Skip to content

Bump the dependencies group with 7 updates #1607

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 2, 2025
Merged

Bump the dependencies group with 7 updates #1607

merged 2 commits into from
Mar 2, 2025

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2025

Bumps the dependencies group with 7 updates:

Package From To
BouncyCastle.Cryptography 2.5.0 2.5.1
Microsoft.NETFramework.ReferenceAssemblies 1.0.3 1.0.3
Meziantou.Analyzer 2.0.186 2.0.188
Microsoft.Extensions.Logging.Abstractions 6.0.0 6.0.4
SonarAnalyzer.CSharp 10.6.0.109712 10.7.0.110445
Microsoft.Extensions.Logging.Console 9.0.1 9.0.2
MSTest.TestFramework 3.7.3 3.8.2

Updates BouncyCastle.Cryptography from 2.5.0 to 2.5.1

Commits

Updates Microsoft.NETFramework.ReferenceAssemblies from 1.0.3 to 1.0.3

Commits

Updates Meziantou.Analyzer from 2.0.186 to 2.0.188

Release notes

Sourced from Meziantou.Analyzer's releases.

2.0.188

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.188

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.187...2.0.188

2.0.187

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.187

What's Changed

New Contributors

Full Changelog: meziantou/Meziantou.Analyzer@2.0.186...2.0.187

Commits

Updates Microsoft.NETFramework.ReferenceAssemblies from 1.0.3 to 1.0.3

Commits

Updates Microsoft.Extensions.Logging.Abstractions from 6.0.0 to 6.0.4

Release notes

Sourced from Microsoft.Extensions.Logging.Abstractions's releases.

.NET 6.0.4

Release

.NET 6.0.3

Release

.NET 6.0.2

Release

.NET 6.0.1

Release

Commits
  • be98e88 Merged PR 21497: [release/6.0] MSRC 68590 - newlines in domain literals
  • 1cb7505 Merge in 'release/6.0' changes
  • 2eb4efb [release/6.0] Update dependencies from dotnet/emsdk dotnet/arcade (#66144)
  • 4fa64a1 Merge in 'release/6.0' changes
  • 323bf2d [release/6.0] update expected exception for cases when all requested TLS vers...
  • 76a717c Improve SSL platform detection (#64923) (#65054)
  • 7a7c54b Merge in 'release/6.0' changes
  • d0c82a3 [release/6.0] improve SslStream tests on misconfigured systems (#65024)
  • 8d7b562 Merge in 'release/6.0' changes
  • 19b5f15 [release/6.0] Fix catching of generic exception in crossgened shared generic ...
  • Additional commits viewable in compare view

Updates Microsoft.NETFramework.ReferenceAssemblies from 1.0.3 to 1.0.3

Commits

Updates Microsoft.NETFramework.ReferenceAssemblies from 1.0.3 to 1.0.3

Commits

Updates SonarAnalyzer.CSharp from 10.6.0.109712 to 10.7.0.110445

Release notes

Sourced from SonarAnalyzer.CSharp's releases.

10.7



Improvement

  • NET-1116 - Deprecate S1227: break statements should not be used except for switch cases
  • NET-1045 - Remove unused AnalyzerId and RuleNamespace server properties

Bug

  • NET-1047 - Fix install scripts for NuGet packages
Commits
  • 033f8a4 NET-1040 Update RSPEC before 10.7 release
  • d9a8fd0 NET-1151 Repro FP S3626
  • 88381f2 NET-1047 Update nuget install scripts to account for single analyzer dll
  • ef12213 NET-1137 Repro FP S1121
  • 4dceed1 NET-1140 Add UT for issue with same start and end location
  • 77b933a NET-504 Clean up RuleDefinition UTs
  • 5697628 NET-1058 Move plugin properties to root pom.xml
  • 0172dbc NET-1059 Move organization and scm to private/pom.xml and pom.xml
  • 96b07b3 NET-1043 Extract remaining Helper extensions from SonarAnalyzer.Core
  • 856f2f5 NET-1042 Extract semantic Helper extensions from SonarAnalyzer.Core
  • Additional commits viewable in compare view

Updates Microsoft.Extensions.Logging.Console from 9.0.1 to 9.0.2

Release notes

Sourced from Microsoft.Extensions.Logging.Console's releases.

.NET 9.0.2

Release

What's Changed

... (truncated)

Commits

Updates MSTest.TestFramework from 3.7.3 to 3.8.2

Release notes

Sourced from MSTest.TestFramework's releases.

v3.8.2

See the release notes here

v3.8.1

See the release notes here

v3.8.0

See the release notes here

Announcements

Changelog

Sourced from MSTest.TestFramework's changelog.

[3.8.2] - 2025-02-19

See full log here

Fixed

Artifacts

[3.8.1] - 2025-02-18

See full log here

Fixed

Artifacts

... (truncated)

Commits
  • 88f8ce4 [rel/3.8] Fix ClassCleanup not called when the first test in class is ignored...
  • 8026b02 [rel/3.8] Handle if RootNamespace contains invalid identifier characters (#5069)
  • 1945ea7 [rel/3.8] Localized file check-in by OneLocBuild Task: Build definition ID 12...
  • 360c709 Bump patch version for 3.8 (#5061)
  • ac22a6d [rel/3.8] Fix serialization of exceptions by BinaryFormatter in .NET Framewor...
  • 51d51a8 [rel/3.8] Fix breaking change with telemetry (#5050)
  • cc1c3cd [rel/3.8] Follow-up to ignore fix (#5043)
  • 193598b [rel/3.8] Revert _IncludeGenerateAutoRegisteredExtensionsIntoCompilation targ...
  • 91715f4 [rel/3.8] Use global:: prefix for generated code (#5033)
  • efd5256 [rel/3.8] Set packages README correctly (#5030)
  • Additional commits viewable in compare view

Updates Microsoft.NETFramework.ReferenceAssemblies from 1.0.3 to 1.0.3

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dependencies group with 7 updates
dbc9e95 
Bumps the dependencies group with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [BouncyCastle.Cryptography](https://github.com/bcgit/bc-csharp) | `2.5.0` | `2.5.1` |
| [Microsoft.NETFramework.ReferenceAssemblies](https://github.com/Microsoft/dotnet) | `1.0.3` | `1.0.3` |
| [Meziantou.Analyzer](https://github.com/meziantou/Meziantou.Analyzer) | `2.0.186` | `2.0.188` |
| [Microsoft.Extensions.Logging.Abstractions](https://github.com/dotnet/runtime) | `6.0.0` | `6.0.4` |
| [SonarAnalyzer.CSharp](https://github.com/SonarSource/sonar-dotnet) | `10.6.0.109712` | `10.7.0.110445` |
| [Microsoft.Extensions.Logging.Console](https://github.com/dotnet/runtime) | `9.0.1` | `9.0.2` |
| [MSTest.TestFramework](https://github.com/microsoft/testfx) | `3.7.3` | `3.8.2` |


Updates `BouncyCastle.Cryptography` from 2.5.0 to 2.5.1
- [Commits](bcgit/bc-csharp@release-2.5.0...release-2.5.1)

Updates `Microsoft.NETFramework.ReferenceAssemblies` from 1.0.3 to 1.0.3
- [Commits](https://github.com/Microsoft/dotnet/commits)

Updates `Meziantou.Analyzer` from 2.0.186 to 2.0.188
- [Release notes](https://github.com/meziantou/Meziantou.Analyzer/releases)
- [Commits](meziantou/Meziantou.Analyzer@2.0.186...2.0.188)

Updates `Microsoft.NETFramework.ReferenceAssemblies` from 1.0.3 to 1.0.3
- [Commits](https://github.com/Microsoft/dotnet/commits)

Updates `Microsoft.Extensions.Logging.Abstractions` from 6.0.0 to 6.0.4
- [Release notes](https://github.com/dotnet/runtime/releases)
- [Commits](dotnet/runtime@v6.0.0...v6.0.4)

Updates `Microsoft.NETFramework.ReferenceAssemblies` from 1.0.3 to 1.0.3
- [Commits](https://github.com/Microsoft/dotnet/commits)

Updates `Microsoft.NETFramework.ReferenceAssemblies` from 1.0.3 to 1.0.3
- [Commits](https://github.com/Microsoft/dotnet/commits)

Updates `SonarAnalyzer.CSharp` from 10.6.0.109712 to 10.7.0.110445
- [Release notes](https://github.com/SonarSource/sonar-dotnet/releases)
- [Commits](SonarSource/sonar-dotnet@10.6.0.109712...10.7.0.110445)

Updates `Microsoft.Extensions.Logging.Console` from 9.0.1 to 9.0.2
- [Release notes](https://github.com/dotnet/runtime/releases)
- [Commits](dotnet/runtime@v9.0.1...v9.0.2)

Updates `MSTest.TestFramework` from 3.7.3 to 3.8.2
- [Release notes](https://github.com/microsoft/testfx/releases)
- [Changelog](https://github.com/microsoft/testfx/blob/main/docs/Changelog.md)
- [Commits](microsoft/testfx@v3.7.3...v3.8.2)

Updates `Microsoft.NETFramework.ReferenceAssemblies` from 1.0.3 to 1.0.3
- [Commits](https://github.com/Microsoft/dotnet/commits)

---
updated-dependencies:
- dependency-name: BouncyCastle.Cryptography
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: Microsoft.NETFramework.ReferenceAssemblies
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: Meziantou.Analyzer
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: Microsoft.NETFramework.ReferenceAssemblies
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: Microsoft.Extensions.Logging.Abstractions
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: Microsoft.NETFramework.ReferenceAssemblies
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: Microsoft.NETFramework.ReferenceAssemblies
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: SonarAnalyzer.CSharp
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: Microsoft.Extensions.Logging.Console
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: MSTest.TestFramework
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: Microsoft.NETFramework.ReferenceAssemblies
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Mar 1, 2025
@mus65
Copy link
Contributor

mus65 commented Mar 2, 2025

Note sure what's happening here. Looking at the PR description, the ignore rules seem to work, but the ignored packages are still updated in the commit. There are multiple issues about this, but I don't see a clear solution.

Looking at the dependabot logs might help, but it seems like these are only visible to maintainers.

Maybe this is caused by the grouping somehow (I'm personally not a fan of grouping everything together anyway since an issue with one package will block all others).

@Rob-Hague

@Rob-Hague
Copy link
Collaborator

Attached the logs, I see a few errors on the test projects from Nerdbank.GitVersioning but not sure if relevant.

job-logs.txt

I prefer to have things grouped so that it's basically just a low-frequency reminder to do something. I don't like the PR spam or seeing commit histories full of dependabot

BTW Microsoft.Logging.Abstractions 8.0.3 does not pull in DiagnosticSource like 8.0.2 did. Seems like a mistake: dotnet/runtime#110401. So we could go to 8.0.3, only problem is that it takes in Microsoft.Extensions.DependencyInjection.Abstractions (>= 8.0.2) which takes in Microsoft.Bcl.AsyncInterfaces (>= 8.0.0) so we would have to revisit darkoperator/Posh-SSH#558 (comment) again

@mus65
Copy link
Contributor

mus65 commented Mar 2, 2025

Attached the logs, I see a few errors on the test projects from Nerdbank.GitVersioning but not sure if relevant.

job-logs.txt

I prefer to have things grouped so that it's basically just a low-frequency reminder to do something. I don't like the PR spam or seeing commit histories full of dependabot

fair enough.

BTW Microsoft.Logging.Abstractions 8.0.3 does not pull in DiagnosticSource like 8.0.2 did. Seems like a mistake: dotnet/runtime#110401. So we could go to 8.0.3, only problem is that it takes in Microsoft.Extensions.DependencyInjection.Abstractions (>= 8.0.2) which takes in Microsoft.Bcl.AsyncInterfaces (>= 8.0.0) so we would have to revisit darkoperator/Posh-SSH#558 (comment) again

I think it's fine to leave it at 6.0.0, it just contains interfaces. We could even use something older for that matter. The only reason I used 6.0.0 in #1509 was because it's the first version to support the [LoggerMessage] attribute, but we decided not to use that anyway.

@Rob-Hague Rob-Hague merged commit b803932 into develop Mar 2, 2025
6 checks passed
@Rob-Hague Rob-Hague deleted the dependabot/nuget/dependencies-9e64eabd60 branch March 2, 2025 17:01
@mus65
Copy link
Contributor

mus65 commented Mar 2, 2025

@Rob-Hague looks like the actual issue for darkoperator/Posh-SSH#558 (comment) was fixed in PowerShell itself: PowerShell/PowerShell#21415 , so we might get away with updating if we ever need to.

We still couldn't use anything newer than whatever PowerShell ships, but they seem to keep it up-to-date now: https://github.com/PowerShell/PowerShell/blob/33ed509ca493f004a0832a2af50b0ef5f9220eea/src/Microsoft.PowerShell.SDK/Microsoft.PowerShell.SDK.csproj#L19

@mus65 mus65 mentioned this pull request Apr 6, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Rob-Hague Rob-Hague Rob-Hague approved these changes

@drieseng drieseng Awaiting requested review from drieseng drieseng is a code owner

@WojciechNagorski WojciechNagorski Awaiting requested review from WojciechNagorski WojciechNagorski is a code owner

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file .NET Pull requests that update .net code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@mus65 @Rob-Hague