Skip to content

Bump Mapster, Swashbuckle.AspNetCore and Testcontainers#39

Closed
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/nuget/src/Grimoire.Api/dependencies-68f485738b
Closed

Bump Mapster, Swashbuckle.AspNetCore and Testcontainers#39
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/nuget/src/Grimoire.Api/dependencies-68f485738b

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown
Contributor

Updated Mapster from 7.4.0 to 10.0.8.

Release notes

Sourced from Mapster's releases.

10.0.8

What's Changed

New Contributors

Full Changelog: MapsterMapper/Mapster@10.0.7...v10.0.8

10.0.8-pre07

What's Changed

New Contributors

Full Changelog: MapsterMapper/Mapster@v10.0.8-pre06...v10.0.8-pre07

10.0.8-pre06

What's Changed

Full Changelog: MapsterMapper/Mapster@v10.0.8-pre05...v10.0.8-pre06

10.0.8-pre05

What's Changed

Full Changelog: MapsterMapper/Mapster@v10.0.8-pre04...v10.0.8-pre05

10.0.8-pre04

What's Changed

Full Changelog: MapsterMapper/Mapster@v10.0.8-pre03...v10.0.8-pre04

10.0.8-pre03

What's Changed

Full Changelog: MapsterMapper/Mapster@v10.0.8-pre02...v10.0.8-pre03

10.0.8-pre02

What's Changed

Full Changelog: MapsterMapper/Mapster@v10.0.8-pre01...v10.0.8-pre02

10.0.8-pre01

What's Changed

Full Changelog: MapsterMapper/Mapster@10.0.7...v10.0.8-pre01

10.0.7

What's Changed

Full Changelog: MapsterMapper/Mapster@v10.0.6...10.0.7

10.0.7-pre04

What's Changed

Full Changelog: MapsterMapper/Mapster@v10.0.7-pre03...10.0.7-pre04

10.0.7-pre03

What's Changed

Full Changelog: MapsterMapper/Mapster@v10.0.7-pre02...v10.0.7-pre03

10.0.7-pre02

What's Changed

Full Changelog: MapsterMapper/Mapster@v10.0.7-pre01...v10.0.7-pre02

10.0.7-pre01

What's Changed

Full Changelog: MapsterMapper/Mapster@v10.0.6...v10.0.7-pre01

10.0.6

Breaking change in v10.0+ and new feature

New feature:

  • Fix #​883 - Add class ctor using default value for param

In version 7.4.0 this feature was only available for record types

If you encountered this mapping behavior in 7.4.0, it is possible that your class was recognized as a record type, or was mistakenly recognized as a record type See more.

If you need the mapping behavior as for Record, in v10.0+ you can use - [AdaptWith(AdaptDirectives.DestinationAsRecord)] .
If you need the ability to set this setting without using attributes, open issue on this topic.

Example:

[AdaptWith(AdaptDirectives.DestinationAsRecord)]
public class SimpleRecord
{
    public int Id { get; private set; }
    public string Name { get; private set; }

    public SimpleRecord(int id, string name)
    {
        this.Id = id;
        this.Name = name;
    }
}

What's Changed

Full Changelog: MapsterMapper/Mapster@v10.0.4...v10.0.6

10.0.4

Breaking change in v10.0+ and new feature

New feature:

In version 7.4.0 this feature was only available for record types

If you encountered this mapping behavior in 7.4.0, it is possible that your class was recognized as a record type, or was mistakenly recognized as a record type See more.

If you need the mapping behavior as for Record, in v10.0+ you can use - [AdaptWith(AdaptDirectives.DestinationAsRecord)] .
If you need the ability to set this setting without using attributes, open issue on this topic.

Example:

[AdaptWith(AdaptDirectives.DestinationAsRecord)]
public class SimpleRecord
{
    public int Id { get; private set; }
    public string Name { get; private set; }

    public SimpleRecord(int id, string name)
    {
        this.Id = id;
        this.Name = name;
    }
}

What's Changed

New Contributors

Full Changelog: MapsterMapper/Mapster@v10.0.0...v10.0.4

10.0.0

What's Changed

Commits viewable in compare view.

Updated Swashbuckle.AspNetCore from 6.9.0 to 10.2.1.

Release notes

Sourced from Swashbuckle.AspNetCore's releases.

10.2.1

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.2.0...v10.2.1

10.2.0

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.7...v10.2.0

10.1.7

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.6...v10.1.7

10.1.6

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.5...v10.1.6

10.1.5

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.4...v10.1.5

10.1.4

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.3...v10.1.4

10.1.3

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.2...v10.1.3

10.1.2

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.1...v10.1.2

10.1.1

What's Changed

New Contributors

Full Changelog:

domaindrivendev/Swashbuckle.AspNetCore@v10.1.0...v10.1.1

10.1.0

What's Changed

New Features

Bug Fixes

Miscellaneous

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.0.1...v10.1.0

10.0.1

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.0.0...v10.0.1

10.0.0

Swashbuckle.AspNetCore v10.0.0

[!IMPORTANT]
This release contains major breaking changes.

Read our v10 migration guide for further information.

With this release, Swashbuckle.AspNetCore adds support for generating OpenAPI 3.1 documents and for ASP.NET Core 10.

Swashbuckle.AspNetCore v10 depends on OpenAPI.NET v2.3 which introduces many breaking changes to the public API surface. More information can be found in their OpenAPI.NET v2 Upgrade Guide.

To reduce the number of breaking behavioural changes in Swashbuckle.AspNetCore v10, generation of OpenAPI 3.1 documents is opt-in.
To generate OpenAPI 3.1 documents, change the OpenAPI version as shown in the code snippet below:

app.UseSwagger(options =>
{
    options.OpenApiVersion = OpenApiSpecVersion.OpenApi3_1;
});

[!TIP]
It is strongly recommended that you upgrade to Swashbuckle.AspNetCore v9.0.6 before upgrading to v10.

[!IMPORTANT]
Use of Swashbuckle.AspNetCore with the ASP.NET Core WithOpenApi() method is no longer supported.

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v9.0.6...v10.0.0

9.0.6

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v9.0.5...v9.0.6

9.0.5

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v9.0.4...v9.0.5

9.0.4

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v9.0.3...v9.0.4

9.0.3

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v9.0.2...v9.0.3

9.0.2

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v9.0.1...v9.0.2

9.0.1

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v9.0.0...v9.0.1

9.0.0

📣 This release contains the following breaking changes:

  • Drops support for netstandard2.0 and thus .NET Framework - now only net8.0 and net9.0 are supported.
  • Removes all public members annotated as [Obsolete] in previous releases.
  • Removes the deprecated --serializeasv2 option from Swashbuckle.AspNetCore.Cli, which was superseded by --openapiversion from version 8.0.0.

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v8.1.4...v9.0.0

8.1.4

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v8.1.3...v8.1.4

8.1.3

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v8.1.2...v8.1.3

8.1.2

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v8.1.1...v8.1.2

8.1.1

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v8.1.0...v8.1.1

8.1.0

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v8.0.0...v8.1.0

8.0.0

[!IMPORTANT]
Swashbuckle.AspNetCore drops support for .NET 6.

Swashbuckle.AspNetCore v8.0.0 makes the following notable changes:

  • Drops support for net6.0.
  • The netstandard2.0 TFM now depends on ASP.NET Core 2.3 instead of ASP.NET Core 2.1.
  • Updates Microsoft.OpenApi to v1.6.23. This update requires the use of swagger-ui v5.19.0 or later (v5.20.1 is included in the Swashbuckle.AspNetCore.SwaggerUI NuGet package). You may need to clear your browser's cache to pick up the latest JavaScript files for swagger-ui.
  • To prepare for future support for OpenAPI 3.1 documents, deprecates the SerializeAsV2 property by marking it as [Obsolete]. Users should update their code as illustrated below, depending on their use case:
    - options.SerializeAsV2 = true;
    + options.OpenApiVersion = Microsoft.OpenApi.OpenApiSpecVersion.OpenApi2_0;
    
    // or if explicitly disabling (the same as the default behaviour)
    - options.SerializeAsV2 = false;
    + options.OpenApiVersion = Microsoft.OpenApi.OpenApiSpecVersion.OpenApi3_0;
  • To prepare for future support for OpenAPI 3.1 documents, the Swashbuckle.AspNetCore.Cli tool has deprecated the --serializeasv2 option and logs a warning to the console. Users should update their usage as illustrated below, depending on their use case:
    - swagger tofile --output [output] [startupassembly] [swaggerdoc] --serializeasv2
    + swagger tofile --output [output] [startupassembly] [swaggerdoc] --openapiversion "2.0"

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v7.3.2...v8.0.0

7.3.2

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v7.3.1...v7.3.2

7.3.1

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v7.3.0...v7.3.1

7.3.0

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v7.2.0...v7.3.0

7.2.0

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v7.1.0...v7.2.0

7.1.0

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v7.0.0...v7.1.0

7.0.0

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v6.9.0...v7.0.0

Commits viewable in compare view.

Updated Testcontainers from 3.10.0 to 4.12.0.

Release notes

Sourced from Testcontainers's releases.

4.12.0

What's Changed

Thanks to all contributors 👏.

The NuGet packages for this release have been attested for supply chain security using actions/attest. This confirms the integrity and provenance of the artifacts and helps ensure they can be trusted: #​21198535.

⚠️ Breaking Changes

  • chore(deps): Bump Docker.DotNet from 3.131.1 to 4.0.2 (#​1665) @​HofmeisterAn

🚀 Features

  • feat: Add Floci module (#​1690) @​object
  • feat: Ignore port-forwarding extra host in reuse hash (#​1689) @​HofmeisterAn
  • feat: Allow devs to override the reuse hash calculation (#​1688) @​HofmeisterAn
  • feat: Add connect to network API (#​1672) @​HofmeisterAn
  • feat(LocalStack): Require auth token for 4.15 and onwards (#​1667) @​HofmeisterAn
  • chore(deps): Bump Docker.DotNet from 3.131.1 to 4.0.2 (#​1665) @​HofmeisterAn

🐛 Bug Fixes

  • fix: Trim tar record padding to avoid broken-pipe failure on Podman (#​1684) @​artiomchi
  • fix(Nats): Use healthz API for readiness probe (#​1679) @​eriblo01
  • fix: Remove KeepAlive socket option (#​1671) @​Angelinsky7

📖 Documentation

  • docs: Extend WithCommand(params string[]) documentation (#​1685) @​HofmeisterAn

🧹 Housekeeping

  • feat: Prepare next release cycle (4.12.0) (#​1664) @​HofmeisterAn

📦 Dependency Updates

  • chore(deps): Bump the actions group with 5 updates (#​1687) @dependabot[bot]
  • chore(deps): Bump Docker.DotNet from 4.1.0 to 4.2.0 (#​1686) @​HofmeisterAn
  • chore(deps): Bump the actions group with 5 updates (#​1676) @dependabot[bot]
  • chore(deps): Bump Docker.DotNet from 4.0.2 to 4.1.0 (#​1674) @​HofmeisterAn
  • chore(deps): Bump Docker.DotNet from 3.131.1 to 4.0.2 (#​1665) @​HofmeisterAn

4.11.0

What's Changed

Thanks to all contributors. Once again, really great contributions from everyone 🤝.

The NuGet packages for this release have been attested for supply chain security using actions/attest. This confirms the integrity and provenance of the artifacts and helps ensure they can be trusted: #​21198535.

Please be aware that we have changed the supported and underlying image used for the Cosmos DB module. The latest tag only supports certain environments and provides a limited set of features. Microsoft has introduced a new implementation, vnext-preview, which receives more updates and features. Due to the limitations of the latest tag, we decided to replace it with vnext-preview. You find more information about the image here: https://github.com/Azure/azure-cosmos-db-emulator-docker.

⚠️ Breaking Changes

  • feat(CosmosDb): Update base image from latest to vnext-preview (#​1324) @​NelsonBN

🚀 Features

  • feat(CosmosDb): Update base image from latest to vnext-preview (#​1324) @​NelsonBN
  • feat: Add typed WithResourceMapping(...) overloads (#​1497) @​cimnine
  • feat: Add Seq module (#​1276) @​montanehamilton
  • feat(PostgreSql): Add WithSsl builder API (#​1529) @​ozkanpakdil
  • feat: Add Temporal module (#​1635) @​bgener
  • feat: Add module connection string provider (#​1632) @​HofmeisterAn
  • fead: Add default container connection string provider (#​1630) @​HofmeisterAn
  • feat(ServiceBus): Add method to get HTTP connection string (#​1622) @​NelsonBN

🐛 Bug Fixes

  • fix(MongoDb): Wait for post-init startup readiness before replica set initiation (#​1656) @​HofmeisterAn
  • fix(Seq): Assert connection string provider (#​1645) @​HofmeisterAn
  • fix(EventHubs): Ignore runtime property to support reuse (#​1644) @​franciscosamuel
  • fix(ServiceBus): Ignore runtime property to support reuse (#​1643) @​franciscosamuel
  • fix(ResourceReaper): Set wait strategy (#​1634) @​HofmeisterAn
  • fix(ServiceBus): Workaround health API timeout (#​1625) @​HofmeisterAn
  • fix: Do not set console buffer width (ConsoleLogger) (#​1623) @​HofmeisterAn
  • fix(EventHubs): Workaround health API timeout (#​1624) @​HofmeisterAn

📖 Documentation

  • docs(CosmosDb): Replace unsupported tag 'latest' with 'vnext-preview' (#​1660) @​HofmeisterAn
  • docs(Redis): Add example (#​1641) @​HofmeisterAn

🧹 Housekeeping

  • chore(examples): Enable NuGet restore lock mode (#​1659) @​HofmeisterAn
  • chore: Pin image digest (#​1658) @​HofmeisterAn
  • fix: Run OpenSSF Scorecard only on default branch (#​1657) @​HofmeisterAn
  • chore: Remove Git LFS tracking for .snk (#​1655) @​HofmeisterAn
  • feat: Enable Dependabot for NuGet (repo) (#​1654) @​HofmeisterAn
  • feat: Enable Dependabot for NuGet (src) (#​1653) @​HofmeisterAn
  • fix: Replace branch protection with ruleset (#​1652) @​HofmeisterAn
  • fix: Do not enforce policies for admins (#​1651) @​HofmeisterAn
  • fix: Remove missing labels from Dependabot (#​1650) @​HofmeisterAn
    ... (truncated)

4.10.0

What's Changed

Happy New Year, everyone! 🎉

Please note that going forward, we expect developers to explicitly pin the image version (testcontainers/testcontainers-dotnet#1470). We consider this a best practice and it aligns with other language implementations.

Also, due to the recent Docker Engine v29 release, TC for .NET pins the Docker Engine API version to 1.44 (see the previous release notes). You can override this default and set it to the version you're using, ideally 1.52, which corresponds to v29, if you're already running it.

⚠️ Breaking Changes

  • feat: Add Docker Engine v29 support (#​1609) @​HofmeisterAn
  • chore: Remove EventStoreDb module (#​1599) @​HofmeisterAn

🚀 Features

  • feat: Require explicit container image in Testcontainers.Xunit (#​1612) @​0xced
  • feat: Add Platform property to IImage interface (#​1610) @​HofmeisterAn
  • feat: Add Docker Engine v29 support (#​1609) @​HofmeisterAn
  • feat: Require explicit container image when creating container builder (#​1584) @​digital88
  • feat: Add connection string provider (#​1588) @​HofmeisterAn

🐛 Bug Fixes

  • fix(Kafka): Bump image version to prevent container crash on startup (#​1604) @​HofmeisterAn
  • fix(Elasticsearch): Use HTTP wait strategy (#​1593) @​digital88
  • fix(Milvus): Use healthcheck wait strategy (#​1585) @​verdie-g

📖 Documentation

  • docs: Pin the image version explicitly (#​1605) @​HofmeisterAn

🧹 Housekeeping

  • chore: Remove Sonar findings (#​1611) @​HofmeisterAn
  • chore: Pin Docker Engine API for GH workflow to 1.47 (#​1608) @​HofmeisterAn
  • chore: Set remaining container image explicit (#​1606) @​digital88
  • fix(Kafka): Bump image version to prevent container crash on startup (#​1604) @​HofmeisterAn
  • chore: Remove EventStoreDb test project from SLNX file (#​1603) @​0xced
  • chore: Skip unnecessary work for empty or null sequences (#​1601) @​HofmeisterAn
  • chore: Delegate container builder ctor string to IImage (#​1600) @​HofmeisterAn
  • chore: Remove EventStoreDb module (#​1599) @​HofmeisterAn
  • feat: Prepare next release cycle (4.10.0) (#​1586) @​HofmeisterAn

4.9.0

What's Changed

This release adds a new configuration (DOCKER_API_VERSION) that lets you pin and downgrade the Docker Engine API version. This was needed because Docker Engine v29 introduced breaking changes that affect Docker.DotNet and Testcontainers for .NET. This release pins the API version to 1.44. So far, no issues or negative side effects have been observed.

I am also working on updating Docker.DotNet to make it fully compatible with Docker Engine v29. There is already a work-in-progress PR.

Thanks to all the contributors who helped with this release 👍.

⚠️ Breaking Changes

  • feat: Add KurrentDb module (#​1583) @​diegosasw

🚀 Features

  • feat: Add KurrentDb module (#​1583) @​diegosasw
  • chore: Bump NuGet dependencies (#​1578) @​HofmeisterAn
  • feat: Add .NET 10 support (#​1572) @​HofmeisterAn
  • feat: Support configuring Docker API version (#​1576) @​HofmeisterAn
  • feat: Add Mosquitto module (#​1522) @​EtherZa
  • feat: Add Toxiproxy module (#​1454) @​iltertaha
  • feat: Add Grafana module (#​1509) @​thomhurst
  • feat: Add Playwright module (#​1288) @​alimahboubi

🐛 Bug Fixes

  • fix(Milvus): Set DEPLOY_MODE=STANDALONE (necessary for v2.6+) (#​1569) @​verdie-g
  • fix: Set Kusto wait strategy encoding to UTF-8 (#​1567) @​MattKotsenas
  • fix: Split ALL_CHANGED_FILES on any whitespace (#​1566) @​HofmeisterAn

📖 Documentation

  • docs: Use correct comment characters for C# language (#​1564) @​HofmeisterAn

🧹 Housekeeping

  • feat: Add SLNX file (#​1579) @​HofmeisterAn
  • chore: Update Toxiproxy NuGet dependency to a .NET compatible version (#​1568) @​HofmeisterAn
  • chore: Add script to detect which tests to run in CI (#​1563) @​HofmeisterAn
  • chore: Make the continuous delivery job fork-friendly (#​1559) @​0xced
  • feat: Prepare next release cycle (4.9.0) (#​1561) @​HofmeisterAn

4.8.1

What's Changed

🐛 Bug Fixes

  • fix: Compute correct relative Dockerfile file path (#​1558) @​HofmeisterAn

4.8.0

What's Changed

Thank you to all the contributors 🙌.

In version 4.7.0, we noticed that the reuse hash could change depending on the order of dictionary values. This has been fixed to ensure that dictionary values are processed in a consistent order when generating the reuse hash. As a result, the reuse hash will likely change again with 4.8.0.

Wait strategies now default to the Running mode. This mode expects the container to remain running throughout startup. If the container exits unexpectedly, Testcontainers will throw a ContainerNotRunningException that includes the exit code and container logs.

The container startup callback now includes an additional overload that provides the actual container configuration. If you implement IContainerBuilder<TBuilderEntity, TContainerEntity>, you need to add the container configuration (e.g., IContainerConfiguration) as a third generic type constraint to IContainerBuilder.

IContainerBuilder.WithResourceMapping and IContainer.CopyAsync now include two new optional arguments: uid and gid. If you do not need to specify those, use named arguments for the existing parameters: fileMode or ct.

⚠️ Breaking Changes

  • fix: Generate consistent reuse hashes by sorting dictionary keys (#​1554) @​0xced
  • feat: Throw if container not running (#​1550) @​HofmeisterAn
  • feat: Add startup callback overload with configuration type (#​1547) @​HofmeisterAn
  • feat: Support UID/GID when copying files (#​1531) @​HofmeisterAn

🚀 Features

  • feat: Throw if container not running (#​1550) @​HofmeisterAn
  • feat: Add startup callback overload with configuration type (#​1547) @​HofmeisterAn
  • feat: Add Docker build context (#​1536) @​HofmeisterAn
  • feat: Add WithTarget(string) to image builder (#​1534) @​HofmeisterAn
  • feat: Resolve Dockerfile ARGs pulling base images (#​1532) @​HofmeisterAn
  • feat: Support UID/GID when copying files (#​1531) @​HofmeisterAn
  • feat(Keycloak): Add API to import a realm configuration file (#​1526) @​VladislavAntonyuk

🐛 Bug Fixes

  • fix: Generate consistent reuse hashes by sorting dictionary keys (#​1554) @​0xced
  • fix(MongoDb): Use db.runCommand({hello:1}) do detect readiness (#​1548) @​HofmeisterAn
  • fix(Papercut): Pin version 7.0 and set new HTTP and SMTP ports (#​1549) @​HofmeisterAn
  • fix(Pulsar): Wait for default namespace (#​1539) @​HofmeisterAn
  • fix(Keycloak): Wait until user created (#​1535) @​HofmeisterAn

📖 Documentation

  • docs: Remove obsolete UntilOperationIsSucceeded wait strategy example (#​1551) @​ascott18
  • docs: Fix link to Ryuk in IContainerBuilder.WithAutoRemove code comment (#​1546) @​hojmark

🧹 Housekeeping

  • chore: Don't create a static field in a generic class (#​1555) @​HofmeisterAn
  • chore: Add test certificates to common project (#​1545) @​HofmeisterAn
  • chore: Update CI workflow to ubuntu-24.04 (#​1544) @​HofmeisterAn
  • chore: Collect test projects at CI runtime (#​1543) @​HofmeisterAn
  • chore: Fix grammar (#​1542) @​Smoothengineer
  • chore: Bump Ryuk (#​1537) @​HofmeisterAn
    ... (truncated)

4.7.0

What's Changed

This release doesn't introduce breaking changes to the public API, but it isn't binary compatible due to necessary internal changes. Make sure to update all related packages (Testcontainers modules) to the same version. See more details here. Thanks to all contributors 👏.

⚠️ Breaking Changes

  • feat(Kafka): Add KRaft support (#​1353) @​SukharevAndrey
  • feat: Add ability to override enumerable builder values (#​1506) @​HofmeisterAn

🚀 Features

  • feat: Add wait strategy to check external (TCP) port availability (#​1495) @​WhiteTomX
  • feat(Kafka): Add KRaft support (#​1353) @​SukharevAndrey
  • feat: Relax Base64 auth provider and ignore path segments in Docker registry URLs (#​1516) @​HofmeisterAn
  • feat: Add ability to override enumerable builder values (#​1506) @​HofmeisterAn
  • feat(Elasticsearch): Return HTTP connection string if security is disabled (#​1494) @​HofmeisterAn
  • fix: Add tooling to inherit XML docs (#​1493) @​HofmeisterAn
  • feat: Resolve .slnx (solution) file in common directory paths (#​1492) @​alexander-jesner-AP
  • feat: Support getting all mapped ports (#​1485) @​HofmeisterAn
  • feat: Add named pipe connection timeout custom configuration (#​1480) @​HofmeisterAn

🐛 Bug Fixes

  • feat(Kafka): Add KRaft support (#​1353) @​SukharevAndrey
  • fix: Send valid HTTP test responses (#​1505) @​HofmeisterAn
  • fix: Use null-conditional operator to access FinishedAt (#​1499) @​HofmeisterAn
  • fix: Remove timeout that kills PID 1 when stopping a container (#​1481) @​HofmeisterAn
  • fix(Pulsar): Wait until the consumer becomes connected (#​1467) @​HofmeisterAn
  • fix(ServiceBus): Remove container lifecycle overrides (#​1465) @​HofmeisterAn

📖 Documentation

  • docs: Explain how to substitute the Docker Hub registry (#​1503) @​HofmeisterAn
  • docs: Extend example copying files to a container (#​1487) @​cimnine

🧹 Housekeeping

  • chore: Change Kafka vendor configuration from class to interface (#​1519) @​HofmeisterAn
  • chore: Bump Docker.DotNet version to 3.128.5 (#​1511) @​HofmeisterAn
  • chore: Build a single project instead of the whole solution (#​1502) @​HofmeisterAn

4.6.0

What's Changed

This is a patch release (but the minor version was already set). It fixes a bug in our Docker.DotNet fork where a wrong HTTP Connection header break Podman and possibly other environments. Shipped a quick fix. Thanks again to @​ahaeber and @​victor-lambret for the help.

🐛 Bug Fixes

  • chore: Bump Docker.DotNet version to 3.128.3 (#​1462) @​HofmeisterAn

🧹 Housekeeping

  • chore: Bump Docker.DotNet version to 3.128.3 (#​1462) @​HofmeisterAn

4.5.0

What's Changed

Big thanks to everyone who contributed to this release 🤜🤛.

🚀 Features

  • feat: Add OpenSearch module (#​1395) @​digital88
  • feat: Add Typesense module (#​1446) @​brainded
  • feat: Add Task<ExecResult> extension method ThrowOnFailure (#​1448) @​HofmeisterAn
  • feat: Throw DockerUnavailableException when Docker is not available (#​1308) @​0xced
  • feat: Improve error reporting when loading the Docker configuration file (#​1263) @​0xced
  • feat: Add a wait strategy that waits until the ADO.NET database is available (#​1401) @​0xced
  • feat: Add Ollama module (#​1099) @​frankhaugen
  • feat: Allow canceling container start in xUnit.net v3 fixtures (#​1431) @​TheConstructor
  • fix(EventHubs): Support default consumer group name (#​1432) @​scrocquesel-ml150
  • feat: Add Lowkey Vault module (#​1344) @​Xor-el
  • feat(ServiceBus): Add builder API to upload config file (#​1424) @​chasewallis

🐛 Bug Fixes

  • fix: Set container created, started, stopped time from inspect response (#​1455) @​HofmeisterAn
  • fix(EventHubs): Change predicate that it does not always evaluate to true (#​1433) @​HofmeisterAn
  • fix(EventHubs): Support default consumer group name (#​1432) @​scrocquesel-ml150

📖 Documentation

  • docs(ClickHouse): Add example (#​1421) @​digital88
  • docs: Mention the xUnit.net v3 module (package) (#​1442) @​TheConstructor

🧹 Housekeeping

  • chore: Add ExecResult serializable test data (#​1456) @​HofmeisterAn
  • chore: Remove Sonar findings (#​1450) @​HofmeisterAn
  • chore: Replace Cake .NET Tool with Cake Frosting (#​1437) @​0xced
  • chore: Update test-framework to xUnit.net v3 (#​1441) @​TheConstructor
  • chore: Bump Docker.DotNet version to 3.128.1 (#​1443) @​HofmeisterAn
  • chore: Add xUnit.net v3 tests (#​1430) @​TheConstructor
  • chore: Bump CI .NET SDK and Cake version (#​1434) @​HofmeisterAn

4.4.0

What's Changed

Time for a new release! Big thanks to everyone who helped out with this one. It's got some awesome new features and fixes 😎. Seriously, I can't thank you enough. This wouldn't be possible without your ongoing support 🙏.

🚀 Features

  • feat: Add Socat container implementation (#​1416) @​eddumelendez
  • feat(Keycloak): Support admin bootstrapping for version 26 onwards (#​140...

Description has been truncated

Depen...

Description has been truncated

Bumps Mapster from 7.4.0 to 10.0.8
Bumps Swashbuckle.AspNetCore from 6.9.0 to 10.2.1
Bumps Testcontainers from 3.10.0 to 4.12.0

---
updated-dependencies:
- dependency-name: Mapster
  dependency-version: 10.0.8
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: Swashbuckle.AspNetCore
  dependency-version: 10.2.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: Testcontainers
  dependency-version: 4.12.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 18, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: .NET, dependencies, nuget, packages. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@socket-security

socket-security Bot commented Jun 18, 2026

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Updatedmapster@​7.4.0 ⏵ 10.0.898 -110090100100
Updatedswashbuckle.aspnetcore@​6.9.0 ⏵ 10.2.110010090100100
Updatedtestcontainers@​3.10.0 ⏵ 4.12.095 -510090100100

View full report

@socket-security

socket-security Bot commented Jun 18, 2026

Copy link
Copy Markdown

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Block Medium
Network access: nuget bouncycastle.cryptography

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/bouncycastle.cryptography@2.6.2

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/bouncycastle.cryptography@2.6.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Dynamic code execution: nuget bouncycastle.cryptography

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/bouncycastle.cryptography@2.6.2

ℹ Read more on: This package | This alert | What is dynamic code execution?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/bouncycastle.cryptography@2.6.2. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Network access: nuget docker.dotnet.enhanced.handler.abstractions

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.handler.abstractions@4.2.0

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.handler.abstractions@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Low adoption: nuget docker.dotnet.enhanced.handler.abstractions

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.handler.abstractions@4.2.0

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.handler.abstractions@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Dynamic code execution: nuget docker.dotnet.enhanced.handler.abstractions

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.handler.abstractions@4.2.0

ℹ Read more on: This package | This alert | What is dynamic code execution?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.handler.abstractions@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Network access: nuget docker.dotnet.enhanced.legacyhttp

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.legacyhttp@4.2.0

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.legacyhttp@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
System shell access: nuget docker.dotnet.enhanced.legacyhttp

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.legacyhttp@4.2.0

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.legacyhttp@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Low adoption: nuget docker.dotnet.enhanced.legacyhttp

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.legacyhttp@4.2.0

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.legacyhttp@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Dynamic code execution: nuget docker.dotnet.enhanced.legacyhttp

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.legacyhttp@4.2.0

ℹ Read more on: This package | This alert | What is dynamic code execution?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.legacyhttp@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Network access: nuget docker.dotnet.enhanced.nativehttp

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.nativehttp@4.2.0

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.nativehttp@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Low adoption: nuget docker.dotnet.enhanced.nativehttp

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.nativehttp@4.2.0

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.nativehttp@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Dynamic code execution: nuget docker.dotnet.enhanced.nativehttp

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.nativehttp@4.2.0

ℹ Read more on: This package | This alert | What is dynamic code execution?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.nativehttp@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Network access: nuget docker.dotnet.enhanced.npipe

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.npipe@4.2.0

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.npipe@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
System shell access: nuget docker.dotnet.enhanced.npipe

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.npipe@4.2.0

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.npipe@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Low adoption: nuget docker.dotnet.enhanced.npipe

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.npipe@4.2.0

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.npipe@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Dynamic code execution: nuget docker.dotnet.enhanced.npipe

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.npipe@4.2.0

ℹ Read more on: This package | This alert | What is dynamic code execution?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.npipe@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Network access: nuget docker.dotnet.enhanced.unix

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.unix@4.2.0

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.unix@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
System shell access: nuget docker.dotnet.enhanced.unix

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.unix@4.2.0

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.unix@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Low adoption: nuget docker.dotnet.enhanced.unix

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.unix@4.2.0

ℹ Read more on: This package | This alert | What are unpopular packages?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Unpopular packages may have less maintenance and contain other problems.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.unix@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Dynamic code execution: nuget docker.dotnet.enhanced.unix

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.unix@4.2.0

ℹ Read more on: This package | This alert | What is dynamic code execution?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.unix@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Network access: nuget docker.dotnet.enhanced.x509

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.x509@4.2.0

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.x509@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
System shell access: nuget docker.dotnet.enhanced.x509

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.x509@4.2.0

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.x509@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Dynamic code execution: nuget docker.dotnet.enhanced.x509

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced.x509@4.2.0

ℹ Read more on: This package | This alert | What is dynamic code execution?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced.x509@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Network access: nuget docker.dotnet.enhanced

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced@4.2.0

ℹ Read more on: This package | This alert | What is network access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should remove all network access that is functionally unnecessary. Consumers should audit network access to ensure legitimate use.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
System shell access: nuget docker.dotnet.enhanced

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced@4.2.0

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

Block Medium
Dynamic code execution: nuget docker.dotnet.enhanced

Location: Package overview

From: tests/Grimoire.E2eTests/Grimoire.E2eTests.csprojnuget/testcontainers@4.12.0nuget/docker.dotnet.enhanced@4.2.0

ℹ Read more on: This package | This alert | What is dynamic code execution?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at support@socket.dev.

Suggestion: Avoid packages that use dynamic code execution like eval(), since this could potentially execute any code.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/docker.dotnet.enhanced@4.2.0. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

See 18 more rows in the dashboard

View full report

@guibranco guibranco enabled auto-merge (squash) June 18, 2026 01:02
@gstraccini gstraccini Bot added the ☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) label Jun 18, 2026
@gstraccini gstraccini Bot added the 🤖 bot Automated processes or integrations label Jun 18, 2026

@guibranco guibranco left a comment

Copy link
Copy Markdown
Owner

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approved by gstraccini[bot]

@github-actions

Copy link
Copy Markdown

Infisical secrets check: ✅ No secrets leaked!

💻 Scan logs
2026-06-18T01:02:48Z INF scanning for exposed secrets...
1:02AM INF 23 commits scanned.
2026-06-18T01:02:48Z INF scan completed in 86.7ms
2026-06-18T01:02:48Z INF no leaks found

@dependabot @github

dependabot Bot commented on behalf of github Jun 25, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 25, 2026
auto-merge was automatically disabled June 25, 2026 00:55

Pull request was closed

@dependabot dependabot Bot deleted the dependabot/nuget/src/Grimoire.Api/dependencies-68f485738b branch June 25, 2026 00:55
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) 🤖 bot Automated processes or integrations

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant