Update dependencies #115
Open
Update dependencies #115
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Bumps [xunit](https://github.com/xunit/xunit) from 2.4.2 to 2.9.3. - [Commits](xunit/xunit@v2-2.4.2...v2-2.9.3) --- updated-dependencies: - dependency-name: xunit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [CommunityToolkit.Mvvm](https://github.com/CommunityToolkit/dotnet) from 8.2.0 to 8.4.0. - [Release notes](https://github.com/CommunityToolkit/dotnet/releases) - [Commits](CommunityToolkit/dotnet@v8.2.0...v8.4.0) --- updated-dependencies: - dependency-name: CommunityToolkit.Mvvm dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [xunit.runner.visualstudio](https://github.com/xunit/visualstudio.xunit) from 2.4.5 to 3.0.1. - [Release notes](https://github.com/xunit/visualstudio.xunit/releases) - [Commits](xunit/visualstudio.xunit@2.4.5...3.0.1) --- updated-dependencies: - dependency-name: xunit.runner.visualstudio dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [Avalonia](https://github.com/AvaloniaUI/Avalonia) and [Avalonia.Desktop](https://github.com/AvaloniaUI/Avalonia). These dependencies needed to be updated together. Updates `Avalonia` from 11.0.0 to 11.2.3 - [Release notes](https://github.com/AvaloniaUI/Avalonia/releases) - [Commits](AvaloniaUI/Avalonia@11.0.0...11.2.3) Updates `Avalonia.Desktop` from 11.0.0 to 11.2.3 - [Release notes](https://github.com/AvaloniaUI/Avalonia/releases) - [Commits](AvaloniaUI/Avalonia@11.0.0...11.2.3) --- updated-dependencies: - dependency-name: Avalonia dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: Avalonia.Desktop dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
…mples/Dependabot/xunit-2.9.3 Bump xunit from 2.4.2 to 2.9.3 in /src/Avalonia.Samples
Bumps [Avalonia](https://github.com/AvaloniaUI/Avalonia) and [Avalonia.Diagnostics](https://github.com/AvaloniaUI/Avalonia). These dependencies needed to be updated together. Updates `Avalonia` from 11.0.0 to 11.2.3 - [Release notes](https://github.com/AvaloniaUI/Avalonia/releases) - [Commits](AvaloniaUI/Avalonia@11.0.0...11.2.3) Updates `Avalonia.Diagnostics` from 11.0.0 to 11.2.3 - [Release notes](https://github.com/AvaloniaUI/Avalonia/releases) - [Commits](AvaloniaUI/Avalonia@11.0.0...11.2.3) --- updated-dependencies: - dependency-name: Avalonia dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: Avalonia.Diagnostics dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [NUnit.Analyzers](https://github.com/nunit/nunit.analyzers) from 3.6.1 to 4.6.0. - [Release notes](https://github.com/nunit/nunit.analyzers/releases) - [Changelog](https://github.com/nunit/nunit.analyzers/blob/master/CHANGES.md) - [Commits](nunit/nunit.analyzers@3.6.1...4.6.0) --- updated-dependencies: - dependency-name: NUnit.Analyzers dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
…mples/Dependabot/CommunityToolkit.Mvvm-8.4.0 Bump CommunityToolkit.Mvvm from 8.2.0 to 8.4.0 in /src/Avalonia.Samples
Bumps [Appium.WebDriver](https://github.com/appium/dotnet-client) from 4.4.5 to 7.0.0. - [Release notes](https://github.com/appium/dotnet-client/releases) - [Changelog](https://github.com/appium/dotnet-client/blob/main/CHANGELOG.MD) - [Commits](appium/dotnet-client@v4.4.5...v7.0.0) --- updated-dependencies: - dependency-name: Appium.WebDriver dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [Avalonia.Headless.XUnit](https://github.com/AvaloniaUI/Avalonia) from 11.0.0 to 11.2.3. - [Release notes](https://github.com/AvaloniaUI/Avalonia/releases) - [Commits](AvaloniaUI/Avalonia@11.0.0...11.2.3) --- updated-dependencies: - dependency-name: Avalonia.Headless.XUnit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [Avalonia](https://github.com/AvaloniaUI/Avalonia) and [Avalonia.Fonts.Inter](https://github.com/AvaloniaUI/Avalonia). These dependencies needed to be updated together. Updates `Avalonia` from 11.0.0 to 11.2.3 - [Release notes](https://github.com/AvaloniaUI/Avalonia/releases) - [Commits](AvaloniaUI/Avalonia@11.0.0...11.2.3) Updates `Avalonia.Fonts.Inter` from 11.0.0 to 11.2.3 - [Release notes](https://github.com/AvaloniaUI/Avalonia/releases) - [Commits](AvaloniaUI/Avalonia@11.0.0...11.2.3) --- updated-dependencies: - dependency-name: Avalonia dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: Avalonia.Fonts.Inter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [NUnit3TestAdapter](https://github.com/nunit/nunit3-vs-adapter) from 4.2.1 to 4.6.0. - [Release notes](https://github.com/nunit/nunit3-vs-adapter/releases) - [Commits](nunit/nunit3-vs-adapter@V4.2.1...V4.6.0) --- updated-dependencies: - dependency-name: NUnit3TestAdapter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [NUnit](https://github.com/nunit/nunit) from 3.13.3 to 4.3.2. - [Release notes](https://github.com/nunit/nunit/releases) - [Changelog](https://github.com/nunit/nunit/blob/main/CHANGES.md) - [Commits](nunit/nunit@v3.13.3...4.3.2) --- updated-dependencies: - dependency-name: NUnit dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [Avalonia.Headless.NUnit](https://github.com/AvaloniaUI/Avalonia) and [NUnit](https://github.com/nunit/nunit). These dependencies needed to be updated together. Updates `Avalonia.Headless.NUnit` from 11.0.0 to 11.2.3 - [Release notes](https://github.com/AvaloniaUI/Avalonia/releases) - [Commits](AvaloniaUI/Avalonia@11.0.0...11.2.3) Updates `NUnit` from 3.13.3 to 3.13.0 - [Release notes](https://github.com/nunit/nunit/releases) - [Changelog](https://github.com/nunit/nunit/blob/main/CHANGES.md) - [Commits](nunit/nunit@v3.13.3...v3.13) --- updated-dependencies: - dependency-name: Avalonia.Headless.NUnit dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: NUnit dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [coverlet.collector](https://github.com/coverlet-coverage/coverlet) from 6.0.0 to 6.0.3. - [Release notes](https://github.com/coverlet-coverage/coverlet/releases) - [Commits](coverlet-coverage/coverlet@v6.0.0...v6.0.3) --- updated-dependencies: - dependency-name: coverlet.collector dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 17.6.0 to 17.12.0. - [Release notes](https://github.com/microsoft/vstest/releases) - [Changelog](https://github.com/microsoft/vstest/blob/main/docs/releases.md) - [Commits](microsoft/vstest@v17.6.0...v17.12.0) --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
…abot/xunit.runner.visualstudio-3.0.1
…mples/Dependabot/xunit.runner.visualstudio-3.0.1 Bump xunit.runner.visualstudio in /src/Avalonia.Samples
Bumps [Avalonia](https://github.com/AvaloniaUI/Avalonia) and [Avalonia.ReactiveUI](https://github.com/AvaloniaUI/Avalonia). These dependencies needed to be updated together. Updates `Avalonia` from 11.0.0 to 11.2.3 - [Release notes](https://github.com/AvaloniaUI/Avalonia/releases) - [Commits](AvaloniaUI/Avalonia@11.0.0...11.2.3) Updates `Avalonia.ReactiveUI` from 11.0.0 to 11.2.3 - [Release notes](https://github.com/AvaloniaUI/Avalonia/releases) - [Commits](AvaloniaUI/Avalonia@11.0.0...11.2.3) --- updated-dependencies: - dependency-name: Avalonia dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: Avalonia.ReactiveUI dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
…mples/Dependabot/multi-69136dbe13 Bump Avalonia and Avalonia.Desktop in /src/Avalonia.Samples
…abot/multi-7c5bd76083
…mples/Dependabot/multi-7c5bd76083 Bump Avalonia and Avalonia.Diagnostics in /src/Avalonia.Samples
…mples/Dependabot/NUnit.Analyzers-4.6.0 Bump NUnit.Analyzers from 3.6.1 to 4.6.0 in /src/Avalonia.Samples
…mples/Dependabot/Appium.WebDriver-7.0.0 Bump Appium.WebDriver from 4.4.5 to 7.0.0 in /src/Avalonia.Samples
…mples/Dependabot/Avalonia.Headless.XUnit-11.2.3 Bump Avalonia.Headless.XUnit in /src/Avalonia.Samples
…abot/multi-6be7ca1925
…amples/Dependabot/multi-6be7ca1925 Bump Avalonia and Avalonia.Fonts.Inter in /src/Avalonia.Samples
…amples/Dependabot/NUnit-4.3.2 Bump NUnit from 3.13.3 to 4.3.2 in /src/Avalonia.Samples
…amples/Dependabot/NUnit3TestAdapter-4.6.0 Bump NUnit3TestAdapter from 4.2.1 to 4.6.0 in /src/Avalonia.Samples
…amples/Dependabot/xunit.runner.visualstudio-3.0.1 Dependabot/nuget/src/avalonia.samples/dependabot/xunit.runner.visualstudio 3.0.1
…oft.NET.Test.Sdk-17.12.0' into dependabot/nuget/src/Avalonia.Samples/Dependabot/coverlet.collector-6.0.3
…amples/Dependabot/coverlet.collector-6.0.3 Dependabot/nuget/src/avalonia.samples/dependabot/coverlet.collector 6.0.3
…amples/Dependabot/multi-eb39660297 Bump Avalonia.Headless.NUnit and NUnit in /src/Avalonia.Samples
…ebdc23f618' into dependabot/nuget/src/Avalonia.Samples/Dependabot/Microsoft.NET.Test.Sdk-17.12.0
…amples/Dependabot/Microsoft.NET.Test.Sdk-17.12.0 Dependabot/nuget/src/avalonia.samples/dependabot/microsoft.net.test.sdk 17.12.0
….Samples/Dependabot/multi-ebdc23f618
…amples/Dependabot/multi-ebdc23f618 Dependabot/nuget/src/avalonia.samples/dependabot/multi ebdc23f618
We would prefer to avoid dependabot |
|
Better to switch to central package management for this repository. |
maxkatz6
reviewed
Jan 13, 2025
| <PackageReference Condition="'$(Configuration)' == 'Debug'" Include="Avalonia.Diagnostics" Version="11.2.3" /> | ||
| <PackageReference Include="Avalonia.ReactiveUI" Version="11.2.3" /> | ||
| <PackageReference Include="Avalonia.Themes.Fluent" Version="11.2.3" /> | ||
| <PackageReference Include="System.Text.Json" Version="8.0.5" /> |
There was a problem hiding this comment.
System.Text.Json is not even used in any of these samples, except ToDo sample:
There was a problem hiding this comment.
And even there it depends on the SDK, and not nuget package. So SDK should be updated instead. Or TargetFramework. Or both.
There was a problem hiding this comment.
Yes and no, take a look at the nuget-manager in Visual Studio this way even the transient packages are shifted to this version. Yes, the SDK should be updated (by M$), but these old ones are only used if you don't tell the system otherwise. (like I did)
Is there a reason to for this ? |
Yes, that would be better, but also a bigger change. |
There is also a downside when switching to central management. As I understand this repository is meant as a showcase for independend projects targeting a specific howto-topic. So is it a good thing to merge the projects with a central package-management? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What does the pull request do?
Address CVE-2024-30105 in System.Text.Json #114
Added an Dependabot.yml so, that dependencies are checked automaticly
Scope of this PR:
What is the current behavior?
Dependencies are not checked for vulnerabilities.
Project has vulnerability.
Checklist
If this is a new Sample
In any case
Fixed issues
Fixes #114