Bump Autofac from 4.9.4 to 6.2.0

[dependabot-preview]

Bumps Autofac from 4.9.4 to 6.2.0.

Release notes

Sourced from Autofac's releases.

v6.2.0

Resolved issues / PRs:

• #215: You can now use RegisterAssemblyOpenGenericTypes to do assembly scanning and register open generics! (#1232 / #1246)
• #1211: Added ConfigurePipeline to IComponentRegistration to allow easier registration pipeline modification (related to #1211)
• #1238: Static and constructors are no longer considered for reflection (#1239)
• #1252: Behavior of ConcurrentBag on different platforms resulted in a memory leak in OnActivated usage; we now flush the ConcurrentBag of registrations on disposal of a lifetime scope (#1257)

v6.1.0

• Added direct support for .NET 5.
• Internals update to allow more dynamic reconfiguration of resolve pipelines.
• Fix #1204: Decorated instances marked with AllowCircularDependencies should now get properties injected correctly.
• Fix #1226: Constructor binders correctly detect ref parameters.

v6.0.0

Version 6.0.0 represents a major update in the Autofac internals. While every effort has been made to ensure code using version 5.x will continue to work exactly as you expect, you should be aware of the breaking changes and test things out. For the majority case, things should just continue to work; breaking changes are primarily in more rare advanced usage scenarios.

Check out the release blog post! Also, the documentation has been updated and is ready!

⚠️ Starting with Autofac 6.0, we now only target netstandard20 and netstandard21; we have removed the explicit target for net461.

The impact to you is that, while Autofac will still work on .NET Framework 4.6.1 as it did before, we strongly encourage you to upgrade to .NET Framework 4.7.2 or higher, as per the .NET Standard Documentation, to avoid any of the known dependency issues when using .NET Standard packages in .NET Framework 4.6.1.

New Features

There are a lot of new features, but the big ones are here. Other features and fixes will be outlined in the Issues section, below.

• Pipelines: This is the major change in Autofac v6 - all resolution activities internally now flow through pipelines, similar to how ASP.NET Core requests flow through pipelines. This allows for better customization in how things get resolved as well as enabling support for more new features.
• Composites: The composite pattern allows a collection of objects to be treated as though it's a single object.
• Diagnostics: Autofac v6 adds support for DiagnosticSource diagnostics. The core Autofac package ships with a default text-based diagnostic tracer and the new Autofac.Diagnostics.DotGraph package adds graphic tracing using DOT and Graphviz.
• Generic Delegate Registrations: You can now register an open generic associated with a delegate/lambda expression, allowing you to provide a custom factory to resolve generics just like you do with non-generic types.
• Concurrency Performance Improvements: We focused a lot on performance and have removed a lot of locking. In some highly-concurrent cases, we've seen a 4x speed increase.

Issues and PRs

The following issues have been addressed in v6:

• #718: Circular dependency support using property injection and relationships like Lazy<T> should now work.
• #788: DOT graph support has been added via the Autofac.Diagnostics.DotGraph package.
• #798 / #1148: Circular dependency handling uses the .NET runtime to check stack depth when checking for circular dependencies rather than using a fixed stack depth.
• #828: The ILifetimeScope.LifetimeScopeEnding event is raised and completes before the scope is disposed.
• #970: The composite pattern is now supported.
• #1069 / #1172: Core Autofac events are now async-friendly.
• #1120 / #1128: ContainerBuilder is now sealed.
• #1123: Explicitly injected properties can now be declared using an expression.
• #1126 / #1169: Diagnostics are handled via DiagnosticSource.
• #1162: A new "pooled" lifetime type has been added via the Autofac.Pooling package.

Breaking Changes

... (truncated)

Commits

• bf50d85 Semver => 6.2.0
• bd51483 Roll MyGet deployment key.
• f52dc4d Merge pull request #1257 from alistairjevans/develop
• ba23a02 Fix memory leak due to use of ConcurrentBag for registrations by ensuring we ...
• 3ca27f8 Merge pull request #1246 from RaymondHuy/OpenGenericScanningExtensions
• 3282ad8 add test case
• 67e0877 add missing testcase
• ec72623 Change method name
• 5c04bf6 Forgot WithAttributeFiltering on the test.
• 5959987 Added failing unit test for #1250
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot will not automatically merge this PR because it includes a major update to a production dependency.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language
• @dependabot badge me will comment on this PR with code to add a "Dependabot enabled" badge to your readme

Additionally, you can set the following in your Dependabot dashboard:

• Update frequency (including time of day and day of week)
• Pull request limits (per update run and/or open at any time)
• Automerge options (never/patch/minor, and dev/runtime dependencies)
• Out-of-range updates (receive only lockfile updates, if desired)
• Security updates (receive only security updates, if desired)