Bump the dependencies group with 5 updates by dependabot[bot] · Pull Request #183 · openfga/dotnet-sdk

dependabot · 2026-03-01T19:20:23Z

Updated coverlet.msbuild from 6.0.4 to 8.0.0.

Release notes

Sourced from coverlet.msbuild's releases.

8.0.0

Special Thanks: A huge thank you to @Bertk for driving the majority of the work in this release! 🎉

Fixed

Fix System.CommandLine 2.0 release is available #1776
Fix Excluding From Coverage bad defaults from given example #1764
Fix branchpoint exclusion for sdk 8.0.407 #1741
Fix missing copyright information in NuGet #1794
Fix bad default values in documentation #1764 by https://github.com/cboudereau

Improvements

Coverlet MTP extension feature #1788
Generate SBOM for nuget packages #1752
Use multi targets projects for coverlet.collector, coverlet.msbuild.tasks packages #1742
Use .NET 8.0 target framework for coverlet.core and remove Newtonsoft.Json #1733
Use latest System.CommandLine version #1660
Upgraded minimum required .NET SDK and runtime to .NET 8.0 LTS (Long Term Support) (Breaking Change)
Use xunit.v3 for tests and example code

Diff between 6.0.4 and 8.0.0

Commits viewable in compare view.

Updated Microsoft.Bcl.AsyncInterfaces from 10.0.2 to 10.0.3.

Release notes

Sourced from Microsoft.Bcl.AsyncInterfaces's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated System.Diagnostics.DiagnosticSource from 10.0.2 to 10.0.3.

Release notes

Sourced from System.Diagnostics.DiagnosticSource's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated System.Net.Http.Json from 10.0.2 to 10.0.3.

Release notes

Sourced from System.Net.Http.Json's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated System.Text.Json from 10.0.2 to 10.0.3.

Release notes

Sourced from System.Text.Json's releases.

No release notes found for this version range.

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps coverlet.msbuild from 6.0.4 to 8.0.0 Bumps Microsoft.Bcl.AsyncInterfaces from 10.0.2 to 10.0.3 Bumps System.Diagnostics.DiagnosticSource from 10.0.2 to 10.0.3 Bumps System.Net.Http.Json from 10.0.2 to 10.0.3 Bumps System.Text.Json from 10.0.2 to 10.0.3 --- updated-dependencies: - dependency-name: coverlet.msbuild dependency-version: 8.0.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: dependencies - dependency-name: Microsoft.Bcl.AsyncInterfaces dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: System.Diagnostics.DiagnosticSource dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: System.Net.Http.Json dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies - dependency-name: System.Text.Json dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dependencies ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-03-01T19:20:41Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	system.text.json@10.0.2 ⏵ 10.0.3
	system.diagnostics.diagnosticsource@10.0.2 ⏵ 10.0.3
	system.net.http.json@10.0.2 ⏵ 10.0.3
	microsoft.bcl.asyncinterfaces@10.0.2 ⏵ 10.0.3
	coverlet.msbuild@6.0.4 ⏵ 8.0.0	⁺¹⁶

View full report

socket-security · 2026-03-01T19:20:43Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		License policy violation: nuget `microsoft.bcl.asyncinterfaces` under Unicode-3.0 License: Unicode-3.0 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: W3C-20150513 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: HP-1989 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: LPL-1.02 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) License: NIST-Software - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) From: src/OpenFga.Sdk.Test/OpenFga.Sdk.Test.csproj → `nuget/microsoft.bcl.asyncinterfaces@10.0.3` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.bcl.asyncinterfaces@10.0.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `system.diagnostics.diagnosticsource` under Unicode-3.0 License: Unicode-3.0 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: W3C-20150513 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: HP-1989 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: LPL-1.02 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) License: NIST-Software - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) From: src/OpenFga.Sdk/OpenFga.Sdk.csproj → `nuget/system.diagnostics.diagnosticsource@10.0.3` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/system.diagnostics.diagnosticsource@10.0.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `system.io.pipelines` under Unicode-3.0 License: Unicode-3.0 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: W3C-20150513 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: HP-1989 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: LPL-1.02 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) License: NIST-Software - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) From: src/OpenFga.Sdk.Test/OpenFga.Sdk.Test.csproj → `nuget/system.text.json@10.0.3` → `nuget/system.io.pipelines@10.0.3` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/system.io.pipelines@10.0.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `system.net.http.json` under Unicode-3.0 License: Unicode-3.0 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: W3C-20150513 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: HP-1989 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: LPL-1.02 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) License: NIST-Software - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) From: src/OpenFga.Sdk.Test/OpenFga.Sdk.Test.csproj → `nuget/system.net.http.json@10.0.3` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/system.net.http.json@10.0.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `system.text.encodings.web` under Unicode-3.0 License: Unicode-3.0 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: W3C-20150513 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: HP-1989 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: LPL-1.02 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) License: NIST-Software - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) From: src/OpenFga.Sdk.Test/OpenFga.Sdk.Test.csproj → `nuget/system.text.json@10.0.3` → `nuget/system.text.encodings.web@10.0.3` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/system.text.encodings.web@10.0.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `system.text.json` under Unicode-3.0 License: Unicode-3.0 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: W3C-20150513 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: HP-1989 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: LPL-1.02 - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) License: NIST-Software - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) From: src/OpenFga.Sdk.Test/OpenFga.Sdk.Test.csproj → `nuget/system.text.json@10.0.3` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/system.text.json@10.0.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.

View full report

dosubot · 2026-03-01T19:22:03Z

Related Documentation

Checked 7 published document(s) in 1 knowledge base(s). No updates required.

^{How did I do? Any feedback?}

dependabot bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Mar 1, 2026

Copilot AI review requested due to automatic review settings March 1, 2026 19:20

dependabot bot requested a review from a team as a code owner March 1, 2026 19:20

dependabot bot added dependencies Pull requests that update a dependency file .NET Pull requests that update .net code labels Mar 1, 2026

dependabot bot review requested due to automatic review settings March 1, 2026 19:20

curfew-marathon enabled auto-merge March 2, 2026 17:18

curfew-marathon approved these changes Mar 2, 2026

View reviewed changes

curfew-marathon added this pull request to the merge queue Mar 2, 2026

Merged via the queue into main with commit 5142c7d Mar 2, 2026
22 checks passed

curfew-marathon deleted the dependabot/nuget/src/OpenFga.Sdk.Test/dependencies-9097bd8fdf branch March 2, 2026 17:58

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the dependencies group with 5 updates#183

Bump the dependencies group with 5 updates#183
curfew-marathon merged 1 commit intomainfrom
dependabot/nuget/src/OpenFga.Sdk.Test/dependencies-9097bd8fdf

dependabot bot commented on behalf of github Mar 1, 2026

Uh oh!

socket-security bot commented Mar 1, 2026

Uh oh!

socket-security bot commented Mar 1, 2026

Uh oh!

dosubot bot commented Mar 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot bot commented on behalf of github Mar 1, 2026

8.0.0

Fixed

Improvements

Uh oh!

socket-security bot commented Mar 1, 2026

Uh oh!

socket-security bot commented Mar 1, 2026

Uh oh!

dosubot bot commented Mar 1, 2026

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant