Skip to content

Bump Tmds.DBus from 0.9.1 to 0.92.0#1

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/nuget/src/Spotify.Dbus/Tmds.DBus-0.92.0
Open

Bump Tmds.DBus from 0.9.1 to 0.92.0#1
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/nuget/src/Spotify.Dbus/Tmds.DBus-0.92.0

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Apr 8, 2026

Updated Tmds.DBus from 0.9.1 to 0.92.0.

Release notes

Sourced from Tmds.DBus's releases.

0.92.0

This release addresses vulnerabilities from malicious senders in Tmds.DBus and Tmds.DBus.Protocol:

  • Check the signal sender is the owner of the well-known name (fb41b95, b429873)
  • Prevent spilling of unix fds to the next message and limit the number to 16 per message (4800917, f90642d)
  • Prevent unhandled exceptions on SynchronizationContext due to a malformed body sent by a malicious sender. (f0d9d0b, a64b8b9)

Advisory: GHSA-xrw6-gwf8-vvr9

0.91.1

Tmds.DBus.Generator/Tmds.DBus.Tool:

0.91.0

Changes:

Bug fixes/improvements:

0.90.3

0.90.2

Tmds.DBus.Generator/Tmds.DBus.Tool:

0.90.1

Tmds.DBus.Generator:

0.90.0

Tmds.DBus.Protocol

This release does some refactoring which requires changes from the user. The version is binary compatible with the previous version. Obsolete attributes indicate what changes a user should make.

  • These types have been renamed to be less generic:
`Connection` -> `DBusConnection` (https://github.com/tmds/Tmds.DBus/pull/373)
`Address` -> `DBusAddress` (https://github.com/tmds/Tmds.DBus/pull/372)
`ActionException` -> `ObserverHandler` (https://github.com/tmds/Tmds.DBus/pull/371)

When you have code that requires the Connection type, you can call DBusConnection.AsConnection().

DBusExceptionBase
├── DBusConnectionException
│   ├── DBusConnectionClosedException
│   │   └── DisconnectedException (obsolete -> DBusConnectionClosedException)
│   └── DBusConnectFailedException
│       └── ConnectException (obsolete -> DBusConnectFailedException)
└── DBusMessageException
    ├── DBusReadException
    ├── DBusErrorReplyException
    │   └── DBusException (obsolete -> DBusErrorReplyException)
    └── DBusUnexpectedValueException
        └── ProtocolException (obsolete -> DBusUnexpectedValueException)

Behavioral changes:

New APIs:

Tmds.DBus.Generator

Documentation

... (truncated)

0.23.0

Tmds.DBus.Protocol:

  • Protocol: add hierarchical path support and improved async handling for method handling. (#​360)
  • Protocol: use non-blocking SynchronizationContext.Post instead of Send for callbacks. (#​361)

0.22.0

Tmds.DBus:

Tmds.DBus.Protocol:

Tmds.DBus.Tool:

0.21.3

This release backports the fixes from 0.92.0 to Tmds.DBus.Protocol.

Advisory: GHSA-xrw6-gwf8-vvr9

0.21.2

Tmds.DBus.Protocol:

0.21.1

Removes public API that was added in 0.21.0:

0.21.0

Tmds.DBus.Protocol

In v0.17.0 support for NativeAOT safe variant handling was enabled through two types: VariantValue for reading variants,
and Variant for writing variants. The focus on this release is to support both reading and writing using the VariantValue type.
This enables writing back variants that were previously read.

The Variant type has been marked obsolete. Users should now be able to use the VariantValue type as a direct replacement.
Note that the Dict/Array/Struct types are not obsolete. They can be used for creating composite VariantValues.

The VariantValue type now behaves different for variants that hold other variants. Such variants are not common because
usually a variant will directly hold an actual (that is: non-variant) value. Variants that hold other variants are represented
as their own VariantValue instance with a Type of Variant. The nested variant value can be obtained by calling GetVariantValue.

There are some additional breaking API changes which shouldn't affect most users because involve low-level APIs for D-Bus marshalling and signature handling.

  • The Utf8Span type has been removed. APIs use ReadOnlySpan<byte> instead.
  • VariantValue.GetSignature returns a Signature (instead of a string).
  • VariantValue.GetArray<T> requires a T of Signature (instead of a string) for getting arrays of signature.
  • Reader.ReadSignature returns Signature instead of Utf8Span. ReadSignatureAsSignature has been removed. The new ReadSignatureAsSpan returns ReadOnlySpan<byte>.

Tmds.DBus.Tool

The following fixes have been made to the codegen command for the protocol API (in tmds/Tmds.DBus#307):

  • Generate writable properties for Set-methods only.
  • PropertyChanges: invalidated and changed are swapped.

0.20.0

Tmds.DBus.Protocol:

Tmds.DBus:

0.19.0

Tmds.DBus.Protocol:

0.18.0

Tmds.DBus.Protocol:

Tmds.DBus:

0.17.0

Main feature:
The focus of this release is improve trimming/NativeAOT support in the protocol library. Non-compatible members have been annotated and obsoleted. The library adds AOT-friendly types for reading and writing variants: VariantValue and Variant.

Other changes:

0.16.0

0.15.0

0.14.0

0.13.0

0.12.0

  • Initial release of Tmds.Dbus.Protocol library which provides a low-level protocol API for D-Bus
  • Tmds.Dbus.Tool: Generator outputs private fields as _camelCase rather than _PascalCase (#​171)
  • Tmds.Dbus.Tool: support .NET 7, drop support for .NET Core 3.1 (#​177)

0.11.0

0.10

Commits viewable in compare view.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump Tmds.DBus from 0.9.1 to 0.92.0
e5028c4 
---
updated-dependencies:
- dependency-name: Tmds.DBus
  dependency-version: 0.92.0
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code labels Apr 8, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants