Skip to content

Bump DependencyInjection.Lifetime.Analyzers and 13 others#322

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/nuget/dot-config/tests-0fe6b90f6c
Open

Bump DependencyInjection.Lifetime.Analyzers and 13 others#322
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/nuget/dot-config/tests-0fe6b90f6c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 17, 2026

Copy link
Copy Markdown
Contributor

Updated DependencyInjection.Lifetime.Analyzers from 2.18.0 to 2.18.24.

Release notes

Sourced from DependencyInjection.Lifetime.Analyzers's releases.

2.18.24

DependencyInjection.Lifetime.Analyzers 2.18.24

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI021/DI022 non-generic captured-scope resolutions — concurrent-handler analysis now recognizes exact framework IServiceProvider.GetService(typeof(T)) and GetRequiredService(typeof(T)) requests made through a scope or provider captured outside the handler. Literal typeof(T) is required, direct-static ordinal recovery is restricted to exact framework extension containers, and concrete provider implementations bind the requested type by semantic parameter type rather than parameter spelling. Provider-origin tracing preserves built-in identity, reference, and boxing conversions so existing generic/keyed resolution through captured value-type and IServiceProvider-constrained providers remains covered; constraint traversal is cycle-safe for temporarily invalid editor code. Runtime Type values, user-defined conversions on either the requested type or provider receiver, user-defined same-named helpers, and scopes created inside the handler remain silent.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.24

What changed

Fixed

  • DI021/DI022 non-generic captured-scope resolutions — concurrent-handler analysis now recognizes exact framework IServiceProvider.GetService(typeof(T)) and GetRequiredService(typeof(T)) requests made through a scope or provider captured outside the handler. Literal typeof(T) is required, direct-static ordinal recovery is restricted to exact framework extension containers, and concrete provider implementations bind the requested type by semantic parameter type rather than parameter spelling. Provider-origin tracing preserves built-in identity, reference, and boxing conversions so existing generic/keyed resolution through captured value-type and IServiceProvider-constrained providers remains covered; constraint traversal is cycle-safe for temporarily invalid editor code. Runtime Type values, user-defined conversions on either the requested type or provider receiver, user-defined same-named helpers, and scopes created inside the handler remain silent.

Learn more

2.18.23

DependencyInjection.Lifetime.Analyzers 2.18.23

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI027 otherwise-unused private subscription fields — a Subscribe(...) token assigned directly to a private field declared on the subscriber now reports when that field has no other symbol-bound reference across any partial declaration. Any later disposal, return, argument pass, reassignment, or other field access remains conservative and silent; inherited and externally accessible fields also stay silent because handling outside the subscriber cannot be ruled out.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.23

What changed

Fixed

  • DI027 otherwise-unused private subscription fields — a Subscribe(...) token assigned directly to a private field declared on the subscriber now reports when that field has no other symbol-bound reference across any partial declaration. Any later disposal, return, argument pass, reassignment, or other field access remains conservative and silent; inherited and externally accessible fields also stay silent because handling outside the subscriber cannot be ruled out.

Learn more

2.18.22

DependencyInjection.Lifetime.Analyzers 2.18.22

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI019 all-root conditional provider joins — provider aliases selected by a conditional expression now retain root-provider classification when both result arms are independently proven root providers through path-stable declarations or straight-line writes. Provider declarations and assignments are collected in source order, path stability propagates through copied aliases, later unclassified, deconstruction, coalescing-assignment, and ref/out writes invalidate older provider facts. Write facts become visible only after their right-hand side, initializer, or argument evaluation completes, and nested mutation events are processed before an enclosing write, so resolutions and alias copies observe the provider state that exists at that runtime point. Merely binding or retargeting a ref local preserves the referents' facts; source-positioned mappings ensure each actual later write and read follows only the referents active at that point, and reads classify the alias only when every possible storage agrees. A value write through a multi-referent ref alias invalidates every possible storage instead of falsely treating the write as definite for all referents. Conditional retargets, ref-conditional lvalues, and by-reference conditional arguments retain every possible referent. Forward or backward goto edges cannot make path-dependent facts stable. Field/property facts never qualify because source order cannot prove cross-method execution. Branch-, loop-, switch-, exception-, and short-circuit-dependent writes do not qualify. Deferred lambda and LINQ-query hazards become active from their creation point and survive later lexical assignments only for captured outer storage; local-function hazards likewise remain executable-wide for captured storage because the function is callable before its declaration. Locals and parameters owned by a deferred boundary retain ordinary path stability for declarations and straight-line writes, and control flow outside that owning boundary does not alter the write path executed inside it. Mixed root/scoped or unknown arms stay conservative.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.22

What changed

Fixed

  • DI019 all-root conditional provider joins — provider aliases selected by a conditional expression now retain root-provider classification when both result arms are independently proven root providers through path-stable declarations or straight-line writes. Provider declarations and assignments are collected in source order, path stability propagates through copied aliases, later unclassified, deconstruction, coalescing-assignment, and ref/out writes invalidate older provider facts. Write facts become visible only after their right-hand side, initializer, or argument evaluation completes, and nested mutation events are processed before an enclosing write, so resolutions and alias copies observe the provider state that exists at that runtime point. Merely binding or retargeting a ref local preserves the referents' facts; source-positioned mappings ensure each actual later write and read follows only the referents active at that point, and reads classify the alias only when every possible storage agrees. A value write through a multi-referent ref alias invalidates every possible storage instead of falsely treating the write as definite for all referents. Conditional retargets, ref-conditional lvalues, and by-reference conditional arguments retain every possible referent. Forward or backward goto edges cannot make path-dependent facts stable. Field/property facts never qualify because source order cannot prove cross-method execution. Branch-, loop-, switch-, exception-, and short-circuit-dependent writes do not qualify. Deferred lambda and LINQ-query hazards become active from their creation point and survive later lexical assignments only for captured outer storage; local-function hazards likewise remain executable-wide for captured storage because the function is callable before its declaration. Locals and parameters owned by a deferred boundary retain ordinary path stability for declarations and straight-line writes, and control flow outside that owning boundary does not alter the write path executed inside it. Mixed root/scoped or unknown arms stay conservative.

Learn more

2.18.21

DependencyInjection.Lifetime.Analyzers 2.18.21

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI015 Generic Host lifetime service fidelityMicrosoft.Extensions.Hosting.IHostLifetime, which the Generic Host registers as a singleton, now participates in the default framework-services assumption alongside IHostApplicationLifetime. Strict mode, same-named user types, and keyed requests still report; shared dependency analysis now preserves the key and lets explicit registrations override ambient framework lifetimes, so scoped IHostLifetime replacements remain visible to DI019 and DI020.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.21

What changed

Fixed

  • DI015 Generic Host lifetime service fidelityMicrosoft.Extensions.Hosting.IHostLifetime, which the Generic Host registers as a singleton, now participates in the default framework-services assumption alongside IHostApplicationLifetime. Strict mode, same-named user types, and keyed requests still report; shared dependency analysis now preserves the key and lets explicit registrations override ambient framework lifetimes, so scoped IHostLifetime replacements remain visible to DI019 and DI020.

Learn more

2.18.20

DependencyInjection.Lifetime.Analyzers 2.18.20

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI019 exact framework resolution extensions — same-named user-defined GetService* extensions no longer trigger root-scoped diagnostics merely because their receiver is an IServiceProvider. Both reduced and direct-static calls must now bind to the matching framework ServiceProviderServiceExtensions or ServiceProviderKeyedServiceExtensions container; real framework calls keep the existing root-provider analysis.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.20

What changed

Fixed

  • DI019 exact framework resolution extensions — same-named user-defined GetService* extensions no longer trigger root-scoped diagnostics merely because their receiver is an IServiceProvider. Both reduced and direct-static calls must now bind to the matching framework ServiceProviderServiceExtensions or ServiceProviderKeyedServiceExtensions container; real framework calls keep the existing root-provider analysis.

Learn more

2.18.19

DependencyInjection.Lifetime.Analyzers 2.18.19

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI016 null-coalescing throw guards — builder .Services registration flows now remain recognizable through an identity-preserving ?? throw guard, so (builder.Services ?? throw ...).BuildServiceProvider() reports like the unguarded call. Coalesces with an arbitrary fallback collection remain conservative and silent because the provider may be built from a different source.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.19

What changed

Fixed

  • DI016 null-coalescing throw guards — builder .Services registration flows now remain recognizable through an identity-preserving ?? throw guard, so (builder.Services ?? throw ...).BuildServiceProvider() reports like the unguarded call. Coalesces with an arbitrary fallback collection remain conservative and silent because the provider may be built from a different source.

Learn more

2.18.18

DependencyInjection.Lifetime.Analyzers 2.18.18

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI019 direct static service-resolution calls — root-provider analysis now recovers the provider from the bound ordinal-zero extension parameter for direct calls through ServiceProviderServiceExtensions, including non-generic overloads with reordered named arguments. Calls through scoped or otherwise unproven providers remain quiet, and the code fixer deliberately offers no rewrite for static-call syntax.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.18

What changed

Fixed

  • DI019 direct static service-resolution calls — root-provider analysis now recovers the provider from the bound ordinal-zero extension parameter for direct calls through ServiceProviderServiceExtensions, including non-generic overloads with reordered named arguments. Calls through scoped or otherwise unproven providers remain quiet, and the code fixer deliberately offers no rewrite for static-call syntax.

Learn more

2.18.17

DependencyInjection.Lifetime.Analyzers 2.18.17

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI003 IServiceCollection.Insert(0, ...) registrations — the shared registration collector now includes ServiceDescriptor registrations prepended at a compile-time-zero index, including reordered named arguments and concrete framework ServiceCollection receivers. Descriptor precedence models normal additions plus repeated prepends in runtime list order, so a prepended descriptor cannot falsely override a later descriptor; nonzero or dynamic indexes and source-defined concrete Insert bodies remain conservative and silent because their absolute position or mutation behavior is not provable.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.17

What changed

Fixed

  • DI003 IServiceCollection.Insert(0, ...) registrations — the shared registration collector now includes ServiceDescriptor registrations prepended at a compile-time-zero index, including reordered named arguments and concrete framework ServiceCollection receivers. Descriptor precedence models normal additions plus repeated prepends in runtime list order, so a prepended descriptor cannot falsely override a later descriptor; nonzero or dynamic indexes and source-defined concrete Insert bodies remain conservative and silent because their absolute position or mutation behavior is not provable.

Learn more

2.18.16

DependencyInjection.Lifetime.Analyzers 2.18.16

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI016 direct static BuildServiceProvider calls — registration-context analysis now recovers the IServiceCollection receiver from the bound extension parameter for ServiceCollectionContainerBuilderExtensions.BuildServiceProvider(...). Builder .Services flows report in ordinary methods and top-level statements even with named/reordered arguments, while provider-factory methods that intentionally return IServiceProvider remain quiet.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.16

What changed

Fixed

  • DI016 direct static BuildServiceProvider calls — registration-context analysis now recovers the IServiceCollection receiver from the bound extension parameter for ServiceCollectionContainerBuilderExtensions.BuildServiceProvider(...). Builder .Services flows report in ordinary methods and top-level statements even with named/reordered arguments, while provider-factory methods that intentionally return IServiceProvider remain quiet.

Learn more

2.18.15

DependencyInjection.Lifetime.Analyzers 2.18.15

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI025/DI026 identity-preserving publisher casts — event subscriptions now retain injected-receiver lifetime proofs through identity and reference casts, including constructor parameters, injected fields, and already-proven stable receiver chains. Matching unsubscriptions canonicalize across casted and uncast syntax, while user-defined conversions and unstable chains remain conservative and silent; DI027 and the code fixer are unchanged.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.15

What changed

Fixed

  • DI025/DI026 identity-preserving publisher casts — event subscriptions now retain injected-receiver lifetime proofs through identity and reference casts, including constructor parameters, injected fields, and already-proven stable receiver chains. Matching unsubscriptions canonicalize across casted and uncast syntax, while user-defined conversions and unstable chains remain conservative and silent; DI027 and the code fixer are unchanged.

Learn more

2.18.14

DependencyInjection.Lifetime.Analyzers 2.18.14

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI018 value-type activation fidelity — default structs and enums registered by implementation type now report because the default container's reflection path cannot see their synthetic parameterless constructors and fails at first resolution. Structs with an explicitly declared public constructor remain valid, while factory and implementation-instance registrations stay quiet.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.14

What changed

Fixed

  • DI018 value-type activation fidelity — default structs and enums registered by implementation type now report because the default container's reflection path cannot see their synthetic parameterless constructors and fails at first resolution. Structs with an explicitly declared public constructor remain valid, while factory and implementation-instance registrations stay quiet.

Learn more

2.18.13

DependencyInjection.Lifetime.Analyzers 2.18.13

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI021 stable shared lock monitors — lock suppression now rejects monitor fields, outer locals, and captured parameters that the concurrent handler writes. Replacing the monitor inside an invocation can make handlers lock different objects, so those shared-state accesses continue to report; stable shared monitors remain valid serialization guards.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.13

What changed

Fixed

  • DI021 stable shared lock monitors — lock suppression now rejects monitor fields, outer locals, and captured parameters that the concurrent handler writes. Replacing the monitor inside an invocation can make handlers lock different objects, so those shared-state accesses continue to report; stable shared monitors remain valid serialization guards.

Learn more

2.18.12

DependencyInjection.Lifetime.Analyzers 2.18.12

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI021 invocation-local lock parameters — serialization suppression now requires a parameter monitor to be declared outside the concurrent handler. Locking the handler's own parameter no longer hides shared-state diagnostics because different invocations can receive different monitor objects; a parameter captured from the enclosing method remains a valid shared lock.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.12

What changed

Fixed

  • DI021 invocation-local lock parameters — serialization suppression now requires a parameter monitor to be declared outside the concurrent handler. Locking the handler's own parameter no longer hides shared-state diagnostics because different invocations can receive different monitor objects; a parameter captured from the enclosing method remains a valid shared lock.

Learn more

2.18.11

DependencyInjection.Lifetime.Analyzers 2.18.11

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI021/DI022 symbol-bound concurrency knobs — strengthen-only fallback scans now accept a constant concurrency value only when the assignment binds to the expected SDK option property for Service Bus, RabbitMQ, ParallelOptions, or TPL Dataflow. Unrelated user properties with names such as MaxConcurrentCalls or ConsumerDispatchConcurrency no longer upgrade a config-gated DI022 Info diagnostic into a false DI021 Warning.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.11

What changed

Fixed

  • DI021/DI022 symbol-bound concurrency knobs — strengthen-only fallback scans now accept a constant concurrency value only when the assignment binds to the expected SDK option property for Service Bus, RabbitMQ, ParallelOptions, or TPL Dataflow. Unrelated user properties with names such as MaxConcurrentCalls or ConsumerDispatchConcurrency no longer upgrade a config-gated DI022 Info diagnostic into a false DI021 Warning.

Learn more

2.18.10

DependencyInjection.Lifetime.Analyzers 2.18.10

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI017 MEDI constructor-set fidelity — circular-dependency analysis now mirrors the default container's resolvable-constructor ambiguity rule: the greediest constructor is selected only when its resolved service-identifier set contains every other resolvable constructor's service identifiers. Equivalent constructors whose parameters are reordered now expose real cycles, while non-superset constructor sets — including same-typed keyed parameters requesting different keys — stay silent because the container rejects them as ambiguous before activation.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.10

What changed

Fixed

  • DI017 MEDI constructor-set fidelity — circular-dependency analysis now mirrors the default container's resolvable-constructor ambiguity rule: the greediest constructor is selected only when its resolved service-identifier set contains every other resolvable constructor's service identifiers. Equivalent constructors whose parameters are reordered now expose real cycles, while non-superset constructor sets — including same-typed keyed parameters requesting different keys — stay silent because the container rejects them as ambiguous before activation.

Learn more

2.18.9

DependencyInjection.Lifetime.Analyzers 2.18.9

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI014 conditional/coalesce ownership transfer — root-provider disposal and caller-ownership proofs now follow BuildServiceProvider() results through ternary arms and null-coalescing operands. Returned providers and providers assigned to reliably disposed locals, fields, or properties no longer produce false positives, including nested transparent wrappers; user-defined conversions still break the same-instance proof and report.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.9

What changed

Fixed

  • DI014 conditional/coalesce ownership transfer — root-provider disposal and caller-ownership proofs now follow BuildServiceProvider() results through ternary arms and null-coalescing operands. Returned providers and providers assigned to reliably disposed locals, fields, or properties no longer produce false positives, including nested transparent wrappers; user-defined conversions still break the same-instance proof and report.

Learn more

2.18.8

DependencyInjection.Lifetime.Analyzers 2.18.8

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI020 direct static UseMiddleware calls — middleware activation analysis now recognizes generic and direct-typeof(T) non-generic calls made through the framework UseMiddlewareExtensions class. Receiver, middleware, and explicit activation arguments are bound by declared parameter, including reordered named arguments and expanded params; runtime Type values and user-defined same-named static helpers remain conservative and silent.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.8

What changed

Fixed

  • DI020 direct static UseMiddleware calls — middleware activation analysis now recognizes generic and direct-typeof(T) non-generic calls made through the framework UseMiddlewareExtensions class. Receiver, middleware, and explicit activation arguments are bound by declared parameter, including reordered named arguments and expanded params; runtime Type values and user-defined same-named static helpers remain conservative and silent.

Learn more

2.18.7

DependencyInjection.Lifetime.Analyzers 2.18.7

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI024 direct private helper loops — hosted-service analysis now follows one-hop, directly invoked private helpers in the same type declaration and applies the existing helper-local scope/service loop checks. Unsafe helper-local reuse now reports, while uncalled helpers, deferred lambda/local-function/query invocations, transitive helpers, and cross-method field flow remain conservative and silent.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.7

What changed

Fixed

  • DI024 direct private helper loops — hosted-service analysis now follows one-hop, directly invoked private helpers in the same type declaration and applies the existing helper-local scope/service loop checks. Unsafe helper-local reuse now reports, while uncalled helpers, deferred lambda/local-function/query invocations, transitive helpers, and cross-method field flow remain conservative and silent.

Learn more

2.18.6

DependencyInjection.Lifetime.Analyzers 2.18.6

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI024 keyed service resolution — hosted-service reuse analysis now carries the compile-time service key through generic and direct-typeof(T) non-generic GetKeyedService/GetRequiredKeyedService calls. Keyed scoped services resolved once before a process-lifetime loop report, while scopes used only for the matching keyed singleton no longer warn; dynamic keys remain conservative and silent.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.6

What changed

Fixed

  • DI024 keyed service resolution — hosted-service reuse analysis now carries the compile-time service key through generic and direct-typeof(T) non-generic GetKeyedService/GetRequiredKeyedService calls. Keyed scoped services resolved once before a process-lifetime loop report, while scopes used only for the matching keyed singleton no longer warn; dynamic keys remain conservative and silent.

Learn more

2.18.5

DependencyInjection.Lifetime.Analyzers 2.18.5

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI024 non-generic service resolution — hosted-service reuse analysis now understands framework GetRequiredService(typeof(T)) and IServiceProvider.GetService(typeof(T)) calls, including casts and null-forgiving wrappers. Scoped services resolved once before a process-lifetime loop report, while scopes used only for registration-proven singletons no longer produce an opaque-use warning; runtime Type values and user-defined same-named methods remain conservative and silent.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.5

What changed

Fixed

  • DI024 non-generic service resolution — hosted-service reuse analysis now understands framework GetRequiredService(typeof(T)) and IServiceProvider.GetService(typeof(T)) calls, including casts and null-forgiving wrappers. Scoped services resolved once before a process-lifetime loop report, while scopes used only for registration-proven singletons no longer produce an opaque-use warning; runtime Type values and user-defined same-named methods remain conservative and silent.

Learn more

2.18.4

DependencyInjection.Lifetime.Analyzers 2.18.4

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI024 nested logical negation — hosted-service loop analysis now reduces nested ! operators by polarity before applying the existing cancellation, conjunction, disjunction, and De Morgan rules. Odd-parity cancellation loops such as while (!(!(!token.IsCancellationRequested))) report, while even-parity conditions and cancellation-plus-counter bounded loops remain silent.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.4

What changed

Fixed

  • DI024 nested logical negation — hosted-service loop analysis now reduces nested ! operators by polarity before applying the existing cancellation, conjunction, disjunction, and De Morgan rules. Odd-parity cancellation loops such as while (!(!(!token.IsCancellationRequested))) report, while even-parity conditions and cancellation-plus-counter bounded loops remain silent.

Learn more

2.18.3

DependencyInjection.Lifetime.Analyzers 2.18.3

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI027 direct self-observer subscriptions — discarded BCL subscriptions such as observable.Subscribe(this) now report when this is bound to an IObserver<T> parameter, because the longer-lived observable directly retains the shorter-lived subscriber. Separate observer objects and non-observer overloads remain silent.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.3

What changed

Fixed

  • DI027 direct self-observer subscriptions — discarded BCL subscriptions such as observable.Subscribe(this) now report when this is bound to an IObserver<T> parameter, because the longer-lived observable directly retains the shorter-lived subscriber. Separate observer objects and non-observer overloads remain silent.

Learn more

2.18.2

DependencyInjection.Lifetime.Analyzers 2.18.2

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI027 direct static extension calls — Rx subscriptions invoked as ObservableExtensions.Subscribe(source, handler) now receive the same discarded-token and lifetime analysis as source.Subscribe(handler). Bound extension-parameter mapping preserves named and reordered arguments, while non-extension static helpers and static callbacks remain silent.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.2

What changed

Fixed

  • DI027 direct static extension calls — Rx subscriptions invoked as ObservableExtensions.Subscribe(source, handler) now receive the same discarded-token and lifetime analysis as source.Subscribe(handler). Bound extension-parameter mapping preserves named and reordered arguments, while non-extension static helpers and static callbacks remain silent.

Learn more

2.18.1

DependencyInjection.Lifetime.Analyzers 2.18.1

Compile-time DI diagnostics for Microsoft.Extensions.DependencyInjection projects that want earlier feedback on lifetime bugs, scope leaks, service locator drift, and unresolvable registrations.

Why install or upgrade

  • DI024 compound cancellation loops — hosted-service scope-per-iteration analysis now recognises parenthesised && and || compositions of long-running loop conditions and applies De Morgan semantics to negated cancellation-token conditions. Hoisted scopes and scoped services are reported when the compound condition can run for the host lifetime, while bounded conjunctions and unproven conditions remain silent.

Install

dotnet add package DependencyInjection.Lifetime.Analyzers --version 2.18.1

What changed

Fixed

  • DI024 compound cancellation loops — hosted-service scope-per-iteration analysis now recognises parenthesised && and || compositions of long-running loop conditions and applies De Morgan semantics to negated cancellation-token conditions. Hoisted scopes and scoped services are reported when the compound condition can run for the host lifetime, while bounded conjunctions and unproven conditions remain silent.

Learn more

Commits viewable in compare view.

Updated HarfBuzzSharp.NativeAssets.Linux from 14.2.1 to 14.2.1.1.

Updated iTextSharp.LGPLv2.Core from 3.8.1 to 3.8.2.

Release notes

Sourced from iTextSharp.LGPLv2.Core's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Http.Polly from 9.0.0 to 9.0.18.

Release notes

Sourced from Microsoft.Extensions.Http.Polly's releases.

9.0.18

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.17...v9.0.18

9.0.17

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.16...v9.0.17

9.0.16

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.15...v9.0.16

9.0.15

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.14...v9.0.15

9.0.14

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.13...v9.0.14

9.0.13

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.12...v9.0.13)

9.0.12

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.11...v9.0.12

9.0.11

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.10...v9.0.11

9.0.10

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.9...v9.0.10

9.0.9

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.8...v9.0.9

9.0.7

Release

What's Changed

Description has been truncated

Bumps DependencyInjection.Lifetime.Analyzers from 2.18.0 to 2.18.24
Bumps HarfBuzzSharp.NativeAssets.Linux from 14.2.1 to 14.2.1.1
Bumps iTextSharp.LGPLv2.Core from 3.8.1 to 3.8.2
Bumps Microsoft.Extensions.Http.Polly to 9.0.18, 10.0.10
Bumps Microsoft.NET.Test.Sdk from 18.7.0 to 18.8.1
Bumps Microsoft.SourceLink.GitHub from 10.0.300 to 10.0.301
Bumps microsoft.web.librarymanager.cli from 3.0.71 to 3.0.114
Bumps MSTest.TestAdapter from 4.3.0 to 4.3.2
Bumps MSTest.TestFramework from 4.3.0 to 4.3.2
Bumps SkiaSharp from 4.150.0 to 4.150.1
Bumps SkiaSharp.HarfBuzz from 4.150.0 to 4.150.1
Bumps SkiaSharp.NativeAssets.Linux from 4.150.0 to 4.150.1
Bumps System.IO.Hashing from 10.0.8 to 10.0.10
Bumps System.ServiceModel.Syndication to 9.0.18, 10.0.10

---
updated-dependencies:
- dependency-name: microsoft.web.librarymanager.cli
  dependency-version: 3.0.114
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: DependencyInjection.Lifetime.Analyzers
  dependency-version: 2.18.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: HarfBuzzSharp.NativeAssets.Linux
  dependency-version: 14.2.1.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: iTextSharp.LGPLv2.Core
  dependency-version: 3.8.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: SkiaSharp
  dependency-version: 4.150.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: Microsoft.Extensions.Http.Polly
  dependency-version: 9.0.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: Microsoft.SourceLink.GitHub
  dependency-version: 10.0.301
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: System.IO.Hashing
  dependency-version: 10.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: SkiaSharp.HarfBuzz
  dependency-version: 4.150.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: SkiaSharp.NativeAssets.Linux
  dependency-version: 4.150.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: System.ServiceModel.Syndication
  dependency-version: 9.0.18
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: Microsoft.Extensions.Http.Polly
  dependency-version: 10.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-version: 18.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: tests
- dependency-name: MSTest.TestAdapter
  dependency-version: 4.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: MSTest.TestFramework
  dependency-version: 4.3.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
- dependency-name: System.ServiceModel.Syndication
  dependency-version: 10.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: tests
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Jul 17, 2026
@what-the-diff

what-the-diff Bot commented Jul 17, 2026

Copy link
Copy Markdown

PR Summary

  • Updated the Version of Web Library Management Tool
    The version of the tool that we use for managing libraries in our web projects has been updated for efficiency and additional features.

  • Added New Package References for Core Web Tests
    We've included references to two additional packages, allowing our tests to be more comprehensive and reliable.

  • Updated Testing Packages
    Upgraded our core testing tools to provide us with the latest in error detection and debugging capabilities.

  • Changed the Version of a Key Tool for Dependency Management
    The tool we use for analyzing project dependencies was updated, ensuring our component interaction is up-to-date and robust.

  • Updated Version Numbers for Two Important Packages
    We have updated key tools related to how our projects communicate with the code repository, and on hashing file streams, ensuring secure and faster coding environment.

  • Increased Versions for Visual Tools and Linux Native Assets
    The versions of our visual manipulation tools were updated, which should result in better image handling. We've also updated some Linux native assets providing enhanced Linux support.

  • Updated Version of a Specific Package
    The version of the tool that we use for dealing with PDF documents has been updated, this should improve our ability to interact with PDF files.

  • Updated Version numbers for Two Packages Under Different Frameworks
    Version numbers were modified for two packages that we use in both our recent and older coding frameworks. This supports maintaining borderline code compatibility.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .net code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants