Skip to content

Bump MessagePack from 2.5.172 to 2.5.301#1

Merged
R0mb0 merged 1 commit into
mainfrom
dependabot/nuget/FPDF/FPDF/FPDF/MessagePack-2.5.301
Jun 30, 2026
Merged

Bump MessagePack from 2.5.172 to 2.5.301#1
R0mb0 merged 1 commit into
mainfrom
dependabot/nuget/FPDF/FPDF/FPDF/MessagePack-2.5.301

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 30, 2026

Copy link
Copy Markdown
Contributor

Updated MessagePack from 2.5.172 to 2.5.301.

Release notes

Sourced from MessagePack's releases.

2.5.301

Security release

This release fixes 2 high severity and 9 moderate severity security vulnerabilities as listed below.

This release is missing #​2269 from the v2.5.205 release. We recommend folks adopt the v2.5.302 release which has all the security fixes combined.

High severity advisory fixes

Moderage severity advisory fixes

Fixes with no security advisory

  • 814bc4c1 Honor TypeFormatter options hooks for CWE-470
  • b0f8c5e2 Fix WriteRawX methods to advance by written length
  • 0124048c Fix CWE-190 map header length overflow

2.5.205

What's Changed

New Contributors

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v2.5.192...v2.5.205

2.5.198

What's Changed

New Contributors

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v2.5.192...v2.5.198

2.5.192

What's Changed

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v2.5.187...v2.5.192

2.5.187

Changes:

  • #​2014: Use a collision-resistant hash algorithm for untrusted data to address GHSA-4qm4-8hg2-g2xm
  • #​2010: Update published security policy

This list of changes was auto generated.

Commits viewable in compare view.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

---
updated-dependencies:
- dependency-name: MessagePack
  dependency-version: 2.5.301
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code labels Jun 30, 2026
@codacy-production

Copy link
Copy Markdown

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity · 0 duplication

Metric Results
Complexity 0
Duplication 0

View in Codacy

NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.

@R0mb0 R0mb0 merged commit 5b8e9ea into main Jun 30, 2026
2 of 4 checks passed
@dependabot dependabot Bot deleted the dependabot/nuget/FPDF/FPDF/FPDF/MessagePack-2.5.301 branch June 30, 2026 09:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant