Skip to content

chore(deps): Bump Aspire.Npgsql and 8 others#62

Merged
leehopper merged 1 commit intomainfrom
dependabot/nuget/backend/minor-and-patch-de779220fe
Apr 24, 2026
Merged

chore(deps): Bump Aspire.Npgsql and 8 others#62
leehopper merged 1 commit intomainfrom
dependabot/nuget/backend/minor-and-patch-de779220fe

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 23, 2026

Updated Aspire.Npgsql from 13.2.2 to 13.2.3.

Release notes

Sourced from Aspire.Npgsql's releases.

13.2.3

What's New in Aspire 13.2.3

Patch release focused on CLI packaging, signing, and reliability fixes.

🐛 Fixes

  • 🛑 aspire stop now properly cleans up application containers on Windows (#​16123)
  • 🔐 Fixed macOS signing, permissions, and certificate trust with improved CI verification (#​16053)
  • ✍️ Fixed signing for the aspire-managed bundle payload (#​16211)
  • 🎭 Fixed Playwright CLI provenance verification for the new tag format (#​16134)
  • 🧭 Updated service discovery environment variables (#​16223)

🔧 Improvements

  • 📊 Removed telemetry API data limits and refactored URL builders (#​16023)
  • ⏱️ Increased native build + sign timeout to 60 minutes for reliability (#​16212)

🏷️ Housekeeping

  • 🔖 Bumped branding to 13.2.3 (#​16181)
  • 🧪 Temporarily disabled Verify CLI archive step on Windows while investigating (#​16276, #​16285)

Commits viewable in compare view.

Updated Marten from 8.31.0 to 8.32.1.

Release notes

Sourced from Marten's releases.

8.32.1

Just bug fixes this time

What's Changed

New Contributors

Full Changelog: JasperFx/marten@V8.32.0...V8.32.1

8.32.0

What's Changed

Full Changelog: JasperFx/marten@V8.31.0...V8.32.0

Commits viewable in compare view.

Updated OpenTelemetry.Extensions.Hosting from 1.15.2 to 1.15.3.

Release notes

Sourced from OpenTelemetry.Extensions.Hosting's releases.

1.15.3

For highlights and announcements pertaining to this release see: Release Notes > 1.15.3.

The following changes are from the previous release 1.15.2.

  • NuGet: OpenTelemetry v1.15.3

    • Fix resource leak in batch and periodic exporting task workers for Blazor/WASM.
      (#​7069)

    • Fixed LogRecord.LogLevel to preserve LogLevel.None and handle
      unspecified or out-of-range severities without returning invalid enum values.
      (#​7092)

    • Fixed OTEL_TRACES_SAMPLER_ARG handling to treat out-of-range, NaN, and
      infinite values as invalid and fall back to the default ratio when using
      traceidratio and parentbased_traceidratio samplers.
      (#​7103)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.15.3

    • Fix baggage and trace headers not respecting the maximum length in some cases.
      (#​7061)

    • Improve efficiency of parsing of baggage and B3 propagation headers.
      (#​7061)

    • Breaking change: Fixed tracestate parsing to reject keys that do not
      begin with a lowercase letter, including keys beginning with digits, to
      align with the W3C Trace Context specification.
      (#​7065)

    • Fixed BaggagePropagator to trim optional whitespace (OWS) around =
      separators when parsing the baggage header, as required by the
      W3C Baggage specification.
      (#​7009)

    • Fixed BaggagePropagator to strip baggage properties (e.g. ;metadata)
      from values when parsing the baggage header.
      (#​7009)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.15.3

    No notable changes.

    See CHANGELOG for details.

... (truncated)

1.15.3-beta.1

The following changes are from the previous release 1.15.2-beta.1.

Commits viewable in compare view.

Updated OpenTelemetry.Instrumentation.AspNetCore from 1.15.1 to 1.15.2.

Release notes

Sourced from OpenTelemetry.Instrumentation.AspNetCore's releases.

1.15.2

Commits viewable in compare view.

Updated OpenTelemetry.Instrumentation.Http from 1.15.0 to 1.15.1.

Release notes

Sourced from OpenTelemetry.Instrumentation.Http's releases.

1.15.1

1.15.1-beta.2

1.15.1-beta.1

1.15.1-alpha.1

Commits viewable in compare view.

Updated SonarAnalyzer.CSharp from 10.23.0.137933 to 10.24.0.138807.

Release notes

Sourced from SonarAnalyzer.CSharp's releases.

10.24

 This release brings a batch of false negative fixes and analyzer crash fixes.

Bug Fixes

  • NET-3596 - Fix S1144 AD0001: Index out of range exception with type named Nullable
  • NET-3522 - Fix S1215 AD0001: ArgumentOutOfRangeException
  • NET-3521 - Fix S2053 AD0001: NRE
  • NET-3520 - Fix S3267 AD0001: NRE

False Positives

  • NET-2276 - Fix S1192 FP: EF migration classes

False Negatives

  • NET-3569 - Fix T0008 and T0009 FN: Support extension blocks
  • NET-2875 - Fix S2092 FN: Null Conditional Assignment
  • NET-2857 - Fix S3330 FN: Null Conditional Assignment
  • NET-2719 - Fix S4136 FN: Extension methods
  • NET-2688 - Fix S4433 FN: Null-conditional assignment in tracker
  • NET-2675 - Fix S6418 FN: Field keyword
  • NET-2667 - Fix S2934 FN: Null-conditional assignment and field keyword
  • NET-2658 - Fix S127 FN: BitShiftCompound

Commits viewable in compare view.

Updated WolverineFx from 5.31.1 to 5.32.1.

Release notes

Sourced from WolverineFx's releases.

5.32.1

What's Changed

New Contributors

Full Changelog: JasperFx/wolverine@V5.32.0...V5.32.1

5.32.0

What's Changed

Full Changelog: JasperFx/wolverine@V5.31.1...V5.32.0

Commits viewable in compare view.

Updated WolverineFx.EntityFrameworkCore from 5.31.1 to 5.32.1.

Release notes

Sourced from WolverineFx.EntityFrameworkCore's releases.

5.32.1

What's Changed

New Contributors

Full Changelog: JasperFx/wolverine@V5.32.0...V5.32.1

5.32.0

What's Changed

Full Changelog: JasperFx/wolverine@V5.31.1...V5.32.0

Commits viewable in compare view.

Updated WolverineFx.Marten from 5.31.1 to 5.32.1.

Release notes

Sourced from WolverineFx.Marten's releases.

5.32.1

What's Changed

New Contributors

Full Changelog: JasperFx/wolverine@V5.32.0...V5.32.1

5.32.0

What's Changed

Full Changelog: JasperFx/wolverine@V5.31.1...V5.32.0

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): Bump Aspire.Npgsql and 8 others
cc12f77 
Bumps Aspire.Npgsql from 13.2.2 to 13.2.3
Bumps Marten from 8.31.0 to 8.32.1
Bumps OpenTelemetry.Extensions.Hosting from 1.15.2 to 1.15.3
Bumps OpenTelemetry.Instrumentation.AspNetCore from 1.15.1 to 1.15.2
Bumps OpenTelemetry.Instrumentation.Http from 1.15.0 to 1.15.1
Bumps SonarAnalyzer.CSharp from 10.23.0.137933 to 10.24.0.138807
Bumps WolverineFx from 5.31.1 to 5.32.1
Bumps WolverineFx.EntityFrameworkCore from 5.31.1 to 5.32.1
Bumps WolverineFx.Marten from 5.31.1 to 5.32.1

---
updated-dependencies:
- dependency-name: Aspire.Npgsql
  dependency-version: 13.2.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Marten
  dependency-version: 8.32.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: OpenTelemetry.Extensions.Hosting
  dependency-version: 1.15.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: OpenTelemetry.Instrumentation.AspNetCore
  dependency-version: 1.15.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: OpenTelemetry.Instrumentation.Http
  dependency-version: 1.15.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: SonarAnalyzer.CSharp
  dependency-version: 10.24.0.138807
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: WolverineFx
  dependency-version: 5.32.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: WolverineFx.EntityFrameworkCore
  dependency-version: 5.32.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: WolverineFx.Marten
  dependency-version: 5.32.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Apr 23, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Apr 23, 2026

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 17 package(s) with unknown licenses.
See the Details below.

License Issues

backend/src/RunCoach.Api/RunCoach.Api.csproj

PackageVersionLicenseIssue Type
Aspire.Npgsql13.2.3NullUnknown License
JasperFx1.26.0NullUnknown License
JasperFx.Events1.29.1NullUnknown License
Marten8.32.1NullUnknown License
OpenTelemetry.Extensions.Hosting1.15.3NullUnknown License
OpenTelemetry.Instrumentation.AspNetCore1.15.2NullUnknown License
OpenTelemetry.Instrumentation.Http1.15.1NullUnknown License
SonarAnalyzer.CSharp10.24.0.138807NullUnknown License
Weasel.Core8.14.1NullUnknown License
Weasel.EntityFrameworkCore8.14.1NullUnknown License
Weasel.Postgresql8.14.1NullUnknown License
WolverineFx5.32.1NullUnknown License
WolverineFx.EntityFrameworkCore5.32.1NullUnknown License
WolverineFx.Marten5.32.1NullUnknown License
WolverineFx.Postgresql5.32.1NullUnknown License
WolverineFx.RDBMS5.32.1NullUnknown License

backend/tests/RunCoach.Api.Tests/RunCoach.Api.Tests.csproj

PackageVersionLicenseIssue Type
SonarAnalyzer.CSharp10.24.0.138807NullUnknown License
Allowed Licenses: MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, 0BSD, Unlicense, CC0-1.0, CC-BY-4.0, Zlib, BSL-1.0, Python-2.0, PSF-2.0, Artistic-2.0, MPL-2.0, WTFPL, PostgreSQL
Excluded from license check: pkg:githubactions/SonarSource/sonarqube-scan-action, pkg:npm/runcoach-frontend

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
nuget/Aspire.Npgsql 13.2.3 UnknownUnknown
nuget/JasperFx 1.26.0 UnknownUnknown
nuget/JasperFx.Events 1.29.1 UnknownUnknown
nuget/Marten 8.32.1 UnknownUnknown
nuget/OpenTelemetry.Extensions.Hosting 1.15.3 🟢 8.3
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Dependency-Update-Tool🟢 10update tool detected
Maintained🟢 1030 commit(s) and 19 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Pinned-Dependencies🟢 10all dependencies are pinned
CII-Best-Practices🟢 5badge detected: Passing
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST🟢 10SAST tool is run on all commits
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Packaging🟢 10packaging workflow detected
License🟢 10license file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 37 contributing companies or organizations
nuget/OpenTelemetry.Instrumentation.AspNetCore 1.15.2 🟢 8.3
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices🟢 5badge detected: Passing
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
License🟢 10license file detected
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 23 contributing companies or organizations
nuget/OpenTelemetry.Instrumentation.Http 1.15.1 🟢 8.3
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 28 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices🟢 5badge detected: Passing
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Vulnerabilities🟢 100 existing vulnerabilities detected
Fuzzing⚠️ 0project is not fuzzed
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
SAST🟢 10SAST tool is run on all commits
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
License🟢 10license file detected
Security-Policy🟢 10security policy file detected
Packaging🟢 10packaging workflow detected
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 23 contributing companies or organizations
nuget/SonarAnalyzer.CSharp 10.24.0.138807 UnknownUnknown
nuget/Spectre.Console 0.55.0 UnknownUnknown
nuget/Spectre.Console.Ansi 0.55.0 UnknownUnknown
nuget/Weasel.Core 8.14.1 UnknownUnknown
nuget/Weasel.EntityFrameworkCore 8.14.1 UnknownUnknown
nuget/Weasel.Postgresql 8.14.1 UnknownUnknown
nuget/WolverineFx 5.32.1 UnknownUnknown
nuget/WolverineFx.EntityFrameworkCore 5.32.1 UnknownUnknown
nuget/WolverineFx.Marten 5.32.1 UnknownUnknown
nuget/WolverineFx.Postgresql 5.32.1 UnknownUnknown
nuget/WolverineFx.RDBMS 5.32.1 UnknownUnknown
nuget/SonarAnalyzer.CSharp 10.24.0.138807 UnknownUnknown

Scanned Files

  • backend/src/RunCoach.Api/RunCoach.Api.csproj
  • backend/tests/RunCoach.Api.Tests/RunCoach.Api.Tests.csproj

@leehopper leehopper merged commit 0e1b8f0 into main Apr 24, 2026
13 checks passed
@leehopper leehopper deleted the dependabot/nuget/backend/minor-and-patch-de779220fe branch April 24, 2026 00:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@leehopper