Skip to content

build: Bump the nuget-patch group with 7 updates#167

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/dot-config/nuget-patch-c67bdbaf04
Closed

build: Bump the nuget-patch group with 7 updates#167
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/dot-config/nuget-patch-c67bdbaf04

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 16, 2026
edited
Loading

Updated dotnet-reportgenerator-globaltool from 5.4.7 to 5.4.18.

Release notes

Sourced from dotnet-reportgenerator-globaltool's releases.

5.4.18

Changes:

  • #​760: Improved light/dark mode when "Auto Dark Mode for Web Contents" is enabled in Chrome/Edge
  • #​762: Improved handling of generic classes in DynamicCodeCoverage files (generated by dotnet-coverage)

This release requires .NET Framework 4.7 or .NET 8.0/9.0

5.4.17

Changes:

  • #​756: Added new report type 'Markdown'
  • #​757: Improved title elements in SVGs charts embedded in MHTML report

This release requires .NET Framework 4.7 or .NET 8.0/9.0

5.4.16

Changes:

  • #​755: Improved MHTML reports (inline CSS)

This release requires .NET Framework 4.7 or .NET 8.0/9.0

5.4.15

Changes:

  • #​752: Added support for Scoverage input format
  • #​753: Added tiny history charts to HTML reports (if JavaScript is disabled)

This release requires .NET Framework 4.7 or .NET 8.0/9.0

5.4.14

Changes:

  • Added support for Testwell CTC++ coverage files (PRO version only)
  • #​753: Added title elements to SVGs generated with SvgChart report type

This release requires .NET Framework 4.7 or .NET 8.0/9.0

5.4.13

Changes:

  • #​751: Improved support for large numbers in LCOV files

This release requires .NET Framework 4.7 or .NET 8.0/9.0

5.4.12

Changes:

  • #​750: Cobertura reports now contain timestamp in UTC format

This release requires .NET Framework 4.7 or .NET 8.0/9.0

5.4.11

This release requires .NET Framework 4.7 or .NET 8.0/9.0

5.4.10

Changes:

  • #​746: Improved "raw mode" (settings:rawMode=true): Leave method names unchanged

This release requires .NET Framework 4.7 or .NET 8.0/9.0

5.4.9

Changes:

  • #​744: Azure DevOps task: Added support for nodeJS 20

This release requires .NET Framework 4.7 or .NET 8.0/9.0

5.4.8

Changes:

  • #​737 Improved lcov support (take FNDA elements into account to determine whether a code element has been covered)
  • #​741 Charts does not render "Full method coverage" elements if coverage information is not available
  • Added new setting "applyMaximumGroupingLevel". This allows to apply the maximum grouping level instead of the default 'By assembly' grouping in HTML reports.

This release requires .NET Framework 4.7 or .NET 8.0/9.0

Commits viewable in compare view.

Updated Meziantou.Analyzer from 2.0.276 to 2.0.302.

Release notes

Sourced from Meziantou.Analyzer's releases.

2.0.302

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.302

Full Changelog: meziantou/Meziantou.Analyzer@2.0.301...2.0.302

2.0.301

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.301

What's Changed

New Contributors

Full Changelog: meziantou/Meziantou.Analyzer@2.0.300...2.0.301

2.0.300

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.300

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.299...2.0.300

2.0.299

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.299

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.298...2.0.299

2.0.298

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.298

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.297...2.0.298

2.0.297

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.297

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.296...2.0.297

2.0.296

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.296

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.295...2.0.296

2.0.295

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.295

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.294...2.0.295

2.0.294

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.294

Full Changelog: meziantou/Meziantou.Analyzer@2.0.293...2.0.294

2.0.293

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.293

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.292...2.0.293

2.0.292

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.292

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.291...2.0.292

2.0.291

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.291

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.290...2.0.291

2.0.290

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.290

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.289...2.0.290

2.0.289

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.289

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.288...2.0.289

2.0.288

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.288

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.287...2.0.288

2.0.287

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.287

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.286...2.0.287

2.0.286

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.286

Full Changelog: meziantou/Meziantou.Analyzer@2.0.285...2.0.286

2.0.285

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.285

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.284...2.0.285

2.0.284

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.284

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.283...2.0.284

2.0.283

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.283

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.282...2.0.283

2.0.282

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.282

Full Changelog: meziantou/Meziantou.Analyzer@2.0.281...2.0.282

2.0.281

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.281

Full Changelog: meziantou/Meziantou.Analyzer@2.0.280...2.0.281

2.0.280

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.280

Full Changelog: meziantou/Meziantou.Analyzer@2.0.279...2.0.280

2.0.279

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.279

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.278...2.0.279

2.0.278

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.278

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.277...2.0.278

2.0.277

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.277

Full Changelog: meziantou/Meziantou.Analyzer@2.0.276...2.0.277

Commits viewable in compare view.

Updated Microsoft.Extensions.Hosting from 10.0.1 to 10.0.5.

Release notes

Sourced from Microsoft.Extensions.Hosting's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Moq.Analyzers from 0.4.0 to 0.4.2.

Release notes

Sourced from Moq.Analyzers's releases.

0.4.2

Moq.Analyzers 0.4.2 🎉

This is a focused patch release with one mission: squash a false positive that was getting in the way of real-world LINQ-to-Mocks usage. If you've been seeing Moq1302 warnings on perfectly valid code, this one's for you. 🎯

A big thank you to @​abatishchev for reporting the issue with a clear, actionable reproduction. Community reports like this make all the difference.

🐛 False Positive Fix for Moq1302

What was happening

If you were using Mock.Of with a comparison expression — something totally normal like this:

Mock.Of<Response>(static r => r.Status == StatusCodes.Status200OK)

…you'd get a warning:

⚠️ Moq1302: Invalid member 'StatusCodes.Status200OK' in LINQ to Mocks expression

But there's nothing wrong with that code. It compiles, it runs, and it's how LINQ-to-Mocks expressions are supposed to work. The right-hand side of the comparison (StatusCodes.Status200OK) is just a constant — it's not a mock setup member. The analyzer shouldn't have been looking at it at all. 😬

The same false positive appeared with enum values, static fields, external locals, and other non-mock expressions on the right-hand side of ==, &&, or || comparisons.

How it was fixed

The fix introduces a lambda parameter guard: before the analyzer flags a member access, it now walks the receiver chain to check whether the operation is actually rooted in the lambda parameter (i.e., the r in r => r.Status == ...).

A new IsRootedInLambdaParameter() extension method traces the receiver chain — through property accesses, method calls, and conversions — all the way back to the lambda parameter. If the chain doesn't terminate in the lambda parameter, the member is silently skipped. Static members, constants, and external references pass right through without a warning.

The guard is applied only to leaf member operations (property references, method calls). Composite operations like && and || still get decomposed normally, so chained comparisons like r.Prop == "a" && r.Other == "b" continue to be fully analyzed. No false negatives.

As a bonus, MoqKnownSymbols is now threaded through the entire analysis chain instead of being recreated mid-analysis, and nested Mock.Of calls are excluded early to prevent false positives from inner mock expressions.

🧪 Comprehensive Test Coverage

This release adds 961 new lines of test code covering the full surface area of the fix (#​1020):

  • ✅ Static members and constants on the right-hand side of comparisons
  • ✅ Enum value comparisons
  • ✅ Chained && / || expressions
  • ✅ Nested Mock.Of calls
  • ✅ Deep receiver chain walking edge cases

👥 Contributors

Thank you to everyone who reported bugs and provided reproduction cases:

... (truncated)

0.4.1

Moq.Analyzers 0.4.1

This is a patch release addressing critical bugs reported after v0.4.0.

🐛 Bug Fixes

Moq1203 False Positives

  • #​849 - Fixed incorrect Moq1203 flagging after upgrading to v0.4.0. The analyzer now correctly resolves delegate-overload resolution for ReturnsAsync, Callback, and similar chained methods. (#​886, #​919)
  • #​887 - Fixed Moq1203 false positive when the Setup call is wrapped in parentheses. (#​895)

Parenthesized Expression Handling

  • #​896 - Fixed parenthesized expressions breaking syntax chain walking in Moq1100 and Moq1206 analyzers. (#​907)

Assembly Loading

  • #​850 - Resolved CS8032 warning caused by System.Collections.Immutable assembly version mismatch. (#​888)

🤝 Contributors

Thank you to everyone who reported bugs, provided reproduction cases, and engaged in issue discussions to help make this release possible:

🔗 Resources

💬 Feedback

If you encounter any issues or have suggestions:

Thank you for using Moq.Analyzers!

0.4.1-alpha

v0.4.1-alpha

Prerelease containing 3 bug fixes since v0.4.0 to rebuild confidence with users.

Bug Fixes

  • fix: Moq1203 false positives for ReturnsAsync and Callback chaining (#​886)
  • fix: resolve CS8032 assembly version mismatch (#​850) (#​888)
  • fix: Moq1203 false positive when Setup call is wrapped in parentheses (#​895)

Critical: CS8032 Fix

v0.4.0 shipped DLLs that referenced System.Collections.Immutable versions incompatible with .NET 8 SDK hosts, causing CS8032 warnings on every build. This release downgrades the transitive dependency pins and adds CI load tests to prevent recurrence.

Commits viewable in compare view.

Updated Reqnroll from 3.3.1 to 3.3.3.

Release notes

Sourced from Reqnroll's releases.

3.3.3

Improvements:

  • Improve binding discovery so that the discovery can continue even if the attributes of a type fail to load (#​1006)

Bug fixes:

  • Fix: xUnit VB.NET generates code with async warning (#​1009)
  • Fix: disableFriendlyTestNames doesn't work in Reqnroll 3.3.2 (#​1013)

Contributors of this release (in alphabetical order): @​clrudolphi

3.3.2

Bug fixes:

  • Fix: Partially defined CI Environment variables (missing relevant environment variables) cause missing Meta envelope in Cucumber Messages report and Javascript errors in HTML report. (#​990)
  • Fix: Visual Studio Test Explorer does not navigate to the correct source line for MsTest v4 tests when 'ReqnrollUseIntermediateOutputPathForCodeBehind' is enabled. (#​997)
  • Fix: Visual Studio Test Explorer does not navigate to the correct source line for TUnit tests. (#​997)

Contributors of this release (in alphabetical order): @​clrudolphi, @​gasparnagy

Commits viewable in compare view.

Updated Reqnroll.xUnit from 3.3.1 to 3.3.3.

Release notes

Sourced from Reqnroll.xUnit's releases.

3.3.3

Improvements:

  • Improve binding discovery so that the discovery can continue even if the attributes of a type fail to load (#​1006)

Bug fixes:

  • Fix: xUnit VB.NET generates code with async warning (#​1009)
  • Fix: disableFriendlyTestNames doesn't work in Reqnroll 3.3.2 (#​1013)

Contributors of this release (in alphabetical order): @​clrudolphi

3.3.2

Bug fixes:

  • Fix: Partially defined CI Environment variables (missing relevant environment variables) cause missing Meta envelope in Cucumber Messages report and Javascript errors in HTML report. (#​990)
  • Fix: Visual Studio Test Explorer does not navigate to the correct source line for MsTest v4 tests when 'ReqnrollUseIntermediateOutputPathForCodeBehind' is enabled. (#​997)
  • Fix: Visual Studio Test Explorer does not navigate to the correct source line for TUnit tests. (#​997)

Contributors of this release (in alphabetical order): @​clrudolphi, @​gasparnagy

Commits viewable in compare view.

Updated Serilog from 4.3.0 to 4.3.1.

Release notes

Sourced from Serilog's releases.

4.3.1

What's Changed

New Contributors

Full Changelog: serilog/serilog@v4.3.0...v4.3.1

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build: Bump the nuget-patch group with 7 updates
c74d9b7 
Bumps dotnet-reportgenerator-globaltool from 5.4.7 to 5.4.18
Bumps Meziantou.Analyzer from 2.0.276 to 2.0.302
Bumps Microsoft.Extensions.Hosting from 10.0.1 to 10.0.5
Bumps Moq.Analyzers from 0.4.0 to 0.4.2
Bumps Reqnroll from 3.3.1 to 3.3.3
Bumps Reqnroll.xUnit from 3.3.1 to 3.3.3
Bumps Serilog from 4.3.0 to 4.3.1

---
updated-dependencies:
- dependency-name: dotnet-reportgenerator-globaltool
  dependency-version: 5.4.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget-patch
- dependency-name: Meziantou.Analyzer
  dependency-version: 2.0.302
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget-patch
- dependency-name: Microsoft.Extensions.Hosting
  dependency-version: 10.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget-patch
- dependency-name: Moq.Analyzers
  dependency-version: 0.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget-patch
- dependency-name: Reqnroll
  dependency-version: 3.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget-patch
- dependency-name: Reqnroll.xUnit
  dependency-version: 3.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget-patch
- dependency-name: Serilog
  dependency-version: 4.3.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 16, 2026

Labels

The following labels could not be found: dependencies, nuget. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot requested a review from mcj-coder as a code owner March 16, 2026 06:16
@dependabot dependabot bot mentioned this pull request Mar 16, 2026
Closed
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 16, 2026
edited
Loading




Fails
🚫 PR must have a Summary or Description section.
🚫 PR must have auto-merge enabled. Enable via PR settings → "Enable auto-merge".

This ensures PRs are merged automatically once all checks pass.
🚫 PR title subject should start with lowercase.

Current: "build: Bump the nuget-patch group with 7 updates"

The subject after the colon should start with a lowercase letter.
🚫 PR body must contain an issue reference.

Add one of the following to your PR description:

This ensures traceability between commits and issues.

Generated by 🚫 dangerJS against c74d9b7

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 30, 2026

Superseded by #181.

@dependabot dependabot bot closed this Mar 30, 2026
@dependabot dependabot bot deleted the dependabot/nuget/dot-config/nuget-patch-c67bdbaf04 branch March 30, 2026 06:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcj-coder mcj-coder Awaiting requested review from mcj-coder mcj-coder is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants