Bump MessagePack from 2.5.124 to 2.5.187#35

Open

dependabot[bot] wants to merge 1 commit intomasterfrom

dependabot/nuget/Benchmarks/Salar.Bois.BenchMessagePack/MessagePack-2.5.187

Contributor

dependabot bot commented on behalf of github Mar 27, 2026

Updated MessagePack from 2.5.124 to 2.5.187.

Release notes

Sourced from MessagePack's releases.

2.5.187

Changes:

#2014: Use a collision-resistant hash algorithm for untrusted data to address GHSA-4qm4-8hg2-g2xm
#2010: Update published security policy

This list of changes was auto generated.

2.5.172

What's Changed

Allow applying [MessagePackFormatter] on parameters and return values by @AArnott in Allow applying [MessagePackFormatter] on parameters and return values MessagePack-CSharp/MessagePack-CSharp#1901

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v2.5.171...v2.5.172

2.5.171

What's Changed

Add .NET 8 target to mpc by @AArnott in Add .NET 8 target to mpc MessagePack-CSharp/MessagePack-CSharp#1832
Allow writing to init property setters of generic classes on .NET 6+ by @AArnott in Allow writing to init property setters of generic classes on .NET 6+ MessagePack-CSharp/MessagePack-CSharp#1879

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v2.5.168...v2.5.171

2.5.168

What's Changed

fixing issue with backing field naming and serialization failing by @epitka in fixing issue with backing field naming and serialization failing MessagePack-CSharp/MessagePack-CSharp#1785
Feature/1804 locate formatters only if has elements inside by @nmi-relewise in Feature/1804 locate formatters only if has elements inside MessagePack-CSharp/MessagePack-CSharp#1805
Enable ignoring fields by using [NonSerialized] by @mookid8000 in Enable ignoring fields by using [NonSerialized] MessagePack-CSharp/MessagePack-CSharp#1808
Reduce nuget dependencies by @thompson-tomo in Reduce nuget dependencies MessagePack-CSharp/MessagePack-CSharp#1812
Raise perf tracking events when formatters are dynamically generated by @AArnott in Raise perf tracking events when formatters are dynamically generated MessagePack-CSharp/MessagePack-CSharp#1829

New Contributors

@epitka made their first contribution in fixing issue with backing field naming and serialization failing MessagePack-CSharp/MessagePack-CSharp#1785
@nmi-relewise made their first contribution in Feature/1804 locate formatters only if has elements inside MessagePack-CSharp/MessagePack-CSharp#1805
@mookid8000 made their first contribution in Enable ignoring fields by using [NonSerialized] MessagePack-CSharp/MessagePack-CSharp#1808
@thompson-tomo made their first contribution in Reduce nuget dependencies MessagePack-CSharp/MessagePack-CSharp#1812

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v2.5.140...v2.5.168

2.5.140

What's Changed

Fix releases links in README text by @KonH in Fix releases links in README text MessagePack-CSharp/MessagePack-CSharp#1688
Better constrain dictionary detection by @AArnott in Better constrain dictionary detection MessagePack-CSharp/MessagePack-CSharp#1687
Create FUNDING.yml by @AArnott in Create FUNDING.yml MessagePack-CSharp/MessagePack-CSharp#1693
Workaround mono runtime bug by @AArnott in Workaround mono runtime bug MessagePack-CSharp/MessagePack-CSharp#1696
Add MESSAGEPACK_FORCE_AOT preprocessor directive by @brwhelan-msft in Add MESSAGEPACK_FORCE_AOT preprocessor directive MessagePack-CSharp/MessagePack-CSharp#1701

New Contributors

@brwhelan-msft made their first contribution in Add MESSAGEPACK_FORCE_AOT preprocessor directive MessagePack-CSharp/MessagePack-CSharp#1701

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v2.5.129...v2.5.140

2.5.129

What's Changed

Remove long to int truncation of stream position by @AArnott in Remove long to int truncation of stream position MessagePack-CSharp/MessagePack-CSharp#1685

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v2.5.124...v2.5.129

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the Security Alerts page.


          Bump MessagePack from 2.5.124 to 2.5.187

43c2208

---
updated-dependencies:
- dependency-name: MessagePack
  dependency-version: 2.5.187
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

dependabot bot added dependencies .NET labels

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies .NET