Skip to content

[deps] Tools: Pin dependencies#6204

Open
renovate[bot] wants to merge 2 commits intomainfrom
renovate/pin-dependencies
Open

[deps] Tools: Pin dependencies#6204
renovate[bot] wants to merge 2 commits intomainfrom
renovate/pin-dependencies

Conversation

@renovate
Copy link
Copy Markdown
Contributor

@renovate renovate Bot commented Aug 18, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change
AWSSDK.SQS nuget pin 4.0.2.5[4.0.2.5]
AWSSDK.SimpleEmail nuget pin 4.0.2.5[4.0.2.5]
AngleSharp (source) nuget pin 1.4.0[1.4.0]
AspNetCore.HealthChecks.SqlServer nuget pin 8.0.2[8.0.2]
AspNetCore.HealthChecks.Uris nuget pin 8.0.1[8.0.1]
AspNetCoreRateLimit nuget pin 5.0.0[5.0.0]
AspNetCoreRateLimit.Redis nuget pin 2.0.0[2.0.0]
AutoMapper.Extensions.Microsoft.DependencyInjection (source) nuget pin 12.0.1[12.0.1]
Azure.Data.Tables (source) nuget pin 12.11.0[12.11.0]
Azure.Extensions.AspNetCore.DataProtection.Blobs (source) nuget pin 1.3.4[1.3.4]
Azure.Messaging.EventGrid (source) nuget pin 5.0.0[5.0.0]
Azure.Messaging.ServiceBus (source) nuget pin 7.20.1[7.20.1]
Azure.Storage.Blobs (source) nuget pin 12.26.0[12.26.0]
Azure.Storage.Blobs.Batch (source) nuget pin 12.23.0[12.23.0]
Azure.Storage.Queues (source) nuget pin 12.24.0[12.24.0]
BenchmarkDotNet nuget pin 0.15.3[0.15.3]
BitPay.Light (source) nuget pin 1.0.1907[1.0.1907]
Bogus nuget pin 35.*[35.6.5]
Braintree nuget pin 5.36.0[5.36.0]
CommandDotNet nuget pin 7.0.5[7.0.5]
CsvHelper (source) nuget pin 33.1.0[33.1.0]
Dapper nuget pin 2.1.66[2.1.66]
DnsClient (source) nuget pin 1.8.0[1.8.0]
Duende.IdentityServer (source) nuget pin 7.4.6[7.4.6]
DuoUniversal nuget pin 1.3.1[1.3.1]
Fido2.AspNet nuget pin 3.0.1[3.0.1]
Handlebars.Net (source) nuget pin 2.1.6[2.1.6]
Kralizek.AutoFixture.Extensions.MockHttp nuget pin 2.2.1[2.2.1]
LaunchDarkly.ServerSdk nuget pin 8.11.0[8.11.0]
MailKit (source) nuget pin 4.16.0[4.16.0]
MarkDig (source) nuget pin 1.1.0[1.1.0]
MartinCostello.Logging.XUnit nuget pin 0.7.0[0.7.0]
MessagePack nuget pin 3.1.4[3.1.4]
Microsoft.AspNetCore.Authentication.JwtBearer (source) nuget pin 8.0.10[8.0.10]
Microsoft.AspNetCore.DataProtection (source) nuget pin 8.0.10[8.0.10]
Microsoft.AspNetCore.Mvc.Testing (source) nuget pin 10.0.3[10.0.3]
Microsoft.AspNetCore.SignalR.Protocols.MessagePack (source) nuget pin 10.0.3[10.0.3]
Microsoft.AspNetCore.SignalR.StackExchangeRedis (source) nuget pin 10.0.3[10.0.3]
Microsoft.Azure.Cosmos nuget pin 3.52.0[3.52.0]
Microsoft.Azure.NotificationHubs nuget pin 4.2.0[4.2.0]
Microsoft.Bot.Builder nuget pin 4.23.0[4.23.0]
Microsoft.Bot.Builder.Integration.AspNet.Core nuget pin 4.23.0[4.23.0]
Microsoft.Bot.Connector nuget pin 4.23.0[4.23.0]
Microsoft.Data.SqlClient (source) nuget pin 7.0.0[7.0.0]
Microsoft.Extensions.Caching.Cosmos nuget pin 1.8.0[1.8.0]
Microsoft.Extensions.Caching.SqlServer (source) nuget pin 8.0.10[8.0.10]
Microsoft.Extensions.Caching.StackExchangeRedis (source) nuget pin 8.0.10[8.0.10]
Microsoft.Extensions.Configuration (source) nuget pin 8.0.0[8.0.0]
Microsoft.Extensions.Configuration.EnvironmentVariables (source) nuget pin 8.0.0[8.0.0]
Microsoft.Extensions.Configuration.UserSecrets (source) nuget pin 8.0.0[8.0.0]
Microsoft.Extensions.Diagnostics.Testing (source) nuget pin 9.3.0[9.3.0]
Microsoft.Extensions.Identity.Stores (source) nuget pin 8.0.10[8.0.10]
Microsoft.Extensions.Logging (source) nuget pin 8.0.1[8.0.1]
Microsoft.Extensions.Logging (source) nuget pin 9.0.0[9.0.0]
Microsoft.Extensions.Logging.Console (source) nuget pin 8.0.1[8.0.1]
Microsoft.Extensions.TimeProvider.Testing (source) nuget pin 8.10.0[8.10.0]
Microsoft.NET.Test.Sdk nuget pin 18.0.1[18.0.1]
Microsoft.NET.Test.Sdk nuget pin 17.11.0[17.11.0]
Neovolve.Logging.Xunit nuget pin 6.3.0[6.3.0]
Newtonsoft.Json (source) nuget pin 13.0.3[13.0.3]
OneOf nuget pin 3.0.271[3.0.271]
Otp.NET nuget pin 1.4.0[1.4.0]
Quartz (source) nuget pin 3.15.1[3.15.1]
Quartz.Extensions.DependencyInjection (source) nuget pin 3.15.1[3.15.1]
Quartz.Extensions.Hosting (source) nuget pin 3.15.1[3.15.1]
RabbitMQ.Client (source) nuget pin 7.1.2[7.1.2]
RichardSzalay.MockHttp nuget pin 7.0.0[7.0.0]
Rnwood.SmtpServer (source) nuget pin 3.1.0-ci0868[3.1.0-ci0868]
SendGrid (source) nuget pin 9.29.3[9.29.3]
Serilog.Extensions.Logging.File nuget pin 3.0.0[3.0.0]
Stripe.net nuget pin 48.5.0[48.5.0]
Sustainsys.Saml2.AspNetCore2 nuget pin 2.11.0[2.11.0]
Swashbuckle.AspNetCore nuget pin 10.1.7[10.1.7]
Swashbuckle.AspNetCore.SwaggerGen nuget pin 10.1.7[10.1.7]
Testcontainers (source) nuget pin 4.11.0[4.11.0]
YamlDotNet (source) nuget pin 11.2.1[11.2.1]
YubicoDotNetClient nuget pin 1.2.0[1.2.0]
ZiggyCreatures.FusionCache nuget pin 2.0.2[2.0.2]
ZiggyCreatures.FusionCache.Backplane.StackExchangeRedis nuget pin 2.0.2[2.0.2]
ZiggyCreatures.FusionCache.Serialization.SystemTextJson nuget pin 2.0.2[2.0.2]
base64 dependencies pin 0.22.1=0.22.1
coverlet.collector nuget pin 10.0.0[10.0.0]
dbup-sqlserver (source) nuget pin 7.2.0[7.2.0]
linq2db (source) nuget pin 5.4.1[5.4.1]
xunit nuget pin 2.9.3[2.9.3]
xunit.runner.visualstudio nuget pin 3.1.5[3.1.5]
xunit.runner.visualstudio nuget pin 3.1.4[3.1.4]
xunit.runner.visualstudio nuget pin 3.1.2[3.1.2]
xunit.v3 nuget pin 3.2.1[3.2.1]
xunit.v3 nuget pin 3.0.1[3.0.1]

Add the preset :preserveSemverRanges to your config if you don't want to pin your dependencies.

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • "every 2nd week starting on the 2 week of the year before 4am on Monday"
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate Bot requested a review from a team August 18, 2025 02:54
@renovate renovate Bot requested review from a team as code owners August 18, 2025 02:54
@bitwarden-bot bitwarden-bot changed the title [deps] Tools: Pin dependencies [PM-24840] [deps] Tools: Pin dependencies Aug 18, 2025
@bitwarden-bot
Copy link
Copy Markdown

bitwarden-bot commented Aug 18, 2025

Internal tracking:

@renovate renovate Bot changed the title [PM-24840] [deps] Tools: Pin dependencies [deps] Tools: Pin dependencies Aug 18, 2025
aj-bw
aj-bw previously approved these changes Aug 18, 2025
View reviewed changes
@renovate renovate Bot force-pushed the renovate/pin-dependencies branch 2 times, most recently from dbd9938 to 9ebccff Compare August 18, 2025 15:14
@renovate renovate Bot force-pushed the renovate/pin-dependencies branch 11 times, most recently from b83cff3 to a79a884 Compare August 20, 2025 19:13
Patrick-Pimentel-Bitwarden
Patrick-Pimentel-Bitwarden previously approved these changes Aug 21, 2025
View reviewed changes
Copy link
Copy Markdown
Contributor

@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 Auth changes look good.

@renovate renovate Bot force-pushed the renovate/pin-dependencies branch from a79a884 to 59434ce Compare August 21, 2025 14:46
@codecov
Copy link
Copy Markdown

codecov Bot commented Aug 21, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.13%. Comparing base (da5fc0e) to head (52f27d7).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6204      +/-   ##
==========================================
+ Coverage   59.75%   64.13%   +4.38%     
==========================================
  Files        2102     2102              
  Lines       92688    92688              
  Branches     8257     8257              
==========================================
+ Hits        55382    59442    +4060     
+ Misses      35353    31206    -4147     
- Partials     1953     2040      +87

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate renovate Bot force-pushed the renovate/pin-dependencies branch 16 times, most recently from 9e9c0cb to 9b5b727 Compare September 4, 2025 17:56
harr1424
harr1424 previously approved these changes Sep 10, 2025
View reviewed changes
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Dec 23, 2025

Logo
Checkmarx One – Scan Summary & Details028fb9b6-b2a4-4b4b-8250-022251e03704

Great job! No new security vulnerabilities introduced in this pull request

@justindbaur
Copy link
Copy Markdown
Member

justindbaur commented Dec 23, 2025

I decided to delete some packages that we already get through the ASP.NET Core reference and decided to explicitly reference it. This fixed the Microsoft.Extensions.Configuration.UserSecrets downgrade. The System.Text.Json downgrade is fixed by just removing our manual reference of it. I wanted to make sure that all projects were getting a non-vulnerable version of STJ though. The below command will show that all projects except Billing.Test reference 8.0.5 and Billing.Test references 9.0.0 because one of their dependencies brings it in. Neither version are vulnerable.

dotnet list package --include-transitive --format json \
  | jq '.projects | .[] | { path: .path, version: .frameworks.[0].transitivePackages | .[]? | select(.id=="System.Text.Json") | .resolvedVersion }'

harr1424
harr1424 previously approved these changes Dec 29, 2025
View reviewed changes
aj-bw
aj-bw previously approved these changes Jan 6, 2026
View reviewed changes
@renovate
Copy link
Copy Markdown
Contributor Author

renovate Bot commented May 5, 2026

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented May 5, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@aj-bw aj-bw aj-bw left review comments

@harr1424 harr1424 harr1424 left review comments

@amorask-bitwarden amorask-bitwarden amorask-bitwarden left review comments

@Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden Patrick-Pimentel-Bitwarden left review comments

@keithhubner keithhubner Awaiting requested review from keithhubner keithhubner is a code owner automatically assigned from bitwarden/dept-shot

+1 more reviewer

@PJHOMEZ PJHOMEZ PJHOMEZ approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

8 participants

@bitwarden-bot @justindbaur @aj-bw @harr1424 @PJHOMEZ @amorask-bitwarden @Patrick-Pimentel-Bitwarden @itsadrago