chore: bump NuGet dependencies#1746
Open
waldekmastykarz wants to merge 2 commits into
Open
Conversation
- YamlDotNet from 18.0.0 to 18.1.0 - Microsoft.VisualStudio.Threading from 17.14.15 to 18.7.23 Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Contributor
There was a problem hiding this comment.
Pull request overview
This PR updates NuGet dependencies across Dev Proxy (notably Microsoft.VisualStudio.Threading and YamlDotNet) and adjusts certificate disk-cache loading to avoid synchronous file I/O flagged by newer VS Threading analyzers.
Changes:
- Bump
Microsoft.VisualStudio.Threadingto18.7.23and update the corresponding lock file entries. - Bump
YamlDotNetto18.1.0across the solution and lock files. - Make certificate loading from disk truly async by switching to
File.ReadAllBytesAsync(...).
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| DevProxy/Proxy/CertificateDiskCache.cs | Converts certificate file loading to async I/O to satisfy stricter threading analyzers. |
| DevProxy/packages.lock.json | Updates locked dependency graph for DevProxy (Threading + YamlDotNet and transitives). |
| DevProxy/DevProxy.csproj | Bumps direct reference to Microsoft.VisualStudio.Threading to 18.7.23. |
| DevProxy.Plugins/packages.lock.json | Updates locked dependency graph to align with YamlDotNet 18.1.0. |
| DevProxy.Abstractions/packages.lock.json | Updates locked dependency graph for YamlDotNet 18.1.0. |
| DevProxy.Abstractions/DevProxy.Abstractions.csproj | Bumps direct reference to YamlDotNet to 18.1.0. |
Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
garrytrinder
approved these changes
Jul 6, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps NuGet dependencies:
The Microsoft.VisualStudio.Threading 18.x update introduced a stricter VSTHRD103 analyzer rule that flagged
CertificateDiskCache.LoadCertificatefor synchronous blocking. Fixed by converting it to an async method usingFile.ReadAllBytesAsync.This PR consolidates what were previously separate dependabot PRs (#1737, #1745) that couldn't be merged due to branch protection rules requiring approval from someone other than the last pusher.