Update 1 NuGet dependencies

[nfbot]

Bumps Nerdbank.GitVersioning from 3.8.118 to 3.9.50

[version update]

⚠️ This is an automated update. ⚠️

Summary by CodeRabbit

• Chores
  • Updated build system dependencies to enhance development tooling and compatibility.

[coderabbitai]

Walkthrough

Updated the Nerdbank.GitVersioning NuGet package dependency from version 3.8.118 to 3.9.50 in the packages lock file, including corresponding changes to requested range, resolved version, and content hash values.

Changes

Cohort / File(s)	Summary
Dependency Version Update nanoFramework.Aws.IoTCore.Devices/packages.lock.json	Updated Nerdbank.GitVersioning from 3.8.118 to 3.9.50 with associated metadata updates (requested range, resolved version, contentHash)

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

• Lock file update with no logic or code changes; straightforward dependency version bump

Possibly related PRs

• Update 2 NuGet dependencies #174: Modifies the same Nerdbank.GitVersioning dependency entry in packages.lock.json
• Update 1 NuGet dependencies #189: Updates the same Nerdbank.GitVersioning dependency entry with version changes

Pre-merge checks and finishing touches

✅ Passed checks (2 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title 'Update 1 NuGet dependencies' accurately describes the main change: a NuGet dependency (Nerdbank.GitVersioning) was updated from version 3.8.118 to 3.9.50.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch nfbot/update-dependencies/4221dd06-5e88-495b-8826-d05d8a270e69

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 3ccbe8f and 14e6661.

⛔ Files ignored due to path filters (2)

• nanoFramework.Aws.IoTCore.Devices/nanoFramework.Aws.IoTCore.Devices.nfproj is excluded by none and included by none
• nanoFramework.Aws.IoTCore.Devices/packages.config is excluded by none and included by none

📒 Files selected for processing (1)

• nanoFramework.Aws.IoTCore.Devices/packages.lock.json (1 hunks)

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify compatibility and security status of Nerdbank.GitVersioning 3.9.50.

This dependency update bumps the version from 3.8.118 to 3.9.50 (a minor version jump). While lock file format and JSON syntax appear valid, verify that:

1. No breaking changes were introduced in this minor version
2. The version is free from known security vulnerabilities
3. The update has been tested in the project's CI/CD pipeline

---

🌐 Web query:

What are the release notes and breaking changes for Nerdbank.GitVersioning versions 3.9.0 through 3.9.50?

💡 Result:

Short answer: There are no official stable "3.9.0 → 3.9.50" release notes or documented breaking-change entries on the project’s Releases page — the repository’s published releases on GitHub stop in the 3.8/3.7 series, and the 3.9.* builds visible on NuGet are prerelease builds (alpha) rather than formal GitHub releases. See the project releases page and the NuGet package listing for the available tags/versions. [1][2]

Sources:

• GitHub releases for dotnet/Nerdbank.GitVersioning (no stable 3.9.x release entries). [1]
• NuGet package listing showing 3.9.* prerelease versions (e.g. 3.9.37-alpha). [2]

If you want, I can:

• enumerate all 3.9.* prerelease package versions published to NuGet and copy their NuGet change notes (if any), or
• search the repository tags/commits between v3.8 and any 3.9.* tags to extract change details and potential breaking changes. Which would you prefer?

---

🌐 Web query:

Nerdbank.GitVersioning latest stable version security advisories

💡 Result:

Latest stable (non-prerelease) NuGet version: 3.8.118. [1][2]

Security advisories / known vulnerabilities: I found no public security advisories or CVEs for Nerdbank.GitVersioning; Snyk and NuGet/ProGet vulnerability scans report no known vulnerabilities. [3][4]

Sources:

• NuGet package page (3.8.118 stable). [1]
• NuGet profile showing newest prerelease (3.9.37-alpha) — indicates newer prerelease exists. [2]
• Snyk vulnerability listing (no direct vulnerabilities found). [3]
• NuGet/ProGet vulnerability view (no known vulnerabilities). [4]

---

Revert Nerdbank.GitVersioning to stable version 3.8.118.

The specified version 3.9.50 is a prerelease (alpha) build, while 3.8.118 is the latest stable version available. Production lock files should pin stable versions only. Revert this dependency to 3.8.118 unless prerelease was intentionally selected. No known security vulnerabilities exist for either version.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud