Bump the dotnet group with 20 updates#240
Open
dependabot[bot] wants to merge 2 commits into
Open
Conversation
549278b to
7833b88
Compare
Bundle ReportBundle size has no change ✅ |
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## main #240 +/- ##
==========================================
+ Coverage 44.65% 44.67% +0.02%
==========================================
Files 897 897
Lines 51890 51894 +4
Branches 4868 4869 +1
==========================================
+ Hits 23169 23184 +15
+ Misses 28141 28130 -11
Partials 580 580
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Harness. |
Bumps dotnet-ef from 10.0.7 to 10.0.9 Bumps JetBrains.Annotations from 2025.2.4 to 2026.2.0 Bumps jetbrains.resharper.globaltools from 2026.1.1 to 2026.1.3 Bumps Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore from 10.0.8 to 10.0.9 Bumps Microsoft.AspNetCore.JsonPatch from 10.0.8 to 10.0.9 Bumps Microsoft.Data.Sqlite.Core from 10.0.8 to 10.0.9 Bumps Microsoft.EntityFrameworkCore.Design from 10.0.8 to 10.0.9 Bumps Microsoft.EntityFrameworkCore.InMemory from 10.0.8 to 10.0.9 Bumps Microsoft.EntityFrameworkCore.Sqlite from 10.0.8 to 10.0.9 Bumps Microsoft.EntityFrameworkCore.Sqlite.Core from 10.0.8 to 10.0.9 Bumps Microsoft.EntityFrameworkCore.SqlServer from 10.0.8 to 10.0.9 Bumps Microsoft.EntityFrameworkCore.Tools from 10.0.8 to 10.0.9 Bumps Microsoft.Extensions.Diagnostics.HealthChecks.EntityFrameworkCore from 10.0.8 to 10.0.9 Bumps Microsoft.Extensions.Http.Polly from 10.0.8 to 10.0.9 Bumps Microsoft.Extensions.Logging from 10.0.8 to 10.0.9 Bumps Microsoft.NET.Test.Sdk from 18.6.0 to 18.7.0 Bumps microsoft.web.librarymanager.cli from 3.0.71 to 3.0.114 Bumps QuestPDF from 2026.5.0 to 2026.6.0 Bumps System.DirectoryServices from 10.0.8 to 10.0.9 Bumps System.DirectoryServices.AccountManagement from 10.0.8 to 10.0.9 AWS package bumps (AWSSDK.Core, Amazon.Extensions.Configuration. SystemsManager) removed from this update; they are semver-major and will be handled in a separate PR. Spurious Microsoft.EntityFrameworkCore.InMemory reference added by Dependabot to web/Viper.csproj dropped (unused in the web project; the test project keeps it). --- updated-dependencies: - dependency-name: dotnet-ef dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet - dependency-name: JetBrains.Annotations dependency-version: 2026.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dotnet - dependency-name: jetbrains.resharper.globaltools dependency-version: 2026.1.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet - dependency-name: Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet - dependency-name: Microsoft.AspNetCore.JsonPatch dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet - dependency-name: Microsoft.Data.Sqlite.Core dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet - dependency-name: Microsoft.EntityFrameworkCore.Design dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet - dependency-name: Microsoft.EntityFrameworkCore.InMemory dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet - dependency-name: Microsoft.Extensions.Logging dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet - dependency-name: Microsoft.EntityFrameworkCore.Sqlite dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet - dependency-name: Microsoft.EntityFrameworkCore.Sqlite.Core dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet - dependency-name: Microsoft.EntityFrameworkCore.SqlServer dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet - dependency-name: Microsoft.EntityFrameworkCore.Tools dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet - dependency-name: Microsoft.Extensions.Diagnostics.HealthChecks.EntityFrameworkCore dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet - dependency-name: Microsoft.Extensions.Http.Polly dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dotnet - dependency-name: microsoft.web.librarymanager.cli dependency-version: 3.0.114 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet - dependency-name: QuestPDF dependency-version: 2026.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dotnet - dependency-name: System.DirectoryServices dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet - dependency-name: System.DirectoryServices.AccountManagement dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet ... Signed-off-by: dependabot[bot] <support@github.com>
GHSA-2m69-gcr7-jv3q flags SQLitePCLRaw.lib.e_sqlite3 2.1.11, pulled in transitively by EF Sqlite in the test project with no patched version in the 2.x line. Bundle 3.0.3 replaces it with SourceGear.sqlite3 3.50.4.5. Remove the pin when EF references a patched bundle.
7833b88 to
b80f5cf
Compare
Contributor
|
@bsedwards Before this can get onto TEST/PROD, the .NET 10.0.9 SDK needs to be installed on those machines. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the dotnet dependency group with 20 updates.
Note
Modified from the original Dependabot update after supply chain review:
Updates
The .NET 10.0.9 packages are the June 2026 Patch Tuesday servicing release. They fix CVE-2026-45591 (ASP.NET Core DoS, High), CVE-2026-45491 (tar extraction path traversal, Medium), and CVE-2026-45490 (SDK elevation of privilege, Windows).
Deployment instructions