Skip to content

Bump AutoMapper from 14.0.0 to 15.1.3#997

Open
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/nuget/DVSRegister/nuget-75fcdd34ad
Open

Bump AutoMapper from 14.0.0 to 15.1.3#997
dependabot[bot] wants to merge 1 commit into
developfrom
dependabot/nuget/DVSRegister/nuget-75fcdd34ad

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 29, 2026

Copy link
Copy Markdown
Contributor

Updated AutoMapper from 14.0.0 to 15.1.3.

Release notes

Sourced from AutoMapper's releases.

15.1.3

What's Changed

Security

Fixed an issue where certain cyclic or self-referential object graphs could trigger uncontrolled recursion during mapping, potentially resulting in stack exhaustion and denial of service.

Applications that process untrusted or attacker-controlled object graphs through affected mapping paths may be impacted.

Users should upgrade to this release.

Security advisory: GHSA-rvv3-g6hj-g44x

Thanks to @​skdishansachin for responsibly disclosing this issue.

Full Changelog: LuckyPennySoftware/AutoMapper@v15.1.0...v15.1.3

15.1.2

What's Changed

Security

Fixed an issue where certain cyclic or self-referential object graphs could trigger uncontrolled recursion during mapping, potentially resulting in stack exhaustion and denial of service.

Applications that process untrusted or attacker-controlled object graphs through affected mapping paths may be impacted.

Users should upgrade to this release.

Security advisory: GHSA-rvv3-g6hj-g44x

Thanks to @​skdishansachin for responsibly disclosing this issue.

Full Changelog: LuckyPennySoftware/AutoMapper@v16.1.1...v15.1.2

15.1.1

What's Changed

Security

Fixed an issue where certain cyclic or self-referential object graphs could trigger uncontrolled recursion during mapping, potentially resulting in stack exhaustion and denial of service.

Applications that process untrusted or attacker-controlled object graphs through affected mapping paths may be impacted.

Users should upgrade to this release.

Security advisory: GHSA-rvv3-g6hj-g44x

Thanks to @​skdishansachin for responsibly disclosing this issue.

Full Changelog: LuckyPennySoftware/AutoMapper@v16.1.1...v15.1.1

15.1.0

What's Changed

New Contributors

Full Changelog: LuckyPennySoftware/AutoMapper@v15.0.1...v15.1.0

15.0.1

What's Changed

Full Changelog: LuckyPennySoftware/AutoMapper@v15.0.0...v15.0.1

This release supersedes the 15.0.0 release, reverting behavior and overloads so that the AddAutoMapper overloads separate the "scanning for maps" from the "scanning for dependencies". Unfortunately it's not really possible to combine these two together.

This also fixes a critical bug in #​4545 that does not work with .NET 4.x applications (as intended).

Because of this, the 15.0.0 will be delisted because of the breaking changes there.

15.0.0

Full Changelog: LuckyPennySoftware/AutoMapper@v14.0.0...v15.0.0

  • Added support for .NET Standard 2.0
  • Requiring license key
  • Moving from MIT license to dual commercial/OSS license

To set your license key:

services.AddAutoMapper(cfg => {
    cfg.LicenseKey = "<License key here>";
});

This also introduced a breaking change with MapperConfiguration requiring an ILoggerFactory for logging purposes:

public MapperConfiguration(MapperConfigurationExpression configurationExpression, ILoggerFactory loggerFactory)

Registering AutoMapper with services.AddAutoMapper will automatically supply this parameter. Otherwise you'll need to supply the logger factory.

You can obtain your license key at AutoMapper.io

Commits viewable in compare view.

@dependabot dependabot Bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels May 29, 2026
@dependabot dependabot Bot changed the title Bump the nuget group with 1 update Bump AutoMapper from 14.0.0 to 15.1.3 May 29, 2026
@dependabot
dependabot Bot force-pushed the dependabot/nuget/DVSRegister/nuget-75fcdd34ad branch 2 times, most recently from fcac957 to 7aff88a Compare May 29, 2026 09:24
---
updated-dependencies:
- dependency-name: AutoMapper
  dependency-version: 15.1.3
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/nuget/DVSRegister/nuget-75fcdd34ad branch from 7aff88a to 8bdd38b Compare May 29, 2026 09:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants