Bump Microsoft.ComponentDetection.Contracts and 2 others

[dependabot]

Updated Microsoft.ComponentDetection.Contracts from 6.3.0 to 7.0.17.

Release notes

Sourced from Microsoft.ComponentDetection.Contracts's releases.

7.0.17

⚙️ Changes

• Bump mvn cli detector timeout to 9 min by @​zhenghao104 (#​1771)

7.0.16

⚙️ Changes

• Simplify PatternMatchingUtility by removing expression trees by @​JamieMagee (#​1766)
• Replace DotNet.Glob with Microsoft.Extensions.FileSystemGlobbing by @​JamieMagee (#​1767)

7.0.15

⚙️ Changes

• Reapply "Add OCI image support to Linux scanner (#​1708)" (#​1716) by @​jasonpaulos (#​1717)

7.0.14

⚙️ Changes

• Promote MavenWithFallback detector replacing MvnCli by @​zhenghao104 (#​1756)

7.0.13

⚙️ Changes

• Fix VcpkgComponent purl construction for names containing slashes by @​JamieMagee (#​1752)
• Reapply "Update packageurl-dotnet to 2.0.0-rc.2 (#​1730)" (#​1751) by @​JamieMagee (#​1753)

7.0.12

⚙️ Changes

• Revert: Bump packageurl-dotnet from 2.0.0-rc.2 to 1.0.0 by @​zhenghao104 (#​1751)
• Fix Docker scan timeout cancellation not working by @​AMaini503 (#​1729)

7.0.11

⚙️ Changes

• Bump packageurl-dotnet from 2.0.0-rc.2 to 2.0.0-rc.3 by @​JamieMagee (#​1737)
• Only run smoketests in PRs targetting main repository by @​grvillic (#​1736)

7.0.10

⚙️ Changes

• More maven parsing fix for experiment detector by @​zhenghao104 (#​1724)
• Bump werkzeug from 3.1.5 to 3.1.6 in /test/Microsoft.ComponentDetection.VerificationTests/resources/uv by @dependabot[bot] (#​1682)

🧰 Maintenance

• Bump release-drafter/release-drafter from 6.4.0 to 7.0.0 by @dependabot[bot] (#​1720)
• Bump step-security/harden-runner from 2.15.1 to 2.16.0 by @dependabot[bot] (#​1725)
• Bump shogo82148/actions-upload-release-asset from 1.9.2 to 1.10.0 by @dependabot[bot] (#​1726)
• Bump github/codeql-action from 4.32.6 to 4.33.0 by @dependabot[bot] (#​1727)
• Bump mshick/add-pr-comment from 2.8.2 to 3.9.0 by @dependabot[bot] (#​1728)

7.0.9

⚙️ Changes

• Allow prerelease dependency in Contracts NuGet package by @​JamieMagee (#​1731)

7.0.8

⚙️ Changes

• Update packageurl-dotnet to 2.0.0-rc.2 by @​JamieMagee (#​1730)
• [WIP] Fix NPM detector to differentiate packages by namespace by @copilot-swe-agent[bot] (#​1713)

7.0.7

⚙️ Changes

• Fix maven detector race conditions by @​zhenghao104 (#​1719)
• Revert "Add OCI image support to Linux scanner (#​1708)" by @​jasonpaulos (#​1716)
• Revert "Add Docker archive support to Linux scanner (#​1711)" by @​jasonpaulos (#​1715)

7.0.6

⚙️ Changes

• Add Docker archive support to Linux scanner by @​jasonpaulos (#​1711)
• Add OCI image support to Linux scanner by @​jasonpaulos (#​1708)

🧰 Maintenance

• Bump zizmorcore/zizmor-action from 0.5.0 to 0.5.2 by @dependabot[bot] (#​1706)

7.0.5

⚙️ Changes

• Fix submodule bug in MavenFallbackDetector by @​zhenghao104 (#​1685)
• Enable nullable types in Linux detector files by @​jasonpaulos (#​1709)

