Skip to content

Bump System.Security.Permissions from 6.0.0 to 9.0.9 #766

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Sep 17, 2025
Merged

Bump System.Security.Permissions from 6.0.0 to 9.0.9 #766

merged 3 commits into from
Sep 17, 2025

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Sep 15, 2025
edited by korbit-ai bot
Loading

Updated System.Security.Permissions from 6.0.0 to 9.0.9.

Release notes

Sourced from System.Security.Permissions's releases.

9.0.9

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.8...v9.0.9

9.0.8

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.7...v9.0.8

9.0.7

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.6...v9.0.7

9.0.6

Bug Fixes

  • Read messages from binlog if process output is missing build finished message (#​114676)
    Improves reliability of the WebAssembly build process by reading messages from the binlog when the process output does not contain the expected build finished message, preventing build failures in certain scenarios.

  • Fix debugger app hangs related to thread exit (#​114917)
    Resolves an issue where applications could hang during debugging when threads exit, ensuring smoother debugging experiences and preventing deadlocks.

  • [Mono] Workaround MSVC miscompiling sgen_clz (#​114903)
    Addresses a compiler miscompilation issue in MSVC affecting the Mono garbage collector, improving runtime stability and correctness on affected platforms.

  • Do not set the salt or info if they are NULL for OpenSSL HKDF (#​114877)
    Fixes a cryptographic issue by ensuring that the salt or info parameters are not set when they are NULL in OpenSSL HKDF, preventing potential errors or unexpected behavior in key derivation.

  • [Test Only] Fix Idn tests (#​115032)
    Corrects issues in Internationalized Domain Name (Idn) tests, ensuring accurate and reliable test results for domain name handling.

  • JIT: revised fix for fp division issue in profile synthesis (#​115026)
    Provides a more robust fix for floating-point division issues in JIT profile synthesis, improving numerical accuracy and preventing incorrect calculations.

  • Handle OSSL 3.4 change to SAN:othername formatting (#​115361)
    Updates certificate handling to accommodate changes in Subject Alternative Name (SAN) formatting introduced in OpenSSL 3.4, ensuring compatibility and correct parsing of certificates.

  • [Mono] Fix c11 ARM64 atomics to issue full memory barrier (#​115635)
    Fixes atomic operations on ARM64 in Mono to issue a full memory barrier, ensuring correct synchronization and preventing subtle concurrency bugs.

Performance Improvements

  • [WinHTTP] Certificate caching on WinHttpHandler to eliminate extra call to Custom Certificate Validation (#​114678)
    Improves HTTP performance by caching certificates in WinHttpHandler, reducing redundant calls to custom certificate validation and speeding up secure connections.

  • Improve distribute_free_regions (#​115167)
    Optimizes memory management by enhancing the algorithm for distributing free memory regions, leading to better memory utilization and potentially improved application performance.

Technical Improvements

  • Strip trailing slash from source dir for cmake4 (#​114905)
    Refines build scripts by removing trailing slashes from source directories when using CMake 4, preventing potential build path issues and improving build reliability.

  • Don't expose TrustedCertificatesDirectory() and StartNewTlsSessionContext() to NetFx (#​114995)
    Restricts certain internal APIs from being exposed to .NET Framework, reducing surface area and preventing unintended usage.

  • Add support for more libicu versions (#​115376)
    Expands compatibility by supporting additional versions of the International Components for Unicode (ICU) library, enhancing globalization features across more environments.

Infrastructure

  • Run outerloop pipeline only for release branches, not staging/preview (#​115011)
    Optimizes CI/CD resources by limiting the outerloop pipeline to run only on release branches, reducing unnecessary test runs and speeding up development workflows.

... (truncated)

9.0.5

Release

What's Changed

9.0.4

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.3...v9.0.4

9.0.3

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.2...v9.0.3

9.0.2

Release

What's Changed

9.0.1

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.0...v9.0.1

9.0.0

Release

What's Changed

9.0.0-rc.2.24473.5

Release

9.0.0-rc.1.24431.7

Release

9.0.0-preview.7.24405.7

Release

9.0.0-preview.5.24306.7

Release

9.0.0-preview.4.24266.19

Release

9.0.0-preview.3.24172.9

Release

9.0.0-preview.2.24128.5

[Release[(https://github.com/dotnet/core/releases/tag/v9.0.0-preview.2)

9.0.0-preview.1.24080.9

Release

8.0.20

Release

What's Changed

Full Changelog: dotnet/runtime@v8.0.19...v8.0.20

8.0.19

Release

What's Changed

Full Changelog: dotnet/runtime@v8.0.18...v8.0.19

8.0.18

Release

What's Changed

Full Changelog: dotnet/runtime@v8.0.17...v8.0.18

8.0.17

Bug Fixes

  • Work around MSVC miscompiling sgen_clz (#​114904)
    Addresses an issue where the Microsoft Visual C++ (MSVC) compiler was miscompiling the sgen_clz function in Mono. This workaround ensures correct behavior and stability for affected builds.

  • Fix Idn tests (#​115030)
    Resolves issues in the Internationalized Domain Name (Idn) tests, improving test reliability and ensuring accurate validation of related functionality.

  • Handle OSSL 3.4 change to SAN:othername formatting (#​115367)
    Updates the handling of Subject Alternative Name (SAN) formatting to accommodate changes introduced in OpenSSL 3.4. This ensures compatibility and correct certificate processing.

  • Don't expose TrustedCertificatesDirectory() and StartNewTlsSessionContext() to NetFx (#​115008)
    Prevents certain internal APIs from being exposed to .NET Framework (NetFx), reducing the risk of unintended usage and improving API surface consistency.

  • Fix line endings (#​115414)
    Corrects line ending inconsistencies in the codebase, which helps prevent cross-platform issues and improves code readability.

Performance Improvements

  • Improve distribute_free_regions (#​115023)
    Optimizes the algorithm for distributing free memory regions, leading to better memory management and potentially improved application performance.

Technical Improvements

  • Strip trailing slash from source dir for cmake4 (#​114906)
    Refines the build process by removing unnecessary trailing slashes from source directory paths when using CMake 4, reducing potential build errors and improving consistency.

  • Add support for more libicu versions (#​115378)
    Expands compatibility by supporting additional versions of the International Components for Unicode (ICU) library, enhancing globalization features across more environments.

Infrastructure

  • **Update dependencies...

Description has been truncated

Description by Korbit AI

What change is being made?

Bump System.Security.Permissions from version [6.0.0,7.0.0) to 9.0.9 in Directory.Packages.props.

Why are these changes being made?

Update aligns the project with the latest System.* package ecosystem and resolves compatibility issues with newer frameworks. This change also ensures security and feature parity with other updated dependencies.

Is this description stale? Ask me to generate a new description by commenting /korbit-generate-pr-description

@dependabot
Bump System.Security.Permissions from 6.0.0 to 9.0.9
b4c5e9a 
---
updated-dependencies:
- dependency-name: System.Security.Permissions
  dependency-version: 9.0.9
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file nuget packages labels Sep 15, 2025
@korbit-ai
Copy link

korbit-ai bot commented Sep 15, 2025

By default, I don't review pull requests opened by bots. If you would like me to review this pull request anyway, you can request a review via the /korbit-review command in a comment.

@guibranco guibranco enabled auto-merge (squash) September 15, 2025 15:10
@gstraccini gstraccini bot added the ☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) label Sep 15, 2025
@github-actions github-actions bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Sep 15, 2025
guibranco
guibranco approved these changes Sep 15, 2025
View reviewed changes
Copy link
Owner

@guibranco guibranco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approved by gstraccini[bot]

@gstraccini gstraccini bot added the 🤖 bot Automated processes or integrations label Sep 15, 2025
@coderabbitai
Copy link

coderabbitai bot commented Sep 15, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@guibranco
Copy link
Owner

guibranco commented Sep 15, 2025

@dependabot squash and merge

@socket-security
Copy link

socket-security bot commented Sep 15, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednuget/​system.security.permissions@​6.0.0 ⏵ 9.0.996 +31009010090

View full report

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 15, 2025

One of your CI runs failed on this pull request, so Dependabot won't merge it.

Dependabot will still automatically merge this pull request if you amend it and your tests pass.

@socket-security
Copy link

socket-security bot commented Sep 15, 2025
edited
Loading

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Block Medium
nuget/[email protected] has Shell access.

Location: Package overview

From: Src/CrispyWaffle/CrispyWaffle.csprojnuget/[email protected]nuget/[email protected]

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@codacy-production
Copy link

codacy-production bot commented Sep 15, 2025
edited
Loading

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.11% (target: -1.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (75d12c5) 3681 1620 44.01%
Head commit (cfd6d66) 3681 (+0) 1624 (+4) 44.12% (+0.11%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#766) 0 0 ∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

@AppVeyorBot
Copy link

AppVeyorBot commented Sep 15, 2025

Build CrispyWaffle 10.0.690 completed (commit 18335fa5c9 by @gstraccini[bot])

@codecov
Copy link

codecov bot commented Sep 15, 2025
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 40.62%. Comparing base (75d12c5) to head (cfd6d66).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #766      +/-   ##
==========================================
+ Coverage   40.53%   40.62%   +0.08%     
==========================================
  Files          83       83              
  Lines        3631     3631              
  Branches      519      519              
==========================================
+ Hits         1472     1475       +3     
+ Misses       2057     2053       -4     
- Partials      102      103       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@github-actions
Copy link
Contributor

github-actions bot commented Sep 17, 2025

Infisical secrets check: ✅ No secrets leaked!

💻 Scan logs 
A new release of infisical is available: 0.41.90 -> 0.42.2

To update, run: sudo apt-get update && sudo apt-get install infisical

5:50PM INF scanning for exposed secrets...
5:50PM INF 709 commits scanned.
5:50PM INF scan completed in 1.15s
5:50PM INF no leaks found

@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 17, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@AppVeyorBot
Copy link

AppVeyorBot commented Sep 17, 2025

Build CrispyWaffle 10.0.702 completed (commit a9fd170e87 by @guibranco)

@guibranco guibranco merged commit ded8a92 into main Sep 17, 2025
30 of 32 checks passed
@guibranco guibranco deleted the dependabot/nuget/System.Security.Permissions-9.0.9 branch September 17, 2025 18:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@guibranco guibranco guibranco approved these changes

@gstraccini gstraccini[bot] gstraccini[bot] approved these changes

Assignees

@guibranco guibranco

Labels

☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) 🤖 bot Automated processes or integrations dependencies Pull requests that update a dependency file .NET Pull requests that update .net code nuget packages size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@guibranco @AppVeyorBot