Skip to content

Bump AsyncKeyedLock and 10 others#217

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/nuget/src/DNTCommon.Web.Core/tests-add201e300
Open

Bump AsyncKeyedLock and 10 others#217
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/nuget/src/DNTCommon.Web.Core/tests-add201e300

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 19, 2026
edited
Loading

Updated AsyncKeyedLock from 8.0.1 to 8.0.2.

Release notes

Sourced from AsyncKeyedLock's releases.

8.0.2

DotNet.ReproducibleBuilds update.

Commits viewable in compare view.

Updated DependencyInjection.Lifetime.Analyzers from 2.1.1 to 2.2.2.

Release notes

Sourced from DependencyInjection.Lifetime.Analyzers's releases.

2.2.2

DependencyInjection.Lifetime.Analyzers 2.2.2

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI015 Wrapper Reachability: DI015 now expands source-visible IServiceCollection wrapper extensions from real invocation sites instead of treating registrations inside uncalled wrappers as globally available.
  • DI015 Opaque Wrapper Suppression: Earlier opaque or external wrappers on the same IServiceCollection flow now suppress DI015 when registration state is uncertain, reducing false positives in layered registration modules.
  • DI015 Ordering and Flow Isolation: Wrapper-aware resolution now respects call order and per-collection flow, so wrappers invoked on a different IServiceCollection instance or after a registration do not hide genuine missing-dependency diagnostics.
  • DI015 Regression Coverage: Added should-report and should-not-report guardrails for invoked vs uninvoked wrappers, nested wrapper chains, cyclic wrappers, keyed mismatches, opaque external wrappers, same-method flow isolation, and registration ordering.
  • Release Metadata Sync: Backfilled the missing 2.2.1 changelog entry and resynced package metadata so the tagged release train and project version history are aligned again.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.2.2

What changed

Changed

  • DI015 Wrapper Reachability: DI015 now expands source-visible IServiceCollection wrapper extensions from real invocation sites instead of treating registrations inside uncalled wrappers as globally available.
  • DI015 Opaque Wrapper Suppression: Earlier opaque or external wrappers on the same IServiceCollection flow now suppress DI015 when registration state is uncertain, reducing false positives in layered registration modules.
  • DI015 Ordering and Flow Isolation: Wrapper-aware resolution now respects call order and per-collection flow, so wrappers invoked on a different IServiceCollection instance or after a registration do not hide genuine missing-dependency diagnostics.
  • DI015 Regression Coverage: Added should-report and should-not-report guardrails for invoked vs uninvoked wrappers, nested wrapper chains, cyclic wrappers, keyed mismatches, opaque external wrappers, same-method flow isolation, and registration ordering.
  • Release Metadata Sync: Backfilled the missing 2.2.1 changelog entry and resynced package metadata so the tagged release train and project version history are aligned again.

Learn more

2.2.1

DependencyInjection.Lifetime.Analyzers 2.2.1

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI013 Compatibility Hardening: Expanded implementation-type validation beyond simple typeof(service), typeof(implementation) assignability checks so DI013 now also reports deterministic-invalid self-registrations, abstract/interface implementations, private-constructor implementations, and invalid implementation instances when their exact runtime type is known.
  • DI013 Open Generic Precision: Reworked open-generic validation to require exact generic-parameter projection compatibility, rejecting arity mismatches, reordered parameters, transformed generic arguments, and other registrations that compile but cannot be activated by the built-in container.
  • Collector and Engine Support: Extended registration collection to recognize non-factory implementation-instance overloads, keyed registrations, and equivalent ServiceDescriptor forms while keeping factory registrations out of DI013 scope and preventing constructor-based analyzers from treating pre-built instances like activatable implementation types.
  • Regression Coverage and Docs: Expanded DI013 tests across valid/invalid closed, open-generic, keyed, TryAdd*, ServiceDescriptor, and implementation-instance scenarios, and updated README.md, docs/RULES.md, the sample app, and descriptor wording to match the hardened behavior.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.2.1

What changed

Changed

  • DI013 Compatibility Hardening: Expanded implementation-type validation beyond simple typeof(service), typeof(implementation) assignability checks so DI013 now also reports deterministic-invalid self-registrations, abstract/interface implementations, private-constructor implementations, and invalid implementation instances when their exact runtime type is known.
  • DI013 Open Generic Precision: Reworked open-generic validation to require exact generic-parameter projection compatibility, rejecting arity mismatches, reordered parameters, transformed generic arguments, and other registrations that compile but cannot be activated by the built-in container.
  • Collector and Engine Support: Extended registration collection to recognize non-factory implementation-instance overloads, keyed registrations, and equivalent ServiceDescriptor forms while keeping factory registrations out of DI013 scope and preventing constructor-based analyzers from treating pre-built instances like activatable implementation types.
  • Regression Coverage and Docs: Expanded DI013 tests across valid/invalid closed, open-generic, keyed, TryAdd*, ServiceDescriptor, and implementation-instance scenarios, and updated README.md, docs/RULES.md, the sample app, and descriptor wording to match the hardened behavior.

Learn more

2.2.0

DependencyInjection.Lifetime.Analyzers 2.2.0

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI015 Precision Refactor: Moved unresolved-dependency analysis onto a shared resolution engine with explicit confidence/provenance tracking, so constructor, factory, keyed, open-generic, and strict-mode paths share the same conservative resolution rules.
  • DI015 TryAdd/Descriptor Coverage: Effective TryAdd* registrations now participate in DI015 analysis, while shadowed TryAdd* registrations stay silent to match runtime behaviour; coverage also now includes ServiceDescriptor registration forms and direct IKeyedServiceProvider resolutions.
  • DI015 Code Fix: Added a narrow safe fix that inserts a self-binding registration for one direct concrete constructor dependency when the registration site is local and unambiguous; factory-rooted, keyed, abstract, multi-missing, and transitive-only cases intentionally remain no-fix.
  • DI015 Guardrails: Expanded DI015 regression coverage with paired should-report / should-not-report scenarios for TryAdd*, ServiceDescriptor, framework-provided dependencies, opaque duplicate registrations, and fixer/no-fixer boundaries.
  • Packaging Metadata: Expanded NuGet description, package tags, and release notes so search and package landing pages better describe DI lifetime, scope, and registration coverage.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.2.0

What changed

Changed

  • DI015 Precision Refactor: Moved unresolved-dependency analysis onto a shared resolution engine with explicit confidence/provenance tracking, so constructor, factory, keyed, open-generic, and strict-mode paths share the same conservative resolution rules.
  • DI015 TryAdd/Descriptor Coverage: Effective TryAdd* registrations now participate in DI015 analysis, while shadowed TryAdd* registrations stay silent to match runtime behaviour; coverage also now includes ServiceDescriptor registration forms and direct IKeyedServiceProvider resolutions.
  • DI015 Code Fix: Added a narrow safe fix that inserts a self-binding registration for one direct concrete constructor dependency when the registration site is local and unambiguous; factory-rooted, keyed, abstract, multi-missing, and transitive-only cases intentionally remain no-fix.
  • DI015 Guardrails: Expanded DI015 regression coverage with paired should-report / should-not-report scenarios for TryAdd*, ServiceDescriptor, framework-provided dependencies, opaque duplicate registrations, and fixer/no-fixer boundaries.
  • Packaging Metadata: Expanded NuGet description, package tags, and release notes so search and package landing pages better describe DI lifetime, scope, and registration coverage.
  • Adoption Docs: Added docs/ADOPTION.md and linked it from README.md so teams evaluating the analyzer have a fast install and rollout path.
  • Repository Intake: Added GitHub issue-template routing to point users toward setup guidance and the full rule reference before they file issues.
  • Growth Automation: Added tools/generate-growth-assets.mjs to generate a searchable static docs site, problem-intent landing pages, version-synced README install snippets, and curated release notes from the repo source material.
  • GitHub Pages: Added automated Pages publishing plus CI verification for the generated docs site, sitemap, robots.txt, and search index.
  • Release Surfaces: Updated release automation to generate GitHub Release body content and package release-note input from CHANGELOG.md instead of relying on generic auto-generated notes.

Learn more

2.1.4

What's Changed

Full Changelog: georgepwall1991/DependencyInjection.Lifetime.Analyzers@v2.1.3...v2.1.4

2.1.3

What's Changed

Full Changelog: georgepwall1991/DependencyInjection.Lifetime.Analyzers@v2.1.2...v2.1.3

2.1.2

Full Changelog: georgepwall1991/DependencyInjection.Lifetime.Analyzers@v2.1.1...v2.1.2

Commits viewable in compare view.

Updated MailKit from 4.14.1 to 4.15.1.

Release notes

Sourced from MailKit's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Http.Polly from 9.0.0 to 9.0.14.

Release notes

Sourced from Microsoft.Extensions.Http.Polly's releases.

9.0.14

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.13...v9.0.14

9.0.13

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.12...v9.0.13)

9.0.12

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.11...v9.0.12

9.0.11

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.10...v9.0.11

9.0.10

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.9...v9.0.10

9.0.9

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.8...v9.0.9

9.0.7

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.6...v9.0.7

9.0.6

Bug Fixes

  • Forwarded Headers Middleware: Ignore X-Forwarded-Headers from Unknown Proxy (#​61622)
    The Forwarded Headers Middleware now ignores X-Forwarded-Headers sent from unknown proxies. This change improves security by ensuring that only trusted proxies can influence forwarded header values, preventing potential spoofing or misrouting issues.

Dependency Updates

  • Bump src/submodules/googletest from 52204f7 to 04ee1b4 (#​61762)
    Updates the GoogleTest submodule to a newer commit, bringing in the latest improvements and bug fixes from the upstream project.
  • Update dependencies from dotnet/arcade (#​61714)
    Updates internal build and infrastructure dependencies from the dotnet/arcade repository, ensuring compatibility and access to the latest build tools.
  • Update dependencies from dotnet/extensions (#​61571)
    Refreshes dependencies from the dotnet/extensions repository, incorporating the latest features and fixes from the extensions libraries.
  • Update dependencies from dotnet/extensions (#​61877)
    Further updates dependencies from dotnet/extensions, ensuring the project benefits from recent improvements and bug fixes.
  • Update dependencies from dotnet/arcade (#​61892)
    Additional updates to build and infrastructure dependencies from dotnet/arcade, maintaining up-to-date tooling and build processes.

Miscellaneous

  • Update branding to 9.0.6 (#​61831)
    Updates the project version and branding to 9.0.6, reflecting the new release and ensuring version consistency across the codebase.
  • Merging internal commits for release/9.0 (#​61925)
    Incorporates various internal commits into the release/9.0 branch, ensuring that all relevant changes are included in this release.

This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests.

Full Changelog: v9.0.5...v9.0.6

9.0.5

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.4...v9.0.5

9.0.4

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.3...v9.0.4

9.0.3

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.2...v9.0.3

9.0.2

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.1...v9.0.2

9.0.1

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.0...v9.0.1

Commits viewable in compare view.

Updated Microsoft.SourceLink.GitHub from 10.0.102 to 10.0.201.

Release notes

Sourced from Microsoft.SourceLink.GitHub's releases.

10.0.201

You can build .NET 10.0 from the repository by cloning the release tag v10.0.201 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.200

You can build .NET 10.0 from the repository by cloning the release tag v10.0.200 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.105

You can build .NET 10.0 from the repository by cloning the release tag v10.0.105 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.104

You can build .NET 10.0 from the repository by cloning the release tag v10.0.104 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.103

You can build .NET 10.0 from the repository by cloning the release tag v10.0.103 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached is the PGP signature for the GitHub generated tarball. You can find the public key at https://dot.net/release-key-2023

Commits viewable in compare view.

Updated SkiaSharp from 3.119.1 to 3.119.2.

Updated SkiaSharp.HarfBuzz from 3.119.1 to 3.119.2.

Updated SkiaSharp.NativeAssets.Linux from 3.119.1 to 3.119.2.

Updated SonarAnalyzer.CSharp from 10.19.0.132793 to 10.21.0.135717.

Release notes

Sourced from SonarAnalyzer.CSharp's releases.

10.21

### Bug

  • NET-3376 - Fix S6930 AD0001: Issue on template / code files for blazor
  • NET-3367 - Fix S4830 AD0001: CertificateValidationCheck Syntax node is not within syntax tree

Feature

  • NET-3260 - Fix broken links in S6960 RSPEC

False Positive

  • NET-2886 - Fix T0015 FP: In constructor
  • NET-1678 - Fix S4275 FP: with property overload

10.20

This release brings 9 precision improvements — 7 false positive fixes and 2 false negative fixes — across rules S1116, S1144, S1210, S1643, S1854, S2365, S3254, S3265, and S127. It also promotes S2068 and S6418 from Security Hotspot to Vulnerability, making them visible directly in the IDE, and removes S3256 from the Sonar Way quality profile.

Changes

  • NET-3227 - Remove S3256 from "Sonar Way" quality profile
  • NET-3208 - S6418: Rule type changed from Security Hotspot to Vulnerability
  • NET-3207 - S2068: Rule type changed from Security Hotspot to Vulnerability
  • NET-3206 - Remove links to rules.sonarsource.com

False Positive

  • NET-3215 - Fix FP on S127: Should only raise on stop condition variables
  • NET-3212 - Fix FP on S3254: Don't raise if the parameter isn't last
  • NET-3053 - Fix FP on S1210: Implementing comparable operators for private types
  • NET-2984 - Fix FP on S3265: BCL enums with [Flags] not recognized due to metadata resolution
  • NET-2976 - Fix FP on S1854: Default value initializations flagged despite exemptions
  • NET-2966 - Fix FP on S1144: Constructors in MEF-exported types
  • NET-2956 - Fix FP on S1116: Empty loop body with side effects in condition

False Negative

  • NET-1261 - Fix FN on S2365: Rule should report on new collection
  • NET-1259 - Fix FN on S1643: Concatenation for parameters, fields and properties are not detected

Rule specification

  • NET-3246 - Modify Rule S127: Update Description
  • NET-3218 - Modify Rule S3265: Add exception for MethodImplAttributes
  • NET-3086 - Modify Rule S1116: Add loop exception

Maintenance

  • NET-3047 - Update RSPEC before 10.20 release

Commits viewable in compare view.

Updated System.IO.Hashing from 9.0.0 to 10.0.5.

Release notes

Sourced from System.IO.Hashing's releases.

10.0.0-preview.6.25358.103

You can build .NET 10.0 Preview 6 from the repository by cloning the release tag v10.0.0-preview.6.25358.103 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.0-preview.5.25277.114

You can build .NET 10.0 Preview 5 from the repository by cloning the release tag v10.0.0-preview.5.25277.114 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.0-preview.4.25258.110

You can build .NET 10.0 Preview 4 from the repository by cloning the release tag v10.0.0-preview.4.25258.110 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.0-preview.3.25171.5

You can build .NET 10.0 Preview 3 from the repository by cloning the release tag v10.0.0-preview.3.25171.5 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.0-preview.2.25163.2

You can build .NET 10.0 Preview 2 from the repository by cloning the release tag v10.0.0-preview.2.25163.2 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.0-preview.1.25080.5

You can build .NET 10.0 Preview 1 from the repository by cloning the release tag v10.0.0-preview.1.25080.5 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.115

You can build .NET 9.0 from the repository by cloning the release tag v9.0.115 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.114

You can build .NET 9.0 from the repository by cloning the release tag v9.0.114 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached is the PGP signature for the GitHub generated tarball. You can find the public key at https://dot.net/release-key-2023

9.0.113

You can build .NET 9.0 from the repository by cloning the release tag v9.0.113 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.112

You can build .NET 9.0 from the repository by cloning the release tag v9.0.112 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.111

You can build .NET 9.0 from the repository by cloning the release tag v9.0.111 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.110

You can build .NET 9.0 from the repository by cloning the release tag v9.0.110 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.109

You can build .NET 9.0 from the repository by cloning the release tag v9.0.109 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.101

You can build .NET 9.0 from the repository by cloning the release tag v9.0.101 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.7

You can build .NET 9.0 from the repository by cloning the release tag v9.0.7 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.6

You can build .NET 9.0 from the repository by cloning the release tag v9.0.6 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.5

You can build .NET 9.0 from the repository by cloning the release tag v9.0.5 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.4

You can build .NET 9.0 from the repository by cloning the release tag v9.0.4 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.3

You can build .NET 9.0 from the repository by cloning the release tag v9.0.3 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.2

You can build .NET 9.0 from the repository by cloning the release tag v9.0.2 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.1

You can build .NET 9.0 from the repository by cloning the release tag v9.0.1 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

Commits viewable in compare view.

Updated System.ServiceModel.Syndication from 9.0.0 to 9.0.14.

Release notes

Sourced from System.ServiceModel.Syndication's releases.

9.0.14

Release

9.0.13

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.12...v9.0.13

9.0.12

Release

9.0.11

Release

What's Changed

Description has been truncated

@dependabot
Bump AsyncKeyedLock and 10 others
241b9e7 
Bumps AsyncKeyedLock from 8.0.1 to 8.0.2
Bumps DependencyInjection.Lifetime.Analyzers from 2.1.1 to 2.2.2
Bumps MailKit from 4.14.1 to 4.15.1
Bumps Microsoft.Extensions.Http.Polly from 9.0.0 to 9.0.14
Bumps Microsoft.SourceLink.GitHub from 10.0.102 to 10.0.201
Bumps SkiaSharp from 3.119.1 to 3.119.2
Bumps SkiaSharp.HarfBuzz from 3.119.1 to 3.119.2
Bumps SkiaSharp.NativeAssets.Linux from 3.119.1 to 3.119.2
Bumps SonarAnalyzer.CSharp from 10.19.0.132793 to 10.21.0.135717
Bumps System.IO.Hashing from 9.0.0 to 10.0.5
Bumps System.ServiceModel.Syndication from 9.0.0 to 9.0.14

---
updated-dependencies:
- dependency-name: AsyncKeyedLock
  dependency-version: 8.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: DependencyInjection.Lifetime.Analyzers
  dependency-version: 2.2.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: tests
- dependency-name: MailKit
  dependency-version: 4.15.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: tests
- dependency-name: Microsoft.Extensions.Http.Polly
  dependency-version: 9.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: Microsoft.SourceLink.GitHub
  dependency-version: 10.0.201
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: System.IO.Hashing
  dependency-version: 10.0.5
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: tests
- dependency-name: SkiaSharp
  dependency-version: 3.119.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: SkiaSharp.HarfBuzz
  dependency-version: 3.119.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: SkiaSharp.NativeAssets.Linux
  dependency-version: 3.119.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: SonarAnalyzer.CSharp
  dependency-version: 10.21.0.135717
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: tests
- dependency-name: System.ServiceModel.Syndication
  dependency-version: 9.0.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Mar 19, 2026
This was referenced Mar 19, 2026
Closed
Closed
Closed
@what-the-diff
Copy link

what-the-diff bot commented Mar 19, 2026

PR Summary

  • Upgrade of SonarAnalyzer.CSharp package
    The SonarAnalyzer.CSharp package, responsible for static analysis of C# code, has been updated from version 10.19.0.132793 to 10.21.0.135717. This change can lead to better code analysis and detection of potential issues.

  • Update of DependencyInjection.Lifetime.Analyzers package
    There has been an upgrade from version 2.1.1 to 2.2.2 to the DependencyInjection.Lifetime.Analyzers package. This package aids in checking the correctness of dependency injection setup, and the update might provide more accurate or efficient checks.

  • Update of Microsoft.SourceLink.GitHub package
    The Microsoft.SourceLink.GitHub package, utilized to enhance the debugging experience by linking the code to the Git repository, has been updated from version 10.0.102 to 10.0.201.

  • MailKit package update
    The MailKit package, widely used for email operations, has been updated from version 4.14.1 to 4.15.1 which might incorporate bug fixes, performance improvements or new features.

  • Upgrade of SkiaSharp and its related packages
    SkiaSharp and its associated packages, which provide a cross-platform drawing API, have been updated from version 3.119.1 to 3.119.2.

  • Update of AsyncKeyedLock package
    The AsyncKeyedLock package, used for managing asynchronous locks on data, has been updated from version 8.0.1 to 8.0.2.

  • System.ServiceModel.Syndication package update
    The System.ServiceModel.Syndication package, used in web content syndication, has been updated from version 8.0.0 to 9.0.14 across various target frameworks.

  • Upgrade of System.IO.Hashing package
    The System.IO.Hashing package, utilized for creating hash values, has been updated from version 8.0.0 to 10.0.5 across different target frameworks.

  • Update of Microsoft.Extensions.Http.Polly package
    The Microsoft.Extensions.Http.Polly package, an extension for HttpClient which provides resilience and transient fault handling, is updated from various earlier versions (7.0.0 / 8.0.0 / 9.0.0) to 9.0.14 across relevant target frameworks. This update can bring improved network resilience.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .net code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants