Bump the nuget group with 5 updates by dependabot[bot] · Pull Request #5 · kennethkcox/dep-guard

dependabot · 2026-02-03T16:40:51Z

Updated log4net from 2.0.8 to 2.0.10.

Release notes

Sourced from log4net's releases.

2.0.10

Apache log4net 2.0.10 improves netstandard2.0 support thanks to community member @NicholasNoise.

What's Changed

include source zip in release process by @fluffynuts in include source zip in release process apache/logging-log4net#61
Move site back where it belongs by @fluffynuts in Move site back where it belongs apache/logging-log4net#62
Implemented proper support of netstandard2.0 by @NicholasNoise in Implemented proper support of netstandard2.0 apache/logging-log4net#63

[LOG4NET-575] Addresses CVE-2018-1285 by cherry-picking the fix from Dominik Psenner, reported by Karthik Balasundaram, as it already existed in the the develop branch

Full Changelog: apache/logging-log4net@rel/2.0.9...rel/2.0.10

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Authentication.JwtBearer from 3.1.0 to 3.1.18.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Newtonsoft.Json from 11.0.2 to 13.0.1.

Release notes

Sourced from Newtonsoft.Json's releases.

13.0.1

New feature - Add JsonSelectSettings with configuration for a regex timeout
Change - Remove portable assemblies from NuGet package
Change - JsonReader and JsonSerializer MaxDepth defaults to 64
Change - Change InvalidCastException to JsonSerializationException on mismatched JToken
Fix - Fixed throwing missing member error on ignored fields
Fix - Fixed various nullable annotations
Fix - Fixed annotations not being copied when tokens are cloned
Fix - Fixed naming strategy not being used when deserializing dictionary enum keys
Fix - Fixed serializing nullable struct dictionaries
Fix - Fixed JsonWriter.WriteToken to allow null with string token
Fix - Fixed missing error when deserializing JToken with a contract type mismatch
Fix - Fixed JTokenWriter when writing comment to an object

12.0.3

New feature - Added support for nullable reference types
New feature - Added KebabCaseNamingStrategy
Change - Package now uses embedded package icon
Fix - Fixed bug when merging JToken with itself
Fix - Fixed performance of calling ICustomTypeDescriptor.GetProperties
Fix - Fixed serializing Enumerable.Empty and empty arrays on .NET Core 3.0
Fix - Fixed deserializing some collection types with constructor
Fix - Fixed deserializing IImmutableSet to ImmutableHashSet instead of ImmutableSortedSet
Fix - Fixed deserializing IImmutableDictionary to ImmutableDictionary instead of ImmutableSortedDictionary
Fix - Fixed deserializing into constructors with more than 256 parameters
Fix - Fixed hang when deserializing JTokenReader with preceding comment
Fix - Fixed JSONPath scanning with nested indexer
Fix - Fixed deserializing incomplete JSON object to JObject
Fix - Fixed using StringEnumConverter with naming strategy and specified values

12.0.2

New feature - Added MissingMemberHandling to JsonObjectAttribute and JsonObjectContract
New feature - Added constructor to JTokenReader to specify initial path
New feature - Added JsonProperty.IsRequiredSpecified
New feature - Added JsonContract.InternalConverter
Change - Moved embedded debug symbols in NuGet package to a symbol package on NuGet.org
Fix - Fixed deserializing nullable struct collections
Fix - Fixed memory link when serializing enums to named values
Fix - Fixed error when setting JsonLoadSettings.DuplicatePropertyNameHandling to Replace

12.0.1

New feature - Added NuGet package signing
New feature - Added Authenticode assembly signing
New feature - Added SourceLink support
New feature - Added constructors to StringEnumConverter for setting AllowIntegerValue
New feature - Added JsonNameTable and JsonTextReader.PropertyNameTable
New feature - Added line information to JsonSerializationException
New feature - Added JObject.Property overload with a StringComparison
New feature - Added JsonMergeSettings.PropertyNameComparison
New feature - Added support for multiple Date constructors with JavaScriptDateTimeConverter
New feature - Added support for strict equals and strict not equals in JSON Path queries
New feature - Added EncodeSpecialCharacters setting to XmlNodeConverter
New feature - Added trace message for serializing to non-writable properties
New feature - Added support for NamingStrategy to StringEnumConverter
New feature - Added JsonLoadSettings.DuplicatePropertyNameHandling setting
Change - JTokenReader now uses JsonReader.DateTimeZoneHandling setting for date values
Change - Excluded TargetSite when serializing Exceptions without SerializableAttribute
Change - Changed StringEnumConverter.ctor(bool camelCaseText) to obsolete
Change - Changed StringEnumConverter.CamelCaseText to obsolete
Fix - Fixed incorrect overflow when reading decimal values from JSON
Fix - Fixed error message when trying to deserialize an abstract serializable type
Fix - Fixed parsing decimals from a string with an exponent
Fix - Fixed losing DateTime.Kind when deserializing ISO date strings
Fix - Fixed calling constructors with ref and in parameters
Fix - Fixed rare race condition in name table when serializing
Fix - Fixed unhelpful exception message when unable to convert JSON value to DateTime
Fix - Fixed error when deserializing empty array in DataTable
Fix - Fixed deserializing empty string to empty byte array
Fix - Fixed blank extension data values with required properties and deserializing with constructor
Fix - Fixed ignored values being set in extension data when deserializing
Fix - Fixed comparing equal integer and floating point values in JSON Path
Fix - Fixed BsonReader when reading multiple content
Fix - Fixed setting extension data with existing key
Fix - Fixed including array attribute in XML with namespaces when converting JSON to XML
Fix - Fixed error when serializing ref struct properties by excluding them from serialization

Commits viewable in compare view.

Updated NuGet.Commands from 5.9.0 to 5.11.5.

Release notes

Sourced from NuGet.Commands's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated SixLabors.ImageSharp from 1.0.3 to 2.1.11.

Release notes

Sourced from SixLabors.ImageSharp's releases.

2.1.11 What's Changed

Backport V2 - GIF: Check for end of stream when reading comments. by @JimBobSquarePants in Backport V2 - GIF: Check for end of stream when reading comments. SixLabors/ImageSharp#2971

Full Changelog: SixLabors/ImageSharp@v2.1.10...v2.1.11

2.1.10 What's Changed

Backport #2859 to release/2.1.x by @antonfirsov in Backport #2859 to release/2.1.x SixLabors/ImageSharp#2890
Backport #2701 to 2.1.x [copy] by @antonfirsov in Backport #2701 to 2.1.x [copy] SixLabors/ImageSharp#2891

Full Changelog: SixLabors/ImageSharp@v2.1.9...v2.1.10

2.1.9 What's Changed

[2.1] Fix overflow in MemoryAllocator.Create(options) by @antonfirsov in [2.1] Fix overflow in MemoryAllocator.Create(options) SixLabors/ImageSharp#2732
Backport GIF LZW fix to 2.1 by @antonfirsov in Backport GIF LZW fix to 2.1 SixLabors/ImageSharp#2756
Backport 2759 to 2.1.x by @antonfirsov in Backport 2759 to 2.1.x SixLabors/ImageSharp#2770

Full Changelog: SixLabors/ImageSharp@v2.1.8...v2.1.9

2.1.8 What's Changed

V2 - Limit Read Palette Indices by @JimBobSquarePants in V2 - Limit Read Palette Indices SixLabors/ImageSharp#2719
V2 - Clear Pixel Buffers on Decode. by @JimBobSquarePants in V2 - Clear Pixel Buffers on Decode. SixLabors/ImageSharp#2717
V2 - Limit all memory allocations in the MemoryAllocator layer by @JimBobSquarePants in V2 - Limit all memory allocations in the MemoryAllocator layer SixLabors/ImageSharp#2715

Full Changelog: SixLabors/ImageSharp@v2.1.7...v2.1.8

2.1.7 What's Changed

[release/2.1] Disallow allocation attempts of unrepresentable sizes by @antonfirsov in [release/2.1] Disallow allocation attempts of unrepresentable sizes SixLabors/ImageSharp#2553
[release/2.1] Tiff decoding robustness improvements (#2550) by @antonfirsov in [release/2.1] Tiff decoding robustness improvements (#2550) SixLabors/ImageSharp#2554
[release/2.1] PBM decoder robustness improvements and BufferedReadStream observability by @antonfirsov in [release/2.1] PBM decoder robustness improvements and BufferedReadStream observability SixLabors/ImageSharp#2555
Backport 2681 by @JimBobSquarePants in Backport 2681 SixLabors/ImageSharp#2688

Full Changelog: SixLabors/ImageSharp@v2.1.6...v2.1.7

2.1.6 What's Changed

Backport - Handle EOF in Jpeg bit reader when data is bad to prevent DOS attack. by @JimBobSquarePants in Backport - Handle EOF in Jpeg bit reader when data is bad to prevent DOS attack. SixLabors/ImageSharp#2524

Full Changelog: SixLabors/ImageSharp@v2.1.5...v2.1.6

2.1.5 What's Changed

Backport #2501 by @JimBobSquarePants in Backport #2501 SixLabors/ImageSharp#2509

Full Changelog: SixLabors/ImageSharp@v2.1.4...v2.1.5

2.1.4 What's Changed

Backport WebP fix to 2.1 by @antonfirsov in Backport WebP fix to 2.1 SixLabors/ImageSharp#2420

Full Changelog: SixLabors/ImageSharp@v2.1.3...v2.1.4

2.1.3 What's Changed

V2 Backport: 2133, 2154 by @JimBobSquarePants in V2 Backport: 2133, 2154 SixLabors/ImageSharp#2157

Full Changelog: SixLabors/ImageSharp@v2.1.2...v2.1.3

2.1.2 What's Changed

Backport - Issue 2123 by @JimBobSquarePants in Backport - Issue 2123 SixLabors/ImageSharp#2126

Full Changelog: SixLabors/ImageSharp@v2.1.1...v2.1.2

2.1.1 What's Changed

Memory allocation allocation tracker test helper by @tocsoft in Memory allocation allocation tracker test helper SixLabors/ImageSharp#2082
Added sanity check for every jpeg marker by @br3aker in Added sanity check for every jpeg marker SixLabors/ImageSharp#2084
Fixed string exif value corner case exception by @br3aker in Fixed string exif value corner case exception SixLabors/ImageSharp#2088
Add missing decoder sanitation checks by @JimBobSquarePants and @brianpopow in Add missing decoder sanitation checks SixLabors/ImageSharp#2077

Full Changelog: SixLabors/ImageSharp@v2.1.0...v2.1.1

2.1.0 Advisories and Breaking Changes

Fix async image load - #2006 via @kroymann, @antonfirsov, @JimBobSquarePants

Release Notes

Area:Performance

PNG: Add SSE/AVX version of Sub, Up, Average and Paethfilters - #2028 via @brianpopow, @JimBobSquarePants
Add AVX2 version of adler32 - #2024 via @brianpopow

Bug

Gif decoder. Fix memory access violations. - #2014 via @JimBobSquarePants
Fix issue in PNG identify method to skip "uninteresting" chunks, incl… - #2019 via @flew2bits, @brianpopow, @JimBobSquarePants
Ensure PixelOperations.To(TPixel) uses scaling. - #2050 via @JimBobSquarePants
Fix issue with app1 parsing - #2058 via @brianpopow
Fix resize pad color application for non Nearest Neighbor samplers - #2052 via @JimBobSquarePants

Codequality

naming corrections - macOS and .NET - #2065 via @mikeirvingweb, @JimBobSquarePants

Documentation

Fix documentation of HorizontalResolution and VerticalResolution properties - #1981 via @0xced

Enhancement

Allow pad to work for non-alpha pixel formats - #2034 via @JimBobSquarePants

Formats:Jpeg

Fixed multiple SpectralConverter.CommitConversion() calls - #2000 via @br3aker

Formats:Png

PNG: Throw exception, if palette chunk is missing - #2020 via @brianpopow
PNG: Ignore invalid gamma chunks - #2021 via @brianpopow
Optimize Crc32 for arm - #1987 via @Bond-009, @brianpopow
Add ARM version of adler32 - #2015 via @brianpopow, @antonfirsov, @JimBobSquarePants
Minor PNG Encoding Optimization for DeflaterEngine and WuQuantizer - #2023 via @ratok-mk, @JimBobSquarePants

Formats:Tiff

Add TIFF CcittGroup4Fax (T6) compression - #1993 via @frankracis-work, @brianpopow
Add support for decoding gray tiff with jpeg compression - #2031 via @brianpopow
Tiff Decoder option to decode only first frame - #2013 via @brianpopow, @JimBobSquarePants
Add support for decoding Tiff images with UnassociatedAlphaData - #2037 via @brianpopow, @JimBobSquarePants
TIFF: Add support for horizontal predictor with alpha data - #2047 via @brianpopow, @JimBobSquarePants
... (truncated)

2.0.0 Advisories and Breaking Changes

Major breaking changes

Due to the new unmanaged memory engine, we had to redesign our pixel processing and low level memory management API-s. The most visible change is that the GetPixelRowSpan() methods have been replaced with ProcessPixelRows() variants. This was done to guarantee memory safety. For more details see:
- 2.0 documentation on Working with Pixel Buffers
- 2.0 documentation on Memory Management
- Pixel processing breaking changes & API discussion - #1739
Png and Jpeg now decode to pixels formats closer to the encoded format when using the non-generic API. (For example Jpeg now decodes to Image<Rgb24> instead of Image<Rgba32>.) This was done to reduce memory usage and remove some surprises for users.
We've dropped the old NetStandard 1.3 target. This targeted frameworks not supported by Microsoft and was adding overhead to development.

Complete list of breaking PR-s

Add Abgr32 pixel type, extend IPixel - #1886 via @ynse01, @antonfirsov, @JimBobSquarePants
Remove netstandard 1.3 target - #1888 via @JimBobSquarePants
ImageFormatDetector Configuration Cleanup - #1936 via @JimBobSquarePants
Unmanaged pooling MemoryAllocator - #1730 via @antonfirsov
Png - Preserve Pixel Format for Non-generic decode. - #1861 via @JimBobSquarePants
Decode Jpeg into Rgb24 when pixel type not specified. - #1773

Release Notes

API

Remove HistogramEqualizationOptions.Default - #1840 via @antonfirsov
Added missing CancellationToken parameters to Image - #1856 via @justinbhopper
Expose ImageFrame.PixelBuffer - #1906 via @JimBobSquarePants
Change the constructor of PixelTypeInfo and ImageMetadata from internal to public so that a user can implement IImageInfo - #1929 via @jz5, @antonfirsov, @JimBobSquarePants

Area:Build

Update codcov and config - #1820 via @JimBobSquarePants
Use a scheduled job for codecov - #1934 via @JimBobSquarePants

Area:Formats

Add support for Portable Bitmap images - #1851 via @ynse01, @antonfirsov, @brianpopow, @JimBobSquarePants

Area:Performance

Webp: Use byte arrays instead of Dictionary's for lookups - #1800 via @brianpopow
Add sse2 version of select - #1804 via @brianpopow
Add SSE2 versions of ClampedAddSubtractFull and ClampedAddSubtractHalf - #1805 via @brianpopow, @JimBobSquarePants
SSE41 version of Hadamard transform - #1810 via @brianpopow
Add SSE41 version of Quantize block - #1811 via @brianpopow
Add SSE2 version of Mean16x4 - #1814 via @brianpopow
Add SSE2 version of Vp8Sse4X4 - #1817 via @brianpopow
Hoist some of the calculations from loops of 3DMoments() - #1818 via @kunalspathak, @brianpopow
Add sse2 version of inverse transform - #1819 via @brianpopow, @JimBobSquarePants
Add AVX version of CollectColorBlueTransforms and CollectColorRedTransforms - #1824 via @brianpopow, @JimBobSquarePants
Add AVX version of TransformColor and TransformColorInverse - #1830 via @brianpopow, @JimBobSquarePants
Webp improvements - #1846 via @brianpopow
... (truncated)

1.0.4 Advisories and Breaking Changes

None

Release Notes

Bug Fixes

Fix a few uses of DeflateStream.Read - #1707 via @stephentoub

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps log4net from 2.0.8 to 2.0.10 Bumps Microsoft.AspNetCore.Authentication.JwtBearer from 3.1.0 to 3.1.18 Bumps Newtonsoft.Json from 11.0.2 to 13.0.1 Bumps NuGet.Commands from 5.9.0 to 5.11.5 Bumps SixLabors.ImageSharp from 1.0.3 to 2.1.11 --- updated-dependencies: - dependency-name: log4net dependency-version: 2.0.10 dependency-type: direct:production dependency-group: nuget - dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer dependency-version: 3.1.18 dependency-type: direct:production dependency-group: nuget - dependency-name: Newtonsoft.Json dependency-version: 13.0.1 dependency-type: direct:production dependency-group: nuget - dependency-name: NuGet.Commands dependency-version: 5.11.5 dependency-type: direct:production dependency-group: nuget - dependency-name: SixLabors.ImageSharp dependency-version: 2.1.11 dependency-type: direct:production dependency-group: nuget ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code labels Feb 3, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the nuget group with 5 updates#5

Bump the nuget group with 5 updates#5
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/examples/vulnerable-dotnet-app/nuget-4a1070d28e

dependabot bot commented on behalf of github Feb 3, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 3, 2026

2.0.10

What's Changed

13.0.1

12.0.3

12.0.2

12.0.1

2.1.11

What's Changed

2.1.10

What's Changed

2.1.9

What's Changed

2.1.8

What's Changed

2.1.7

What's Changed

2.1.6

What's Changed

2.1.5

What's Changed

2.1.4

What's Changed

2.1.3

What's Changed

2.1.2

What's Changed

2.1.1

What's Changed

2.1.0

Advisories and Breaking Changes

Release Notes

2.0.0

Advisories and Breaking Changes

Major breaking changes

Complete list of breaking PR-s

Release Notes

1.0.4

Advisories and Breaking Changes

Release Notes

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants