search

dotnet / docs-tools

This repo contains GitHub Actions and other tools that are designed to be invoked on DocFx repositories.
Creative Commons Attribution 4.0 International
16 stars 28 forks source link

Bump the dotnet group with 6 updates #341

Closed dependabot[bot] closed 4 months ago

dependabot[bot] commented 5 months ago

Bumps the dotnet group with 6 updates:

Package From To
Newtonsoft.Json 13.0.1 13.0.3
xunit 2.7.1 2.8.0
xunit.runner.visualstudio 2.5.8 2.8.0
CommandLineParser 1.9.71 2.9.1
Microsoft.CodeAnalysis.FxCopAnalyzers 2.6.0 3.3.2
System.Reflection.TypeExtensions 4.4.0 4.7.0

Updates Newtonsoft.Json from 13.0.1 to 13.0.3

Release notes

Sourced from Newtonsoft.Json's releases.

13.0.3

  • Fix - Fixed parsed zero decimals losing trailing zeroes
  • Fix - Fixed parsed negative zero double losing negative
  • Fix - Fixed null string being reported as String rather than JTokenType.Null

13.0.2

  • New feature - Add support for DateOnly and TimeOnly
  • New feature - Add UnixDateTimeConverter.AllowPreEpoch property
  • New feature - Add copy constructor to JsonSerializerSettings
  • New feature - Add JsonCloneSettings with property to disable copying annotations
  • Change - Add nullable annotation to JToken.ToObject(Type, JsonSerializer)
  • Change - Reduced allocations by reusing boxed values
  • Fix - Fixed MaxDepth when used with ToObject inside of a JsonConverter
  • Fix - Fixed deserializing mismatched JToken types in properties
  • Fix - Fixed merging enumerable content and validate content
  • Fix - Fixed using $type with arrays of more than two dimensions
  • Fix - Fixed rare race condition in name table when deserializing on device with ARM processors
  • Fix - Fixed deserializing via constructor with ignored base type properties
  • Fix - Fixed MaxDepth not being used with ISerializable deserialization
Commits
  • 0a2e291 Remove prerelease for 13.0.3
  • 4949c66 Update to 13.0.3-beta1
  • 5702581 Fix: Null String being reported as String rather than JTokenType.Null (#2796)
  • c908de3 Fix not returning negative double from box cache (#2777)
  • 2afdccd Fix parsed decimal losing trailing zeroes (#2769)
  • 4fba53a Remove prerelease for 13.0.2
  • b15df4b Add missing headers
  • 789bfd3 Update to 13.0.2-beta3
  • b13717a Add JsonCloneSettings to disable copy annotations (#2757)
  • d0a328e Fix MaxDepth not being used with ISerializable deserialization (#2736)
  • Additional commits viewable in compare view


Updates xunit from 2.7.1 to 2.8.0

Commits
  • be260b3 v2.8.0
  • a8ceb66 #783: Add -useansicolor flag to console runner (v2)
  • 7b0ff93 Don't show /aggressive with unlimited threads
  • 46cdf06 Support parallel algorithm in MSBuild runner
  • b4aa876 Support multipler syntax in MSBuild runner
  • 6790b48 Add aggressive display to TestFrameworkEnvironment reported by XunitTestAssem...
  • 3dd7e91 Update mocks to make CollectionBehaviorAttribute property values optional
  • 4c82dea Asking for default threads should set 0, not null
  • d73cdef Should not try to use a semaphore when we've been asked for unlimited threads
  • 3722e54 Enable multiplier style max threads support
  • Additional commits viewable in compare view


Updates xunit.runner.visualstudio from 2.5.8 to 2.8.0

Commits
  • 6438bb8 v2.8.0
  • 2afd4cd Pick up latest dependencies
  • b8be108 Add multiplier format support to RunSettings
  • 3c2e493 Update to 2.7.2-pre.17 and support Xunit.ParallelAlgorithm in RunSetttings
  • 144931e Missing height on version
  • 4315921 Fix concurrency bug in AssemblyHelper (#407)
  • 8617393 Bump up to 2.5.9-pre
  • See full diff in compare view


Updates CommandLineParser from 1.9.71 to 2.9.1

Release notes

Sourced from CommandLineParser's releases.

v2.9.1

What's Changed

New Contributors

Full Changelog: https://github.com/commandlineparser/commandline/compare/2.8.0...v2.9.1

v2.9.0-preview3

No release notes provided.

v2.9.0-preview1

No release notes provided.

2.8.0

No release notes provided.

2.8.0-preview4

No release notes provided.

v2.8.0-preview2

The new featurs and fixes, read changelog

v2.8.0-preview1

No release notes provided.

... (truncated)

Commits


Updates Microsoft.CodeAnalysis.FxCopAnalyzers from 2.6.0 to 3.3.2

Release notes

Sourced from Microsoft.CodeAnalysis.FxCopAnalyzers's releases.

v3.3.2

Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.3.0 NuGet packages. Works with VS 2019 16.3 or later.

  • Contains important functionality and performance bug fixes on top of v3.3.1 release
  • New deprecation warning CA9998 for Microsoft.CodeAnalysis.FxCopAnalyzers package: FxCopAnalyzers package has been deprecated in favor of 'Microsoft.CodeAnalysis.NetAnalyzers', that ships with the .NET SDK. Please refer to https://docs.microsoft.com/visualstudio/code-quality/migrate-from-fxcop-analyzers-to-net-analyzers to migrate to .NET analyzers.

v3.3.1

Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.3.0 NuGet packages. Works with VS 2019 16.3 or later.

Contains following important changes on top of v3.3.0 release:

Bug Fixes

  • Functionality and performance bug fixes
  • Tainted data rules improvements
  • CA5377: Don't warn when unable to get the control flow graph for dataflow analysis
  • CA3075: Fix false positive on XmlReader.Create(string) invocations
  • Optimizing error list refresh times for full compilation analyzers in Visual Studio 2019 16.9

Additional analyzers/fixers

Added

  • Globalization
    • CA1310: Specify StringComparison for correctness -- Enabled by default
  • Interoperability
    • CA1416: Validate platform compatibility -- Enabled by default

Changed

  • Globalization
    • CA1307: Specify StringComparison for clarity -- Now disabled by default

v3.3.0

Release build of Roslyn-analyzers based on Microsoft.CodeAnalysis 3.3.0 NuGet packages. Works with VS 2019 16.3 or later.

Contains following important changes on top of v3.0.0 release

The new security rules CA2350-CA2362 can help find vulnerabilities related to DataSet and DataTable security guidance.

Feature

Editorconfig based file/directory level options configuration. See details here

Bug Fixes

  • Many bug fixes, including performance fixes.
  • Various tainted data rules: Don't report tainted data flowing into non-sink method parameters, when other tainted data does flow into a sink parameter.

Additional analyzers/fixers

Added

  • Design
    • CA1002: Do not expose generic lists
    • CA1005: Avoid excessive parameters on generic types

... (truncated)

Commits
  • 4e0e1e8 Merge pull request #4494 from dotnet/merges/release/5.0.2xx-to-master
  • 5530a8b Merge branch 'master' into merges/release/5.0.2xx-to-master
  • 26b2159 Merge pull request #4492 from mavasani/Issue4491_5_0_2xx
  • 23619eb Harden InterproceduralAnalysisConfiguration to prevent null tree argument
  • 9df0075 Merge pull request #4490 from mavasani/FI_5_0_2xx
  • 5671c0b Merge remote-tracking branch 'upstream/release/5.0.2xx' into FI_5_0_2xx
  • f7aad5c Merge pull request #4489 from dotnet/mavasani-patch-1
  • 389ac2f Update Program.cs
  • 3b7bb4a Merge pull request #4488 from dotnet/netanalyzers-5-0-1
  • 704496d Update auto-generated documentation file by running msbuild /t:pack
  • Additional commits viewable in compare view


Updates System.Reflection.TypeExtensions from 4.4.0 to 4.7.0

Release notes

Sourced from System.Reflection.TypeExtensions's releases.

.NET Core 2.1.0 RC1

Repos

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions
BillWagner commented 5 months ago

ping @adegeo to figure out why the updates are failing for repoman.

adegeo commented 5 months ago

@BillWagner I don't see failures for repoman, I see one for cleanrepo:

/home/runner/work/docs-tools/docs-tools/cleanrepo/CleanRepo/CleanRepo.csproj(40,5): error : This project references NuGet package(s) that are missing on this computer. Enable NuGet Package Restore to download them.  For more information, see http://go.microsoft.com/fwlink/?LinkID=322105.The missing file is ../packages/Microsoft.CodeAnalysis.VersionCheckAnalyzer.3.3.2/build/Microsoft.CodeAnalysis.VersionCheckAnalyzer.props.

I'm not sure why it would be missing. Was NuGet down or something? It lists that package as deprecated on nuget though.

BillWagner commented 5 months ago

tagging @gewarren

Do you know why the restore is failing?

gewarren commented 5 months ago

@BillWagner I have a PR that I think will fix the error.

dependabot[bot] commented 4 months ago

Looks like these dependencies are updatable in another way, so this is no longer needed.