Update 1 NuGet dependencies #125
Conversation
Bumps Nerdbank.GitVersioning from 3.8.118 to 3.9.50</br> [version update] ###⚠️ This is an automated update.⚠️
WalkthroughThis pull request updates the Nerdbank.GitVersioning dependency in the nanoFramework.System.Threading project from version 3.8.118 to 3.9.50, including an update to its content hash in the packages lock file. Changes
Estimated code review effort🎯 1 (Trivial) | ⏱️ ~2 minutes Possibly related PRs
Pre-merge checks and finishing touches✅ Passed checks (3 passed)
✨ Finishing touches🧪 Generate unit tests (beta)
Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out. Comment |
![coderabbitai[bot]](https://avatars.githubusercontent.com/in/347564?s=60&v=4){kind=small}
There was a problem hiding this comment.
Actionable comments posted: 1
📜 Review details
Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro
⛔ Files ignored due to path filters (2)
nanoFramework.System.Threading/nanoFramework.System.Threading.nfprojis excluded by none and included by nonenanoFramework.System.Threading/packages.configis excluded by none and included by none
📒 Files selected for processing (1)
nanoFramework.System.Threading/packages.lock.json(1 hunks)
| "requested": "[3.9.50, 3.9.50]", | ||
| "resolved": "3.9.50", | ||
| "contentHash": "HtOgGF6jZ+WYbXnCUCYPT8Y2d6mIJo9ozjK/FINTRsXdm4Zgv9GehUMa7EFoGQkqrMcDJNOIDwCmENnvXg4UbA==" |
There was a problem hiding this comment.
🧩 Analysis chain
Verify package version and check for security advisories.
The dependency is being updated from 3.8.118 to 3.9.50 (a minor version bump). Please verify that:
- Nerdbank.GitVersioning 3.9.50 is a stable, official release
- There are no known security vulnerabilities in this version or between the old and new versions
- The contentHash aligns with the official package from NuGet
🌐 Web query:
What are the latest versions and any security advisories for Nerdbank.GitVersioning package?
💡 Result:
As of November 7, 2025:
- Latest stable NuGet release: Nerdbank.GitVersioning 3.8.118 (published on nuget.org). [1]
- Latest prerelease(s): 3.9.37-alpha (prerelease) appears on the package feed/profile; other 3.9.x alpha builds are on the project release list. [2][3]
Security advisories:
- There are no public CVEs or repository security advisories specific to Nerdbank.GitVersioning found in public databases. Snyk reports no direct vulnerabilities for the package and ProGet/feeds show no known vulnerabilities. (No Nerdbank.GitVersioning-specific advisories located.) [4][5][3]
Sources:
- nuget.org package page for Nerdbank.GitVersioning 3.8.118. [turn0search3]
- Nerdbank profile / package listing showing prerelease 3.9.37-alpha. [turn0search0]
- dotnet/Nerdbank.GitVersioning GitHub (releases and repo). [turn2search2][turn0search7]
- Snyk package page (no direct vulnerabilities). [turn1search0]
- NuGet/ProGet vulnerability view (no known vulnerabilities). [turn1search3]
If you want, I can (a) check the exact publish dates for those specific versions, or (b) monitor for any new advisories and notify you. Which would you prefer?
Version 3.9.50 appears to not exist on the official NuGet feed—critical issue.
The latest stable NuGet release is Nerdbank.GitVersioning 3.8.118, and the latest prerelease is 3.9.37-alpha. The PR is updating to version 3.9.50, which does not appear in the search results as either a stable or prerelease version on nuget.org.
Required actions:
- Verify the correct version number—this may be a typo (e.g., 3.9.37 or 3.8.118)
- Confirm the package source; 3.9.50 may not be available on the official NuGet feed
- If 3.9.50 is intentional, verify it's from an authorized source and that the contentHash matches the actual package
No security vulnerabilities are reported for this package, but the version validity must be resolved first.
|
nfbot
deleted the
nfbot/update-dependencies/f2e0375e-c04e-43e7-9923-4260a12f3d4d
branch
Bumps Nerdbank.GitVersioning from 3.8.118 to 3.9.50
[version update]
Summary by CodeRabbit