nuget: Bump the microsoft group with 5 updates#289
Open
dependabot[bot] wants to merge 1 commit intomainfrom
Open
nuget: Bump the microsoft group with 5 updates#289dependabot[bot] wants to merge 1 commit intomainfrom
dependabot[bot] wants to merge 1 commit intomainfrom
Conversation
Bumps Microsoft.CodeAnalysis.Analyzers from 3.3.4 to 3.11.0 Bumps Microsoft.CodeAnalysis.CSharp from 4.9.2 to 4.14.0 Bumps Microsoft.Extensions.Configuration from 9.0.4 to 9.0.15 Bumps Microsoft.IdentityModel.JsonWebTokens from 8.9.0 to 8.17.0 Bumps Microsoft.NET.Test.Sdk from 17.13.0 to 17.14.1 --- updated-dependencies: - dependency-name: Microsoft.CodeAnalysis.Analyzers dependency-version: 3.11.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft - dependency-name: Microsoft.CodeAnalysis.CSharp dependency-version: 4.14.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft - dependency-name: Microsoft.Extensions.Configuration dependency-version: 9.0.15 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: microsoft - dependency-name: Microsoft.IdentityModel.JsonWebTokens dependency-version: 8.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 17.14.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: microsoft ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updated Microsoft.CodeAnalysis.Analyzers from 3.3.4 to 3.11.0.
Release notes
Sourced from Microsoft.CodeAnalysis.Analyzers's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Microsoft.CodeAnalysis.CSharp from 4.9.2 to 4.14.0.
Release notes
Sourced from Microsoft.CodeAnalysis.CSharp's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Microsoft.Extensions.Configuration from 9.0.4 to 9.0.15.
Release notes
Sourced from Microsoft.Extensions.Configuration's releases.
9.0.15
Release
9.0.14
Release
9.0.13
Release
What's Changed
Full Changelog: dotnet/runtime@v9.0.12...v9.0.13
9.0.12
Release
9.0.11
Release
What's Changed
UnsafeAccessor- ambiguous name and signature match by @AaronRobinsonMSFT in [release/9.0-staging]UnsafeAccessor- ambiguous name and signature match dotnet/runtime#120011Full Changelog: dotnet/runtime@v9.0.10...v9.0.11
9.0.10
Release
What's Changed
Full Changelog: dotnet/runtime@v9.0.9...v9.0.10
9.0.9
Release
What's Changed
Full Changelog: dotnet/runtime@v9.0.8...v9.0.9
9.0.8
Release
What's Changed
InvalidOperationExceptiononTestOutputHelperlogging. by @ilonatommy in [release/9.0-staging][wbt] PreventInvalidOperationExceptiononTestOutputHelperlogging. dotnet/runtime#116916Ping_TimedOut_*tests by @github-actions[bot] in [release/9.0-staging] HardenPing_TimedOut_*tests dotnet/runtime#116630Full Changelog: dotnet/runtime@v9.0.7...v9.0.8
9.0.7
Release
What's Changed
sort_mark_listby @github-actions in [release/9.0-staging] throw an exception instead of infinite loop insort_mark_listdotnet/runtime#115529Full Changelog: dotnet/runtime@v9.0.6...v9.0.7
9.0.6
Bug Fixes
Read messages from binlog if process output is missing build finished message (#114676)
Improves reliability of the WebAssembly build process by reading messages from the binlog when the process output does not contain the expected build finished message, preventing build failures in certain scenarios.
Fix debugger app hangs related to thread exit (#114917)
Resolves an issue where applications could hang during debugging when threads exit, ensuring smoother debugging experiences and preventing deadlocks.
[Mono] Workaround MSVC miscompiling sgen_clz (#114903)
Addresses a compiler miscompilation issue in MSVC affecting the Mono garbage collector, improving runtime stability and correctness on affected platforms.
Do not set the salt or info if they are NULL for OpenSSL HKDF (#114877)
Fixes a cryptographic issue by ensuring that the salt or info parameters are not set when they are NULL in OpenSSL HKDF, preventing potential errors or unexpected behavior in key derivation.
[Test Only] Fix Idn tests (#115032)
Corrects issues in Internationalized Domain Name (Idn) tests, ensuring accurate and reliable test results for domain name handling.
JIT: revised fix for fp division issue in profile synthesis (#115026)
Provides a more robust fix for floating-point division issues in JIT profile synthesis, improving numerical accuracy and preventing incorrect calculations.
Handle OSSL 3.4 change to SAN:othername formatting (#115361)
Updates certificate handling to accommodate changes in Subject Alternative Name (SAN) formatting introduced in OpenSSL 3.4, ensuring compatibility and correct parsing of certificates.
[Mono] Fix c11 ARM64 atomics to issue full memory barrier (#115635)
Fixes atomic operations on ARM64 in Mono to issue a full memory barrier, ensuring correct synchronization and preventing subtle concurrency bugs.
Performance Improvements
[WinHTTP] Certificate caching on WinHttpHandler to eliminate extra call to Custom Certificate Validation (#114678)
Improves HTTP performance by caching certificates in WinHttpHandler, reducing redundant calls to custom certificate validation and speeding up secure connections.
Improve distribute_free_regions (#115167)
Optimizes memory management by enhancing the algorithm for distributing free memory regions, leading to better memory utilization and potentially improved application performance.
Technical Improvements
Strip trailing slash from source dir for cmake4 (#114905)
Refines build scripts by removing trailing slashes from source directories when using CMake 4, preventing potential build path issues and improving build reliability.
Don't expose TrustedCertificatesDirectory() and StartNewTlsSessionContext() to NetFx (#114995)
Restricts certain internal APIs from being exposed to .NET Framework, reducing surface area and preventing unintended usage.
Add support for more libicu versions (#115376)
Expands compatibility by supporting additional versions of the International Components for Unicode (ICU) library, enhancing globalization features across more environments.
Infrastructure
Optimizes CI/CD resources by limiting the outerloop pipeline to run only on release branches, reducing unnecessary test runs and speeding up development workflows.
... (truncated)
9.0.5
Release
What's Changed
osx.14.arm64.openandosx.15.amd64.openqueues by @github-actions in [release/9.0-staging] [infra][apple-mobile] Migrate MacCatalyst and iOS/tvOS simulator jobs toosx.14.arm64.openandosx.15.amd64.openqueues dotnet/runtime#114617... (truncated)
Commits viewable in compare view.
Updated Microsoft.IdentityModel.JsonWebTokens from 8.9.0 to 8.17.0.
Release notes
Sourced from Microsoft.IdentityModel.JsonWebTokens's releases.
8.17.0
Dependencies
8.16.0
New Features
Fundamentals
8.15.0
New Features
X509SecurityKeyandJsonWebKeyConverter.ConvertFromX509SecurityKeyExtended
X509SecurityKeyandJsonWebKeyConverter.ConvertFromX509SecurityKeyto support ECDSA keys.See PR #2377 for details.
Bug Fixes
Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.
See PR #3316 for details.
SearchValuesImproved the performance of the log sanitization logic introduced earlier by using
SearchValues, making sanitization more efficient in high-throughput scenarios.See PR #3341 for details.
IDX10400Adjusted the
IDX10400test to align with the current behavior and error messaging.See PR #3314 for details.
Fundamentals
Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.
See PR #3296 for details.
.clinerulestoagents.mdMoved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.
See PR #3313 for details.
Microsoft.IdentityModel.TestExtensionsfrom Newtonsoft.Json to System.Text.JsonUpdated
Microsoft.IdentityModel.TestExtensionsto useSystem.Text.Jsoninstead ofNewtonsoft.Json, aligning tests with the runtime serialization stack.See PR #3356 for details.
Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.
See PR #3349 for details.
Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.
See PR #3364 for details.
.NET 10 / SDK and tooling updates
Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.
See PRs #3287, #3357, and #3358 for details.
Ensured consistent use of the
TargetNetNextparameter across build, test, and pack phases so .NET 10.0 tests execute reliably.See PR #3337 for details.
Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.
See PR #3363 for details.
Updated the .NET version references to be compliant with corporate governance (CG) requirements.
See PR #3353 for details.
CoverletCollectorVersionto 6.0.4.See PR #3333 for details.
Microsoft.NET.Test.Sdkto a newer version for improved test reliability and tooling support.... (truncated)
8.14.0
8.14.0
Bug Fixes
ValidationResultinstead ofOperationResultwhen validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See #3299 for details.8.13.1
8.13.1
Dependencies
Microsoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0
Bug Fixes
Work related to redesign of IdentityModel's token validation logic #2711
8.13.0
8.13.0
8.13.0
Fundamentals
CaseSensitiveClaimsIdentity.SecurityTokensetter is now protected internal (was internal). See PR #3278 for details.What's Changed
New Contributors
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.1...8.13.0
8.12.1
8.12.1
Fundamentals
What's Changed
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.0...8.12.1
8.12.0
8.12.0
New Features
Added event handling capabilities to the
ConfigurationManager, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see #3253Bug Fixes
Introduced the expected overload of
Base64UrlEncoder.Decodefor .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.For details see #3249
Fundamentals
Incorporated AI assist rules to enhance AI agents effectiveness.
For details see #3255
Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).
For details see #3256
Centralized suppression of RS006 warnings in project files for easier management.
For details see #3230
What's Changed
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.11.0...8.12.0
8.11.0
8.11.0
New Features:
JsonWebTokenHandler.DecryptTokenWithConfigurationAsync, which decrypts a JWE token using keys from eitherTokenValidationParametersor, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR #3243 for details.What's Changed
Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.10.0...8.11.0
8.10.0
8.10.0
Bug Fixes
Fundamentals
Commits viewable in compare view.
Updated Microsoft.NET.Test.Sdk from 17.13.0 to 17.14.1.
Release notes
Sourced from Microsoft.NET.Test.Sdk's releases.
17.14.1
What's Changed
Full Changelog: microsoft/vstest@v17.14.0...v17.14.1
17.14.0
What's Changed
.NET versions updated
This version of VS Test upgraded .NET to net8 and net9. All projects targeting net6.0 (or other end-of-life .NET target frameworks) should pin their version of Microsoft.NET.Test.SDK to 17.13.0, or update the projects to net8 or newer. We remain backwards compatible with previous versions of Microsoft.NET.Test.SDK. This change does NOT prevent you from:
It also has no impact on .NET Framework projects, where we continue targeting .NET Framework 4.6.2.
Changes
Internal version updates and fixes
New Contributors
... (truncated)
17.14.0-preview-25107-01
What's Changed
.NET versions updated
This version of VS Test upgraded .NET to net8 and net9. All projects targeting net6.0 (or other end-of-life .NET target frameworks) should pin their version of Microsoft.NET.Test.SDK to 17.13.0, or update the projects to net8 or newer. We remain backwards compatible with previous versions of Microsoft.NET.Test.SDK. This change does NOT prevent you from:
It also has no impact on .NET Framework projects, where we continue targeting .NET Framework 4.6.2.
Changes
Internal version updates and fixes
Will probably revert before release:
New Contributors
Full Changelog: microsoft/vstest@v17.13.0...v17.14.0-preview-25107-01
Commits viewable in compare view.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions