Update 1 NuGet dependencies

[nfbot]

Bumps Nerdbank.GitVersioning from 3.8.118 to 3.9.50

[version update]

⚠️ This is an automated update. ⚠️

Summary by CodeRabbit

• Chores
  • Updated versioning tool to latest compatible version for improved build stability and performance.

[coderabbitai]

Walkthrough

Updates the Nerdbank.GitVersioning dependency version in the lock file from 3.8.118 to 3.9.50, including the corresponding requested version range and content hash. No other dependencies are affected.

Changes

Cohort / File(s)	Summary
Dependency version bump nanoFramework.System.Net/packages.lock.json	Updates Nerdbank.GitVersioning from 3.8.118 to 3.9.50, including requested version "[3.9.50, 3.9.50]" and new contentHash

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~5 minutes

• Verify the version bump to 3.9.50 is intentional and compatible with the project
• Confirm the contentHash value is correctly updated for the new package version
• Check if any transitive dependency changes might result from this version bump

Possibly related PRs

• Update 1 NuGet dependencies #360: Also updates Nerdbank.GitVersioning in the same lock file (previous version bump: 3.7.115→3.8.118)
• Update 1 NuGet dependencies #336: Updates Nerdbank.GitVersioning dependency in packages.lock.json to a different target version
• Update 1 NuGet dependencies #330: Modifies the same file to update Nerdbank.GitVersioning dependency

Pre-merge checks and finishing touches

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Update 1 NuGet dependencies' accurately describes the main change: updating a NuGet dependency (Nerdbank.GitVersioning) in the lock file.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch nfbot/update-dependencies/1a46dd4d-8868-4c41-b1eb-044e356e59b2

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between fee0dfa and e80db3b.

⛔ Files ignored due to path filters (2)

• nanoFramework.System.Net/System.Net.nfproj is excluded by none and included by none
• nanoFramework.System.Net/packages.config is excluded by none and included by none

📒 Files selected for processing (1)

• nanoFramework.System.Net/packages.lock.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: System.Net (Build_Library)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify Nerdbank.GitVersioning 3.9.50 availability and security status.

The lock file format and structure are correct. However, before merging, confirm that the target package version exists on NuGet and contains no known security vulnerabilities or breaking changes.

---

🌐 Web query:

Is Nerdbank.GitVersioning version 3.9.50 available on NuGet and are there any known security advisories for this version?

💡 Result:

Short answer: No — Nerdbank.GitVersioning v3.9.50 is not listed on nuget.org; the NuGet feed shows releases up through 3.9.37-alpha. I found no public security advisories affecting v3.9.50 (security scans / vulnerability databases show no direct vulnerabilities). [1][2][3]

Sources:

• nuget.org package/profile (latest listed: 3.9.37-alpha). [1]
• Snyk package page (no direct vulnerabilities reported; shows a 3.9.50 entry for the NPM/npm-scoped package view). [2]
• Official GitHub repository (no security advisories listed for Nerdbank.GitVersioning). [3]

---

Revert Nerdbank.GitVersioning to an available version—3.9.50 does not exist on NuGet.

The package version 3.9.50 is not listed on nuget.org; the NuGet feed shows releases up through 3.9.37-alpha. This will cause package restore failures during build. Update the lock file to use version 3.9.37-alpha or investigate why the automated bot attempted to update to a non-existent version.

Lines 37-39 in nanoFramework.System.Net/packages.lock.json:

        "requested": "[3.9.50, 3.9.50]",
        "resolved": "3.9.50",
        "contentHash": "HtOgGF6jZ+WYbXnCUCYPT8Y2d6mIJo9ozjK/FINTRsXdm4Zgv9GehUMa7EFoGQkqrMcDJNOIDwCmENnvXg4UbA=="

🤖 Prompt for AI Agents

In nanoFramework.System.Net/packages.lock.json around lines 37 to 39, the lock
file pins Nerdbank.GitVersioning to a non-existent NuGet version
(requested/resolved "3.9.50"), causing restore failures; update the lock entry
to a valid published version (for example "3.9.37-alpha") or revert the bot
change: set both "requested" and "resolved" to the available version string and
regenerate or update the contentHash accordingly (or run dotnet restore/nuget
restore to regenerate the lock file) so the package restore succeeds.