Skip to content

chore(deps): Bump the minor-and-patch group with 8 updates#205

Merged
leehopper merged 2 commits into
mainfrom
dependabot/nuget/backend/minor-and-patch-e55daef11c
Jun 18, 2026
Merged

chore(deps): Bump the minor-and-patch group with 8 updates#205
leehopper merged 2 commits into
mainfrom
dependabot/nuget/backend/minor-and-patch-e55daef11c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown
Contributor

Updated Anthropic from 12.29.0 to 12.29.1.

Updated Aspire.Npgsql from 13.4.3 to 13.4.5.

Release notes

Sourced from Aspire.Npgsql's releases.

13.4.5

What's New in Aspire 13.4.5

Patch release for Aspire 13.4 clearing a transitive MessagePack security advisory, tightening CLI validation for Playwright configuration, and adding coding-agent detection to CLI telemetry.

🐛 Fixes

  • 🛡️ Bumped StreamJsonRpc to 2.25.29 to clear the MessagePack GHSA-hv8m-jj95-wg3x (CVE-2026-48109) NU1903 advisory — The transitive MessagePack 2.5.192 dependency pulled in via StreamJsonRpc 2.22.23 fell within the advisory's vulnerable LZ4 decompression range. Aspire does not use MessagePackFormatter or LZ4 — all StreamJsonRpc calls use SystemTextJsonFormatter over local Unix sockets — so the vulnerability was not reachable in practice. The bump clears the NU1903 warning for consumers of the Aspire.Hosting package. (#​18204, @​mitchdenny)
  • 🎭 playwrightCliVersion values that are not valid SemVer 2.0 now fail fast with a clear diagnostic — Previously an invalid override (range expression, dist-tag like latest, or a v-prefixed string) would surface as a generic npm resolution failure. The value is now validated with strict SemVer parsing at startup; an error naming the configuration key and the offending value is emitted immediately. (#​18205, @​mitchdenny)
  • 🤖 CLI telemetry now detects and reports the calling coding agent — When the Aspire CLI is invoked from inside a known coding agent environment (GitHub Copilot CLI, VS Code Copilot agent, etc.) the agent name is included in the main CLI telemetry event. GitHub Copilot CLI is specifically identified as copilot-cli. (#​18240, @​damianedwards)

🏷️ Housekeeping

  • 📄 Refreshed the @​microsoft/aspire-cli npm package README to be TypeScript-only — updated examples to the current ts-starter template (apphost.mts / aspire.mjs), added a backing-services snippet showing aspire add for PostgreSQL and Redis, and documented aspire dashboard run as a standalone dashboard option. (#​18221, @​adamint)

Full Changelog: v13.4.4...v13.4.5

Full commit: 73114e86c64aeb9f3f3c7da8e37df1ae4281b27e

Generated by Generate release notes for a new stable Aspire release · ● 4.4M

13.4.4

What's New in Aspire 13.4.4

Patch release for Aspire 13.4 with improved DCP connection reliability during request execution and consistent ExcludeFromMcp() filtering across all CLI MCP tools.

🐛 Fixes

  • 🔌 DCP requests could fail permanently when the connection dropped mid-request — If the underlying DCP channel closed while a request was in flight, the error was surfaced directly instead of being retried. Reconnection is now attempted as part of the DCP request retry path so transient disconnections recover automatically without surfacing errors. (#​18096, @​karolz-ms)
  • 🔍 Resources marked with ExcludeFromMcp() were not consistently filtered from CLI MCP tools — Resources with the resource.excludeFromMcp property were not excluded uniformly from all CLI MCP tool results. list_resources, list_console_logs, execute_resource_command, list_structured_logs, list_traces, and list_trace_structured_logs all now honor the exclusion, preventing excluded resources and their telemetry from appearing in agent context. (#​18150, @​JamesNK)

🏷️ Housekeeping

  • 📦 Improved npm CLI package metadata and hardened npm publish validation in the release pipeline. (#​18093, @​adamratzman)

Full Changelog: v13.4.3...v13.4.4

Full commit: ccc566c5ab3285c9beb8f38ede34734bb477c029

Commits viewable in compare view.

Updated Marten from 9.7.2 to 9.9.0.

Release notes

Sourced from Marten's releases.

9.9.0

What's Changed

Full Changelog: JasperFx/marten@V9.8.2...V9.9.0

9.8.2

Couple bug reports related to the Daemon, one performance related for folks using the archived partitioning on the event store

What's Changed

Full Changelog: JasperFx/marten@V9.8.1...V9.8.2

9.8.1

This might impact folks migrating from Marten 8 to Marten 9. Strictly an issue with database migrations

What's Changed

Full Changelog: JasperFx/marten@V9.8.0...V9.8.1

9.8.0

This was pretty well 100% about CritterWatch. The new APIs are all to support CritterWatch

What's Changed

Full Changelog: JasperFx/marten@V9.7.5...V9.8.0

9.7.5

What's Changed

Full Changelog: JasperFx/marten@V9.7.4...V9.7.5

9.7.4

What's Changed

Full Changelog: JasperFx/marten@V9.7.3...V9.7.4

9.7.3

Small release. Couple fixes for daemon resiliency and CritterWatch administration actions

What's Changed

Full Changelog: JasperFx/marten@V9.7.2...V9.7.3

Commits viewable in compare view.

Updated Marten.EntityFrameworkCore from 9.7.2 to 9.9.0.

Release notes

Sourced from Marten.EntityFrameworkCore's releases.

9.9.0

What's Changed

Full Changelog: JasperFx/marten@V9.8.2...V9.9.0

9.8.2

Couple bug reports related to the Daemon, one performance related for folks using the archived partitioning on the event store

What's Changed

Full Changelog: JasperFx/marten@V9.8.1...V9.8.2

9.8.1

This might impact folks migrating from Marten 8 to Marten 9. Strictly an issue with database migrations

What's Changed

Full Changelog: JasperFx/marten@V9.8.0...V9.8.1

9.8.0

This was pretty well 100% about CritterWatch. The new APIs are all to support CritterWatch

What's Changed

Full Changelog: JasperFx/marten@V9.7.5...V9.8.0

9.7.5

What's Changed

Full Changelog: JasperFx/marten@V9.7.4...V9.7.5

9.7.4

What's Changed

Full Changelog: JasperFx/marten@V9.7.3...V9.7.4

9.7.3

Small release. Couple fixes for daemon resiliency and CritterWatch administration actions

What's Changed

Full Changelog: JasperFx/marten@V9.7.2...V9.7.3

Commits viewable in compare view.

Updated WolverineFx from 6.7.0 to 6.12.0.

Release notes

Sourced from WolverineFx's releases.

6.12.0

What's Changed

Full Changelog: JasperFx/wolverine@V6.11.0...V6.12.0

6.11.0

The Polecat change was necessary for CritterWatch persistence with SQL Server. The inbox cleanup should help with very busy Wolverine systems be a bit easier on databases.

What's Changed

Full Changelog: JasperFx/wolverine@V6.10.0...V6.11.0

6.10.0

New Polecat integration for ancillary store support within Wolverine that folks doing modular monoliths will want -- and we needed in CritterWatch post haste. Also new options for configuring Redis.

What's Changed

Full Changelog: JasperFx/wolverine@V6.9.0...V6.10.0

6.9.0

This release was mostly about CritterWatch, but does have some new DLQ functionality, which was meant to complement CritterWatch. Couple bug fixes too though.

What's Changed

Full Changelog: JasperFx/wolverine@V6.8.0...V6.9.0

6.8.0

What's Changed

New Contributors

Full Changelog: JasperFx/wolverine@V6.7.0...V6.8.0

Commits viewable in compare view.

Updated WolverineFx.EntityFrameworkCore from 6.7.0 to 6.12.0.

Release notes

Sourced from WolverineFx.EntityFrameworkCore's releases.

6.12.0

What's Changed

Full Changelog: JasperFx/wolverine@V6.11.0...V6.12.0

6.11.0

The Polecat change was necessary for CritterWatch persistence with SQL Server. The inbox cleanup should help with very busy Wolverine systems be a bit easier on databases.

What's Changed

Full Changelog: JasperFx/wolverine@V6.10.0...V6.11.0

6.10.0

New Polecat integration for ancillary store support within Wolverine that folks doing modular monoliths will want -- and we needed in CritterWatch post haste. Also new options for configuring Redis.

What's Changed

Full Changelog: JasperFx/wolverine@V6.9.0...V6.10.0

6.9.0

This release was mostly about CritterWatch, but does have some new DLQ functionality, which was meant to complement CritterWatch. Couple bug fixes too though.

What's Changed

Full Changelog: JasperFx/wolverine@V6.8.0...V6.9.0

6.8.0

What's Changed

New Contributors

Full Changelog: JasperFx/wolverine@V6.7.0...V6.8.0

Commits viewable in compare view.

Updated WolverineFx.Marten from 6.7.0 to 6.12.0.

Release notes

Sourced from WolverineFx.Marten's releases.

6.12.0

What's Changed

Full Changelog: JasperFx/wolverine@V6.11.0...V6.12.0

6.11.0

The Polecat change was necessary for CritterWatch persistence with SQL Server. The inbox cleanup should help with very busy Wolverine systems be a bit easier on databases.

What's Changed

Full Changelog: JasperFx/wolverine@V6.10.0...V6.11.0

6.10.0

New Polecat integration for ancillary store support within Wolverine that folks doing modular monoliths will want -- and we needed in CritterWatch post haste. Also new options for configuring Redis.

What's Changed

Full Changelog: JasperFx/wolverine@V6.9.0...V6.10.0

6.9.0

This release was mostly about CritterWatch, but does have some new DLQ functionality, which was meant to complement CritterWatch. Couple bug fixes too though.

What's Changed

Full Changelog: JasperFx/wolverine@V6.8.0...V6.9.0

6.8.0

What's Changed

New Contributors

Full Changelog: JasperFx/wolverine@V6.7.0...V6.8.0

Commits viewable in compare view.

Updated WolverineFx.RuntimeCompilation from 6.7.0 to 6.12.0.

Release notes

Sourced from WolverineFx.RuntimeCompilation's releases.

6.12.0

What's Changed

Full Changelog: JasperFx/wolverine@V6.11.0...V6.12.0

6.11.0

The Polecat change was necessary for CritterWatch persistence with SQL Server. The inbox cleanup should help with very busy Wolverine systems be a bit easier on databases.

What's Changed

Full Changelog: JasperFx/wolverine@V6.10.0...V6.11.0

6.10.0

New Polecat integration for ancillary store support within Wolverine that folks doing modular monoliths will want -- and we needed in CritterWatch post haste. Also new options for configuring Redis.

What's Changed

Full Changelog: JasperFx/wolverine@V6.9.0...V6.10.0

6.9.0

This release was mostly about CritterWatch, but does have some new DLQ functionality, which was meant to complement CritterWatch. Couple bug fixes too though.

What's Changed

Full Changelog: JasperFx/wolverine@V6.8.0...V6.9.0

6.8.0

What's Changed

New Contributors

Full Changelog: JasperFx/wolverine@V6.7.0...V6.8.0

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps Anthropic from 12.29.0 to 12.29.1
Bumps Aspire.Npgsql from 13.4.3 to 13.4.5
Bumps Marten from 9.7.2 to 9.9.0
Bumps Marten.EntityFrameworkCore from 9.7.2 to 9.9.0
Bumps WolverineFx from 6.7.0 to 6.12.0
Bumps WolverineFx.EntityFrameworkCore from 6.7.0 to 6.12.0
Bumps WolverineFx.Marten from 6.7.0 to 6.12.0
Bumps WolverineFx.RuntimeCompilation from 6.7.0 to 6.12.0

---
updated-dependencies:
- dependency-name: Anthropic
  dependency-version: 12.29.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Aspire.Npgsql
  dependency-version: 13.4.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Marten
  dependency-version: 9.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Marten.EntityFrameworkCore
  dependency-version: 9.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: WolverineFx
  dependency-version: 6.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: WolverineFx.EntityFrameworkCore
  dependency-version: 6.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: WolverineFx.Marten
  dependency-version: 6.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: WolverineFx.RuntimeCompilation
  dependency-version: 6.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Jun 18, 2026
@github-actions

github-actions Bot commented Jun 18, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 16 package(s) with unknown licenses.
See the Details below.

License Issues

backend/src/RunCoach.Api/RunCoach.Api.csproj

PackageVersionLicenseIssue Type
Anthropic12.29.1NullUnknown License
Aspire.Npgsql13.4.5NullUnknown License
JasperFx2.13.0NullUnknown License
JasperFx.Events2.13.0NullUnknown License
JasperFx.SourceGenerator2.13.0NullUnknown License
Marten9.9.0NullUnknown License
Marten.EntityFrameworkCore9.9.0NullUnknown License
Weasel.Core9.2.0NullUnknown License
Weasel.EntityFrameworkCore9.2.0NullUnknown License
Weasel.Postgresql9.2.0NullUnknown License
WolverineFx6.12.0NullUnknown License
WolverineFx.EntityFrameworkCore6.12.0NullUnknown License
WolverineFx.Marten6.12.0NullUnknown License
WolverineFx.Postgresql6.12.0NullUnknown License
WolverineFx.RDBMS6.12.0NullUnknown License
WolverineFx.RuntimeCompilation6.12.0NullUnknown License
Allowed Licenses: MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, 0BSD, Unlicense, CC0-1.0, CC-BY-4.0, Zlib, BSL-1.0, Python-2.0, PSF-2.0, Artistic-2.0, MPL-2.0, WTFPL, PostgreSQL
Excluded from license check: pkg:githubactions/SonarSource/sonarqube-scan-action, pkg:npm/runcoach-frontend

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
nuget/Anthropic 12.29.1 UnknownUnknown
nuget/Aspire.Npgsql 13.4.5 UnknownUnknown
nuget/JasperFx 2.13.0 UnknownUnknown
nuget/JasperFx.Events 2.13.0 UnknownUnknown
nuget/JasperFx.SourceGenerator 2.13.0 UnknownUnknown
nuget/Marten 9.9.0 UnknownUnknown
nuget/Marten.EntityFrameworkCore 9.9.0 UnknownUnknown
nuget/Weasel.Core 9.2.0 UnknownUnknown
nuget/Weasel.EntityFrameworkCore 9.2.0 UnknownUnknown
nuget/Weasel.Postgresql 9.2.0 UnknownUnknown
nuget/WolverineFx 6.12.0 UnknownUnknown
nuget/WolverineFx.EntityFrameworkCore 6.12.0 UnknownUnknown
nuget/WolverineFx.Marten 6.12.0 UnknownUnknown
nuget/WolverineFx.Postgresql 6.12.0 UnknownUnknown
nuget/WolverineFx.RDBMS 6.12.0 UnknownUnknown
nuget/WolverineFx.RuntimeCompilation 6.12.0 UnknownUnknown

Scanned Files

  • backend/src/RunCoach.Api/RunCoach.Api.csproj

@leehopper leehopper enabled auto-merge (squash) June 18, 2026 16:25
@leehopper leehopper merged commit e53a93a into main Jun 18, 2026
16 checks passed
@dependabot dependabot Bot deleted the dependabot/nuget/backend/minor-and-patch-e55daef11c branch June 18, 2026 16:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant