Bump the swashbuckle group with 3 updates by dependabot[bot] · Pull Request #1104 · hwinther/test

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps Swashbuckle.AspNetCore from 10.1.7 to 10.2.0 Bumps swashbuckle.aspnetcore.cli from 10.1.7 to 10.2.0 Bumps Swashbuckle.AspNetCore.ReDoc from 10.1.7 to 10.2.0 --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: swashbuckle - dependency-name: swashbuckle.aspnetcore.cli dependency-version: 10.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: swashbuckle - dependency-name: Swashbuckle.AspNetCore.ReDoc dependency-version: 10.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: swashbuckle ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-05-31T01:45:32Z

Dotnet build status (Backend.slnx)

❌ Restore failed

❌ tests/backend/WebApi.Tests/WebApi.Tests.csproj : error NU1004: The project references webapi whose dependencies has changed.The packages lock file is inconsistent with the project dependencies so restore can't be run in locked mode. Disable the RestoreLockedMode MSBuild property or pass an explicit --force-evaluate option to run restore to update the lock file. [src/backend/Backend.slnx]
❌ src/backend/ApiClient/ApiClient.csproj : error NU3012: Package 'Refit 10.1.6' from source 'https://api.nuget.org/v3/index.json': The author primary signature found a chain building issue: Revoked: certificate revoked [src/backend/Backend.slnx]
❌ tests/backend/ApiClient.Tests/ApiClient.Tests.csproj : error NU3012: Package 'Refit 10.1.6' from source 'https://api.nuget.org/v3/index.json': The author primary signature found a chain building issue: Revoked: certificate revoked [src/backend/Backend.slnx]
❌ Failed to restore tests/backend/WebApi.Tests/WebApi.Tests.csproj (in 453 ms).
❌ Failed to restore src/backend/ApiClient/ApiClient.csproj (in 2.58 sec).
❌ Failed to restore tests/backend/ApiClient.Tests/ApiClient.Tests.csproj (in 3.28 sec).

✅ No changes in files after restore and build were found

github-actions · 2026-05-31T01:47:27Z

🛡️ Grype vulnerability scan

9 findings: 🟠 4 High, 🟡 5 Medium

All 9 findings (sorted by severity)

Severity	CVSS	ID	Location	Description
🟠 High	8.1	GHSA-75px-5xx7-5xc7-protobufjs	frontend/	A high vulnerability in npm package: protobufjs, version 8.0.1 was found in image ghcr.io/hwinther/test/frontend:0.70.1-PullRequest1104.25 a
🟠 High	7.7	GHSA-66ff-xgx4-vchm-protobufjs	frontend/	A high vulnerability in npm package: protobufjs, version 8.0.1 was found in image ghcr.io/hwinther/test/frontend:0.70.1-PullRequest1104.25 a
🟠 High	7.5	GHSA-jvwf-75h9-cwgg-protobufjs	frontend/	A high vulnerability in npm package: protobufjs, version 8.0.1 was found in image ghcr.io/hwinther/test/frontend:0.70.1-PullRequest1104.25 a
🟠 High	7.5	GHSA-685m-2w69-288q-protobufjs	frontend/	A high vulnerability in npm package: protobufjs, version 8.0.1 was found in image ghcr.io/hwinther/test/frontend:0.70.1-PullRequest1104.25 a
🟡 Medium	5.3	GHSA-fx83-v9x8-x52w-protobufjs	frontend/	A medium vulnerability in npm package: protobufjs, version 8.0.1 was found in image ghcr.io/hwinther/test/frontend:0.70.1-PullRequest1104.25
🟡 Medium	5.3	GHSA-jggg-4jg4-v7c6-protobufjs	frontend/	A medium vulnerability in npm package: protobufjs, version 7.5.6 was found in image ghcr.io/hwinther/test/frontend:0.70.1-PullRequest1104.25
🟡 Medium	5.3	GHSA-jggg-4jg4-v7c6-protobufjs	frontend/	A medium vulnerability in npm package: protobufjs, version 8.0.1 was found in image ghcr.io/hwinther/test/frontend:0.70.1-PullRequest1104.25
🟡 Medium	5.3	GHSA-2pr8-phx7-x9h3-protobufjs	frontend/	A medium vulnerability in npm package: protobufjs, version 8.0.1 was found in image ghcr.io/hwinther/test/frontend:0.70.1-PullRequest1104.25
🟡 Medium	5.3	GHSA-q6x5-8v7m-xcrf-protobufjs	frontend/	A medium vulnerability in npm package: protobufjs, version 8.0.1 was found in image ghcr.io/hwinther/test/frontend:0.70.1-PullRequest1104.25

Open Code Scanning alerts for branch dependabot/nuget/src/backend/dot-config/main/swashbuckle-f1d87e9bcf (SARIF category grype-container-frontend; alerts can take a moment to appear after upload.)

dependabot · 2026-06-03T20:43:53Z

Looks like these dependencies are updatable in another way, so this is no longer needed.

dependabot Bot assigned hwinther May 31, 2026

dependabot Bot requested a review from hwinther as a code owner May 31, 2026 01:44

dependabot Bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels May 31, 2026

github-actions Bot added the backend label May 31, 2026

hwinther added the update-dotnet-lockfiles label Jun 3, 2026

dependabot Bot closed this Jun 3, 2026

dependabot Bot deleted the dependabot/nuget/src/backend/dot-config/main/swashbuckle-f1d87e9bcf branch June 3, 2026 20:43

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the swashbuckle group with 3 updates#1104

Bump the swashbuckle group with 3 updates#1104
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/src/backend/dot-config/main/swashbuckle-f1d87e9bcf

dependabot Bot commented on behalf of github May 31, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented May 31, 2026 •

edited

Loading

Uh oh!

github-actions Bot commented May 31, 2026

Uh oh!

dependabot Bot commented on behalf of github Jun 3, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github May 31, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

10.2.0

What's Changed

New Contributors

10.2.0

What's Changed

New Contributors

10.2.0

What's Changed

New Contributors

Uh oh!

github-actions Bot commented May 31, 2026 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Dotnet build status (Backend.slnx)

❌ Restore failed

✅ No changes in files after restore and build were found

Uh oh!

github-actions Bot commented May 31, 2026

🛡️ Grype vulnerability scan

Uh oh!

dependabot Bot commented on behalf of github Jun 3, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

dependabot Bot commented on behalf of github May 31, 2026 •

edited

Loading

github-actions Bot commented May 31, 2026 •

edited

Loading