Updated
[MessagePack](https://github.com/MessagePack-CSharp/MessagePack-CSharp)
from 2.5.192 to 2.5.301.

<details>
<summary>Release notes</summary>

_Sourced from [MessagePack's
releases](https://github.com/MessagePack-CSharp/MessagePack-CSharp/releases)._

## 2.5.301

## Security release

This release fixes 2 high severity and 9 moderate severity security
vulnerabilities as listed below.

This release is missing #​2269 from the v2.5.205 release. We recommend
folks adopt the v2.5.302 release which has all the security fixes
combined.

### High severity advisory fixes

- 696b4a76 GHSA-vh6j-jc39-fggf Use iteration for skipping msgpack
structures for CWE-674
- 3538bc11 GHSA-hv8m-jj95-wg3x Bound LZ4 input reads for CWE-125

### Moderage severity advisory fixes

- 853429a0 GHSA-v72x-2h86-7f8m Guard LZ4 decompression length for
CWE-409
- 826f17c7 GHSA-qhmf-xw27-6rqr Reject nested typeless blocklist bypass
for CWE-502
- c98d31f2 GHSA-2f33-pr97-265q Default MVC input formatter to
UntrustedData for CWE-1188
- ae90f2b1 GHSA-2x83-8g95-xh59 Limit untrusted ExpandoObject maps for
CWE-407
- 940b8508 GHSA-wfr3-xj75-pfwh Guard dynamic union depth for CWE-674
- e01f07cf GHSA-w567-gjr2-hm5j Validate Unity blit lengths for CWE-789
- dc6f6324 GHSA-cxmj-83gh-fp49 Fix CWE-789 multidimensional array
allocation validation
- e97f71e7 GHSA-q2h6-ghwm-5qm8 Use secure lookup comparer for CWE-407
- 7b12e5b5 GHSA-cj9g-3mj2-g8vv Guard JSON conversion depth for CWE-674
- a3c8a183 GHSA-cj9g-3mj2-g8vv Avoid JSON separator recursion for
CWE-674
- 96743523 GHSA-cj9g-3mj2-g8vv Guard typeless JSON depth for CWE-674

### Fixes with no security advisory

- 814bc4c1 Honor TypeFormatter options hooks for CWE-470
- b0f8c5e2 Fix WriteRawX methods to advance by written length
- 0124048c Fix CWE-190 map header length overflow


## 2.5.205

## What's Changed

* Fix repo url by @​tomap in
MessagePack-CSharp/MessagePack-CSharp#2065
* Update DynamicAssembly usage to honor different AssemblyLoadContext's
by @​BertanAygun in
MessagePack-CSharp/MessagePack-CSharp#2183
* Add more types to the default disallow list of named types to be
deserialized by @​AArnott in
MessagePack-CSharp/MessagePack-CSharp#2263
* Add several known unsafe 'gadgets' to the disallow list by @​AArnott
in MessagePack-CSharp/MessagePack-CSharp#2269

## New Contributors
* @​tomap made their first contribution in
MessagePack-CSharp/MessagePack-CSharp#2065

**Full Changelog**:
MessagePack-CSharp/MessagePack-CSharp@v2.5.192...v2.5.205

## 2.5.198

## What's Changed
* Fix repo url by @​tomap in
MessagePack-CSharp/MessagePack-CSharp#2065
* Update DynamicAssembly usage to honor different AssemblyLoadContext's
by @​BertanAygun in
MessagePack-CSharp/MessagePack-CSharp#2183

## New Contributors
* @​tomap made their first contribution in
MessagePack-CSharp/MessagePack-CSharp#2065

**Full Changelog**:
MessagePack-CSharp/MessagePack-CSharp@v2.5.192...v2.5.198

Commits viewable in [compare
view](MessagePack-CSharp/MessagePack-CSharp@v2.5.192...v2.5.301).
</details>

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=MessagePack&package-manager=nuget&previous-version=2.5.192&new-version=2.5.301)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/microsoft/typespec/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Updated
[MessagePack](https://github.com/MessagePack-CSharp/MessagePack-CSharp)
from 2.5.187 to 2.5.301.

<details>
<summary>Release notes</summary>

_Sourced from [MessagePack's
releases](https://github.com/MessagePack-CSharp/MessagePack-CSharp/releases)._

## 2.5.301

## Security release

This release fixes 2 high severity and 9 moderate severity security
vulnerabilities as listed below.

This release is missing #​2269 from the v2.5.205 release. We recommend
folks adopt the v2.5.302 release which has all the security fixes
combined.

### High severity advisory fixes

- 696b4a76 GHSA-vh6j-jc39-fggf Use iteration for skipping msgpack
structures for CWE-674
- 3538bc11 GHSA-hv8m-jj95-wg3x Bound LZ4 input reads for CWE-125

### Moderage severity advisory fixes

- 853429a0 GHSA-v72x-2h86-7f8m Guard LZ4 decompression length for
CWE-409
- 826f17c7 GHSA-qhmf-xw27-6rqr Reject nested typeless blocklist bypass
for CWE-502
- c98d31f2 GHSA-2f33-pr97-265q Default MVC input formatter to
UntrustedData for CWE-1188
- ae90f2b1 GHSA-2x83-8g95-xh59 Limit untrusted ExpandoObject maps for
CWE-407
- 940b8508 GHSA-wfr3-xj75-pfwh Guard dynamic union depth for CWE-674
- e01f07cf GHSA-w567-gjr2-hm5j Validate Unity blit lengths for CWE-789
- dc6f6324 GHSA-cxmj-83gh-fp49 Fix CWE-789 multidimensional array
allocation validation
- e97f71e7 GHSA-q2h6-ghwm-5qm8 Use secure lookup comparer for CWE-407
- 7b12e5b5 GHSA-cj9g-3mj2-g8vv Guard JSON conversion depth for CWE-674
- a3c8a183 GHSA-cj9g-3mj2-g8vv Avoid JSON separator recursion for
CWE-674
- 96743523 GHSA-cj9g-3mj2-g8vv Guard typeless JSON depth for CWE-674

### Fixes with no security advisory

- 814bc4c1 Honor TypeFormatter options hooks for CWE-470
- b0f8c5e2 Fix WriteRawX methods to advance by written length
- 0124048c Fix CWE-190 map header length overflow


## 2.5.205

## What's Changed

* Fix repo url by @​tomap in
MessagePack-CSharp/MessagePack-CSharp#2065
* Update DynamicAssembly usage to honor different AssemblyLoadContext's
by @​BertanAygun in
MessagePack-CSharp/MessagePack-CSharp#2183
* Add more types to the default disallow list of named types to be
deserialized by @​AArnott in
MessagePack-CSharp/MessagePack-CSharp#2263
* Add several known unsafe 'gadgets' to the disallow list by @​AArnott
in MessagePack-CSharp/MessagePack-CSharp#2269

## New Contributors
* @​tomap made their first contribution in
MessagePack-CSharp/MessagePack-CSharp#2065

**Full Changelog**:
MessagePack-CSharp/MessagePack-CSharp@v2.5.192...v2.5.205

## 2.5.198

## What's Changed
* Fix repo url by @​tomap in
MessagePack-CSharp/MessagePack-CSharp#2065
* Update DynamicAssembly usage to honor different AssemblyLoadContext's
by @​BertanAygun in
MessagePack-CSharp/MessagePack-CSharp#2183

## New Contributors
* @​tomap made their first contribution in
MessagePack-CSharp/MessagePack-CSharp#2065

**Full Changelog**:
MessagePack-CSharp/MessagePack-CSharp@v2.5.192...v2.5.198

## 2.5.192

## What's Changed
* Fix bugs in serializing long numbers by @​AArnott in
MessagePack-CSharp/MessagePack-CSharp#2055


**Full Changelog**:
MessagePack-CSharp/MessagePack-CSharp@v2.5.187...v2.5.192

Commits viewable in [compare
view](MessagePack-CSharp/MessagePack-CSharp@v2.5.187...v2.5.301).
</details>

[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=MessagePack&package-manager=nuget&previous-version=2.5.187&new-version=2.5.301)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts page](https://github.com/apache/fory/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>