Skip to content

Bump the dependencies group with 6 updates#31

Closed
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/nuget/src/Grimoire.Api/dependencies-3148c12b29
Closed

Bump the dependencies group with 6 updates#31
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/nuget/src/Grimoire.Api/dependencies-3148c12b29

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 28, 2026

Copy link
Copy Markdown
Contributor

Updated coverlet.collector from 6.0.4 to 10.0.1.

Release notes

Sourced from coverlet.collector's releases.

10.0.1

Improvements

Fixed

  • Fix inconsistent paths in cobertura reports #​1723
  • Fix when using "is" with "and" in pattern matching, branch coverage is lower than normal #​1313
  • Fix Coverlet flagging a branch for an async functions finally block where none exists #​1337
  • Fix Coverlet Tracker Missing CompilerGeneratedAttribute #​1828

Maintenance

  • Add architecture docs and diagrams for all integrations #​1927
  • Update NuGet packages and .NET SDK versions #​1933

Diff between 10.0.0 and 10.0.1

10.0.0

Improvements

  • Unique Report Filenames (coverlet.MTP and AzDO) #​1866
  • Add --coverlet-file-prefix option for unique report files #​1869
  • Introduce .NET 10 support #​1823

Fixed

  • Fix [BUG] Wrong branch rate on IAsyncEnumerable for generic type #​1836
  • Fix [BUG] Missing Coverage after moving to MTP #​1843
  • Fix [BUG] No coverage reported when targeting .NET Framework with 8.0.1 #​1842
  • Fix [BUG] Behavior changes between MTP and Legacy (msbuild) #​1878
  • Fix [BUG] Coverlet.MTP - Unable to load coverlet.mtp.appsettings.json #​1880
  • Fix [BUG] Coverlet.Collector produces empty report when Mediator.SourceGenerator is referenced #​1718 by https://github.com/yusyd
  • Fix [BUG] Crash during instrumentation (Methods using LibraryImport/DllImport have no body) #​1762

Maintenance

  • Add comprehensive async method tests and documentation for issue #​1864
  • Replace Tmds.ExecFunction Package in coverlet.core.coverage.tests #​1833
  • Add net9.0 and net10.0 targets #​1822

Diff between 8.0.1 and 10.0.0

8.0.1

Fixed

  • Fix [BUG] TypeInitializationException when targeting .NET Framework #​1818
  • Fix [BUG] coverlet.MTP build fails with CS0400 due to developmentDependency=true #​1827

Improvements

  • Additional improvements needed for .NET Framework instrumentation type import #​1825

Diff between 8.0.0 and 8.0.1

8.0.0

Special Thanks: A huge thank you to @​Bertk for driving the majority of the work in this release! 🎉

Fixed

Improvements

  • Coverlet MTP extension feature #​1788
  • Generate SBOM for nuget packages #​1752
  • Use multi targets projects for coverlet.collector, coverlet.msbuild.tasks packages #​1742
  • Use .NET 8.0 target framework for coverlet.core and remove Newtonsoft.Json #​1733
  • Use latest System.CommandLine version #​1660
  • Upgraded minimum required .NET SDK and runtime to .NET 8.0 LTS (Long Term Support) (Breaking Change)
  • Use xunit.v3 for tests and example code

Diff between 6.0.4 and 8.0.0

Commits viewable in compare view.

Updated Mapster from 7.4.0 to 10.0.7.

Release notes

Sourced from Mapster's releases.

10.0.7

What's Changed

Full Changelog: MapsterMapper/Mapster@v10.0.6...10.0.7

10.0.7-pre04

What's Changed

Full Changelog: MapsterMapper/Mapster@v10.0.7-pre03...10.0.7-pre04

10.0.7-pre03

What's Changed

Full Changelog: MapsterMapper/Mapster@v10.0.7-pre02...v10.0.7-pre03

10.0.7-pre02

What's Changed

Full Changelog: MapsterMapper/Mapster@v10.0.7-pre01...v10.0.7-pre02

10.0.7-pre01

What's Changed

Full Changelog: MapsterMapper/Mapster@v10.0.6...v10.0.7-pre01

10.0.6

Breaking change in v10.0+ and new feature

New feature:

  • Fix #​883 - Add class ctor using default value for param

In version 7.4.0 this feature was only available for record types

If you encountered this mapping behavior in 7.4.0, it is possible that your class was recognized as a record type, or was mistakenly recognized as a record type See more.

