Skip to content

v0.6.3: dependency updates and NuGet trusted publishing#3

Merged
StuartMeeks merged 1 commit into
mainfrom
release/0.6.3
Jun 10, 2026
Merged

v0.6.3: dependency updates and NuGet trusted publishing#3
StuartMeeks merged 1 commit into
mainfrom
release/0.6.3

Conversation

@StuartMeeks

@StuartMeeks StuartMeeks commented Jun 10, 2026

Copy link
Copy Markdown
Owner

Summary

  • Update all NuGet package references to latest (none were pinned).
  • Switch the publish CI job to OIDC-based NuGet trusted publishing, replacing the long-lived NUGET_API_KEY secret.
  • Bump version to 0.6.3 and add a CHANGELOG entry.

Package updates

Library

Package Old → New
Microsoft.Extensions.DependencyInjection.Abstractions 10.0.5 → 10.0.9
Microsoft.Extensions.Http 10.0.5 → 10.0.9
System.Security.Cryptography.ProtectedData 10.0.5 → 10.0.9
Spectre.Console 0.55.2 → 0.56.0
Microsoft.SourceLink.GitHub 8.0.0 → 10.0.300
Spectre.Console.Cli 0.55.0 (already latest stable)

Tests: Microsoft.NET.Test.Sdk 18.6.0, xunit 2.9.3, xunit.runner.visualstudio 3.1.5, coverlet.collector 10.0.1.

Trusted publishing

The publish job now requests id-token: write, exchanges the GitHub OIDC token for a short-lived nuget.org API key via NuGet/login@v1, and pushes with that key. Requires a trusted-publishing policy on nuget.org bound to this repo + ci.yml, and a NUGET_USER repo secret (configured separately).

Test plan

  • dotnet build -c Release — clean (0 warnings, TreatWarningsAsErrors on)
  • dotnet test -c Release — all 145 tests pass
  • First tagged publish (v0.6.3) exercises the trusted-publishing flow end to end

@smeeks-swo
v0.6.3: dependency updates and NuGet trusted publishing
dc7f1df 
Update all NuGet package references to latest (none were pinned):
- Microsoft.Extensions.* and System.Security.Cryptography.ProtectedData 10.0.5 -> 10.0.9
- Spectre.Console 0.55.2 -> 0.56.0 (Spectre.Console.Cli stays at 0.55.0, latest stable)
- Microsoft.SourceLink.GitHub 8.0.0 -> 10.0.300
- Test deps: Microsoft.NET.Test.Sdk 18.6.0, xunit 2.9.3, xunit.runner.visualstudio 3.1.5, coverlet.collector 10.0.1

Switch the publish job to OIDC trusted publishing via NuGet/login@v1,
replacing the long-lived NUGET_API_KEY secret with a short-lived key.

Build clean, all 145 tests pass.
@StuartMeeks StuartMeeks merged commit 3755584 into main Jun 10, 2026
3 checks passed
@StuartMeeks StuartMeeks deleted the release/0.6.3 branch June 10, 2026 02:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@StuartMeeks @smeeks-swo