Skip to content

chore(deps): Bump the nuget-dependencies group with 1 update#117

Merged
JerrettDavis merged 1 commit into
mainfrom
dependabot/nuget/src/Hosting/PokManager.AppHost/nuget-dependencies-cbaa0ed2ee
Jun 16, 2026
Merged

chore(deps): Bump the nuget-dependencies group with 1 update#117
JerrettDavis merged 1 commit into
mainfrom
dependabot/nuget/src/Hosting/PokManager.AppHost/nuget-dependencies-cbaa0ed2ee

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor

Updated MessagePack from 2.5.301 to 3.1.7.

Release notes

Sourced from MessagePack's releases.

3.1.7

What's Changed

Security release details

This release fixes 3 high severity and 9 moderate severity security vulnerabilities.

High severity advisory fixes

Moderage severity advisory fixes

Fixes with no security advisory

  • fb0fe9f0 Honor TypeFormatter options hooks for CWE-470
  • c1c06a6f Fix WriteRawX methods to advance by written length
  • 46c6a0fe Fix CWE-190 map header length overflow

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.1.6...v3.1.7

3.1.6

What's Changed

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.1.5...v3.1.6

3.1.5

What's Changed

New Contributors

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.1.4...v3.1.5

3.1.4

What's Changed

New Contributors

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.1.3...v3.1.4

3.1.3

What's Changed

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.1.2...v3.1.3

3.1.2

What's Changed

New Contributors

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.1.1...v3.1.2

3.1.1

What's Changed

New Contributors

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.1.0...v3.1.1

3.1.0

What's Changed

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.0.301...v3.1.0

3.0.301

Note

Tag and Unity's version is 3.0.301 but published NuGet version is 3.0.308.
The version mismatch due to release process inconsistencies will be fixed in the next release.

What's Changed

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.0.300...v3.0.301

3.0.300

Fixed version, release notes see v3.0.3.

3.0.238-rc.1

What's Changed

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.0.233-rc.1...v3.0.238-rc.1

3.0.233-rc.1

Changes

Enhancements

  • #​2013: Secure by default

Fixes

  • #​2031: Use generic type argument used for custom formatters
  • #​2029: Apply scoped in more places
  • #​2030: Support nesting formatters within generic data types
  • #​2024: Source code generation fails for generic type with private member serialization
  • #​2028: Avoid collecting fields with custom formatter recusively
  • #​2023: Suppress MsgPack004 on private base members when only public is interesting
  • #​2022: Ignore abstract implementations of IMessagePackFormatter<T>
  • #​2012: MsgPack004 Analyzer triggering on not attributed private property on base class eventhough source generator shouldn't include private properties
  • #​2017: MsgPack013 should not report diagnostics on abstract classes
  • #​2021: Add scoped modifier to in parameters of ref struct
  • #​2016: Avoid collecting members when it doesn't have [Key]
  • #​2005: custom formatters code source generator error

Others

  • #​2032: Use simpler C# syntax for nullable value types

3.0.214-rc.1

Changes:

  • #​2015: Use a collision-resistant hash algorithm for untrusted data to address GHSA-4qm4-8hg2-g2xm
  • #​2009: Build nuget package with semver v2

This list of changes was auto generated.

3.0.208-rc.1

Breaking changes

Enhancements

Fixes

Other changes

New Contributors

3.0.134-beta

What's Changed

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.0.129-beta...v3.0.134-beta

3.0.129-beta

What's Changed

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.0.111-alpha...v3.0.129-beta

3.0.111-alpha

What's Changed

New Contributors

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v3.0.54-alpha...v3.0.111-alpha

3.0.54-alpha

What's Changed

High level

  • mpc tool is gone. We use roslyn source generators now.
  • Source generation is enabled by default. At runtime MessagePack v3 will look for these source generated formatters and avoid generating them dynamically if found.

Pull requests

New Contributors

... (truncated)

3.0.3

See our migration guide.
Details blog article

What's new

  • AOT source generation of formatters by default using roslyn source generators. mpc is no longer available. Dynamic formatters still exist (for runtimes that support them), but code that compiles against v3 are unlikely to need them, resulting in better startup performance and improved debugging experience.
  • AOT source generation is hugely improved.
    • Support most or all of the data types that DynamicObjectResolver supported.
    • Support for serializing private members.
  • [MessagePackObject] types can serialize private members without the application having to switch to DynamicObjectResolverAllowPrivate.
  • Analyzers are on by default, with many new ones to help ensure your code is correct and ready for AOT source generated formatters.
  • Custom formatters are automatically used for the data types they format when defined in the same assembly, by default. No need to attribute your data types to point to the custom formatter. Opt out by attributing the formatter with [ExcludeFormatterFromSourceGeneratedResolverAttribute].
  • New CompositeResolverAttribute offers a faster runtime alternative to the CompositeResolver class.

Unity

  • Consume through NuGetForUnity and UPM instead of through .unitypackage

What's Changed

2.6.100-alpha

What's Changed

New Contributors

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v2.6.95-alpha...v2.6.100-alpha

2.6.95-alpha

What's Changed

New Contributors

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v2.5.108...v2.6.95-alpha

2.5.302

This is a merge release, combining the security fix from the https://github.com/MessagePack-CSharp/MessagePack-CSharp/releases/tag/v2.5.205 release with the several security fixes from the https://github.com/MessagePack-CSharp/MessagePack-CSharp/releases/tag/v2.5.301 release.

Commits viewable in compare view.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): Bump the nuget-dependencies group with 1 update
275a6ea 
Bumps MessagePack from 2.5.301 to 3.1.7

---
updated-dependencies:
- dependency-name: MessagePack
  dependency-version: 3.1.7
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: nuget-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 16, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions

github-actions Bot commented Jun 16, 2026

Copy link
Copy Markdown

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 1 package(s) with unknown licenses.
See the Details below.

License Issues

src/Hosting/PokManager.AppHost/PokManager.AppHost.csproj

PackageVersionLicenseIssue Type
MessagePack3.1.7NullUnknown License
Allowed Licenses: MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, 0BSD

OpenSSF Scorecard

PackageVersionScoreDetails
nuget/MessagePack 3.1.7 UnknownUnknown

Scanned Files

  • src/Hosting/PokManager.AppHost/PokManager.AppHost.csproj

@JerrettDavis JerrettDavis merged commit 26407f0 into main Jun 16, 2026
16 checks passed
@JerrettDavis JerrettDavis deleted the dependabot/nuget/src/Hosting/PokManager.AppHost/nuget-dependencies-cbaa0ed2ee branch June 16, 2026 02:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@JerrettDavis