Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump Akka from 1.3.10 to 1.4.46 in /server/Arcadia.Assistant.Feeds #795

Open
wants to merge 1 commit into
base: master
Choose a base branch
from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Nov 22, 2022

Bumps Akka from 1.3.10 to 1.4.46.

Release notes

Sourced from Akka's releases.

Akka.NET v1.4.46

1.4.46 November 15th 2022

Akka.NET v1.4.46 is a security patch for Akka.NET v1.4.45 but also includes some other fixes.

Security Advisory: Akka.NET v1.4.45 and earlier depend on an old System.Configuration.ConfigurationManager version 4.7.0 which transitively depends on System.Common.Drawing v4.7.0. The System.Common.Drawing v4.7.0 is affected by a remote code execution vulnerability GHSA-ghhp-997w-qr28.

We have separately created a security advisory for Akka.NET Versions < 1.4.46 and < 1.5.0-alpha3 to track this issue.

Fixes and Updates

You can see the full set of tracked issues for Akka.NET v1.4.46 here.

Changes:

  • 44d380826fdf4adf53cd34339f33842fccccf87e added v1.4.46 release notes (#6255)
  • 2b85598bc3121abe6bbd50f8caac369a77e46f9f Upgrade to Newtonsoft.Json 13.0.1 as minimum version (#6230) (#6252)
  • d6ba97a9108c60a0eb96316abedaab8528310e52 (cherry-picked from 94756d644d7bb1ae6e3b591222176d7a189205da) (#6253)
  • e94913cabd222f478dc2d4849667f82f2c8ae781 Make transport adapter messages public (#6250)
  • eeb156c649b2f6e55a0016c2e19ba1c2616fe308 [BACKPORT #6221] Report cause for Akka/IO TCP CommandFailed events (#6224) [ #22954 ]
  • dca908baf06d91f4c424af9c116a0d5f07b30054 Improve Akka.Cluster.Metrics collected values (#6203)
  • 61df6fca040f3df61e4229cf4513397594dae20e Separate wire protocol from internal models (#6206)
  • 9f84438ca4a04efb34b8f5a20ff1dc8c020a256b Make sure that DeadLetters published by DistributedPubSubMediator contain full context of topic (#6209)

This list of changes was auto generated.

Akka.NET v1.4.45

1.4.45 October 19th 2022

Akka.NET v1.4.45 is a patch release for Akka.NET v1.4 for a bug introduced in v1.4.44.

Patch

Changes:

  • 5f496e8e29b0f3bd2bbd2c8c7ce67fca8aa103cd Update RELEASE_NOTES.md for 1.4.45 release (#6202)
  • 90dde2581c8ae903b5cff7c585dcc6a8725ef2aa Revert ConfigurationException due to binary incompatibility (#6201)

This list of changes was auto generated.

Akka.NET v1.4.44

1.4.44 October 17th 2022

Akka.NET v1.4.44 is a maintenance release for Akka.NET v1.4 that contains numerous performance improvements in critical areas, including core actor message processing and Akka.Remote.

Performance Fixes

... (truncated)

Changelog

Sourced from Akka's changelog.

1.5.0-alpha3 November 15th 2022

Akka.NET v1.5.0-alpha3 is a security patch for Akka.NET v1.5.0-alpha2 but also includes some other fixes.

Security Advisory: Akka.NET v1.5.0-alpha2 and earlier depend on an old System.Configuration.ConfigurationManager version 4.7.0 which transitively depends on System.Common.Drawing v4.7.0. The System.Common.Drawing v4.7.0 is affected by a remote code execution vulnerability GHSA-ghhp-997w-qr28.

We have separately created a security advisory for Akka.NET Versions < 1.4.46 and < 1.5.0-alpha3 to track this issue.

Fixes and Updates

You can see the full set of tracked issues for Akka.NET v1.5.0 here.

1.5.0-alpha2 October 17th 2022

Akka.NET v1.5.0-alpha2 is a maintenance release for Akka.NET v1.5 that contains numerous performance improvements in critical areas, including core actor message processing and Akka.Remote.

Performance Fixes

In sum you should expect to see total memory consumption, garbage collection, and throughput improve when you upgrade to Akka.NET v1.5.0-alpha2.

Other Features and Improvements

1.5.0-alpha1 August 22 2022

Akka.NET v1.5.0-alpha1 is a major release that contains a lot of code improvement and rewrites/refactors. Major upgrades to Akka.Cluster.Sharding in particular.

Deprecation

Some codes and packages are being deprecated in v1.5

... (truncated)

Commits
  • 44d3808 added v1.4.46 release notes (#6255)
  • 2b85598 Upgrade to Newtonsoft.Json 13.0.1 as minimum version (#6230) (#6252)
  • d6ba97a (cherry-picked from 94756d644d7bb1ae6e3b591222176d7a189205da) (#6253)
  • e94913c Make transport adapter messages public (#6250)
  • eeb156c [BACKPORT #6221] Report cause for Akka/IO TCP CommandFailed events (#6224)
  • dca908b Improve Akka.Cluster.Metrics collected values (#6203)
  • 61df6fc Separate wire protocol from internal models (#6206)
  • 9f84438 Make sure that DeadLetters published by DistributedPubSubMediator contain...
  • 5f496e8 Update RELEASE_NOTES.md for 1.4.45 release (#6202)
  • 90dde25 Revert ConfigurationException due to binary incompatibility (#6201)
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [Akka](https://github.com/akkadotnet/akka.net) from 1.3.10 to 1.4.46.
- [Release notes](https://github.com/akkadotnet/akka.net/releases)
- [Changelog](https://github.com/akkadotnet/akka.net/blob/dev/RELEASE_NOTES.md)
- [Commits](akkadotnet/akka.net@v1.3.10...1.4.46)

---
updated-dependencies:
- dependency-name: Akka
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Nov 22, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file .NET Pull requests that update .net code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants