Skip to content

chore(deps): bump packages and upgrade to .NET 8.0#250

Merged
kzu merged 1 commit into
mainfrom
bump-deps
Jun 24, 2026
Merged

chore(deps): bump packages and upgrade to .NET 8.0#250
kzu merged 1 commit into
mainfrom
bump-deps

Conversation

@kzu

@kzu kzu commented Jun 24, 2026

Copy link
Copy Markdown
Member

Bump all direct dependencies (some of which are part of chains that have received security fixes) and upgrade the target framework from the EOL net6.0 (no security updates) to net8.0.

Changes

  • TargetFramework: net6.0net8.0 (both projects)
  • Devlooped.Web: 1.2.0 → 1.4.0
  • DotNetConfig: 1.0.6 → 1.2.0
  • Microsoft.CodeAnalysis.CSharp.Scripting: 4.6.0 → 5.3.0
  • Microsoft.SourceLink.GitHub: 10.0.202 → 10.0.300
  • Microsoft.NET.Test.Sdk: 17.13.0 → 18.7.0
  • Moq: 4.18.4 → 4.20.72
  • xunit.runner.visualstudio: 3.0.2 → 3.1.5
  • ThisAssembly: updated to v2 split packages (ThisAssembly.Project + ThisAssembly.AssemblyInfo) to avoid generator issues with embedded Docs\*.md

dotnet build and dotnet test (171 tests) pass cleanly.

No vulnerable packages reported by dotnet list package --vulnerable.

@kzu
chore(deps): bump packages and upgrade to .NET 8.0
df14956 
- Upgrade target frameworks from net6.0 (EOL) to net8.0 for security updates
- Bump direct dependencies to latest:
  - Devlooped.Web 1.2.0 -> 1.4.0
  - DotNetConfig 1.0.6 -> 1.2.0
  - Microsoft.CodeAnalysis.CSharp.Scripting 4.6.0 -> 5.3.0
  - Microsoft.SourceLink.GitHub 10.0.202 -> 10.0.300
  - Microsoft.NET.Test.Sdk 17.13.0 -> 18.7.0
  - Moq 4.18.4 -> 4.20.72
  - xunit.runner.visualstudio 3.0.2 -> 3.1.5
- Update ThisAssembly usage for v2 (split packages to avoid resource generator issues with 'default.md')
- Updated local dev pin in Directory.targets

All tests pass (171/171).
@kzu

kzu commented Jun 24, 2026

Copy link
Copy Markdown
Member Author

164 passed 164 passed

🧪 Details on Microsoft Windows 10.0.26100

from retest v1.1.0 on .NET 10.0.9 with 💜 by @devlooped

@kzu kzu merged commit 4f0d6c9 into main Jun 24, 2026
4 checks passed
@kzu kzu deleted the bump-deps branch June 24, 2026 19:39
@kzu kzu added the dependencies Pull requests that update a dependency file label Jun 24, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kzu