7.0.4

⚙️ Changes

• Mark detectors as public by @​JamieMagee (#​1707)

7.0.3

⚙️ Changes

• Revert some internal changes by @​JamieMagee (#​1705)

7.0.2

⚙️ Changes

• chore(deps): update release-drafter/release-drafter digest to 6a93d82 by @renovate[bot] (#​1701)
• Fix SwiftComponent.PackageUrl JSON property name collision on .NET 10 by @​JamieMagee (#​1704)
• Detect self-contained projects in DotNetComponentDetector by @​ericstj (#​1689)
• Run snapshot publish on a schedule by @​JamieMagee (#​1700)
• refactor: make Orchestrator implementation details internal by @​JamieMagee (#​1696)
• refactor: make Common implementation details internal by @​JamieMagee (#​1695)
• refactor: make detector implementation details internal by @​JamieMagee (#​1694)
• refactor: standardize InternalsVisibleTo in csproj files by @​JamieMagee (#​1690)
• [MSTest.Sdk] Cleanup property by @​Evangelink (#​1697)

🧰 Maintenance

• Bump release-drafter/release-drafter from 6.2.0 to 6.3.0 by @dependabot[bot] (#​1699)

7.0.1

⚙️ Changes

• Add LicenseConcluded and Suppliers to ScannedComponent by @​pauld-msft (#​1684)
• Use MSTest.Sdk and opt-in to MTP by @​Evangelink (#​1680)
• Update dependency Polly to 8.6.6 by @renovate[bot] (#​1691)

🧰 Maintenance

• Bump step-security/harden-runner from 2.14.2 to 2.15.1 by @dependabot[bot] (#​1688)
• Bump actions/upload-artifact from 6.0.0 to 7.0.0 by @dependabot[bot] (#​1676)
• Bump github/codeql-action from 4.32.3 to 4.32.6 by @dependabot[bot] (#​1686)
• Bump actions/setup-dotnet from 5.1.0 to 5.2.0 by @dependabot[bot] (#​1687)

7.0.0

⚙️ Changes

• Pauldorsch/public cd contract update by @​pauld-msft (#​1678)

