Skip to content

deps(nuget): Bump the microsoft-extensions group with 2 updates#593

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/microsoft-extensions-6fdcac4944
Closed

deps(nuget): Bump the microsoft-extensions group with 2 updates#593
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/microsoft-extensions-6fdcac4944

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 2, 2026
edited
Loading

Updated Microsoft.Extensions.Http from 9.0.4 to 9.0.12.

Release notes

Sourced from Microsoft.Extensions.Http's releases.

9.0.12

Release

9.0.11

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.10...v9.0.11

9.0.10

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.9...v9.0.10

9.0.9

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.8...v9.0.9

9.0.8

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.7...v9.0.8

9.0.7

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.6...v9.0.7

9.0.6

Bug Fixes

  • Read messages from binlog if process output is missing build finished message (#​114676)
    Improves reliability of the WebAssembly build process by reading messages from the binlog when the process output does not contain the expected build finished message, preventing build failures in certain scenarios.

  • Fix debugger app hangs related to thread exit (#​114917)
    Resolves an issue where applications could hang during debugging when threads exit, ensuring smoother debugging experiences and preventing deadlocks.

  • [Mono] Workaround MSVC miscompiling sgen_clz (#​114903)
    Addresses a compiler miscompilation issue in MSVC affecting the Mono garbage collector, improving runtime stability and correctness on affected platforms.

  • Do not set the salt or info if they are NULL for OpenSSL HKDF (#​114877)
    Fixes a cryptographic issue by ensuring that the salt or info parameters are not set when they are NULL in OpenSSL HKDF, preventing potential errors or unexpected behavior in key derivation.

  • [Test Only] Fix Idn tests (#​115032)
    Corrects issues in Internationalized Domain Name (Idn) tests, ensuring accurate and reliable test results for domain name handling.

  • JIT: revised fix for fp division issue in profile synthesis (#​115026)
    Provides a more robust fix for floating-point division issues in JIT profile synthesis, improving numerical accuracy and preventing incorrect calculations.

  • Handle OSSL 3.4 change to SAN:othername formatting (#​115361)
    Updates certificate handling to accommodate changes in Subject Alternative Name (SAN) formatting introduced in OpenSSL 3.4, ensuring compatibility and correct parsing of certificates.

  • [Mono] Fix c11 ARM64 atomics to issue full memory barrier (#​115635)
    Fixes atomic operations on ARM64 in Mono to issue a full memory barrier, ensuring correct synchronization and preventing subtle concurrency bugs.

Performance Improvements

  • [WinHTTP] Certificate caching on WinHttpHandler to eliminate extra call to Custom Certificate Validation (#​114678)
    Improves HTTP performance by caching certificates in WinHttpHandler, reducing redundant calls to custom certificate validation and speeding up secure connections.

  • Improve distribute_free_regions (#​115167)
    Optimizes memory management by enhancing the algorithm for distributing free memory regions, leading to better memory utilization and potentially improved application performance.

Technical Improvements

  • Strip trailing slash from source dir for cmake4 (#​114905)
    Refines build scripts by removing trailing slashes from source directories when using CMake 4, preventing potential build path issues and improving build reliability.

  • Don't expose TrustedCertificatesDirectory() and StartNewTlsSessionContext() to NetFx (#​114995)
    Restricts certain internal APIs from being exposed to .NET Framework, reducing surface area and preventing unintended usage.

  • Add support for more libicu versions (#​115376)
    Expands compatibility by supporting additional versions of the International Components for Unicode (ICU) library, enhancing globalization features across more environments.

Infrastructure

  • Run outerloop pipeline only for release branches, not staging/preview (#​115011)
    Optimizes CI/CD resources by limiting the outerloop pipeline to run only on release branches, reducing unnecessary test runs and speeding up development workflows.

... (truncated)

9.0.5

Release

What's Changed

Commits viewable in compare view.

Updated Microsoft.Extensions.Http.Polly from 9.0.4 to 9.0.12.

Release notes

Sourced from Microsoft.Extensions.Http.Polly's releases.

9.0.12

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.11...v9.0.12

9.0.11

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.10...v9.0.11

9.0.10

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.9...v9.0.10

9.0.9

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.8...v9.0.9

9.0.7

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.6...v9.0.7

9.0.6

Bug Fixes

  • Forwarded Headers Middleware: Ignore X-Forwarded-Headers from Unknown Proxy (#​61622)
    The Forwarded Headers Middleware now ignores X-Forwarded-Headers sent from unknown proxies. This change improves security by ensuring that only trusted proxies can influence forwarded header values, preventing potential spoofing or misrouting issues.

Dependency Updates

  • Bump src/submodules/googletest from 52204f7 to 04ee1b4 (#​61762)
    Updates the GoogleTest submodule to a newer commit, bringing in the latest improvements and bug fixes from the upstream project.
  • Update dependencies from dotnet/arcade (#​61714)
    Updates internal build and infrastructure dependencies from the dotnet/arcade repository, ensuring compatibility and access to the latest build tools.
  • Update dependencies from dotnet/extensions (#​61571)
    Refreshes dependencies from the dotnet/extensions repository, incorporating the latest features and fixes from the extensions libraries.
  • Update dependencies from dotnet/extensions (#​61877)
    Further updates dependencies from dotnet/extensions, ensuring the project benefits from recent improvements and bug fixes.
  • Update dependencies from dotnet/arcade (#​61892)
    Additional updates to build and infrastructure dependencies from dotnet/arcade, maintaining up-to-date tooling and build processes.

Miscellaneous

  • Update branding to 9.0.6 (#​61831)
    Updates the project version and branding to 9.0.6, reflecting the new release and ensuring version consistency across the codebase.
  • Merging internal commits for release/9.0 (#​61925)
    Incorporates various internal commits into the release/9.0 branch, ensuring that all relevant changes are included in this release.

This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests.

Full Changelog: v9.0.5...v9.0.6

9.0.5

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.4...v9.0.5

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 2, 2026

Labels

The following labels could not be found: nuget. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions
Copy link
Contributor

github-actions bot commented Feb 2, 2026
edited
Loading

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@dependabot dependabot bot force-pushed the dependabot/nuget/microsoft-extensions-6fdcac4944 branch 2 times, most recently from fa57195 to 0924123 Compare February 2, 2026 23:52
@dependabot
deps(nuget): Bump the microsoft-extensions group with 2 updates
81118df 
Bumps Microsoft.Extensions.Http from 9.0.4 to 9.0.12
Bumps Microsoft.Extensions.Http.Polly from 9.0.4 to 9.0.12

---
updated-dependencies:
- dependency-name: Microsoft.Extensions.Http
  dependency-version: 9.0.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: microsoft-extensions
- dependency-name: Microsoft.Extensions.Http.Polly
  dependency-version: 9.0.12
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: microsoft-extensions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/nuget/microsoft-extensions-6fdcac4944 branch from 0924123 to 81118df Compare February 3, 2026 06:13
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Feb 3, 2026

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/nuget/microsoft-extensions-6fdcac4944 branch February 3, 2026 06:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

size/XS

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@rodoHasArrived