Bump Akka from 1.3.10 to 1.4.46 in /server/Arcadia.Assistant.CSP

[dependabot[bot]]

Bumps Akka from 1.3.10 to 1.4.46.

Release notes

Sourced from Akka's releases.

Akka.NET v1.4.46

1.4.46 November 15th 2022

Akka.NET v1.4.46 is a security patch for Akka.NET v1.4.45 but also includes some other fixes.

Security Advisory: Akka.NET v1.4.45 and earlier depend on an old System.Configuration.ConfigurationManager version 4.7.0 which transitively depends on System.Common.Drawing v4.7.0. The System.Common.Drawing v4.7.0 is affected by a remote code execution vulnerability GHSA-ghhp-997w-qr28.

We have separately created a security advisory for Akka.NET Versions < 1.4.46 and < 1.5.0-alpha3 to track this issue.

Fixes and Updates

• Akka: Upgrade to Newtonsoft.Json 13.0.1 as minimum version
• Akka: Upgrade to System.Configuration.ConfigurationManager 6.0.1 - resolves security issue.
• Akka.IO: Report cause for Akka/IO TCP CommandFailed events
• Akka.Cluster.Tools: Make sure that DeadLetters published by DistributedPubSubMediator contain full context of topic
• Akka.Cluster.Metrics: Improve CPU/Memory metrics collection at Akka.Cluster.Metrics - built-in metrics are now much more accurate.

You can see the full set of tracked issues for Akka.NET v1.4.46 here.

Changes:

• 44d380826fdf4adf53cd34339f33842fccccf87e added v1.4.46 release notes (#6255)
• 2b85598bc3121abe6bbd50f8caac369a77e46f9f Upgrade to Newtonsoft.Json 13.0.1 as minimum version (#6230) (#6252)
• d6ba97a9108c60a0eb96316abedaab8528310e52 (cherry-picked from 94756d644d7bb1ae6e3b591222176d7a189205da) (#6253)
• e94913cabd222f478dc2d4849667f82f2c8ae781 Make transport adapter messages public (#6250)
• eeb156c649b2f6e55a0016c2e19ba1c2616fe308 [BACKPORT #6221] Report cause for Akka/IO TCP CommandFailed events (#6224) [ #22954 ]
• dca908baf06d91f4c424af9c116a0d5f07b30054 Improve Akka.Cluster.Metrics collected values (#6203)
• 61df6fca040f3df61e4229cf4513397594dae20e Separate wire protocol from internal models (#6206)
• 9f84438ca4a04efb34b8f5a20ff1dc8c020a256b Make sure that DeadLetters published by DistributedPubSubMediator contain full context of topic (#6209)

This list of changes was auto generated.

Akka.NET v1.4.45

1.4.45 October 19th 2022

Akka.NET v1.4.45 is a patch release for Akka.NET v1.4 for a bug introduced in v1.4.44.

Patch

• Akka.NET: Revert change to ConfigurationException that is causing binary backward compatibility problem

Changes:

• 5f496e8e29b0f3bd2bbd2c8c7ce67fca8aa103cd Update RELEASE_NOTES.md for 1.4.45 release (#6202)
• 90dde2581c8ae903b5cff7c585dcc6a8725ef2aa Revert ConfigurationException due to binary incompatibility (#6201)

This list of changes was auto generated.

Akka.NET v1.4.44

1.4.44 October 17th 2022

Akka.NET v1.4.44 is a maintenance release for Akka.NET v1.4 that contains numerous performance improvements in critical areas, including core actor message processing and Akka.Remote.

Performance Fixes

... (truncated)

Changelog

Sourced from Akka's changelog.

1.5.0-alpha3 November 15th 2022

Akka.NET v1.5.0-alpha3 is a security patch for Akka.NET v1.5.0-alpha2 but also includes some other fixes.

Security Advisory: Akka.NET v1.5.0-alpha2 and earlier depend on an old System.Configuration.ConfigurationManager version 4.7.0 which transitively depends on System.Common.Drawing v4.7.0. The System.Common.Drawing v4.7.0 is affected by a remote code execution vulnerability GHSA-ghhp-997w-qr28.

We have separately created a security advisory for Akka.NET Versions < 1.4.46 and < 1.5.0-alpha3 to track this issue.

Fixes and Updates

• Akka: Revert ConfigurationException due to binary incompatibility
• Akka: Upgrade to Newtonsoft.Json 13.0.1 as minimum version - resolves security issue.
• Akka: Upgrade to System.Configuration.ConfigurationManager 6.0.1 - resolves security issue.
• Akka: Upgrade to Google.Protobuf 3.21.9
• Akka.Cluster.Tools: Make sure that DeadLetters published by DistributedPubSubMediator contain full context of topic
• Akka.Streams: Remove suspicious code fragment in ActorMaterializer
• Akka.IO: Report cause for Akka/IO TCP CommandFailed events
• Akka.Cluster.Metrics: Improve CPU/Memory metrics collection at Akka.Cluster.Metrics - built-in metrics are now much more accurate.

You can see the full set of tracked issues for Akka.NET v1.5.0 here.

1.5.0-alpha2 October 17th 2022

Akka.NET v1.5.0-alpha2 is a maintenance release for Akka.NET v1.5 that contains numerous performance improvements in critical areas, including core actor message processing and Akka.Remote.

Performance Fixes

• remove delegate allocation from ForkJoinDispatcher and DedicatedThreadPool
• eliminate Mailbox delegate allocations
• Reduce FSM<TState, TData> allocations
• removed boxing allocations inside FSM.State.Equals
• Eliminate DefaultLogMessageFormatter allocations

In sum you should expect to see total memory consumption, garbage collection, and throughput improve when you upgrade to Akka.NET v1.5.0-alpha2.

Other Features and Improvements

• DData: Suppress gossip message from showing up in debug log unless verbose debug logging is turned on
• TestKit: TestKit automatically injects the default TestKit default configuration if an ActorSystem is passed into its constructor
• Sharding: Added a new GetEntityLocation query message to retrieve an entity address location in the shard region
• Sharding: Fixed GetEntityLocation uses wrong actor path
• Akka.Cluster and Akka.Cluster.Sharding: should throw human-friendly exception when accessing cluster / sharding plugins when clustering is not running
• Akka.Cluster.Sharding: Add HashCodeMessageExtractor factory
• Akka.Persistence.Sql.Common: Fix DbCommand.CommandTimeout in BatchingSqlJournal

1.5.0-alpha1 August 22 2022

Akka.NET v1.5.0-alpha1 is a major release that contains a lot of code improvement and rewrites/refactors. Major upgrades to Akka.Cluster.Sharding in particular.

Deprecation

Some codes and packages are being deprecated in v1.5

... (truncated)

Commits

• 44d3808 added v1.4.46 release notes (#6255)
• 2b85598 Upgrade to Newtonsoft.Json 13.0.1 as minimum version (#6230) (#6252)
• d6ba97a (cherry-picked from 94756d644d7bb1ae6e3b591222176d7a189205da) (#6253)
• e94913c Make transport adapter messages public (#6250)
• eeb156c [BACKPORT #6221] Report cause for Akka/IO TCP CommandFailed events (#6224)
• dca908b Improve Akka.Cluster.Metrics collected values (#6203)
• 61df6fc Separate wire protocol from internal models (#6206)
• 9f84438 Make sure that DeadLetters published by DistributedPubSubMediator contain...
• 5f496e8 Update RELEASE_NOTES.md for 1.4.45 release (#6202)
• 90dde25 Revert ConfigurationException due to binary incompatibility (#6201)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/SoftwareCountry/arcadian-assistant/network/alerts).