6.5.0

⚙️ Changes

• Update dependency yamldotnet to v16 by @renovate[bot] (#​1659)
• Update vulnerable dependencies in verification test fixtures by @​JamieMagee (#​1670)
• Bump express, typescript, re2, @​types/react in pnpm verification test resources by @​JamieMagee (#​1665)
• Bump express, typescript, re2, @​types/react in yarn verification test resources by @​JamieMagee (#​1667)
• Bump commons-text to 1.12.0 in maven verification test resources by @​JamieMagee (#​1661)
• Bump Microsoft.Owin packages to 4.2.2 in nuget verification test resources by @​JamieMagee (#​1663)
• Bump go directive to 1.22 in verification test resources by @​JamieMagee (#​1660)
• Bump certifi, zipp, setuptools, azure-identity in pip verification test resources by @​JamieMagee (#​1664)
• Bump black, ipython in poetry verification test resources by @​JamieMagee (#​1666)
• Bump express, typescript, re2, @​types/react in npm verification test resources by @​JamieMagee (#​1662)
• Add application-layer Syft factories for 6 new ecosystems by @​JamieMagee (#​1632)
• Fix System.Text.Json MSB3277 version conflict by @​JamieMagee (#​1669)
• Fix snapshot verify workflow on Windows by @​JamieMagee (#​1668)
• Update dependency python to 3.14 by @renovate[bot] (#​1658)
• Update dotnet monorepo by @renovate[bot] (#​1644)
• Update dependency MinVer to v7 by @renovate[bot] (#​1656)
• Fix zizmor workflow security findings by @​JamieMagee (#​1657)
• Update dependency AwesomeAssertions to 9.4.0 by @renovate[bot] (#​1654)
• Update dependency Tomlyn.Signed to 0.20.0 by @renovate[bot] (#​1655)
• Update dependency Spectre.Console.Cli.Extensions.DependencyInjection to 0.23.0 by @renovate[bot] (#​1578)
• Update dependency MinVer to 6.1.0 by @renovate[bot] (#​1653)
• Bump urllib3 from 2.6.0 to 2.6.3 in /test/Microsoft.ComponentDetection.VerificationTests/resources/pip/parallel/parallel-test-2 by @dependabot[bot] (#​1652)
• Bump urllib3 from 2.2.1 to 2.6.3 in /test/Microsoft.ComponentDetection.VerificationTests/resources/pip/parallel/parallel-test-4 by @dependabot[bot] (#​1651)
• Bump requests from 2.28.1 to 2.32.4 in /test/Microsoft.ComponentDetection.Detectors.Tests/Mocks/InvalidJsonReport by @dependabot[bot] (#​1650)
• Bump urllib3 from 2.4.0 to 2.6.3 in /test/Microsoft.ComponentDetection.VerificationTests/resources/uv by @dependabot[bot] (#​1622)
• Bump urllib3 from 2.2.1 to 2.6.3 in /test/Microsoft.ComponentDetection.VerificationTests/resources/pip/parallel/parallel-test-3 by @dependabot[bot] (#​1649)
• Update dependency Serilog to 4.3.1 by @renovate[bot] (#​1648)
• Update release-drafter/release-drafter digest to 6db134d by @renovate[bot] (#​1647)
• Bump azure-core from 1.34.0 to 1.38.0 in /test/Microsoft.ComponentDetection.VerificationTests/resources/uv by @dependabot[bot] (#​1625)
• Update actions/setup-dotnet action to v5.1.0 by @renovate[bot] (#​1640)
• Update nuget monorepo to 7.3.0 by @renovate[bot] (#​1646)
• Update mstest monorepo to 4.1.0 by @renovate[bot] (#​1645)
• Update step-security/harden-runner action to v2.14.2 by @renovate[bot] (#​1639)
• Update zizmorcore/zizmor-action action to v0.5.0 by @renovate[bot] (#​1643)
• Update actions/setup-python digest to a309ff8 by @renovate[bot] (#​1635)
• Update github/codeql-action action to v4.32.3 by @renovate[bot] (#​1641)
• Update codecov/codecov-action action to v5.5.2 by @renovate[bot] (#​1637)
• Update stefanzweifel/git-auto-commit-action action to v7.1.0 by @renovate[bot] (#​1642)
• Update actions/checkout action to v6.0.2 by @renovate[bot] (#​1636)
• Update shogo82148/actions-upload-release-asset action to v1.9.2 by @renovate[bot] (#​1638)
• Bump cryptography from 45.0.3 to 46.0.5 in /test/Microsoft.ComponentDetection.VerificationTests/resources/uv by @dependabot[bot] (#​1634)
• Bump werkzeug from 3.1.3 to 3.1.5 in /test/Microsoft.ComponentDetection.VerificationTests/resources/uv by @dependabot[bot] (#​1623)
• Bump github.com/sirupsen/logrus from 1.8.1 to 1.8.3 in /test/Microsoft.ComponentDetection.VerificationTests/resources/go by @dependabot[bot] (#​1585)
• Bump requests from 2.31.0 to 2.32.4 in /test/Microsoft.ComponentDetection.VerificationTests/resources/pip/roots by @dependabot[bot] (#​1427)
• Bump urllib3 from 2.2.1 to 2.6.3 in /test/Microsoft.ComponentDetection.VerificationTests/resources/pip/parallel/parallel-test-5 by @dependabot[bot] (#​1609)
• Bump urllib3 from 2.2.1 to 2.6.3 in /test/Microsoft.ComponentDetection.VerificationTests/resources/pip/parallel/parallel-test-1 by @dependabot[bot] (#​1604)
• Bump urllib3 from 2.2.1 to 2.6.0 in /test/Microsoft.ComponentDetection.VerificationTests/resources/pip/parallel/parallel-test-2 by @dependabot[bot] (#​1589)
• Bump azure-core from 1.30.0 to 1.38.0 in /test/Microsoft.ComponentDetection.VerificationTests/resources/pip/roots by @dependabot[bot] (#​1611)
• Bump requests from 2.28.1 to 2.32.4 in /test/Microsoft.ComponentDetection.Detectors.Tests/Mocks/EmptyReport by @dependabot[bot] (#​1608)
  ... (truncated)

6.4.0

⚙️ Changes

• Maven combined detector experiment by @​zhenghao104 (#​1628)

Commits viewable in compare view.

