psibr / REstate

Portable state-flows (state-machine based workflows)
MIT License
36 stars 7 forks source link

Bump MessagePack from 1.7.3.4 to 1.9.3 in /src/REstate.Engine.Repositories.EntityFrameworkCore #73

Closed dependabot[bot] closed 4 years ago

dependabot[bot] commented 4 years ago

Bumps MessagePack from 1.7.3.4 to 1.9.3.

Release notes *Sourced from [MessagePack's releases](https://github.com/neuecc/MessagePack-CSharp/releases).* > ## v1.9.3 > ## Changes > > 🔒 **Security fixes are included in this release**. Read more in our [security advisory](https://github.com/neuecc/MessagePack-CSharp/security/advisories/GHSA-7q36-4xx7-xcxf). > > No other changes are included in this release relative to v1.8 > > ## v1.8.80 > * Adjust assembly version from 1.8.74.32478 to simply 1.8.0.0 ([#604](https://github-redirect.dependabot.com/neuecc/MessagePack-CSharp/issues/604)) > * Update System.Threading.Tasks.Extensions dependency to 4.5.3 ([#610](https://github-redirect.dependabot.com/neuecc/MessagePack-CSharp/issues/610)) > * Publish symbols in snupkg archives to nuget.org ([#624](https://github-redirect.dependabot.com/neuecc/MessagePack-CSharp/issues/624)) > > ## v1.8.74 > Very few changes since 1.7, but now building from a more serviceable branch. > > ## v1.7.3.7 (security fix) > This servicing release fixes a security issue with the deserializer to prevent unbounded memory allocations from relatively small MessagePack payloads. > > ## Ver 1.7.3.6 > This release is only for code generator(mpc) fix. > for .NET, .NET Standard runtime, please use 1.7.3. > for Unity runtime, please use 1.7.3.5. > > * support linux and mac with legacy csproj [#357](https://github-redirect.dependabot.com/neuecc/MessagePack-CSharp/issues/357), thanks [@​itn3000](https://github.com/itn3000) > * show Type.FullName when code generation failed > * return error code(1) instead of crash when code geneation failed > > Note: > mpc requires dotnet core runtime and msbuild(to support legacy csproj, on linux/osx, you can use mono msbuild). > > ## Ver 1.7.3.5 > This release is only for unity fix. > * Support .NET Standard 2.0 (NET Standard 2.0 can't use dynamic code generation so requires mpc code generation). > * New mpc(`UniversalCodeGenerator.zip` - MessagePack Compiler) binary supports `win-x64`, `linux-x64`, `osx-x64`. > > Note: > Currently new mpc can not generate from legacy csproj(.NET 4.x, Unity) in linux and osx. > Please use windows or use new csproj(.NET Core). > Details is here. [neuecc/MessagePack-CSharp#355](https://github-redirect.dependabot.com/neuecc/MessagePack-CSharp/issues/355)
Commits - [`129239b`](https://github.com/neuecc/MessagePack-CSharp/commit/129239b10751dd3815610aaac09ca8420c15f881) Defend against stack overflow from deeply nested object graphs in msgpack - [`6f0ec18`](https://github.com/neuecc/MessagePack-CSharp/commit/6f0ec181174ab96a1683d3394067079bddc86914) Stop testing on .NET Core versions that are out of servicing - [`74062a1`](https://github.com/neuecc/MessagePack-CSharp/commit/74062a19d5d69998b722210b3d39fafb7423453d) Mitigate risk of hash collision attacks - [`caf846f`](https://github.com/neuecc/MessagePack-CSharp/commit/caf846f83d5dc668e1374661224dd776a55add1b) Fix DynamicCodeDumper to build an exe - [`185347f`](https://github.com/neuecc/MessagePack-CSharp/commit/185347fcac102441957b468e455054bb66b54800) Update .tt files to match .cs files - [`c7a4f10`](https://github.com/neuecc/MessagePack-CSharp/commit/c7a4f10920aaea283106d2dc7a85a7f9038da25c) Merge pull request [#624](https://github-redirect.dependabot.com/neuecc/MessagePack-CSharp/issues/624) from AArnott/snupkg_v1.8 - [`a63be88`](https://github.com/neuecc/MessagePack-CSharp/commit/a63be88b4cf760d834dd9ee5c71a76d745ac8e04) Build .snupkg archives for nuget.org publishing - [`3d68045`](https://github.com/neuecc/MessagePack-CSharp/commit/3d6804526d78c96416e5e3f066e422cd4b515dbb) Merge pull request [#610](https://github-redirect.dependabot.com/neuecc/MessagePack-CSharp/issues/610) from AArnott/fix544 - [`2f1a4bc`](https://github.com/neuecc/MessagePack-CSharp/commit/2f1a4bcc187499ae4ca5a3124f1a736e84f234f8) don't use expression body for unity - [`fcaeeba`](https://github.com/neuecc/MessagePack-CSharp/commit/fcaeeba4e2458e81cd75563226e5d61afc8a593a) add packageexporter to 1.8, [#593](https://github-redirect.dependabot.com/neuecc/MessagePack-CSharp/issues/593) - Additional commits viewable in [compare view](https://github.com/neuecc/MessagePack-CSharp/compare/v1.7.3.4...v1.9.3)


Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/psibr/REstate/network/alerts).