profile
viewpoint
Patrick Dwyer coderpatros Australia OWASP CycloneDX Project Co-Lead

coderpatros/docker-zap-mass-scan 8

A Docker container to simplify running an OWASP ZAP active vulnerability scan against a lot of targets

coderpatros/docker-nginx-waf 3

An unofficial build of the NGINX web application firewall

coderpatros/dotnet-mockhttp-extensions 2

Helper extensions for Richard Szalay excellent MockHttp

coderpatros/dotnet-outdated 2

A .NET Core global tool to display and update outdated NuGet packages in a project

coderpatros/1password-teams-open-source 0

Get a free 1Password Teams membership for your open source project

coderpatros/ant-path-matching 0

Library for matching ant style paths, written in CSharp.

coderpatros/ASVS 0

Application Security Verification Standard

coderpatros/azure-app-service-zap-scanner 0

Script to ran a ZAP vulnerability scan against all your Azure App Services

coderpatros/CheatSheetSeries 0

The OWASP Cheat Sheet Series was created to provide a concise collection of high value information on specific application security topics.

pull request commentCycloneDX/specification

Added vulnerabilities as part of core spec

In general I like this, but it seems like it has bit of a vulnerability centric view versus a vulnerability in context of an assembled piece of software view. An example to demonstrate.

I'm shipping ACME Widget Studio. CVE-EverythingIsOnFire, which affects component C, is published. Some segments of my dependency graph are as follows (X is ACME Widget Studio, * indicates a potentially exploitable component)...

  1. X* -> A* -> B* -> C*
  2. X -> D -> B* -> C*
  3. X -> E -> C*
  4. X* -> C*

The context of the CVE is quite different for each of those dependency graph segments.

I might not be groking this right. But I'm not sure how I would represent these different scenarios in the same BOM.

2 and 3 aren't exploitable, for different reasons, which I want to communicate.

1 and 4 are potentially exploitable, depending.

Do I include the same vulnerability multiple times for each?

Also, maybe, "affects" should be changed to "appliesTo"?

stevespringett

comment created time in 33 minutes

pull request commentCycloneDX/specification

Made component version optional

+1 for me

stevespringett

comment created time in an hour

PullRequestReviewEvent
PullRequestReviewEvent
PullRequestReviewEvent
PullRequestReviewEvent

push eventdotnet-outdated/dotnet-outdated

Patrick Dwyer

commit sha f9c6c1a1c7df12554cc99f746deaf9d8eb57f30a

Feature release - Add `--ignore-failed-sources` option

view details

push time in 8 days

push eventdotnet-outdated/dotnet-outdated

Tim Heuer

commit sha fe365b38ef9c419153b48c7dd832b57a5a797016

Adding support to ignore failed sources

view details

Tim Heuer

commit sha 7c528c4528462d410026eef05d17f8fe484294d5

Modifying readme for new flag

view details

Tim Heuer

commit sha b8886e2b7e8b6721fbca879bd92850acc7fc475d

Fixed tests for ignored sources

view details

Tim Heuer

commit sha f9f51d0658cc1911aff3018b4e2f5b8e510f6f7f

Merged upstream

view details

Tim Heuer

commit sha 002536c269396e9bdb15152f0fe870e996267e5b

Merge branch 'dotnet-outdated:master' into master

view details

Patrick Dwyer

commit sha 276165a3c57eee03a2d181638d264e884938d78a

Merge pull request #217 from timheuer/master

view details

push time in 8 days

PR merged dotnet-outdated/dotnet-outdated

Adding support to ignore failed sources

An initial attempt to fix #214 to allow the standard --ignore-failed-sources for NuGet CLI to work. The initial catch of HttpRequestException in https://github.com/dotnet-outdated/dotnet-outdated/blob/master/src/DotNetOutdated.Core/Services/NuGetPackageInfoService.cs#L127 is actually never hit because the HttpRequestException is an InnerException.

+28 -10

0 comment

9 changed files

timheuer

pr closed time in 8 days

issue closeddotnet-outdated/dotnet-outdated

Ignore failed sources

Add option to support --ignore-failed-sources

closed time in 8 days

timheuer

push eventdotnet-outdated/dotnet-outdated

Patrick Dwyer

commit sha afbefab98bfb155248a025f1583fd4cf4325f22b

Major release - drop support for .NET 2.1 and add support for .NET 6

view details

push time in 10 days

PR merged dotnet-outdated/dotnet-outdated

Bump NuGet.ProjectModel from 5.11.0 to 6.0.0 dependencies .NET

Bumps NuGet.ProjectModel from 5.11.0 to 6.0.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/NuGet/NuGet.Client/commits">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in 10 days

delete branch dotnet-outdated/dotnet-outdated

delete branch : dependency-graph-spec-deprecation

delete time in 10 days

push eventdotnet-outdated/dotnet-outdated

dependabot[bot]

commit sha 696fb7169d5657230e811515fa639f087a8c2aa7

Bump NuGet.ProjectModel from 5.11.0 to 6.0.0 Bumps [NuGet.ProjectModel](https://github.com/NuGet/NuGet.Client) from 5.11.0 to 6.0.0. - [Release notes](https://github.com/NuGet/NuGet.Client/releases) - [Commits](https://github.com/NuGet/NuGet.Client/commits) --- updated-dependencies: - dependency-name: NuGet.ProjectModel dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha 5c3c9f045114434bec2c862af7a85b7ffcff17e9

Replace deprecated call to DependencyGraphSpec(JObject)

view details

Patrick Dwyer

commit sha 9931920b3fb32ffc8207c2b9d0bdea4be5486e8d

Merge pull request #19 from dotnet-outdated/dependency-graph-spec-deprecation

view details

push time in 10 days

PR merged dotnet-outdated/dotnet-outdated

Replace deprecated call to DependencyGraphSpec(JObject)

This is a just in case change and shouldn't be merged.

We make use of a deprecated call in the NuGet libraries. This is a temporary, hacky, workaround in case there is any urgency to update them to a version without that method available. i.e. critical security update

+42 -3

0 comment

3 changed files

coderpatros

pr closed time in 10 days

push eventdotnet-outdated/dotnet-outdated

dependabot[bot]

commit sha 767661fdaa90e0fc28c836363c58aaa203ccfa95

Bump Moq from 4.14.5 to 4.14.6 Bumps [Moq](https://github.com/moq/moq4) from 4.14.5 to 4.14.6. - [Release notes](https://github.com/moq/moq4/releases) - [Changelog](https://github.com/moq/moq4/blob/master/CHANGELOG.md) - [Commits](https://github.com/moq/moq4/compare/v4.14.5...v4.14.6) Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha 973e2d77b194e39b453e5cde908411423019722a

Merge pull request #20 from dotnet-outdated/dependabot/nuget/master/Moq-4.14.6 Bump Moq from 4.14.5 to 4.14.6

view details

dependabot[bot]

commit sha c50fc41f130b7a362a0591fefc1b34f5b140e6c1

Bump System.IO.Abstractions from 12.2.1 to 12.2.2 Bumps [System.IO.Abstractions](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 12.2.1 to 12.2.2. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v12.2.1...v12.2.2) Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha 2233b4ec633f5c37b43f055cca0be53dbbadcfea

Merge pull request #21 from dotnet-outdated/dependabot/nuget/master/System.IO.Abstractions-12.2.2 Bump System.IO.Abstractions from 12.2.1 to 12.2.2

view details

dependabot[bot]

commit sha b7c003d8b83519fd8fd541124d8da3cb5e66a18d

Bump System.IO.Abstractions.TestingHelpers from 12.2.1 to 12.2.2 Bumps [System.IO.Abstractions.TestingHelpers](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 12.2.1 to 12.2.2. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v12.2.1...v12.2.2) Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha 358250adeaafb1eb6dc14495c4b9cfb0a9b5c104

Merge pull request #22 from dotnet-outdated/dependabot/nuget/master/System.IO.Abstractions.TestingHelpers-12.2.2 Bump System.IO.Abstractions.TestingHelpers from 12.2.1 to 12.2.2

view details

Patrick Dwyer

commit sha f75aaf5fd0af7def4be99cd31f5e9e384be94da0

Remove System.IO.Abstractions reference from test project System.IO.Abstractions.TestingHelpers brings in this dependency anyway. And this just causes Dependabot to trip up.

view details

Patrick Dwyer

commit sha f2d5a050921c6a051d084d1f37a920f93d5df7fd

Merge pull request #23 from dotnet-outdated/dependency-cleanup Remove System.IO.Abstractions reference from test project

view details

Patrick Dwyer

commit sha df3bbff96a4d4a0535f4e4b977c5fb0eb8b9aff1

Maintenance release

view details

dependabot[bot]

commit sha 58059f717267f9b32ef824a1228e4f5878f3fce5

Bump System.IO.Abstractions.TestingHelpers from 12.2.2 to 12.2.5 Bumps [System.IO.Abstractions.TestingHelpers](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 12.2.2 to 12.2.5. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v12.2.2...v12.2.5) Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha d1a28c54c6aa61e099dd40b24c38c5c2122badf4

Merge pull request #24 from dotnet-outdated/dependabot/nuget/master/System.IO.Abstractions.TestingHelpers-12.2.5 Bump System.IO.Abstractions.TestingHelpers from 12.2.2 to 12.2.5

view details

dependabot[bot]

commit sha fc126fa62449f2eadf35a843f42aa65a6a444883

Bump System.IO.Abstractions from 12.2.2 to 12.2.5 Bumps [System.IO.Abstractions](https://github.com/System-IO-Abstractions/System.IO.Abstractions) from 12.2.2 to 12.2.5. - [Release notes](https://github.com/System-IO-Abstractions/System.IO.Abstractions/releases) - [Commits](https://github.com/System-IO-Abstractions/System.IO.Abstractions/compare/v12.2.2...v12.2.5) Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha 1370fa16fedfae5ab88c02474783d3121792685b

Merge pull request #25 from dotnet-outdated/dependabot/nuget/master/System.IO.Abstractions-12.2.5 Bump System.IO.Abstractions from 12.2.2 to 12.2.5

view details

dependabot[bot]

commit sha 68bd8f1b41f3a06347df5140be22d3e45cb284c5

Bump Microsoft.Extensions.DependencyInjection from 3.1.8 to 3.1.9 Bumps [Microsoft.Extensions.DependencyInjection](https://github.com/aspnet/Extensions) from 3.1.8 to 3.1.9. - [Release notes](https://github.com/aspnet/Extensions/releases) - [Commits](https://github.com/aspnet/Extensions/compare/v3.1.8...v3.1.9) Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha 90296cafadb1633fd95eda7525b5b69b491aafc2

Merge pull request #27 from dotnet-outdated/dependabot/nuget/master/Microsoft.Extensions.DependencyInjection-3.1.9 Bump Microsoft.Extensions.DependencyInjection from 3.1.8 to 3.1.9

view details

dependabot[bot]

commit sha 228efddf8d10dee72426642417ced5d3439bc748

Bump CsvHelper from 15.0.6 to 15.0.7 Bumps [CsvHelper](https://github.com/JoshClose/CsvHelper) from 15.0.6 to 15.0.7. - [Release notes](https://github.com/JoshClose/CsvHelper/releases) - [Commits](https://github.com/JoshClose/CsvHelper/commits) Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha 4b392e6c1d9bda3abd88c9325d253e4e6f68ff58

Merge pull request #26 from dotnet-outdated/dependabot/nuget/master/CsvHelper-15.0.7 Bump CsvHelper from 15.0.6 to 15.0.7

view details

dependabot[bot]

commit sha 9ff26cf646e59322590adc27c9a9a957d23dacb2

Bump Moq from 4.14.6 to 4.14.7 Bumps [Moq](https://github.com/moq/moq4) from 4.14.6 to 4.14.7. - [Release notes](https://github.com/moq/moq4/releases) - [Changelog](https://github.com/moq/moq4/blob/master/CHANGELOG.md) - [Commits](https://github.com/moq/moq4/compare/v4.14.6...v4.14.7) Signed-off-by: dependabot[bot] <support@github.com>

view details

dependabot[bot]

commit sha c90bd0b4d1a11580ad6a91aaa6816b488707790c

Bump CsvHelper from 15.0.7 to 15.0.8 Bumps [CsvHelper](https://github.com/JoshClose/CsvHelper) from 15.0.7 to 15.0.8. - [Release notes](https://github.com/JoshClose/CsvHelper/releases) - [Commits](https://github.com/JoshClose/CsvHelper/compare/15.0.7...15.0.8) Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha d479755c417f117a4dcb1ebd446547e307f794ca

Merge pull request #29 from dotnet-outdated/dependabot/nuget/master/CsvHelper-15.0.8 Bump CsvHelper from 15.0.7 to 15.0.8

view details

push time in 10 days

delete branch dotnet-outdated/dotnet-outdated

delete branch : dependabot/nuget/master/CsvHelper-27.2.0

delete time in 10 days

push eventdotnet-outdated/dotnet-outdated

dependabot[bot]

commit sha 2fade0d16678e7a721dece46395f6f36ba73fc7f

Bump CsvHelper from 27.1.1 to 27.2.0 Bumps [CsvHelper](https://github.com/JoshClose/CsvHelper) from 27.1.1 to 27.2.0. - [Release notes](https://github.com/JoshClose/CsvHelper/releases) - [Commits](https://github.com/JoshClose/CsvHelper/compare/27.1.1...27.2.0) --- updated-dependencies: - dependency-name: CsvHelper dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha c3507e9b0f46f15c4734636678c22bbe6e18aa1e

Merge pull request #219 from dotnet-outdated/dependabot/nuget/master/CsvHelper-27.2.0

view details

push time in 10 days

PR merged dotnet-outdated/dotnet-outdated

Bump CsvHelper from 27.1.1 to 27.2.0 dependencies .NET

Bumps CsvHelper from 27.1.1 to 27.2.0. <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/JoshClose/CsvHelper/commit/e3d1962f525d4a5dc97e81feb893e3856b0c9bc2"><code>e3d1962</code></a> Updated nuke to latest. Fixes for .NET 6.0 release.</li> <li><a href="https://github.com/JoshClose/CsvHelper/commit/b62760c9d133922bd869627952463924d69d95bf"><code>b62760c</code></a> Added net60 converters for DateOnly and TimeOnly.</li> <li><a href="https://github.com/JoshClose/CsvHelper/commit/808dea2456b9c695eed1c124f67a2385e88b8a81"><code>808dea2</code></a> Merge branch 'master' of github.com:JoshClose/CsvHelper</li> <li><a href="https://github.com/JoshClose/CsvHelper/commit/102d6785da534b5abd1e160dcc7aeda1f2641203"><code>102d678</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/JoshClose/CsvHelper/issues/1817">#1817</a> from SimonCropp/updateRefs</li> <li><a href="https://github.com/JoshClose/CsvHelper/commit/4dac35c9d89add3b44e4d6de5553a1c72350408d"><code>4dac35c</code></a> update refs</li> <li>See full diff in <a href="https://github.com/JoshClose/CsvHelper/compare/27.1.1...27.2.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in 10 days

delete branch dotnet-outdated/dotnet-outdated

delete branch : dependabot/nuget/master/NuGet.Credentials-6.0.0

delete time in 10 days

push eventdotnet-outdated/dotnet-outdated

dependabot[bot]

commit sha abf10b91dacb5c06c99b35311bb9ada09f625c8b

Bump NuGet.Credentials from 5.11.0 to 6.0.0 Bumps [NuGet.Credentials](https://github.com/NuGet/NuGet.Client) from 5.11.0 to 6.0.0. - [Release notes](https://github.com/NuGet/NuGet.Client/releases) - [Commits](https://github.com/NuGet/NuGet.Client/commits) --- updated-dependencies: - dependency-name: NuGet.Credentials dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha 48f6fabb91aad740109a94c724443f3d1b89c77d

Merge pull request #208 from dotnet-outdated/dependabot/nuget/master/NuGet.Credentials-6.0.0

view details

push time in 10 days

PR merged dotnet-outdated/dotnet-outdated

Bump NuGet.Credentials from 5.11.0 to 6.0.0 dependencies .NET

Bumps NuGet.Credentials from 5.11.0 to 6.0.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/NuGet/NuGet.Client/commits">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in 10 days

issue commentdotnet-outdated/dotnet-outdated

Feature suggestion: Support optional config file `.dotnet-outdated.yaml`

I think this is a great idea. Ideally it would be great if the config could support all the command line options so folks can just run dotnet outdated.

ManfredLange

comment created time in 10 days

delete branch dotnet-outdated/dotnet-outdated

delete branch : dependabot/nuget/master/Microsoft.Extensions.DependencyInjection-6.0.0

delete time in 10 days

push eventdotnet-outdated/dotnet-outdated

dependabot[bot]

commit sha 05a85a55cf70a820438fa3c3a5305e50376af4b0

Bump Microsoft.Extensions.DependencyInjection from 5.0.2 to 6.0.0 Bumps [Microsoft.Extensions.DependencyInjection](https://github.com/dotnet/runtime) from 5.0.2 to 6.0.0. - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](https://github.com/dotnet/runtime/compare/v5.0.2...v6.0.0) --- updated-dependencies: - dependency-name: Microsoft.Extensions.DependencyInjection dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha 74e14ccec05139b453b222d6f64844042df3e37b

Merge pull request #207 from dotnet-outdated/dependabot/nuget/master/Microsoft.Extensions.DependencyInjection-6.0.0

view details

push time in 10 days

PR merged dotnet-outdated/dotnet-outdated

Bump Microsoft.Extensions.DependencyInjection from 5.0.2 to 6.0.0 dependencies .NET

Bumps Microsoft.Extensions.DependencyInjection from 5.0.2 to 6.0.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/dotnet/runtime/releases">Microsoft.Extensions.DependencyInjection's releases</a>.</em></p> <blockquote> <h2>.NET 6.0 RC 2</h2> <p><a href="https://github.com/dotnet/core/tree/v6.0.0-rc.2">Release</a></p> <h2>.NET 6.0 RC 1</h2> <p><a href="https://github.com/dotnet/core/tree/v6.0.0-rc.1">Release</a></p> <h2>.NET 6.0 Preview 7</h2> <p><a href="https://github.com/dotnet/core/releases/tag/v6.0.0-preview.7">Release</a></p> <h2>.NET 6.0 Preview 6</h2> <p><a href="https://github.com/dotnet/core/releases/tag/v6.0.0-preview.6">Release</a></p> <h2>.NET 6.0 Preview 5</h2> <p><a href="https://github.com/dotnet/core/releases/tag/v6.0.0-preview.5">Release</a></p> <h2>.NET 6.0 Preview 4</h2> <p><a href="https://github.com/dotnet/core/releases/tag/v6.0.0-preview.4">Release</a></p> <h2>.NET 6.0 Preview 3</h2> <p><a href="https://github.com/dotnet/core/releases/tag/v6.0.0-preview.3">Release</a></p> <h2>.NET 6.0 Preview 2</h2> <p><a href="https://github.com/dotnet/core/releases/tag/v6.0.0-preview.2">Release</a></p> <h2>.NET 6.0 Preview 1</h2> <p><a href="https://github.com/dotnet/core/releases/tag/v6.0.0-preview.1">Release</a></p> <h2>.NET 5.0.11</h2> <p><a href="https://github.com/dotnet/core/tree/v5.0.11">Release</a></p> <h2>.NET 5.0.9</h2> <p><a href="https://github.com/dotnet/core/releases/tag/v5.0.9">Release</a></p> <h2>.NET 5.0.8</h2> <p><a href="https://github.com/dotnet/core/releases/tag/v5.0.8">Release</a></p> <h2>.NET 5.0.7</h2> <p><a href="https://github.com/dotnet/core/releases/tag/v5.0.7">Release</a></p> <h2>.NET 5.0.6</h2> <p><a href="https://github.com/dotnet/core/releases/tag/v5.0.6">Release</a></p> <h2>.NET 5.0.5</h2> <p><a href="https://github.com/dotnet/core/releases/tag/v5.0.5">Release</a></p> <h2>.NET 5.0.4</h2> <p><a href="https://github.com/dotnet/core/releases/tag/v5.0.4">Release</a></p> <h2>.NET 5.0.3</h2> <p><a href="https://github.com/dotnet/core/blob/master/release-notes/5.0/5.0.3/5.0.3.md">Release Notes</a></p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/dotnet/runtime/commit/4822e3c3aa77eb82b2fb33c9321f923cf11ddde6"><code>4822e3c</code></a> Update dependencies from <a href="https://github.com/dotnet/arcade">https://github.com/dotnet/arcade</a> build 20211022.3 (#...</li> <li><a href="https://github.com/dotnet/runtime/commit/bf20df1d51db45ee6ae1931e9ef5eb6bf97d6b57"><code>bf20df1</code></a> [release/6.0] [wasm][debugger] Fix loading a non wasm page and then returning...</li> <li><a href="https://github.com/dotnet/runtime/commit/de751593a53e9ccaffef2420ad3d74727cad47aa"><code>de75159</code></a> [release/6.0] Create a parent CMake project for building app bundles on CI (#...</li> <li><a href="https://github.com/dotnet/runtime/commit/8da583575e2a2684c302adf228bac7954464ca0f"><code>8da5835</code></a> [release/6.0] Update dependencies from dotnet/icu dotnet/emsdk (<a href="https://github-redirect.dependabot.com/dotnet/runtime/issues/60684">#60684</a>)</li> <li><a href="https://github.com/dotnet/runtime/commit/6f41165853278914d1a28d7f325ebe04ab78ac07"><code>6f41165</code></a> [release/6.0] Tweak workload build to use _GenerateMsiVersionString target (#...</li> <li><a href="https://github.com/dotnet/runtime/commit/c86a857c3a0445af75aa10a26b151c0447d4ed7a"><code>c86a857</code></a> [release/6.0] Update dependencies from dotnet/icu dotnet/emsdk dotnet/runtime...</li> <li><a href="https://github.com/dotnet/runtime/commit/80ed1bd38cc6137edd33b03e2655c96b98992094"><code>80ed1bd</code></a> [release/6.0] Don't special case "Experimental" projects (<a href="https://github-redirect.dependabot.com/dotnet/runtime/issues/60643">#60643</a>)</li> <li><a href="https://github.com/dotnet/runtime/commit/263945a412f3a6c95d92753b5c71846ef28443b5"><code>263945a</code></a> [release/6.0] Fix stable builds for some transport packages (<a href="https://github-redirect.dependabot.com/dotnet/runtime/issues/60635">#60635</a>)</li> <li><a href="https://github.com/dotnet/runtime/commit/034f191be950d4cf8443a7d8522c8284ca78b693"><code>034f191</code></a> Update mac installers location string (<a href="https://github-redirect.dependabot.com/dotnet/runtime/issues/60500">#60500</a>)</li> <li><a href="https://github.com/dotnet/runtime/commit/7907830305cef30c35e4f85b6bb01969571302b4"><code>7907830</code></a> [release/6.0] Enforce scatter/gather file I/O Windows API requirements et. al...</li> <li>Additional commits viewable in <a href="https://github.com/dotnet/runtime/compare/v5.0.2...v6.0.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

1 comment

1 changed file

dependabot[bot]

pr closed time in 10 days

delete branch dotnet-outdated/dotnet-outdated

delete branch : dependabot/nuget/master/NuGet.Protocol-6.0.0

delete time in 10 days

push eventdotnet-outdated/dotnet-outdated

dependabot[bot]

commit sha cdc05b4e7c21b05bf7da00da2eb50bd147610bfa

Bump NuGet.Protocol from 5.11.0 to 6.0.0 Bumps [NuGet.Protocol](https://github.com/NuGet/NuGet.Client) from 5.11.0 to 6.0.0. - [Release notes](https://github.com/NuGet/NuGet.Client/releases) - [Commits](https://github.com/NuGet/NuGet.Client/commits) --- updated-dependencies: - dependency-name: NuGet.Protocol dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>

view details

Patrick Dwyer

commit sha 976351ebfd61972e09e10e0bb003625998b80c08

Merge pull request #218 from dotnet-outdated/dependabot/nuget/master/NuGet.Protocol-6.0.0

view details

push time in 10 days

PR merged dotnet-outdated/dotnet-outdated

Bump NuGet.Protocol from 5.11.0 to 6.0.0 dependencies .NET

Bumps NuGet.Protocol from 5.11.0 to 6.0.0. <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/NuGet/NuGet.Client/commits">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

</details>

+1 -1

0 comment

1 changed file

dependabot[bot]

pr closed time in 10 days

more