If you need the mapping behavior as for Record, in v10.0+ you can use - [AdaptWith(AdaptDirectives.DestinationAsRecord)] .
If you need the ability to set this setting without using attributes, open issue on this topic.

Example:

[AdaptWith(AdaptDirectives.DestinationAsRecord)]
public class SimpleRecord
{
    public int Id { get; private set; }
    public string Name { get; private set; }

    public SimpleRecord(int id, string name)
    {
        this.Id = id;
        this.Name = name;
    }
}

What's Changed

Full Changelog: MapsterMapper/Mapster@v10.0.4...v10.0.6

10.0.4

Breaking change in v10.0+ and new feature

New feature:

In version 7.4.0 this feature was only available for record types

If you encountered this mapping behavior in 7.4.0, it is possible that your class was recognized as a record type, or was mistakenly recognized as a record type See more.

If you need the mapping behavior as for Record, in v10.0+ you can use - [AdaptWith(AdaptDirectives.DestinationAsRecord)] .
If you need the ability to set this setting without using attributes, open issue on this topic.

Example:

[AdaptWith(AdaptDirectives.DestinationAsRecord)]
public class SimpleRecord
{
    public int Id { get; private set; }
    public string Name { get; private set; }

    public SimpleRecord(int id, string name)
    {
        this.Id = id;
        this.Name = name;
    }
}

What's Changed

New Contributors

Full Changelog: MapsterMapper/Mapster@v10.0.0...v10.0.4

10.0.0

What's Changed

Commits viewable in compare view.

Updated Microsoft.NET.Test.Sdk from 17.14.1 to 18.6.0.

Release notes

Sourced from Microsoft.NET.Test.Sdk's releases.

18.6.0

What's Changed

Changes to tests and infra

18.5.1

What's Changed

Full Changelog: microsoft/vstest@v18.5.0...v18.5.1

18.5.0

⚠️ Unlisted on Nuget, because of #​15718

What's Changed

Full Changelog: microsoft/vstest@v18.4.0...v18.5.0

18.4.0

What's Changed

New Contributors

Full Changelog: microsoft/vstest@v18.3.0...v18.4.0

18.3.0

What's Changed

Internal fixes and updates

New Contributors

18.0.1

What's Changed

Fixing an issue with loading covrun64.dll on systems that have .NET 10 SDK installed: https://learn.microsoft.com/en-us/dotnet/core/compatibility/sdk/10.0/code-coverage-dynamic-native-instrumentation

Internal changes

Full Changelog: microsoft/vstest@v18.0.0...v18.0.1

18.0.0

What's Changed

Internal fixes and updates

Commits viewable in compare view.

Updated Swashbuckle.AspNetCore from 6.9.0 to 10.1.7.

Release notes

Sourced from Swashbuckle.AspNetCore's releases.

10.1.7

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.6...v10.1.7

10.1.6

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.5...v10.1.6

10.1.5

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.4...v10.1.5

10.1.4

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.3...v10.1.4

10.1.3

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.2...v10.1.3

10.1.2

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.1...v10.1.2

10.1.1

What's Changed

New Contributors

Full Changelog:

domaindrivendev/Swashbuckle.AspNetCore@v10.1.0...v10.1.1

10.1.0

What's Changed

New Features

Bug Fixes

Miscellaneous

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.0.1...v10.1.0

10.0.1

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.0.0...v10.0.1

10.0.0

Swashbuckle.AspNetCore v10.0.0

[!IMPORTANT]
This release contains major breaking changes.

Read our v10 migration guide for further information.

With this release, Swashbuckle.AspNetCore adds support for generating OpenAPI 3.1 documents and for ASP.NET Core 10.

Swashbuckle.AspNetCore v10 depends on OpenAPI.NET v2.3 which introduces many breaking changes to the public API surface. More information can be found in their OpenAPI.NET v2 Upgrade Guide.

To reduce the number of breaking behavioural changes in Swashbuckle.AspNetCore v10, generation of OpenAPI 3.1 documents is opt-in.
To generate OpenAPI 3.1 documents, change the OpenAPI version as shown in the code snippet below:

app.UseSwagger(options =>
{
    options.OpenApiVersion = OpenApiSpecVersion.OpenApi3_1;
});

[!TIP]
It is strongly recommended that you upgrade to Swashbuckle.AspNetCore v9.0.6 before upgrading to v10.

[!IMPORTANT]
Use of Swashbuckle.AspNetCore with the ASP.NET Core WithOpenApi() method is no longer supported.

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v9.0.6...v10.0.0

9.0.6

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v9.0.5...v9.0.6

9.0.5

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v9.0.4...v9.0.5

9.0.4

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v9.0.3...v9.0.4

9.0.3

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v9.0.2...v9.0.3

9.0.2

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v9.0.1...v9.0.2

9.0.1

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v9.0.0...v9.0.1

9.0.0

📣 This release contains the following breaking changes:

  • Drops support for netstandard2.0 and thus .NET Framework - now only net8.0 and net9.0 are supported.
  • Removes all public members annotated as [Obsolete] in previous releases.
  • Removes the deprecated --serializeasv2 option from Swashbuckle.AspNetCore.Cli, which was superseded by --openapiversion from version 8.0.0.

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v8.1.4...v9.0.0

8.1.4

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v8.1.3...v8.1.4

8.1.3

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v8.1.2...v8.1.3

8.1.2

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v8.1.1...v8.1.2

8.1.1

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v8.1.0...v8.1.1

8.1.0

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v8.0.0...v8.1.0

8.0.0

[!IMPORTANT]
Swashbuckle.AspNetCore drops support for .NET 6.

Swashbuckle.AspNetCore v8.0.0 makes the following notable changes:

  • Drops support for net6.0.
  • The netstandard2.0 TFM now depends on ASP.NET Core 2.3 instead of ASP.NET Core 2.1.
  • Updates Microsoft.OpenApi to v1.6.23. This update requires the use of swagger-ui v5.19.0 or later (v5.20.1 is included in the Swashbuckle.AspNetCore.SwaggerUI NuGet package). You may need to clear your browser's cache to pick up the latest JavaScript files for swagger-ui.
  • To prepare for future support for OpenAPI 3.1 documents, deprecates the SerializeAsV2 property by marking it as [Obsolete]. Users should update their code as illustrated below, depending on their use case:
    - options.SerializeAsV2 = true;
    + options.OpenApiVersion = Microsoft.OpenApi.OpenApiSpecVersion.OpenApi2_0;
    
    // or if explicitly disabling (the same as the default behaviour)
    - options.SerializeAsV2 = false;
    + options.OpenApiVersion = Microsoft.OpenApi.OpenApiSpecVersion.OpenApi3_0;
  • To prepare for future support for OpenAPI 3.1 documents, the Swashbuckle.AspNetCore.Cli tool has deprecated the --serializeasv2 option and logs a warning to the console. Users should update their usage as illustrated below, depending on their use case:
    - swagger tofile --output [output] [startupassembly] [swaggerdoc] --serializeasv2
    + swagger tofile --output [output] [startupassembly] [swaggerdoc] --openapiversion "2.0"

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v7.3.2...v8.0.0

7.3.2

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v7.3.1...v7.3.2

7.3.1

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v7.3.0...v7.3.1

7.3.0

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v7.2.0...v7.3.0

7.2.0

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v7.1.0...v7.2.0

7.1.0

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v7.0.0...v7.1.0

7.0.0

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v6.9.0...v7.0.0

Commits viewable in compare view.

Updated Testcontainers from 3.10.0 to 4.12.0.

Release notes

Sourced from Testcontainers's releases.

4.12.0

What's Changed

Thanks to all contributors 👏.

The NuGet packages for this release have been attested for supply chain security using actions/attest. This confirms the integrity and provenance of the artifacts and helps ensure they can be trusted: #​21198535.

⚠️ Breaking Changes

  • chore(deps): Bump Docker.DotNet from 3.131.1 to 4.0.2 (#​1665) @​HofmeisterAn

🚀 Features

  • feat: Add Floci module (#​1690) @​object
  • feat: Ignore port-forwarding extra host in reuse hash (#​1689) @​HofmeisterAn
  • feat: Allow devs to override the reuse hash calculation (#​1688) @​HofmeisterAn
  • feat: Add connect to network API (#​1672) @​HofmeisterAn
  • feat(LocalStack): Require auth token for 4.15 and onwards (#​1667) @​HofmeisterAn
  • chore(deps): Bump Docker.DotNet from 3.131.1 to 4.0.2 (#​1665) @​HofmeisterAn

🐛 Bug Fixes

  • fix: Trim tar record padding to avoid broken-pipe failure on Podman (#​1684) @​artiomchi
  • fix(Nats): Use healthz API for readiness probe (#​1679) @​eriblo01
  • fix: Remove KeepAlive socket option (#​1671) @​Angelinsky7

📖 Documentation

  • docs: Extend WithCommand(params string[]) documentation (#​1685) @​HofmeisterAn

🧹 Housekeeping

  • feat: Prepare next release cycle (4.12.0) (#​1664) @​HofmeisterAn

📦 Dependency Updates

  • chore(deps): Bump the actions group with 5 updates (#​1687) @dependabot[bot]
  • chore(deps): Bump Docker.DotNet from 4.1.0 to 4.2.0 (#​1686) @​HofmeisterAn
  • chore(deps): Bump the actions group with 5 updates (#​1676) @dependabot[bot]
  • chore(deps): Bump Docker.DotNet from 4.0.2 to 4.1.0 (#​1674) @​HofmeisterAn
  • chore(deps): Bump Docker.DotNet from 3.131.1 to 4.0.2 (#​1665) @​HofmeisterAn

4.11.0

What's Changed

Thanks to all contributors. Once again, really great contributions from everyone 🤝.

The NuGet packages for this release have been attested for supply chain security using actions/attest. This c...

_Des...

Description has been truncated

Bumps coverlet.collector from 6.0.4 to 10.0.1
Bumps Mapster from 7.4.0 to 10.0.7
Bumps Microsoft.NET.Test.Sdk from 17.14.1 to 18.6.0
Bumps Swashbuckle.AspNetCore from 6.9.0 to 10.1.7
Bumps Testcontainers from 3.10.0 to 4.12.0
Bumps xunit.runner.visualstudio from 2.8.2 to 3.1.5

---
updated-dependencies:
- dependency-name: coverlet.collector
  dependency-version: 10.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: coverlet.collector
  dependency-version: 10.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: coverlet.collector
  dependency-version: 10.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: Mapster
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-version: 18.6.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-version: 18.6.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-version: 18.6.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: Swashbuckle.AspNetCore
  dependency-version: 10.1.7
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: Testcontainers
  dependency-version: 4.12.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: xunit.runner.visualstudio
  dependency-version: 3.1.5
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: xunit.runner.visualstudio
  dependency-version: 3.1.5
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: xunit.runner.visualstudio
  dependency-version: 3.1.5
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github May 28, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: .NET, dependencies, nuget, packages. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@socket-security

socket-security Bot commented May 28, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedcoverlet.collector@​6.0.4 ⏵ 10.0.169 +5100100100100
Updatedmapster@​7.4.0 ⏵ 10.0.7100 +110090100100
Updatedswashbuckle.aspnetcore@​6.9.0 ⏵ 10.2.110010090100100
Updatedmicrosoft.net.test.sdk@​17.14.1 ⏵ 18.6.010010090100100
Updatedtestcontainers@​3.10.0 ⏵ 4.12.095 -510090100100
Updatedxunit.runner.visualstudio@​2.8.2 ⏵ 3.1.596 +410090100100

View full report

@socket-security

socket-security Bot commented May 28, 2026

Copy link
Copy Markdown

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Block Medium
Network access: nuget bouncycastle.cryptography

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/bouncycastle.cryptography@2.6.2

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/bouncycastle.cryptography@2.6.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Dynamic code execution: nuget bouncycastle.cryptography

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/bouncycastle.cryptography@2.6.2

ℹ Read more on: This package | This alert | What is dynamic code execution?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/bouncycastle.cryptography@2.6.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Dynamic code execution: nuget docker.dotnet.enhanced.handler.abstractions

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.handler.abstractions@4.2.0

ℹ Read more on: This package | This alert | What is dynamic code execution?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.handler.abstractions@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Network access: nuget docker.dotnet.enhanced.handler.abstractions

