Skip to content

chore: Bump MessagePack from 2.5.187 to 2.5.301#3750

Merged
chaokunyang merged 1 commit into
mainfrom
dependabot/nuget/benchmarks/csharp/MessagePack-2.5.301
Jun 12, 2026
Merged

chore: Bump MessagePack from 2.5.187 to 2.5.301#3750
chaokunyang merged 1 commit into
mainfrom
dependabot/nuget/benchmarks/csharp/MessagePack-2.5.301

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 11, 2026

Copy link
Copy Markdown
Contributor

Updated MessagePack from 2.5.187 to 2.5.301.

Release notes

Sourced from MessagePack's releases.

2.5.301

Security release

This release fixes 2 high severity and 9 moderate severity security vulnerabilities as listed below.

This release is missing #​2269 from the v2.5.205 release. We recommend folks adopt the v2.5.302 release which has all the security fixes combined.

High severity advisory fixes

Moderage severity advisory fixes

Fixes with no security advisory

  • 814bc4c1 Honor TypeFormatter options hooks for CWE-470
  • b0f8c5e2 Fix WriteRawX methods to advance by written length
  • 0124048c Fix CWE-190 map header length overflow

2.5.205

What's Changed

New Contributors

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v2.5.192...v2.5.205

2.5.198

What's Changed

New Contributors

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v2.5.192...v2.5.198

2.5.192

What's Changed

Full Changelog: MessagePack-CSharp/MessagePack-CSharp@v2.5.187...v2.5.192

Commits viewable in compare view.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump MessagePack from 2.5.187 to 2.5.301
7db697e 
---
updated-dependencies:
- dependency-name: MessagePack
  dependency-version: 2.5.301
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Jun 11, 2026
@chaokunyang chaokunyang changed the title Bump MessagePack from 2.5.187 to 2.5.301 chore: Bump MessagePack from 2.5.187 to 2.5.301 Jun 12, 2026
@chaokunyang chaokunyang merged commit 0f015a1 into main Jun 12, 2026
47 of 48 checks passed
@chaokunyang chaokunyang deleted the dependabot/nuget/benchmarks/csharp/MessagePack-2.5.301 branch June 12, 2026 05:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@chaokunyang chaokunyang chaokunyang approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@chaokunyang