Skip to content

Bump System.Security.Permissions from 6.0.0 to 9.0.8 #731

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 4 commits into from
Closed

Bump System.Security.Permissions from 6.0.0 to 9.0.8 #731

dependabot wants to merge 4 commits into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 11, 2025
edited
Loading

Updated System.Security.Permissions from 6.0.0 to 9.0.8.

Release notes

Sourced from System.Security.Permissions's releases.

9.0.8

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.7...v9.0.8

9.0.7

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.6...v9.0.7

9.0.6

Bug Fixes

  • Read messages from binlog if process output is missing build finished message (#​114676)
    Improves reliability of the WebAssembly build process by reading messages from the binlog when the process output does not contain the expected build finished message, preventing build failures in certain scenarios.

  • Fix debugger app hangs related to thread exit (#​114917)
    Resolves an issue where applications could hang during debugging when threads exit, ensuring smoother debugging experiences and preventing deadlocks.

  • [Mono] Workaround MSVC miscompiling sgen_clz (#​114903)
    Addresses a compiler miscompilation issue in MSVC affecting the Mono garbage collector, improving runtime stability and correctness on affected platforms.

  • Do not set the salt or info if they are NULL for OpenSSL HKDF (#​114877)
    Fixes a cryptographic issue by ensuring that the salt or info parameters are not set when they are NULL in OpenSSL HKDF, preventing potential errors or unexpected behavior in key derivation.

  • [Test Only] Fix Idn tests (#​115032)
    Corrects issues in Internationalized Domain Name (Idn) tests, ensuring accurate and reliable test results for domain name handling.

  • JIT: revised fix for fp division issue in profile synthesis (#​115026)
    Provides a more robust fix for floating-point division issues in JIT profile synthesis, improving numerical accuracy and preventing incorrect calculations.

  • Handle OSSL 3.4 change to SAN:othername formatting (#​115361)
    Updates certificate handling to accommodate changes in Subject Alternative Name (SAN) formatting introduced in OpenSSL 3.4, ensuring compatibility and correct parsing of certificates.

  • [Mono] Fix c11 ARM64 atomics to issue full memory barrier (#​115635)
    Fixes atomic operations on ARM64 in Mono to issue a full memory barrier, ensuring correct synchronization and preventing subtle concurrency bugs.

Performance Improvements

  • [WinHTTP] Certificate caching on WinHttpHandler to eliminate extra call to Custom Certificate Validation (#​114678)
    Improves HTTP performance by caching certificates in WinHttpHandler, reducing redundant calls to custom certificate validation and speeding up secure connections.

  • Improve distribute_free_regions (#​115167)
    Optimizes memory management by enhancing the algorithm for distributing free memory regions, leading to better memory utilization and potentially improved application performance.

Technical Improvements

  • Strip trailing slash from source dir for cmake4 (#​114905)
    Refines build scripts by removing trailing slashes from source directories when using CMake 4, preventing potential build path issues and improving build reliability.

  • Don't expose TrustedCertificatesDirectory() and StartNewTlsSessionContext() to NetFx (#​114995)
    Restricts certain internal APIs from being exposed to .NET Framework, reducing surface area and preventing unintended usage.

  • Add support for more libicu versions (#​115376)
    Expands compatibility by supporting additional versions of the International Components for Unicode (ICU) library, enhancing globalization features across more environments.

Infrastructure

  • Run outerloop pipeline only for release branches, not staging/preview (#​115011)
    Optimizes CI/CD resources by limiting the outerloop pipeline to run only on release branches, reducing unnecessary test runs and speeding up development workflows.

... (truncated)

9.0.5

Release

What's Changed

9.0.4

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.3...v9.0.4

9.0.3

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.2...v9.0.3

9.0.2

Release

What's Changed

9.0.1

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.0...v9.0.1

9.0.0

Release

What's Changed

9.0.0-rc.2.24473.5

Release

9.0.0-rc.1.24431.7

Release

9.0.0-preview.7.24405.7

Release

9.0.0-preview.5.24306.7

Release

9.0.0-preview.4.24266.19

Release

9.0.0-preview.3.24172.9

Release

9.0.0-preview.2.24128.5

[Release[(https://github.com/dotnet/core/releases/tag/v9.0.0-preview.2)

9.0.0-preview.1.24080.9

Release

8.0.19

Release

What's Changed

Full Changelog: dotnet/runtime@v8.0.18...v8.0.19

8.0.18

Release

What's Changed

Full Changelog: dotnet/runtime@v8.0.17...v8.0.18

8.0.17

Bug Fixes

  • Work around MSVC miscompiling sgen_clz (#​114904)
    Addresses an issue where the Microsoft Visual C++ (MSVC) compiler was miscompiling the sgen_clz function in Mono. This workaround ensures correct behavior and stability for affected builds.

  • Fix Idn tests (#​115030)
    Resolves issues in the Internationalized Domain Name (Idn) tests, improving test reliability and ensuring accurate validation of related functionality.

  • Handle OSSL 3.4 change to SAN:othername formatting (#​115367)
    Updates the handling of Subject Alternative Name (SAN) formatting to accommodate changes introduced in OpenSSL 3.4. This ensures compatibility and correct certificate processing.

  • Don't expose TrustedCertificatesDirectory() and StartNewTlsSessionContext() to NetFx (#​115008)
    Prevents certain internal APIs from being exposed to .NET Framework (NetFx), reducing the risk of unintended usage and improving API surface consistency.

  • Fix line endings (#​115414)
    Corrects line ending inconsistencies in the codebase, which helps prevent cross-platform issues and improves code readability.

Performance Improvements

  • Improve distribute_free_regions (#​115023)
    Optimizes the algorithm for distributing free memory regions, leading to better memory management and potentially improved application performance.

Technical Improvements

  • Strip trailing slash from source dir for cmake4 (#​114906)
    Refines the build process by removing unnecessary trailing slashes from source directory paths when using CMake 4, reducing potential build errors and improving consistency.

  • Add support for more libicu versions (#​115378)
    Expands compatibility by supporting additional versions of the International Components for Unicode (ICU) library, enhancing globalization features across more environments.

Infrastructure

  • Update dependencies from dotnet/arcade (#​114441)
    Refreshes build and engineering dependencies from the Arcade repository, ensuring the latest tooling and infrastructure improvements are incorporated.

  • Migrate MacCatalyst and iOS/tvOS simulator jobs to new queues (#​114633)
    Moves MacCatalyst and iOS/tvOS simulator jobs to updated build queues (osx.14.arm64.open and osx.15.amd64.open), improving build reliability and aligning with current infrastructure standards.

  • Run outerloop pipeline only for release branches (#​115012)
    Adjusts CI pipeline triggers so that the outerloop pipeline runs only for release branches, reducing unnecessary builds and streamlining the development workflow.

  • Update OpenSUSE (#​115028)
    Updates support for the OpenSUSE Linux distribution, ensuring compatibility and up-to-date platform support.

  • Update dependencies from dotnet/emsdk (#​114830)
    Updates the Emscripten SDK dependencies, improving WebAssembly build support and incorporating the latest fixes and features.

  • Update MacOS signing to use PME (#​115633)
    Switches MacOS code signing to use PME (Public Managed Environment), enhancing security and compliance for MacOS builds.

... (truncated)

8.0.16

Release

What's Changed

Description has been truncated

Description by Korbit AI

What change is being made?

Bump the version of System.Security.Permissions from 6.0.0 to 9.0.8 in the Directory.Packages.props file.

Why are these changes being made?

This update is necessary to benefit from security enhancements, bug fixes, and new features available in the newer version of System.Security.Permissions. Upgrading the package ensures the codebase remains current with the latest improvements and resolves any potential vulnerabilities present in the earlier version.

Is this description stale? Ask me to generate a new description by commenting /korbit-generate-pr-description

@dependabot dependabot bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file nuget packages labels Aug 11, 2025
@coderabbitai
Copy link

coderabbitai bot commented Aug 11, 2025
edited
Loading

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

@korbit-ai
Copy link

korbit-ai bot commented Aug 11, 2025

By default, I don't review pull requests opened by bots. If you would like me to review this pull request anyway, you can request a review via the /korbit-review command in a comment.

@guibranco guibranco enabled auto-merge (squash) August 11, 2025 19:52
@gstraccini gstraccini bot added the ☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) label Aug 11, 2025
@github-actions github-actions bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Aug 11, 2025
guibranco
guibranco approved these changes Aug 11, 2025
View reviewed changes
Copy link
Owner

@guibranco guibranco left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatically approved by gstraccini[bot]

@gstraccini gstraccini bot added the 🤖 bot Automated processes or integrations label Aug 11, 2025
@guibranco
Copy link
Owner

guibranco commented Aug 11, 2025

@dependabot squash and merge

@socket-security
Copy link

socket-security bot commented Aug 11, 2025
edited
Loading

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security		 Vulnerability Quality Maintenance License
Updatednuget/​system.security.permissions@​6.0.0 ⏵ 9.0.896 +31008910090

View full report

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 11, 2025

One of your CI runs failed on this pull request, so Dependabot won't merge it.

Dependabot will still automatically merge this pull request if you amend it and your tests pass.

@socket-security
Copy link

socket-security bot commented Aug 11, 2025
edited
Loading

Caution

Review the following alerts detected in dependencies.

According to your organization's Security Policy, you must resolve all "Block" alerts before proceeding. Learn more about Socket for GitHub.

Action Severity Alert  (click "▶" to expand/collapse)
Block Medium
nuget/[email protected] has Shell access.

Location: Package overview

From: Src/CrispyWaffle.Configuration/CrispyWaffle.Configuration.csprojnuget/[email protected]nuget/[email protected]

ℹ Read more on: This package | This alert | What is shell access?

Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at [email protected].

Suggestion: Packages should avoid accessing the shell which can reduce portability, and make it easier for malicious shell access to be introduced.

Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment @SocketSecurity ignore nuget/[email protected]. You can also ignore all packages with @SocketSecurity ignore-all. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

@AppVeyorBot
Copy link

AppVeyorBot commented Aug 11, 2025

Build CrispyWaffle 10.0.440 completed (commit e97f096433 by @gstraccini[bot])

@AppVeyorBot
Copy link

AppVeyorBot commented Aug 29, 2025

Build CrispyWaffle 10.0.523 completed (commit fa7276df4a by @gstraccini[bot])

@codacy-production
Copy link

codacy-production bot commented Sep 3, 2025
edited
Loading

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.05% (target: -1.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (fbb4bf0) 3681 1620 44.01%
Head commit (22c1c40) 3681 (+0) 1622 (+2) 44.06% (+0.05%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#731) 0 0 ∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

@AppVeyorBot
Copy link

AppVeyorBot commented Sep 3, 2025

Build CrispyWaffle 10.0.559 failed (commit 3b60a9bc14 by @gstraccini[bot])

@guibranco
Copy link
Owner

guibranco commented Sep 3, 2025

@dependabot recreate

@dependabot
Bump System.Security.Permissions from 6.0.0 to 9.0.8
2f99346 
---
updated-dependencies:
- dependency-name: System.Security.Permissions
  dependency-version: 9.0.8
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/nuget/System.Security.Permissions-9.0.8 branch from f25b25d to 2f99346 Compare September 3, 2025 17:32
@AppVeyorBot
Copy link

AppVeyorBot commented Sep 4, 2025

Build CrispyWaffle 10.0.589 failed (commit 9f266a9255 by @gstraccini[bot])

@AppVeyorBot
Copy link

AppVeyorBot commented Sep 4, 2025

Build CrispyWaffle 10.0.607 failed (commit 154a4a2f6a by @gstraccini[bot])

@github-actions
Copy link
Contributor

github-actions bot commented Sep 8, 2025

Infisical secrets check: ✅ No secrets leaked!

💻 Scan logs 
A new release of infisical is available: 0.41.90 -> 0.41.99

To update, run: sudo apt-get update && sudo apt-get install infisical

2:41PM INF scanning for exposed secrets...
2:41PM INF 701 commits scanned.
2:41PM INF scan completed in 1.15s
2:41PM INF no leaks found

@sonarqubecloud
Copy link

sonarqubecloud bot commented Sep 8, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@codacy-production
Copy link

codacy-production bot commented Sep 8, 2025

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.05% (target: -1.00%)
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (780b43a) 3681 1622 44.06%
Head commit (db31452) 3681 (+0) 1624 (+2) 44.12% (+0.05%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#731) 0 0 ∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

@AppVeyorBot
Copy link

AppVeyorBot commented Sep 8, 2025

Build CrispyWaffle 10.0.618 failed (commit 1baa8c9710 by @gstraccini[bot])

@guibranco guibranco closed this Sep 10, 2025
auto-merge was automatically disabled September 10, 2025 13:46

Pull request was closed

@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 10, 2025

OK, I won't notify you again about this release, but will get in touch when a new version is available. If you'd rather skip all updates until the next major or minor version, let me know by commenting @dependabot ignore this major version or @dependabot ignore this minor version. You can also ignore all major, minor, or patch releases for a dependency by adding an ignore condition with the desired update_types to your config file.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

@guibranco guibranco deleted the dependabot/nuget/System.Security.Permissions-9.0.8 branch September 10, 2025 13:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@guibranco guibranco guibranco approved these changes

@gstraccini gstraccini[bot] gstraccini[bot] approved these changes

Assignees

@guibranco guibranco

Labels

☑️ auto-merge Automatic merging of pull requests (gstraccini-bot) 🤖 bot Automated processes or integrations dependencies Pull requests that update a dependency file .NET Pull requests that update .net code nuget packages size/XS Denotes a PR that changes 0-9 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@guibranco @AppVeyorBot