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.handler.abstractions@4.2.0

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.handler.abstractions@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Low adoption: nuget docker.dotnet.enhanced.handler.abstractions

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.handler.abstractions@4.2.0

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.handler.abstractions@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Network access: nuget docker.dotnet.enhanced.legacyhttp

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.legacyhttp@4.2.0

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.legacyhttp@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
System shell access: nuget docker.dotnet.enhanced.legacyhttp

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.legacyhttp@4.2.0

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.legacyhttp@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Low adoption: nuget docker.dotnet.enhanced.legacyhttp

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.legacyhttp@4.2.0

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.legacyhttp@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Dynamic code execution: nuget docker.dotnet.enhanced.legacyhttp

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.legacyhttp@4.2.0

ℹ Read more on: This package | This alert | What is dynamic code execution?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.legacyhttp@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Network access: nuget docker.dotnet.enhanced.nativehttp

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.nativehttp@4.2.0

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.nativehttp@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Low adoption: nuget docker.dotnet.enhanced.nativehttp

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.nativehttp@4.2.0

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.nativehttp@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Dynamic code execution: nuget docker.dotnet.enhanced.nativehttp

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.nativehttp@4.2.0

ℹ Read more on: This package | This alert | What is dynamic code execution?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.nativehttp@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Network access: nuget docker.dotnet.enhanced.npipe

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.npipe@4.2.0

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.npipe@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
System shell access: nuget docker.dotnet.enhanced.npipe

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.npipe@4.2.0

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.npipe@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Low adoption: nuget docker.dotnet.enhanced.npipe

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.npipe@4.2.0

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.npipe@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Dynamic code execution: nuget docker.dotnet.enhanced.npipe

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.npipe@4.2.0

ℹ Read more on: This package | This alert | What is dynamic code execution?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.npipe@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Network access: nuget docker.dotnet.enhanced.unix

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.unix@4.2.0

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.unix@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
System shell access: nuget docker.dotnet.enhanced.unix

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.unix@4.2.0

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.unix@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Low adoption: nuget docker.dotnet.enhanced.unix

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.unix@4.2.0

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.unix@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Dynamic code execution: nuget docker.dotnet.enhanced.unix

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.unix@4.2.0

ℹ Read more on: This package | This alert | What is dynamic code execution?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.unix@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Network access: nuget docker.dotnet.enhanced.x509

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.x509@4.2.0

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.x509@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
System shell access: nuget docker.dotnet.enhanced.x509

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.x509@4.2.0

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.x509@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Dynamic code execution: nuget docker.dotnet.enhanced.x509

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.x509@4.2.0

ℹ Read more on: This package | This alert | What is dynamic code execution?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.x509@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Network access: nuget docker.dotnet.enhanced

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced@4.2.0

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
System shell access: nuget docker.dotnet.enhanced

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced@4.2.0

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Dynamic code execution: nuget docker.dotnet.enhanced

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced@4.2.0

ℹ Read more on: This package | This alert | What is dynamic code execution?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

See 18 more rows in the dashboard

View full report

@guibranco guibranco enabled auto-merge (squash) June 2, 2026 11:08
@gstraccini gstraccini Bot added the ☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) label Jun 2, 2026
@gstraccini gstraccini Bot added the 🤖 bot Automated processes or integrations label Jun 2, 2026

@guibranco guibranco left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approved by gstraccini[bot]

@github-actions

github-actions Bot commented Jun 2, 2026

Copy link
Copy Markdown

Infisical secrets check: ✅ No secrets leaked!

💻 Scan logs
2026-06-02T11:08:46Z INF scanning for exposed secrets...
11:08AM INF 19 commits scanned.
2026-06-02T11:08:46Z INF scan completed in 89.6ms
2026-06-02T11:08:46Z INF no leaks found

@dependabot @github

dependabot Bot commented on behalf of github Jun 4, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 4, 2026
auto-merge was automatically disabled June 4, 2026 03:59

Pull request was closed

@dependabot dependabot Bot deleted the dependabot/nuget/src/Grimoire.Api/dependencies-3148c12b29 branch June 4, 2026 03:59
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) 🤖 bot Automated processes or integrations

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant