Update 1 NuGet dependencies

[nfbot]

Bumps nanoFramework.System.Net from 1.11.43 to 1.11.46

[version update]

⚠️ This is an automated update. ⚠️

Summary by CodeRabbit

• Chores
  • Updated nanoFramework.System.Net dependency to version 1.11.46 across HTTP packages to maintain compatibility with the latest system network libraries.

[coderabbitai]

Walkthrough

Updates the nanoFramework.System.Net dependency from version 1.11.43 to 1.11.46 across three HTTP-related package lock files, with corresponding contentHash updates reflecting the new package version.

Changes

Cohort / File(s)	Change Summary
Dependency version updates nanoFramework.System.Net.Http.Client/packages.lock.json, nanoFramework.System.Net.Http.Server/packages.lock.json, nanoFramework.System.Net.Http/packages.lock.json	Updated nanoFramework.System.Net from v1.11.43 to v1.11.46; updated contentHash for each file to match the new package version

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

• Lock file updates with identical, homogeneous changes across files
• Simple version and hash replacements with no logic modifications
• Minimal risk from straightforward dependency version bump

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: updating NuGet dependencies, specifically nanoFramework.System.Net across three lock files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch nfbot/update-dependencies/b9db0cd2-12ba-4666-8921-e10139b2e10c

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e05756e and 0a0c465.

⛔ Files ignored due to path filters (9)

• nanoFramework.System.Net.Http.Client.nuspec is excluded by none and included by none
• nanoFramework.System.Net.Http.Client/System.Net.Http.Client.nfproj is excluded by none and included by none
• nanoFramework.System.Net.Http.Client/packages.config is excluded by none and included by none
• nanoFramework.System.Net.Http.Server.nuspec is excluded by none and included by none
• nanoFramework.System.Net.Http.Server/System.Net.Http.Server.nfproj is excluded by none and included by none
• nanoFramework.System.Net.Http.Server/packages.config is excluded by none and included by none
• nanoFramework.System.Net.Http.nuspec is excluded by none and included by none
• nanoFramework.System.Net.Http/System.Net.Http.nfproj is excluded by none and included by none
• nanoFramework.System.Net.Http/packages.config is excluded by none and included by none

📒 Files selected for processing (3)

• nanoFramework.System.Net.Http.Client/packages.lock.json (1 hunks)
• nanoFramework.System.Net.Http.Server/packages.lock.json (1 hunks)
• nanoFramework.System.Net.Http/packages.lock.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: System.Net.Http (Build_Library)

🔇 Additional comments (2)

nanoFramework.System.Net.Http/packages.lock.json (1)

29-34: Consistent update across multiple lock files.

The dependency update is consistent with the change in nanoFramework.System.Net.Http.Client/packages.lock.json, with matching contentHash and version strings. This indicates proper synchronization across the codebase.

nanoFramework.System.Net.Http.Server/packages.lock.json (1)

29-34: Consistent synchronized update across all three HTTP-related packages.

The nanoFramework.System.Net dependency has been uniformly updated from 1.11.43 to 1.11.46 across all three package lock files, with identical contentHash values. This confirms proper automation and consistency in the dependency update.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify the updated contentHash is legitimate for nanoFramework.System.Net v1.11.46.

The version bump from 1.11.43 to 1.11.46 is consistent and well-formed. However, confirm that the contentHash cowzYj1VZHdo2Ey+AmIt3u8+rXQHu+q7KuQq1C46SKhSZoVW5PTMaLOvOZ2sXN1ySiHTLqSebRJEKomcA+XnxA== is correct for this package version and matches official NuGet sources. Additionally, check for any security advisories associated with v1.11.46.

---

🌐 Web query:

nanoFramework.System.Net version 1.11.46 security advisories

💡 Result:

I couldn't find any published security advisories or CVEs specifically for nanoFramework.System.Net version 1.11.46. Sources checked include the .NET nanoFramework release/blog pages and the project's NuGet listings; no advisory or CVE referencing that package/version was found. [1][2]

If you want to be certain, check these places (where advisories would appear):

• nanoFramework project site / release posts. [1]
• the package's NuGet entry (package history/releases). [2]
• GitHub Security Advisories / the repo's Releases & Issues pages. [3]

References

1. .NET nanoFramework — stable releases / release notes. [turn0search3].
2. nuget.org nanoframework profile / package listings. [turn1search1].
3. GitHub Advisory Database / .NET-related advisories (example search). [turn1search2].

---

I'll search for the official NuGet package details to verify the contentHash:

I need to verify whether version 1.11.46 actually exists in the NuGet package registry:

Version 1.11.46 of nanoFramework.System.Net does not exist in the public NuGet registry.

The latest stable version available is 1.11.43 (last updated 4/24/2025). The dependency entry in packages.lock.json references version 1.11.46, which cannot be verified against the official NuGet package repository. Additionally, dependent packages like nanoFramework.System.Net.Http.Client require nanoFramework.System.Net >= 1.11.43, indicating that 1.11.43 is the current stable baseline.

Action required: Verify the correct version number. Either downgrade to the existing stable version 1.11.43 or confirm that v1.11.46 is a pre-release or internal version not yet published to NuGet.

🤖 Prompt for AI Agents

In nanoFramework.System.Net.Http.Client/packages.lock.json around lines 29-34
the lock references nanoFramework.System.Net resolved "1.11.46" which does not
exist on public NuGet; update this to a verifiable state by either changing the
resolved/requested version to the latest public stable "1.11.43" and
regenerating the lockfile (dotnet restore / nuget restore) so contentHash is
recalculated, or if 1.11.46 is an internal/pre-release package add the internal
feed to NuGet.config, restore against that feed and then regenerate the lockfile
so the version and contentHash match the published artifact. Ensure
packages.lock.json only contains versions that can be restored by the configured
package sources.