dotnet-sdk-contrib Dependency Dashboard

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.
View this repository on the Mend.io Web Portal.

Pending Approval

The following branches are pending approval. To create them, click on a checkbox below.

[ ] chore(deps): update actions/setup-dotnet digest to 2016bd2
[ ] chore(deps): update github/codeql-action digest to fdbfb4d
[ ] chore(deps): update spec digest to 4c25d56
[ ] chore(deps): update src/openfeature.contrib.providers.flagd/flagd-testbed digest to 6948dcb
[ ] chore(deps): update src/openfeature.contrib.providers.flagd/schemas digest to a0b8e85
[ ] chore(deps): update src/openfeature.providers.gofeatureflag/wasm-releases digest to c4a6a24
[ ] chore(deps): update dependency jsonlogic to 5.4.3
[ ] chore(deps): update dependency newtonsoft.json to 13.0.4
[ ] chore(deps): update dependency openfeature.providers.ofrep to 0.1.3
[ ] chore(deps): update dotnet monorepo (Microsoft.AspNetCore.Mvc.Testing, Microsoft.AspNetCore.TestHost, Microsoft.Bcl.TimeProvider, Microsoft.Extensions.Configuration.Json, Microsoft.Extensions.Diagnostics.Testing, Microsoft.Extensions.Http, Microsoft.Extensions.Logging, Microsoft.Extensions.TimeProvider.Testing, System.Net.Http.WinHttpHandler, System.Text.Json, dotnet-sdk)
[ ] chore(deps): update dependency configcat.client to 9.4.3
[ ] chore(deps): update dependency google.protobuf to 3.33.1
[ ] chore(deps): update dependency grpc.tools to 2.76.0
[ ] chore(deps): update dependency microsoft.featuremanagement to 4.3.0
[ ] chore(deps): update dependency njsonschema to 11.5.2
[ ] chore(deps): update dependency nswag.msbuild to 14.6.3
[ ] chore(deps): update dependency openfeature to 2.9.0
[ ] chore(deps): update dependency statsig to 2.4.0
[ ] chore(deps): update dependency testcontainers to 4.9.0
[ ] chore(deps): update actions/checkout action to v6
[ ] chore(deps): update dependency reqnroll.microsoft.extensions.dependencyinjection to v3
[ ] chore(deps): update dependency reqnroll.xunit to v3
[ ] chore(deps): update dependency wasmtime to v34
[ ] chore(deps): update dotnet monorepo to v10 (major) (Microsoft.AspNetCore.Mvc.Testing, Microsoft.AspNetCore.TestHost, Microsoft.Bcl.TimeProvider, Microsoft.Extensions.Configuration, Microsoft.Extensions.Configuration.EnvironmentVariables, Microsoft.Extensions.Configuration.Json, Microsoft.Extensions.DependencyInjection, Microsoft.Extensions.Diagnostics.Testing, Microsoft.Extensions.Http, Microsoft.Extensions.Logging, Microsoft.Extensions.TimeProvider.Testing, System.Net.Http.Json, System.Net.Http.WinHttpHandler, System.Text.Json, dotnet-sdk)
[ ] 🔐 Create all pending approval PRs at once 🔐

Ignored or Blocked

The following updates are blocked by an existing closed PR. To recreate the PR, click on a checkbox below.

[ ] chore(deps): update dependency flagsmith to v8

Detected dependencies

git-submodules

.gitmodules

src/OpenFeature.Contrib.Providers.Flagd/schemas c707f563d0a1b35ebea802568c6d3151633bde31

spec 224b26e44ebfe21d1110d5b64d740c8a3055d398

src/OpenFeature.Contrib.Providers.Flagd/flagd-testbed e908fb7d19def6a4768ca90b02665075bbc1afbb

src/OpenFeature.Providers.GOFeatureFlag/wasm-releases 7ad9c3e69b785df3d72cfb98f5ed63d0cf20bb60

github-actions

.github/workflows/ci.yml

actions/checkout v5@93cb6efe18208431cddfb8368fd83d5badbf9bfd

actions/setup-dotnet v5@d4c94342e560b34958eacfc5d055d21461ed1c5d

actions/cache v4.3.0@0057852bfaa89a56745cba8c7296529d2fc39830

actions/checkout v5@93cb6efe18208431cddfb8368fd83d5badbf9bfd

actions/setup-dotnet v5@d4c94342e560b34958eacfc5d055d21461ed1c5d

actions/checkout v5@93cb6efe18208431cddfb8368fd83d5badbf9bfd

actions/setup-dotnet v5@d4c94342e560b34958eacfc5d055d21461ed1c5d

actions/cache v4.3.0@0057852bfaa89a56745cba8c7296529d2fc39830

actions/upload-artifact v5.0.0@330a01c490aca151604b8cf639adc76d48f6c5d4

.github/workflows/codeql-analysis.yml

actions/checkout v5@93cb6efe18208431cddfb8368fd83d5badbf9bfd

github/codeql-action v4@014f16e7ab1402f30e7c3329d33797e7948572db

github/codeql-action v4@014f16e7ab1402f30e7c3329d33797e7948572db

.github/workflows/component-owners.yml

dyladan/component-owners 58bd86e9814d23f1525d0a970682cead459fa783

.github/workflows/dco-merge-group.yml

.github/workflows/dotnet-format.yml

actions/checkout v5@93cb6efe18208431cddfb8368fd83d5badbf9bfd

actions/setup-dotnet v5@d4c94342e560b34958eacfc5d055d21461ed1c5d

actions/cache v4.3.0@0057852bfaa89a56745cba8c7296529d2fc39830

.github/workflows/lint-pr.yml

amannn/action-semantic-pull-request v6@48f256284bd46cdaab1048c3721360e808335d50

marocchino/sticky-pull-request-comment v2@773744901bac0e8cbb5a0dc842800d45e9b2b405

marocchino/sticky-pull-request-comment v2@773744901bac0e8cbb5a0dc842800d45e9b2b405

.github/workflows/release.yml

googleapis/release-please-action v4@16a9c90856f42705d54a6fda1823352bdc62cf38

actions/checkout v5@93cb6efe18208431cddfb8368fd83d5badbf9bfd

actions/setup-dotnet v5@d4c94342e560b34958eacfc5d055d21461ed1c5d

actions/cache v4.3.0@0057852bfaa89a56745cba8c7296529d2fc39830

NuGet/login v1@d22cc5f58ff5b88bf9bd452535b4335137e24544

actions/attest-build-provenance v3.0.0@977bb373ede98d70efdf65b84cb5f73e068dcc2a

CycloneDX/gh-dotnet-generate-sbom v1.0.1@c183e4ac30e5b99354cb9a98c38548e07c538346

actions/attest-sbom v3.0.0@4651f806c01d8637787e274ac3bdf724ef169f34

nuget

build/Common.props

Microsoft.NETFramework.ReferenceAssemblies 1.0.3

build/Common.tests.props

global.json

dotnet-sdk 9.0.306

src/OpenFeature.Contrib.Providers.ConfigCat/OpenFeature.Contrib.Providers.ConfigCat.csproj

OpenFeature [2.0,3.0)

ConfigCat.Client 9.3.2

src/OpenFeature.Contrib.Providers.EnvVar/OpenFeature.Contrib.Providers.EnvVar.csproj

OpenFeature [2.0,3.0)

src/OpenFeature.Contrib.Providers.FeatureManagement/OpenFeature.Contrib.Providers.FeatureManagement.csproj

OpenFeature [2.0,3.0)

Microsoft.FeatureManagement 4.0.0

src/OpenFeature.Contrib.Providers.Flagd/OpenFeature.Contrib.Providers.Flagd.csproj

Microsoft.CSharp 4.7.0

Grpc.Tools 2.71.0

Grpc.Net.Client 2.71.0

Google.Protobuf 3.30.2

Semver 3.0.0

NJsonSchema 11.0.0

murmurhash 1.0.3

JsonLogic 5.4.0

System.Net.Http.WinHttpHandler 8.0.2

src/OpenFeature.Contrib.Providers.Flagsmith/OpenFeature.Contrib.Providers.Flagsmith.csproj

System.Text.Json 8.0.5

OpenFeature [2.0,3.0)

Flagsmith 5.4.3

src/OpenFeature.Contrib.Providers.Flipt/OpenFeature.Contrib.Providers.Flipt.csproj

OpenFeature [2.0,3.0)

System.ComponentModel.Annotations 5.0.0

NSwag.MSBuild 14.3.0

System.Text.Json 8.0.5

System.Net.Http 4.3.4

src/OpenFeature.Contrib.Providers.Statsig/OpenFeature.Contrib.Providers.Statsig.csproj

OpenFeature [2.0,3.0)

Statsig 2.3.1

src/OpenFeature.Providers.GOFeatureFlag/OpenFeature.Providers.GOFeatureFlag.csproj

System.Net.Http 4.3.4

System.Text.Json 8.0.5

Wasmtime 22.0.0

OpenFeature.Providers.Ofrep 0.1.1

OpenFeature 2.7.0

src/OpenFeature.Providers.Ofrep/OpenFeature.Providers.Ofrep.csproj

System.Text.Json 8.0.5

System.Net.Http.Json 8.0.1

System.Net.Http 4.3.4

Microsoft.Bcl.TimeProvider 8.0.0

Microsoft.Extensions.Http 8.0.0

Microsoft.Extensions.Logging 8.0.0

test/OpenFeature.Contrib.Providers.ConfigCat.Test/OpenFeature.Contrib.Providers.ConfigCat.Test.csproj

AutoFixture.Xunit2 4.18.1

test/OpenFeature.Contrib.Providers.EnvVar.Test/OpenFeature.Contrib.Providers.EnvVar.Test.csproj

AutoFixture.Xunit2 4.18.1

test/OpenFeature.Contrib.Providers.FeatureManagement.Test/OpenFeature.Contrib.Providers.FeatureManagement.Test.csproj

Microsoft.Extensions.DependencyInjection 8.0.1

Microsoft.Extensions.Configuration.Json 8.0.1

test/OpenFeature.Contrib.Providers.Flagd.E2e.Common/OpenFeature.Contrib.Providers.Flagd.E2e.Common.csproj

Testcontainers 4.8.1

Reqnroll.xUnit 2.4.1

Reqnroll.Microsoft.Extensions.DependencyInjection 2.4.1

Microsoft.Extensions.Configuration.Json 8.0.0

Microsoft.Extensions.Configuration.EnvironmentVariables 8.0.0

Microsoft.Extensions.Configuration 8.0.0

test/OpenFeature.Contrib.Providers.Flagd.E2e.ProcessTest/OpenFeature.Contrib.Providers.Flagd.E2e.ProcessTest.csproj

Reqnroll.xUnit 2.4.1

test/OpenFeature.Contrib.Providers.Flagd.E2e.RpcTest/OpenFeature.Contrib.Providers.Flagd.E2e.RpcTest.csproj

Reqnroll.xUnit 2.4.1

test/OpenFeature.Contrib.Providers.Flagd.Test/OpenFeature.Contrib.Providers.Flagd.Test.csproj

Microsoft.Extensions.Diagnostics.Testing 9.4.0

Grpc 2.46.6

test/OpenFeature.Contrib.Providers.Flipt.Test/OpenFeature.Contrib.Providers.Flipt.Test.csproj

Moq 4.20.72

System.Net.Http 4.3.4

test/OpenFeature.Contrib.Providers.Statsig.Test/OpenFeature.Contrib.Providers.Statsig.Test.csproj

AutoFixture.Xunit2 4.18.1

test/OpenFeature.Providers.GOFeatureFlag.Test/OpenFeature.Providers.GOFeatureFlag.Test.csproj

Newtonsoft.Json 13.0.3

RichardSzalay.MockHttp 7.0.0

Wasmtime 22.0.0

test/OpenFeature.Providers.Ofrep.Test/OpenFeature.Providers.Ofrep.Test.csproj

OpenFeature.Hosting 2.9.0

Microsoft.AspNetCore.TestHost 9.0.9

Microsoft.AspNetCore.Mvc.Testing 9.0.9

Microsoft.Extensions.TimeProvider.Testing 9.9.0

renovate-config-presets

renovate.json

[ ] Check this box to trigger a request for Renovate to run again on this repository

Jul 04 '25 21:07 renovate[bot]

Looks like renovate hasn't run in quite a while

@askpt is renovate disabled on purpose or is it broken ?

Nov 18 '25 09:11 hoerup

Looks like renovate hasn't run in quite a while

@askpt is renovate disabled on purpose or is it broken ?

@hoerup Thanks for bringing this to my attention. The PRs for the dependencies are manually triggered by us. I will have a look later to see which ones we can trigger.

Nov 18 '25 10:11 askpt

Another thing that caught my eye

These 2 PR's were closed without merge https://github.com/open-feature/dotnet-sdk-contrib/pull/442 https://github.com/open-feature/dotnet-sdk-contrib/pull/441

But you use "recreateWhen": "never"

So renovate will never try to perform these updates again - is that also on purpose ?

Nov 18 '25 11:11 hoerup

Another thing that caught my eye

These 2 PR's were closed without merge #442 #441

But you use "recreateWhen": "never"

So renovate will never try to perform these updates again - is that also on purpose ?

@hoerup It is on purpose. We had some issues with the dependencies being recreated when we "closed" them. For packages, we don't want to force consumers to "bump" the transient dependencies, except in the event of a security incident.

For example, if you are using Ofrep v1, which has DepA v1.2. If your application uses DepA directly with v1.1, it may encounter dependency restoration issues. By targeting the lowest possible, we ensure you can control the version you want. Similar to this implementation: https://github.com/App-vNext/Polly/blob/0fb7b9822fecfa56a5306f9bb03579560c3ffbbd/Directory.Packages.props#L45

Nov 18 '25 11:11 askpt