Bump Microsoft.AspNetCore.Authentication.JwtBearer and 8 others #13
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps Microsoft.AspNetCore.Authentication.JwtBearer from 9.0.4 to 9.0.7 Bumps Microsoft.EntityFrameworkCore from 9.0.4 to 9.0.7 Bumps Microsoft.Extensions.Diagnostics.HealthChecks from 9.0.4 to 9.0.7 Bumps Microsoft.Extensions.Logging.Abstractions from 9.0.4 to 9.0.7 Bumps Microsoft.NET.Test.Sdk from 17.13.0 to 17.14.1 Bumps Scrutor from 6.0.1 to 6.1.0 Bumps Serilog from 4.2.0 to 4.3.0 Bumps SonarAnalyzer.CSharp from 10.9.0.115408 to 10.15.0.120848 Bumps xunit.runner.visualstudio from 3.1.0 to 3.1.3 --- updated-dependencies: - dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer dependency-version: 9.0.7 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.EntityFrameworkCore dependency-version: 9.0.7 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.Extensions.Diagnostics.HealthChecks dependency-version: 9.0.7 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.Extensions.Logging.Abstractions dependency-version: 9.0.7 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 17.14.1 dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: Scrutor dependency-version: 6.1.0 dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: Serilog dependency-version: 4.3.0 dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: SonarAnalyzer.CSharp dependency-version: 10.15.0.120848 dependency-type: direct:production update-type: version-update:semver-minor - dependency-name: xunit.runner.visualstudio dependency-version: 3.1.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <[email protected]>
dependabot
bot
added
.NET
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Updated Microsoft.AspNetCore.Authentication.JwtBearer from 9.0.4 to 9.0.7.
Release notes
Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.
9.0.7
Release
What's Changed
04ee1b4toe9092b1by @dependabot in [release/9.0] (deps): Bump src/submodules/googletest from04ee1b4toe9092b1dotnet/aspnetcore#62199Full Changelog: dotnet/aspnetcore@v9.0.6...v9.0.7
9.0.6
Bug Fixes
The Forwarded Headers Middleware now ignores
X-Forwarded-Headerssent from unknown proxies. This change improves security by ensuring that only trusted proxies can influence forwarded header values, preventing potential spoofing or misrouting issues.Dependency Updates
52204f7to04ee1b4(#61762)Updates the GoogleTest submodule to a newer commit, bringing in the latest improvements and bug fixes from the upstream project.
Updates internal build and infrastructure dependencies from the dotnet/arcade repository, ensuring compatibility and access to the latest build tools.
Refreshes dependencies from the dotnet/extensions repository, incorporating the latest features and fixes from the extensions libraries.
Further updates dependencies from dotnet/extensions, ensuring the project benefits from recent improvements and bug fixes.
Additional updates to build and infrastructure dependencies from dotnet/arcade, maintaining up-to-date tooling and build processes.
Miscellaneous
Updates the project version and branding to 9.0.6, reflecting the new release and ensuring version consistency across the codebase.
Incorporates various internal commits into the release/9.0 branch, ensuring that all relevant changes are included in this release.
This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests.
Full Changelog: v9.0.5...v9.0.6
9.0.5
Release
What's Changed
24a9e94to52204f7by @dependabot in [release/9.0] (deps): Bump src/submodules/googletest from24a9e94to52204f7dotnet/aspnetcore#61261Full Changelog: dotnet/aspnetcore@v9.0.4...v9.0.5
Commits viewable in compare view.
Updated Microsoft.EntityFrameworkCore from 9.0.4 to 9.0.7.
Release notes
Sourced from Microsoft.EntityFrameworkCore's releases.
9.0.6
Bug Fixes
The translation of
FullTextScorein Cosmos Full-Text Search has been updated to use multiple keywords instead of a keyword array, addressing issues with search accuracy and query compatibility. This resolves #35983 and ensures more reliable full-text search results.#36000 by @maumar
Dependency Updates
Updated the Arcade build infrastructure dependencies for the 8.0 release branch, bringing in the latest improvements and security fixes from the Arcade ecosystem.
#35930 by @dotnet-maestro
Updated Arcade dependencies for the 9.0 release branch, ensuring the build system benefits from the latest tooling and reliability enhancements.
#36006 by @dotnet-maestro
Another update to Arcade dependencies for the 8.0 branch, further aligning with upstream improvements and fixes.
#36085 by @dotnet-maestro
Additional update to Arcade dependencies for the 9.0 branch, maintaining up-to-date build tooling and infrastructure.
#36065 by @dotnet-maestro
Technical Improvements
Integrated various internal commits into the 8.0 release branch, improving code quality, maintainability, and aligning with internal standards.
#35926 by @vseanreesermsft
Additional internal commits merged into the 8.0 branch, further enhancing stability and maintainability.
#36080 by @vseanreesermsft
Integrated internal improvements into the 9.0 branch, ensuring consistency and codebase health.
#36081 by @vseanreesermsft
Infrastructure
Updated the product branding and version numbers to 9.0.6, ensuring that all assemblies and packages reflect the correct release version.
#36044 by @vseanreesermsft
Updated branding for the 8.0 release line to version 8.0.17, keeping versioning consistent across all release artifacts.
#36043 by @vseanreesermsft
Miscellaneous
Automated merge of changes from the 8.0 branch into the 9.0 branch, ensuring that all relevant fixes and improvements are carried forward.
#35927 by @github-actions
Merged the 9.0 branch into the 9.0-staging branch, preparing for further testing and validation before final release.
#36051 by @AndriySvyryd
... (truncated)
9.0.5
Release
What's Changed
Full Changelog: dotnet/efcore@v9.0.4...v9.0.5
Commits viewable in compare view.
Updated Microsoft.Extensions.Diagnostics.HealthChecks from 9.0.4 to 9.0.7.
Release notes
Sourced from Microsoft.Extensions.Diagnostics.HealthChecks's releases.
9.0.7
Release
What's Changed
04ee1b4toe9092b1by @dependabot in [release/9.0] (deps): Bump src/submodules/googletest from04ee1b4toe9092b1dotnet/aspnetcore#62199Full Changelog: dotnet/aspnetcore@v9.0.6...v9.0.7
9.0.6
Bug Fixes
The Forwarded Headers Middleware now ignores
X-Forwarded-Headerssent from unknown proxies. This change improves security by ensuring that only trusted proxies can influence forwarded header values, preventing potential spoofing or misrouting issues.Dependency Updates
52204f7to04ee1b4(#61762)Updates the GoogleTest submodule to a newer commit, bringing in the latest improvements and bug fixes from the upstream project.
Updates internal build and infrastructure dependencies from the dotnet/arcade repository, ensuring compatibility and access to the latest build tools.
Refreshes dependencies from the dotnet/extensions repository, incorporating the latest features and fixes from the extensions libraries.
Further updates dependencies from dotnet/extensions, ensuring the project benefits from recent improvements and bug fixes.
Additional updates to build and infrastructure dependencies from dotnet/arcade, maintaining up-to-date tooling and build processes.
Miscellaneous
Updates the project version and branding to 9.0.6, reflecting the new release and ensuring version consistency across the codebase.
Incorporates various internal commits into the release/9.0 branch, ensuring that all relevant changes are included in this release.
This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests.
Full Changelog: v9.0.5...v9.0.6
9.0.5
Release
What's Changed
24a9e94to52204f7by @dependabot in [release/9.0] (deps): Bump src/submodules/googletest from24a9e94to52204f7dotnet/aspnetcore#61261Full Changelog: dotnet/aspnetcore@v9.0.4...v9.0.5
Commits viewable in compare view.
Updated Microsoft.Extensions.Logging.Abstractions from 9.0.4 to 9.0.7.
Release notes
Sourced from Microsoft.Extensions.Logging.Abstractions's releases.
9.0.7
Release
What's Changed
sort_mark_listby @github-actions in [release/9.0-staging] throw an exception instead of infinite loop insort_mark_listdotnet/runtime#115529Full Changelog: dotnet/runtime@v9.0.6...v9.0.7
9.0.6
Bug Fixes
Read messages from binlog if process output is missing build finished message (#114676)
Improves reliability of the WebAssembly build process by reading messages from the binlog when the process output does not contain the expected build finished message, preventing build failures in certain scenarios.
Fix debugger app hangs related to thread exit (#114917)
Resolves an issue where applications could hang during debugging when threads exit, ensuring smoother debugging experiences and preventing deadlocks.
[Mono] Workaround MSVC miscompiling sgen_clz (#114903)
Addresses a compiler miscompilation issue in MSVC affecting the Mono garbage collector, improving runtime stability and correctness on affected platforms.
Do not set the salt or info if they are NULL for OpenSSL HKDF (#114877)
Fixes a cryptographic issue by ensuring that the salt or info parameters are not set when they are NULL in OpenSSL HKDF, preventing potential errors or unexpected behavior in key derivation.
[Test Only] Fix Idn tests (#115032)
Corrects issues in Internationalized Domain Name (Idn) tests, ensuring accurate and reliable test results for domain name handling.
JIT: revised fix for fp division issue in profile synthesis (#115026)
Provides a more robust fix for floating-point division issues in JIT profile synthesis, improving numerical accuracy and preventing incorrect calculations.
Handle OSSL 3.4 change to SAN:othername formatting (#115361)
Updates certificate handling to accommodate changes in Subject Alternative Name (SAN) formatting introduced in OpenSSL 3.4, ensuring compatibility and correct parsing of certificates.
[Mono] Fix c11 ARM64 atomics to issue full memory barrier (#115635)
Fixes atomic operations on ARM64 in Mono to issue a full memory barrier, ensuring correct synchronization and preventing subtle concurrency bugs.
Performance Improvements
[WinHTTP] Certificate caching on WinHttpHandler to eliminate extra call to Custom Certificate Validation (#114678)
Improves HTTP performance by caching certificates in WinHttpHandler, reducing redundant calls to custom certificate validation and speeding up secure connections.
Improve distribute_free_regions (#115167)
Optimizes memory management by enhancing the algorithm for distributing free memory regions, leading to better memory utilization and potentially improved application performance.
Technical Improvements
Strip trailing slash from source dir for cmake4 (#114905)
Refines build scripts by removing trailing slashes from source directories when using CMake 4, preventing potential build path issues and improving build reliability.
Don't expose TrustedCertificatesDirectory() and StartNewTlsSessionContext() to NetFx (#114995)
Restricts certain internal APIs from being exposed to .NET Framework, reducing surface area and preventing unintended usage.
Add support for more libicu versions (#115376)
Expands compatibility by supporting additional versions of the International Components for Unicode (ICU) library, enhancing globalization features across more environments.
Infrastructure
Optimizes CI/CD resources by limiting the outerloop pipeline to run only on release branches, reducing unnecessary test runs and speeding up development workflows.
... (truncated)
9.0.5
Release
What's Changed
osx.14.arm64.openandosx.15.amd64.openqueues by @github-actions in [release/9.0-staging] [infra][apple-mobile] Migrate MacCatalyst and iOS/tvOS simulator jobs toosx.14.arm64.openandosx.15.amd64.openqueues dotnet/runtime#114617... (truncated)
Commits viewable in compare view.
Updated Microsoft.NET.Test.Sdk from 17.13.0 to 17.14.1.
Release notes
Sourced from Microsoft.NET.Test.Sdk's releases.
17.14.1
What's Changed
Full Changelog: microsoft/vstest@v17.14.0...v17.14.1
17.14.0
What's Changed
.NET versions updated
This version of VS Test upgraded .NET to net8 and net9. All projects targeting net6.0 (or other end-of-life .NET target frameworks) should pin their version of Microsoft.NET.Test.SDK to 17.13.0, or update the projects to net8 or newer. We remain backwards compatible with previous versions of Microsoft.NET.Test.SDK. This change does NOT prevent you from:
It also has no impact on .NET Framework projects, where we continue targeting .NET Framework 4.6.2.
Changes
Internal version updates and fixes
New Contributors
... (truncated)
17.14.0-preview-25107-01
What's Changed
.NET versions updated
This version of VS Test upgraded .NET to net8 and net9. All projects targeting net6.0 (or other end-of-life .NET target frameworks) should pin their version of Microsoft.NET.Test.SDK to 17.13.0, or update the projects to net8 or newer. We remain backwards compatible with previous versions of Microsoft.NET.Test.SDK. This change does NOT prevent you from:
It also has no impact on .NET Framework projects, where we continue targeting .NET Framework 4.6.2.
Changes
Internal version updates and fixes
Will probably revert before release:
New Contributors
Full Changelog: microsoft/vstest@v17.13.0...v17.14.0-preview-25107-01
Commits viewable in compare view.
Updated Scrutor from 6.0.1 to 6.1.0.
Release notes
Sourced from Scrutor's releases.
6.1.0
What's Changed
New Contributors
Full Changelog: khellang/Scrutor@v6.0.1...v6.1.0
Commits viewable in compare view.
Updated Serilog from 4.2.0 to 4.3.0.
Release notes
Sourced from Serilog's releases.
4.3.0
What's Changed
LogEvent.AddPropertyIfAbsent(ILogEventPropertyFactory, ...)overload that helps avoid allocations (@vanni-giachin)LogContext.Push()overloads acceptingIEnumerable<ILogEventEnricher>andReadOnlySpan<ILogEventEnricher>(@SimonCropp)New Contributors
Full Changelog: serilog/serilog@v4.2.0...v4.3.0
Commits viewable in compare view.
Updated SonarAnalyzer.CSharp from 10.9.0.115408 to 10.15.0.120848.
Release notes
Sourced from SonarAnalyzer.CSharp's releases.
10.15
False Positive
IEnumerable<string?>toIEnumerable<string>Improvement
False Negative
Task
10.14
Hey everyone,
This release mostly focuses on mitigating (NET-2196) a performance regression that was introduced in 10.13.
Improvement
False Negative
Task
10.13
Hello everyone,
In this release, we've focused on:
False Positives
dynamicandoutshould not raiseImprovements
10.12
This release brings the VB version of S6418 and a few FP and FN fixes.
New Rule
False Positive
False Negative
Task
10.11
Hello everyone!
In this release we fixed a bunch of false positives and false negatives.
Additionally this version adds support for telemetry in order to gather information on feature usage. Telemetry, requires scanner 10.2.0 or greater.
False Positive
password:secretFalse Negative
10.10.1
Bugfix release to fix combability with SonarQube Cloud + a simplification to the
ProfileRegistrarTask
10.10
Hey everyone, this release mostly focuses on internal and technical things.
General
Internal Styling Rules
Commits viewable in compare view.
Updated xunit.runner.visualstudio from 3.1.0 to 3.1.3.
Release notes
Sourced from xunit.runner.visualstudio's releases.
No release notes found for this version range.
Commits viewable in compare view.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)