Updated packageurl-dotnet from 1.1.0 to 2.0.0-rc.3.

Release notes

Sourced from packageurl-dotnet's releases.

2.0.0-rc.3

What's Changed

• Loosen golang namespace requirement by @​zhenghao104 in Loosen golang namespace requirement package-url/packageurl-dotnet#96

New Contributors

• @​zhenghao104 made their first contribution in Loosen golang namespace requirement package-url/packageurl-dotnet#96

Full Changelog: package-url/packageurl-dotnet@2.0.0-rc.2...2.0.0-rc.3

2.0.0-rc.2

What's Changed

• Add missing type normalization rules and namespace constraints from purl-spec by @​jpinz in Add missing type normalization rules and namespace constraints from purl-spec package-url/packageurl-dotnet#94

Full Changelog: package-url/packageurl-dotnet@2.0.0-rc.1...2.0.0-rc.2

2.0.0-rc.1

What's Changed

• Add Dependabot configuration by @​JamieMagee in Add Dependabot configuration package-url/packageurl-dotnet#34
• Bump xunit from 2.4.1 to 2.9.3 by @​dependabot[bot] in Bump xunit from 2.4.1 to 2.9.3 package-url/packageurl-dotnet#39
• Bump Newtonsoft.Json from 13.0.1 to 13.0.4 by @​dependabot[bot] in Bump Newtonsoft.Json from 13.0.1 to 13.0.4 package-url/packageurl-dotnet#38
• Bump Microsoft.SourceLink.GitHub from 1.1.1 to 10.0.103 by @​dependabot[bot] in Bump Microsoft.SourceLink.GitHub from 1.1.1 to 10.0.103 package-url/packageurl-dotnet#37
• Bump Microsoft.NET.Test.Sdk from 17.0.0 to 17.13.0 by @​dependabot[bot] in Bump Microsoft.NET.Test.Sdk from 17.0.0 to 17.13.0 package-url/packageurl-dotnet#36
• Bump xunit.runner.visualstudio from 2.4.3 to 3.0.2 by @​dependabot[bot] in Bump xunit.runner.visualstudio from 2.4.3 to 3.0.2 package-url/packageurl-dotnet#41
• Use .NET 10 to run tests by @​JamieMagee in Use .NET 10 to run tests package-url/packageurl-dotnet#43
• Bump xunit.runner.visualstudio from 3.0.2 to 3.1.5 by @​dependabot[bot] in Bump xunit.runner.visualstudio from 3.0.2 to 3.1.5 package-url/packageurl-dotnet#46
• Bump Microsoft.NET.Test.Sdk from 17.13.0 to 18.0.1 by @​dependabot[bot] in Bump Microsoft.NET.Test.Sdk from 17.13.0 to 18.0.1 package-url/packageurl-dotnet#45
• Fix type regex accepting + and , characters by @​JamieMagee in Fix type regex accepting + and , characters package-url/packageurl-dotnet#42
• Migrate to slnx by @​JamieMagee in Migrate to slnx package-url/packageurl-dotnet#49
• Bump dotnet-sdk from 10.0.102 to 10.0.103 by @​dependabot[bot] in Bump dotnet-sdk from 10.0.102 to 10.0.103 package-url/packageurl-dotnet#44
• Validate qualifier keys, fix value splitting, discard empties, catch dupes by @​JamieMagee in Validate qualifier keys, fix value splitting, discard empties, catch dupes package-url/packageurl-dotnet#47
• Migrate tests from xUnit v2 to v3 with Microsoft Testing Platform by @​JamieMagee in Migrate tests from xUnit v2 to v3 with Microsoft Testing Platform package-url/packageurl-dotnet#50
• Validate subpath, namespace segments, and empty names by @​JamieMagee in Validate subpath, namespace segments, and empty names package-url/packageurl-dotnet#51
• Bump actions/upload-artifact from 6.0.0 to 7.0.0 by @​dependabot[bot] in Bump actions/upload-artifact from 6.0.0 to 7.0.0 package-url/packageurl-dotnet#53
• Rewrite exception messages for clarity by @​JamieMagee in Rewrite exception messages for clarity package-url/packageurl-dotnet#54
• Migrate to file-scoped namespaces by @​JamieMagee in Migrate to file-scoped namespaces package-url/packageurl-dotnet#55
• Use NuGet Central Package Management by @​JamieMagee in Use NuGet Central Package Management package-url/packageurl-dotnet#56
• Replace System.Uri with lightweight checks in Parse() by @​JamieMagee in Replace System.Uri with lightweight checks in Parse() package-url/packageurl-dotnet#52
• Use culture-invariant case folding (ECMA-427 §5.5) by @​JamieMagee in Use culture-invariant case folding (ECMA-427 §5.5) package-url/packageurl-dotnet#57
• Implement equality semantics (ECMA-427 §2) by @​JamieMagee in Implement equality semantics (ECMA-427 §2) package-url/packageurl-dotnet#59
• Strip leading/trailing namespace slashes (ECMA-427 §5.6.3) by @​JamieMagee in Strip leading/trailing namespace slashes (ECMA-427 §5.6.3) package-url/packageurl-dotnet#60
• Use RFC 3986 percent-encoding in ToString() (ECMA-427 §5.4) by @​JamieMagee in Use RFC 3986 percent-encoding in ToString() (ECMA-427 §5.4) package-url/packageurl-dotnet#58
• Return trimmed subpath directly when no empty segments exist by @​JamieMagee in Return trimmed subpath directly when no empty segments exist package-url/packageurl-dotnet#65
• Use string.Join for namespace instead of += in a loop by @​JamieMagee in Use string.Join for namespace instead of += in a loop package-url/packageurl-dotnet#61
• Use LastIndexOf directly instead of Contains + LastIndexOf by @​JamieMagee in Use LastIndexOf directly instead of Contains + LastIndexOf package-url/packageurl-dotnet#66
• Pre-size StringBuilder in ToString based on component lengths by @​JamieMagee in Pre-size StringBuilder in ToString based on component lengths package-url/packageurl-dotnet#68
• Compare fields directly in Equals/GetHashCode instead of serializing to string by @​JamieMagee in Compare fields directly in Equals/GetHashCode instead of serializing to string package-url/packageurl-dotnet#64
• Skip byte[] and StringBuilder in PercentEncode when nothing needs encoding by @​JamieMagee in Skip byte[] and StringBuilder in PercentEncode when nothing needs encoding package-url/packageurl-dotnet#63
• Rewrite xmldoc comments by @​JamieMagee in Rewrite xmldoc comments package-url/packageurl-dotnet#69
• Rename PackageURL to PackageUrl by @​JamieMagee in Rename PackageURL to PackageUrl package-url/packageurl-dotnet#70
• Rewrite README by @​JamieMagee in Rewrite README package-url/packageurl-dotnet#71
• Switch NuGet publishing to OIDC trusted publishing by @​JamieMagee in Switch NuGet publishing to OIDC trusted publishing package-url/packageurl-dotnet#72
• Bump actions/download-artifact from 4.3.0 to 8.0.0 by @​dependabot[bot] in Bump actions/download-artifact from 4.3.0 to 8.0.0 package-url/packageurl-dotnet#76
• Bump actions/setup-dotnet from 5.1.0 to 5.2.0 by @​dependabot[bot] in Bump actions/setup-dotnet from 5.1.0 to 5.2.0 package-url/packageurl-dotnet#75
• Migrate from Newtonsoft.Json to System.Text.Json by @​JamieMagee in Migrate from Newtonsoft.Json to System.Text.Json package-url/packageurl-dotnet#74
• Use IndexOf+Substring instead of Contains+Split in ValidateQualifiers by @​JamieMagee in Use IndexOf+Substring instead of Contains+Split in ValidateQualifiers package-url/packageurl-dotnet#62
• Validate type with a char loop instead of a compiled regex by @​JamieMagee in Validate type with a char loop instead of a compiled regex package-url/packageurl-dotnet#67
• Enable nullable reference types by @​JamieMagee in Enable nullable reference types package-url/packageurl-dotnet#73
• Fix parsing of unencoded @ in namespace by @​JamieMagee in Fix parsing of unencoded @ in namespace package-url/packageurl-dotnet#80
• Use strict percent-decoding instead of form-decoding by @​JamieMagee in Use strict percent-decoding instead of form-decoding package-url/packageurl-dotnet#79
• Bump Microsoft.SourceLink.GitHub from 10.0.103 to 10.0.201 by @​dependabot[bot] in Bump Microsoft.SourceLink.GitHub from 10.0.103 to 10.0.201 package-url/packageurl-dotnet#84
• Bump dotnet-sdk from 10.0.103 to 10.0.201 by @​dependabot[bot] in Bump dotnet-sdk from 10.0.103 to 10.0.201 package-url/packageurl-dotnet#82
• Bump actions/download-artifact from 8.0.0 to 8.0.1 by @​dependabot[bot] in Bump actions/download-artifact from 8.0.0 to 8.0.1 package-url/packageurl-dotnet#81
• Use purl-spec v0.1 per-type test files by @​jpinz in Use purl-spec v0.1 per-type test files package-url/packageurl-dotnet#85
• Remove Directory.Build.rsp by @​jpinz in Remove Directory.Build.rsp package-url/packageurl-dotnet#88
• Remove explicit SourceLink package; .NET 8+ SDK includes it by @​jpinz in Remove explicit SourceLink package; .NET 8+ SDK includes it package-url/packageurl-dotnet#86
• Replace GitVersion with MinVer for versioning by @​jpinz in Replace GitVersion with MinVer for versioning package-url/packageurl-dotnet#89
  ... (truncated)

1.3.0

What's Changed

• Encoded purl components as per the PURL specification. by @​morended in Encoded purl components as per the PURL specification. package-url/packageurl-dotnet#23

New Contributors

• @​morended made their first contribution in Encoded purl components as per the PURL specification. package-url/packageurl-dotnet#23

Full Changelog: package-url/packageurl-dotnet@1.2.1...1.3.0

1.2.1

What's Changed

• Fix issues handling golang packages with multi-part namespaces. by @​jpinz in Fix issues handling golang packages with multi-part namespaces. package-url/packageurl-dotnet#20

New Contributors

• @​jpinz made their first contribution in Fix issues handling golang packages with multi-part namespaces. package-url/packageurl-dotnet#20

Full Changelog: package-url/packageurl-dotnet@1.2.0...1.2.1

1.2.0

What's Changed

• Standardize namespace and name normalization to match Python library by @​brbayes-msft in Standardize namespace and name normalization to match Python library package-url/packageurl-dotnet#22

New Contributors

• @​brbayes-msft made their first contribution in Standardize namespace and name normalization to match Python library package-url/packageurl-dotnet#22

Full Changelog: package-url/packageurl-dotnet@1.1.1...1.2.0

1.1.1

What's Changed

• npm package names should not be lowered by @​pmalmsten in npm package names should not be lowered package-url/packageurl-dotnet#19

New Contributors

• @​pmalmsten made their first contribution in npm package names should not be lowered package-url/packageurl-dotnet#19

Full Changelog: package-url/packageurl-dotnet@1.1.0...1.1.1

Commits viewable in compare view.

Updated System.Text.Json from 9.0.10 to 9.0.13.

Release notes

Sourced from System.Text.Json's releases.

9.0.13

Release

What's Changed

• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122508
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122747
• Update branding to 9.0.13 by @​vseanreesermsft in Update branding to 9.0.13 dotnet/runtime#122888
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122941
• [manual] Merge release/9.0-staging into release/9.0 by @​jeffhandley in [manual] Merge release/9.0-staging into release/9.0 dotnet/runtime#123113

Full Changelog: dotnet/runtime@v9.0.12...v9.0.13

9.0.12

Release

9.0.11

Release

What's Changed

• [release/9.0-staging] Fix DefaultIfEmptyIterator.TryGetElementAt returning default value for out-of-bounds indices by @​github-actions[bot] in [release/9.0-staging] Fix DefaultIfEmptyIterator.TryGetElementAt returning default value for out-of-bounds indices dotnet/runtime#119844
• [release/9.0-staging] Update dependencies from dotnet/cecil by @​dotnet-maestro[bot] in [release/9.0-staging] Update dependencies from dotnet/cecil dotnet/runtime#119981
• [automated] Merge branch 'release/9.0' => 'release/9.0-staging' by @​github-actions[bot] in [automated] Merge branch 'release/9.0' => 'release/9.0-staging' dotnet/runtime#119978
• [release/9.0-staging] Add acquire barrier to populate bit reading by @​github-actions[bot] in [release/9.0-staging] Add acquire barrier to populate bit reading dotnet/runtime#119967
• [release/9.0-staging] Bump System.Text.Json toolset version by @​github-actions[bot] in [release/9.0-staging] Bump System.Text.Json toolset version dotnet/runtime#113385
• [release/9.0-staging] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [release/9.0-staging] Update dependencies from dotnet/arcade dotnet/runtime#120034
• [release/9.0-staging] Update dependencies from dotnet/cecil by @​dotnet-maestro[bot] in [release/9.0-staging] Update dependencies from dotnet/cecil dotnet/runtime#120033
• [release/9.0-staging] Update dependencies from dotnet/source-build-reference-packages by @​dotnet-maestro[bot] in [release/9.0-staging] Update dependencies from dotnet/source-build-reference-packages dotnet/runtime#120020
• [release/9.0-staging] UnsafeAccessor - ambiguous name and signature match by @​AaronRobinsonMSFT in [release/9.0-staging] UnsafeAccessor - ambiguous name and signature match dotnet/runtime#120011
• [release/9.0] Bump OSX.12 helix queues to OSX.13 by @​steveisok in [release/9.0] Bump OSX.12 helix queues to OSX.13 dotnet/runtime#119814
• [release/9.0-staging] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [release/9.0-staging] Update dependencies from dotnet/arcade dotnet/runtime#120128
• [release/9.0-staging] Update dependencies from dotnet/cecil by @​dotnet-maestro[bot] in [release/9.0-staging] Update dependencies from dotnet/cecil dotnet/runtime#120129
• [release/9.0-staging] Update dependencies from dotnet/source-build-reference-packages by @​dotnet-maestro[bot] in [release/9.0-staging] Update dependencies from dotnet/source-build-reference-packages dotnet/runtime#120106
• [automated] Merge branch 'release/9.0' => 'release/9.0-staging' by @​github-actions[bot] in [automated] Merge branch 'release/9.0' => 'release/9.0-staging' dotnet/runtime#120057
• [release/9.0-staging] Update dependencies from dotnet/cecil by @​dotnet-maestro[bot] in [release/9.0-staging] Update dependencies from dotnet/cecil dotnet/runtime#120240
• [release/9.0] [mono] Make the compressed interface bitmap feature usable by @​BrzVlad in [release/9.0] [mono] Make the compressed interface bitmap feature usable dotnet/runtime#120154
• [release/9.0-staging] Remove an STJ deep nested object test causing occasional failures by @​github-actions[bot] in [release/9.0-staging] Remove an STJ deep nested object test causing occasional failures dotnet/runtime#120265
• [release/9.0-staging] Update dependencies from dotnet/hotreload-utils by @​dotnet-maestro[bot] in [release/9.0-staging] Update dependencies from dotnet/hotreload-utils dotnet/runtime#120331
• [release/9.0-staging] Detect if RSA-384 is supported on the platform by @​vcsjones in [release/9.0-staging] Detect if RSA-384 is supported on the platform dotnet/runtime#120382
• [release/9.0-staging] Load Standalone GC correctly in component scenarios. by @​github-actions[bot] in [release/9.0-staging] Load Standalone GC correctly in component scenarios. dotnet/runtime#120236
• [release/9.0-staging] [mono][hotreload] Make the runtime ignore an update if it is an empty one by @​github-actions[bot] in [release/9.0-staging] [mono][hotreload] Make the runtime ignore an update if it is an empty one dotnet/runtime#120335
• [release/9.0-staging] Update dependencies from dotnet/icu by @​dotnet-maestro[bot] in [release/9.0-staging] Update dependencies from dotnet/icu dotnet/runtime#120349
• [release/9.0-staging] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [release/9.0-staging] Update dependencies from dotnet/arcade dotnet/runtime#120397
• [release/9.0-staging] Update dependencies from dotnet/cecil by @​dotnet-maestro[bot] in [release/9.0-staging] Update dependencies from dotnet/cecil dotnet/runtime#120418
• [release/9.0-staging] Update dependencies from dotnet/xharness by @​dotnet-maestro[bot] in [release/9.0-staging] Update dependencies from dotnet/xharness dotnet/runtime#120425
• [release/9.0-staging] Update dependencies from dotnet/hotreload-utils by @​dotnet-maestro[bot] in [release/9.0-staging] Update dependencies from dotnet/hotreload-utils dotnet/runtime#120404
• [release/9.0-staging] Prevent format injection in hosting Windows PAL printf functions when redirected to file by @​jkoritzinsky in [release/9.0-staging] Prevent format injection in hosting Windows PAL printf functions when redirected to file dotnet/runtime#119786
• [release/9.0-staging] Update dependencies from dotnet/runtime-assets by @​dotnet-maestro[bot] in [release/9.0-staging] Update dependencies from dotnet/runtime-assets dotnet/runtime#120417
• Update branding to 9.0.11 by @​vseanreesermsft in Update branding to 9.0.11 dotnet/runtime#120474
• [release/9.0-staging] Update dependencies from dotnet/icu by @​dotnet-maestro[bot] in [release/9.0-staging] Update dependencies from dotnet/icu dotnet/runtime#120586
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#120409
• [release/9.0] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/arcade dotnet/runtime#120396
• [release/9.0-staging] [mono][interp] Fix various leaks, primarily around dynamic methods by @​BrzVlad in [release/9.0-staging] [mono][interp] Fix various leaks, primarily around dynamic methods dotnet/runtime#120600
• [release/9.0-staging] [mono][sgen] Fix incorrect condition when checking if we should do a major collection by @​github-actions[bot] in [release/9.0-staging] [mono][sgen] Fix incorrect condition when checking if we should do a major collection dotnet/runtime#120533
• [automated] Merge branch 'release/9.0' => 'release/9.0-staging' by @​github-actions[bot] in [automated] Merge branch 'release/9.0' => 'release/9.0-staging' dotnet/runtime#120570
• [manual] Merge release/9.0-staging into release/9.0 by @​PranavSenthilnathan in [manual] Merge release/9.0-staging into release/9.0 dotnet/runtime#120615
• Merging internal commits for release/9.0 by @​vseanreesermsft in Merging internal commits for release/9.0 dotnet/runtime#120719
• [release/9.0] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/arcade dotnet/runtime#120765
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#120779
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#120814
• [release/9.0] Update Microsoft.Build.* versions to 17.8.43 by @​PranavSenthilnathan in [release/9.0] Update Microsoft.Build.* versions to 17.8.43 dotnet/runtime#120820

Full Changelog: dotnet/runtime@v9.0.10...v9.0.11

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.

[dependabot]

Superseded by #1469.