 10.0.5 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [System.Diagnostics.EventLog's releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits).
</details>

Updated [System.Security.Permissions](https://github.com/dotnet/dotnet) from 10.0.3 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [System.Security.Permissions's releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits).
</details>

Updated [System.Text.Encoding.CodePages](https://github.com/dotnet/dotnet) from 10.0.5 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [System.Text.Encoding.CodePages's releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits).
</details>

Updated [System.Text.Json](https://github.com/dotnet/dotnet) from 10.0.5 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [System.Text.Json's releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits).
</details>

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You ...

_Description has been truncated_

Bumps csharpier from 1.2.6 to 1.3.0 Bumps Elastic.Clients.Elasticsearch from 9.3.4 to 9.4.2 Bumps log4net from 3.3.0 to 3.3.1 Bumps Microsoft.Extensions.Http from 10.0.8 to 10.0.9 Bumps Microsoft.NET.Test.Sdk from 18.5.1 to 18.6.0 Bumps RabbitMQ.Client from 6.8.1 to 7.2.1 Bumps SonarAnalyzer.CSharp from 10.22.0.136894 to 10.27.0.140913 Bumps StackExchange.Redis from 2.12.14 to 2.13.17 Bumps System.Diagnostics.EventLog from 10.0.5 to 10.0.9 Bumps System.Security.Permissions from 10.0.3 to 10.0.9 Bumps System.Text.Encoding.CodePages from 10.0.5 to 10.0.9 Bumps System.Text.Json from 10.0.5 to 10.0.9 --- updated-dependencies: - dependency-name: csharpier dependency-version: 1.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: Elastic.Clients.Elasticsearch dependency-version: 9.4.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: log4net dependency-version: 3.3.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: Microsoft.Extensions.Http dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: RabbitMQ.Client dependency-version: 7.2.1 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: SonarAnalyzer.CSharp dependency-version: 10.27.0.140913 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: StackExchange.Redis dependency-version: 2.13.17 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dependencies - dependency-name: System.Diagnostics.EventLog dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: System.Security.Permissions dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: System.Text.Encoding.CodePages dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: System.Text.Json dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-06-12T15:35:37Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	nuget/system.text.json@10.0.5 ⏵ 10.0.9
	nuget/sonaranalyzer.csharp@10.22.0.136894 ⏵ 10.27.0.140913	^-1
	nuget/system.text.encoding.codepages@10.0.5 ⏵ 10.0.9
	nuget/system.diagnostics.eventlog@10.0.5 ⏵ 10.0.9
	nuget/microsoft.extensions.http@10.0.8 ⏵ 10.0.9
	nuget/system.security.permissions@10.0.3 ⏵ 10.0.9	^-4
	nuget/elastic.clients.elasticsearch@9.3.4 ⏵ 9.4.2
	nuget/log4net@3.3.0 ⏵ 3.3.1
	nuget/rabbitmq.client@6.8.1 ⏵ 7.2.1
	nuget/stackexchange.redis@2.12.14 ⏵ 2.13.17
	nuget/microsoft.net.test.sdk@18.5.1 ⏵ 18.6.0

View full report

socket-security · 2026-06-12T15:35:43Z

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Block		Dynamic code execution: nuget `elastic.esql` Location: Package overview From: Src/CrispyWaffle.ElasticSearch/CrispyWaffle.ElasticSearch.csproj → `nuget/elastic.clients.elasticsearch@9.4.2` → `nuget/elastic.esql@0.11.0` ℹ Read more on: This package \| This alert \| What is dynamic code execution? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/elastic.esql@0.11.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Network access: nuget `elastic.transport` Location: Package overview From: Src/CrispyWaffle.ElasticSearch/CrispyWaffle.ElasticSearch.csproj → `nuget/elastic.clients.elasticsearch@9.4.2` → `nuget/elastic.transport@0.17.1` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/elastic.transport@0.17.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Dynamic code execution: nuget `elastic.transport` Location: Package overview From: Src/CrispyWaffle.ElasticSearch/CrispyWaffle.ElasticSearch.csproj → `nuget/elastic.clients.elasticsearch@9.4.2` → `nuget/elastic.transport@0.17.1` ℹ Read more on: This package \| This alert \| What is dynamic code execution? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/elastic.transport@0.17.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Network access: nuget `sonaranalyzer.csharp` Location: Package overview From: Src/CrispyWaffle.Configuration/CrispyWaffle.Configuration.csproj → `nuget/sonaranalyzer.csharp@10.27.0.140913` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/sonaranalyzer.csharp@10.27.0.140913`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		System shell access: nuget `sonaranalyzer.csharp` Location: Package overview From: Src/CrispyWaffle.Configuration/CrispyWaffle.Configuration.csproj → `nuget/sonaranalyzer.csharp@10.27.0.140913` ℹ Read more on: This package \| This alert \| What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/sonaranalyzer.csharp@10.27.0.140913`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Dynamic code execution: nuget `sonaranalyzer.csharp` Location: Package overview From: Src/CrispyWaffle.Configuration/CrispyWaffle.Configuration.csproj → `nuget/sonaranalyzer.csharp@10.27.0.140913` ℹ Read more on: This package \| This alert \| What is dynamic code execution? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/sonaranalyzer.csharp@10.27.0.140913`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		System shell access: nuget `system.threading.ratelimiting` Location: Package overview From: Src/CrispyWaffle.RabbitMQ/CrispyWaffle.RabbitMQ.csproj → `nuget/rabbitmq.client@7.2.1` → `nuget/system.threading.ratelimiting@8.0.0` ℹ Read more on: This package \| This alert \| What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/system.threading.ratelimiting@8.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Dynamic code execution: nuget `system.threading.ratelimiting` Location: Package overview From: Src/CrispyWaffle.RabbitMQ/CrispyWaffle.RabbitMQ.csproj → `nuget/rabbitmq.client@7.2.1` → `nuget/system.threading.ratelimiting@8.0.0` ℹ Read more on: This package \| This alert \| What is dynamic code execution? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/system.threading.ratelimiting@8.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Network access: nuget `system.windows.extensions` Location: Package overview From: Src/CrispyWaffle/CrispyWaffle.csproj → `nuget/system.security.permissions@10.0.9` → `nuget/system.windows.extensions@10.0.9` ℹ Read more on: This package \| This alert \| What is network access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/system.windows.extensions@10.0.9`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		System shell access: nuget `system.windows.extensions` Location: Package overview From: Src/CrispyWaffle/CrispyWaffle.csproj → `nuget/system.security.permissions@10.0.9` → `nuget/system.windows.extensions@10.0.9` ℹ Read more on: This package \| This alert \| What is shell access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/system.windows.extensions@10.0.9`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Dynamic code execution: nuget `system.windows.extensions` Location: Package overview From: Src/CrispyWaffle/CrispyWaffle.csproj → `nuget/system.security.permissions@10.0.9` → `nuget/system.windows.extensions@10.0.9` ℹ Read more on: This package \| This alert \| What is dynamic code execution? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/system.windows.extensions@10.0.9`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Filesystem access: nuget `elastic.esql` Location: Package overview From: Src/CrispyWaffle.ElasticSearch/CrispyWaffle.ElasticSearch.csproj → `nuget/elastic.clients.elasticsearch@9.4.2` → `nuget/elastic.esql@0.11.0` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/elastic.esql@0.11.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Filesystem access: nuget `elastic.transport` Location: Package overview From: Src/CrispyWaffle.ElasticSearch/CrispyWaffle.ElasticSearch.csproj → `nuget/elastic.clients.elasticsearch@9.4.2` → `nuget/elastic.transport@0.17.1` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/elastic.transport@0.17.1`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): nuget `microsoft.bcl.asyncinterfaces` is 100.0% likely to have a medium risk anomaly Notes: The fragment is not conventional executable source code; it is a binary-like payload rich in signing-related data (certificates, OCSP/CRL references) with references to NuGet/Microsoft ecosystems. This necessitates provenance verification and strict supply-chain validation to prevent misuse or tampering in a package delivery context. Further context about how this artifact is consumed is required to determine actual risk in a given project. Confidence: 1.00 Severity: 0.60 From: Src/CrispyWaffle.RabbitMQ/CrispyWaffle.RabbitMQ.csproj → `nuget/rabbitmq.client@7.2.1` → `nuget/microsoft.bcl.asyncinterfaces@8.0.0` ℹ Read more on: This package \| This alert \| What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.bcl.asyncinterfaces@8.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Filesystem access: nuget `sonaranalyzer.csharp` Location: Package overview From: Src/CrispyWaffle.Configuration/CrispyWaffle.Configuration.csproj → `nuget/sonaranalyzer.csharp@10.27.0.140913` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/sonaranalyzer.csharp@10.27.0.140913`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Potential code anomaly (AI signal): nuget `system.io.pipelines` is 100.0% likely to have a medium risk anomaly Notes: This is a .p7s file, which contains a digital signature for a document or email, using the PKCS #7 standard, which serves to verify the sender's identity and ensure the content hasn't been altered in transit. Confidence: 1.00 Severity: 0.60 From: Src/CrispyWaffle.RabbitMQ/CrispyWaffle.RabbitMQ.csproj → `nuget/rabbitmq.client@7.2.1` → `nuget/stackexchange.redis@2.13.17` → `nuget/system.io.pipelines@8.0.0` ℹ Read more on: This package \| This alert \| What is an AI-detected potential code anomaly? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: An AI system found a low-risk anomaly in this package. It may still be fine to use, but you should check that it is safe before proceeding. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/system.io.pipelines@8.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		License exception: nuget `system.threading.channels` with Classpath-exception-2.0 Exception: Classpath-exception-2.0 Comments: From: Src/CrispyWaffle.RabbitMQ/CrispyWaffle.RabbitMQ.csproj → `nuget/rabbitmq.client@7.2.1` → `nuget/system.threading.channels@8.0.0` ℹ Read more on: This package \| This alert \| What is a license exception? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: License exceptions should be carefully reviewed. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/system.threading.channels@8.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		License exception: nuget `system.threading.ratelimiting` with Classpath-exception-2.0 Exception: Classpath-exception-2.0 Comments: From: Src/CrispyWaffle.RabbitMQ/CrispyWaffle.RabbitMQ.csproj → `nuget/rabbitmq.client@7.2.1` → `nuget/system.threading.ratelimiting@8.0.0` ℹ Read more on: This package \| This alert \| What is a license exception? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: License exceptions should be carefully reviewed. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/system.threading.ratelimiting@8.0.0`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Block		Filesystem access: nuget `system.windows.extensions` Location: Package overview From: Src/CrispyWaffle/CrispyWaffle.csproj → `nuget/system.security.permissions@10.0.9` → `nuget/system.windows.extensions@10.0.9` ℹ Read more on: This package \| This alert \| What is filesystem access? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: If a package must read the file system, clarify what it will read and ensure it reads only what it claims to. If appropriate, packages can leave file system access to consumers and operate on data passed to it instead. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/system.windows.extensions@10.0.9`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

github-actions · 2026-06-12T15:35:51Z

Infisical secrets check: ✅ No secrets leaked!

💻 Scan logs

2026-06-12T15:35:47Z INF scanning for exposed secrets...
3:35PM INF 802 commits scanned.
2026-06-12T15:35:49Z INF scan completed in 1.21s
2026-06-12T15:35:49Z INF no leaks found

guibranco

Automatically approved by gstraccini[bot]

dependabot Bot assigned guibranco Jun 12, 2026

dependabot Bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file nuget packages labels Jun 12, 2026

This was referenced Jun 12, 2026

Bump the microsoft group with 2 updates #933

Closed

Bump the extensions group with 1 update #934

Closed

Bump the testing group with 1 update #935

Closed

github-actions Bot added the size/S Denotes a PR that changes 10-29 lines, ignoring generated files. label Jun 12, 2026

guibranco enabled auto-merge (squash) June 12, 2026 15:36

gstraccini Bot added the ☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) label Jun 12, 2026

gstraccini Bot approved these changes Jun 12, 2026

View reviewed changes

guibranco approved these changes Jun 12, 2026

View reviewed changes

gstraccini Bot added the 🤖 bot Automated processes or integrations label Jun 12, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the dependencies group with 12 updates#936

Bump the dependencies group with 12 updates#936
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/dot-config/dependencies-5ed7b295c6

dependabot Bot commented on behalf of github Jun 12, 2026

Uh oh!

socket-security Bot commented Jun 12, 2026

Uh oh!

socket-security Bot commented Jun 12, 2026

Uh oh!

github-actions Bot commented Jun 12, 2026

Uh oh!

guibranco left a comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Jun 12, 2026

1.3.0

1.3.0

Breaking Changes

Change xml formatting to return error when it runs into syntax error so it is consistent with c# #​1854

What's Changed

Feature: Configurable whitespace handling for xml #​1790

Feature: Move closing bracket for xml elements to the same line. #​1598

Feature: Support for csharpier-ignore with XML formatter #​1788

Feature: Add MSBuild transitive and multi-target support #​1833

Feature: allow checking formatting with cache #​1830

Feature: remove dependency on Microsoft.AspNetCore.App #​1508

Fix: csharpier-ignore comment removes linespaces before block #​1867

Uh oh!

socket-security Bot commented Jun 12, 2026

Uh oh!

socket-security Bot commented Jun 12, 2026

Uh oh!

github-actions Bot commented Jun 12, 2026

Uh oh!

guibranco left a comment

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Change xml formatting to return error when it runs into syntax error so it is consistent with c# #1854

Feature: Configurable whitespace handling for xml #1790

Feature: Move closing bracket for xml elements to the same line. #1598

Feature: Support for csharpier-ignore with XML formatter #1788

Feature: Add MSBuild transitive and multi-target support #1833

Feature: allow checking formatting with cache #1830

Feature: remove dependency on Microsoft.AspNetCore.App #1508

Fix: csharpier-ignore comment removes linespaces before block #1867