Update 2 NuGet dependencies

[nfbot]

Bumps nanoFramework.Benchmark from 1.0.109 to 1.0.112
Bumps nanoFramework.Logging from 1.1.160 to 1.1.161

[version update]

⚠️ This is an automated update. ⚠️

Summary by CodeRabbit

Chores

• Updated benchmark and logging dependencies to latest stable versions for improved performance and compatibility.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Updated dependency version pins in the benchmark project's package lock file. The nanoFramework.Benchmark package was incremented from version 1.0.109 to 1.0.112, and nanoFramework.Logging was incremented from version 1.1.160 to 1.1.161, with corresponding content hash updates.

Changes

Cohort / File(s)	Summary
Dependency version updates nanoFramework.System.Text.Benchmark/packages.lock.json	Updated pinned versions: nanoFramework.Benchmark (1.0.109 → 1.0.112) and nanoFramework.Logging (1.1.160 → 1.1.161) with corresponding content hash modifications

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

• Update 2 NuGet dependencies #160: Updates the same packages.lock.json file with nanoFramework.Benchmark version pinning.
• Update 2 NuGet dependencies #227: Modifies identical dependency entries (nanoFramework.Benchmark and nanoFramework.Logging) in packages.lock.json.
• Update 2 NuGet dependencies #236: Updates both nanoFramework.Benchmark and nanoFramework.Logging version pins in the same lock file.

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: updating 2 NuGet dependencies (nanoFramework.Benchmark and nanoFramework.Logging), which matches the pull request objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch nfbot/update-dependencies/c7b0631d-56a4-43f7-8482-6c2a3baf6d5e

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 8859596 and 2666c4a.

⛔ Files ignored due to path filters (2)

• nanoFramework.System.Text.Benchmark/nanoFramework.System.Text.Benchmark.nfproj is excluded by none and included by none
• nanoFramework.System.Text.Benchmark/packages.config is excluded by none and included by none

📒 Files selected for processing (1)

• nanoFramework.System.Text.Benchmark/packages.lock.json (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: System.Text (Build_Library)

🔇 Additional comments (1)

nanoFramework.System.Text.Benchmark/packages.lock.json (1)

17-22: No issues found. The update is safe to proceed.

Verification confirms no public security advisories or CVEs exist for nanoFramework.Logging version 1.1.161. The patch-level update (1.1.160 → 1.1.161) is conservative and the package dependency change has no known vulnerabilities.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

🧩 Analysis chain

Verify security status of nanoFramework.Benchmark 1.0.112.

The version bump from 1.0.109 to 1.0.112 is a conservative patch-level update. Confirm that the new version has no known security vulnerabilities or breaking changes for the benchmark project.

---

🌐 Web query:

nanoFramework.Benchmark 1.0.112 security vulnerabilities

💡 Result:

I found no public security advisories or CVEs specifically for nanoFramework.Benchmark version 1.0.112. I could not locate that version on nuget.org’s nanoFramework.Benchmark package pages nor any matching entries in the NVD / GitHub security advisory databases. [1][2]

If you want, I can:

• re-check for that exact version (1.0.112) across advisories and private vulnerability feeds, or
• run a dependency audit on a project file that references the package and return any warnings.

Sources:
[1] nanoFramework.Benchmark package info (nuget.org).
[2] NVD / public vulnerability databases (search for package/CVE entries).

---

Reject PR due to invalid nanoFramework.Benchmark version in lock file.

The latest published version of nanoFramework.Benchmark is v1.0.77 (released Oct 3, 2025), but the lock file references version 1.0.112, which does not exist on NuGet.org or in any public release channel. This will cause NuGet restore and build failures. Verify the lock file was generated from the correct repository source or request an update to a valid published version.

🤖 Prompt for AI Agents

In nanoFramework.System.Text.Benchmark/packages.lock.json around lines 5-10, the
lock file references nanoFramework.Benchmark version 1.0.112 which is
invalid/unpublished and will break NuGet restore; regenerate the lock file or
update this entry to a published version (for example 1.0.77) or the correct
internal feed version: ensure you run dotnet restore/dotnet nuget add source (or
the repo’s lockfile generation command) against the correct package sources,
then commit the regenerated packages.lock.json containing a valid resolved
version and matching contentHash.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud