Skip to content

Bump the nuget group with 2 updates#13

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/nuget-d13a149723
Open

Bump the nuget group with 2 updates#13
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/nuget-d13a149723

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Feb 2, 2026

Updated Npgsql from 4.1.2 to 4.1.13.

Release notes

Sourced from Npgsql's releases.

4.1.13

This version contains a high-severity security patch for CVE-2024-32655 everyone is advised to upgrade.

Thanks to @​paul-gerste-sonarsource for reporting the vulnerability.

4.1.12

Fixes backported:

This release also brings VS2022 support to the Npgsql VSIX (which is otherwise discontinued).

4.1.9

This patch releases contains the following bug fixes:

  • TransactionScope seems not to work correctly from v4.0.0 when Enlist=true and pooling=false (#​3502)
  • JSON handler doesn't flush a buffer on write (#​3464)
  • Fixed writing and reading DateTime.Min/Max with ConvertInfinityDateTime for TimestampTz handler (#​3580)

4.1.8

The list of changes is available here.

4.1.7

This patch version contains several bug fixes, everyone is encouraged to upgrade.

The list of changes is available here.

4.1.6

This patch version contains several bug fixes, everyone is encouraged to upgrade.

The list of changes is available here.

4.1.5

This patch release contains an important update as an addition to bug fixes. Starting this version it's possible to use the NodaTime plugin without losing ability to have BCL date and time types in parameters or in query results. Many thanks @​davidroth who made this!

Everyone is encouraged to update.

The full list of changes is available here.

4.1.4

This patch version has been a long time coming, and includes many important bug fixes.

Note that starting with v4.1.4, the Detail property on PostgresException will be redacted by default, since PostgreSQL uses it to send potentially sensitive information (see #​2501) . The information can be included as before by specifying Include Error Detail on the connection string

The list of changes is available here.

4.1.3.1

4.1.3

Npgsql 4.1.3 includes some important bugfixes, everyone is encouraged to upgrade.

The list of changes is available here.

Commits viewable in compare view.

Updated SharpZipLib from 1.2.0 to 1.3.3.

Release notes

Sourced from SharpZipLib's releases.

1.3.3

Another minor release, containing security fixes and smaller bugfixes.

Fixes:

Smaller changes:

Other changes (not related to library code):

1.3.2

Another minor release, containing security fixes and smaller bugfixes.
Additionally, this version will have an additional target framework, .NET Standard 2.1, which will see some speed improvements when
used in newer versions of .NET (Core), mainly in Bzip2.

Features

Smaller fixes and optimizations

Other changes (not related to library code)

1.3.1

Minor release, mainly to address the incorrect file version of v1.3.0, but also contains some security fixes and performance improvements.

Highlights

  • Correct FileVersion and AssemblyVersion
  • Security fixes for ZipFile and Zip*Streams
  • Improved CRC32 performance
  • BZip2 compression support for Zip files

Features

Fixes

Other changes (not related to library code)

1.3.0

Highlights

  • AES encryption fixes and support in FastZip
  • File name encoding support for Tar
  • Improved Unix timestamp support
  • Better handling of entry file names
  • Fix errors with entries using Stored compression method

Changes

  • TarArchive.ExtractContents() now needs another parameter set to true to allow the extraction to traverse outside of the target directory.
  • TarArchive constructors now includes an Encoding parameter. Omitting it will discard any non-ASCII bytes in file names.

Fixes

  • [#​503] Consider AES overhead when testing encrypted folder entries by Richard Webb
  • [#​452] Ensure crypto streams are disposed in ZipFile.GetOutputStream by Richard Webb
  • [#​333] Handle unsupported compression methods in ZipInputStream better by Richard Webb
  • [#​402] Only convert entry.Name once when accessing updateIndex by Vladyslav Taranov
  • [#​353] Fix ZipFile.TestLocalHeader CompressionMethod resolving for AES entries by Richard Webb
  • [#​460] Account for AES overhead in compressed entry size by Richard Webb
  • [#​422] Change ZipOutputStream.PutNextEntry to explicity validate the requested compression method by Richard Webb
  • [#​467] Allow seeking a PartialInputStream to the very end by Víctor M. González
  • [#​440] Use CompressionMethodForHeader for header entries by Richard Webb
  • [#​420] Throw NotSupportedException in ZipFile.Add when trying to add AES entry by Richard Webb
  • [#​421] Have ZipFile.Add validate compression compability internally by Richard Webb
  • [#​387] Better handle baseStreams closing themselves unexpectedly by Richard Webb
  • [#​408] When searching for the Zip64 end of central directory locator, pay attention to its fixed size by Richard Webb
  • [#​406] Skip forced Deflate flush when using Stored compression by nils måsén
  • [#​362] Don&#​39;t call CleanName from the ZipEntry constructor by Richard Webb
  • [#​465] Use correct count in ZipAESStream.ReadBufferedData by Víctor M. González
  • [#​390] Ensure GZipOutputStream headers are written before flush by Richard Webb
  • [#​498] Use string.Trim to trim strings by Richard Webb
  • [#​432] Throw ArgumentNullException in BZip2 by Richard Webb
  • [#​519] Restrict path traversal on TarArchive extraction by nils måsén

Features

  • [#​201] Raise ProcessDirectory event for FastZip extract by Stevie-O
  • [#​380] Add support for AES encryption in FastZip.CreateZip by Richard Webb
  • [#​497] Transform new entry names using an INameTranform in ZipOutputStream by Richard Webb
  • [#​482] Add variants of FastZip.CreateZip taking IScanFilter instead of strings by Richard Webb
  • [#​455] Add FastZip.CreateZip with a leaveOpen parameter by Richard Webb
  • [#​433] Restore directory timestamps when extracting with FastZip by Richard Webb
  • [#​472] Allow ZipFile to accept empty strings as passwords when decrypting AES entries by Richard Webb
  • [#​364] Add nameEncoding parameter to Tar entries by Yusuke Ito
  • [#​463] Improve support for Unix timestamps in ZIP archives by Bastian Eicher

Other changes (not related to library code)

  • [#​346] Add a Security Policy by nils måsén
    ... (truncated)

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the nuget group with 2 updates
575f5e0 
Bumps Npgsql from 4.1.2 to 4.1.13
Bumps SharpZipLib from 1.2.0 to 1.3.3

---
updated-dependencies:
- dependency-name: Npgsql
  dependency-version: 4.1.13
  dependency-type: direct:production
  dependency-group: nuget
- dependency-name: SharpZipLib
  dependency-version: 1.3.3
  dependency-type: direct:production
  dependency-group: nuget
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code labels Feb 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants