Skip to content

chore(deps): update all non-major dependencies #479

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
renovate merged 1 commit into from
Nov 24, 2025
Merged

chore(deps): update all non-major dependencies #479

renovate merged 1 commit into from
Nov 24, 2025

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Nov 15, 2025
edited
Loading

This PR contains the following updates:

Package Type Update Change OpenSSF
Azure.Identity (source) nuget patch 1.17.0 -> 1.17.1 OpenSSF Scorecard
Meziantou.Analyzer nuget patch 2.0.253 -> 2.0.256 OpenSSF Scorecard
Microsoft.Identity.Client (source) nuget patch 4.79.1 -> 4.79.2 OpenSSF Scorecard
Microsoft.Identity.Client.Extensions.Msal (source) nuget patch 4.79.1 -> 4.79.2 OpenSSF Scorecard
Microsoft.Identity.Web nuget minor 4.0.1 -> 4.1.0 OpenSSF Scorecard
Microsoft.IdentityModel.JsonWebTokens nuget minor 8.14.0 -> 8.15.0 OpenSSF Scorecard
Microsoft.Sbom.Targets nuget patch 4.1.3 -> 4.1.4 OpenSSF Scorecard
NetEscapades.AspNetCore.SecurityHeaders nuget minor 1.2.0 -> 1.3.0 OpenSSF Scorecard
Polly nuget patch 8.6.4 -> 8.6.5 OpenSSF Scorecard
Swashbuckle.AspNetCore.Filters nuget patch 10.0.0 -> 10.0.1 OpenSSF Scorecard

Release Notes

Azure/azure-sdk-for-net (Azure.Identity)

v1.17.1

Compare Source

1.17.1 (2025-11-18)
Other Changes
  • Updated Microsoft.Identity.Client and Microsoft.Identity.Client.Extensions.Msal dependencies to version 4.78.0.
meziantou/Meziantou.Analyzer (Meziantou.Analyzer)

v2.0.256

Compare Source

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.256

What's Changed
  • Clarify MA0093 only applies to event invocations, not regular method calls by @​Copilot in #​933

Full Changelog: meziantou/Meziantou.Analyzer@2.0.255...2.0.256

v2.0.255

Compare Source

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.255

What's Changed
  • Use GlobalAnalyzerConfigFiles with global_level=-1 for analyzer configuration by @​Copilot in #​932

Full Changelog: meziantou/Meziantou.Analyzer@2.0.254...2.0.255

v2.0.254

Compare Source

NuGet package: https://www.nuget.org/packages/Meziantou.Analyzer/2.0.254

What's Changed

Full Changelog: meziantou/Meziantou.Analyzer@2.0.253...2.0.254

AzureAD/microsoft-identity-web (Microsoft.Identity.Web)

v4.1.0

Compare Source

=========

New features
Dependencies updates
  • Bump MSAL.NET to version 4.79.2 and handle changes to deprecated WithExtraQueryParameters APIs. #​3583
  • Update Microsoft.IdentityModel and Abstractions versions. #​3604
  • Update coverlet.collector to 6.0.4. #​3587
  • Update package validation baseline version to 4.0.0. #​3589
  • Bump js-yaml from 4.1.0 to 4.1.1 in /tests/DevApps/SidecarAdapter/typescript. #​3595
Entra ID SDK sidecar
  • Restrict hosts to localhost for sidecar. #​3579
  • Update http file to match endpoints. #​3555
  • Revise sidecar issue template for Entra ID. #​3577
Documentation
  • Update README to include Entra SDK container info. #​3578
Fundamentals
  • Include NET 9.0 in template-install-dependencies. #​3593
  • Fix CodeQL alerts. #​3591
  • Suppression file is needed. #​3592
AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (Microsoft.IdentityModel.JsonWebTokens)

v8.15.0

Compare Source

====

New Features

  • Add ECDsa support in X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey
    Extended X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey to support ECDSA keys.
    See PR #​2377 for details.

Bug Fixes

  • Sanitize logs to avoid leaking sensitive data
    Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.
    See PR #​3316 for details.
  • Optimize log sanitization with SearchValues
    Improved the performance of the log sanitization logic introduced earlier by using SearchValues, making sanitization more efficient in high-throughput scenarios.
    See PR #​3341 for details.
  • Update test for IDX10400
    Adjusted the IDX10400 test to align with the current behavior and error messaging.
    See PR #​3314 for details.

Fundamentals

  • Add supported algorithm tests
    Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.
    See PR #​3296 for details.
  • Migrate repository agent rules from .clinerules to agents.md
    Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.
    See PR #​3313 for details.
  • Migrate Microsoft.IdentityModel.TestExtensions from Newtonsoft.Json to System.Text.Json
    Updated Microsoft.IdentityModel.TestExtensions to use System.Text.Json instead of Newtonsoft.Json, aligning tests with the runtime serialization stack.
    See PR #​3356 for details.
  • Disable code coverage comments
    Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.
    See PR #​3349 for details.
  • Fix CodeQL alerts
    Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.
    See PR #​3364 for details.
.NET 10 / SDK and tooling updates
  • Building with .NET 10 preview / RC 1
    Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.
    See PRs #​3287, #​3357, and #​3358 for details.
  • Fix .NET 10 test execution consistency
    Ensured consistent use of the TargetNetNext parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.
    See PR #​3337 for details.
  • Update project files and workflows for .NET 10.0 compatibility
    Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.
    See PR #​3363 for details.
  • Update .NET version to meet CG compliance
    Updated the .NET version references to be compliant with corporate governance (CG) requirements.
    See PR #​3353 for details.
  • Update Coverlet collector and test SDK
    • Bumped CoverletCollectorVersion to 6.0.4.
      See PR #​3333 for details.
    • Upgraded Microsoft.NET.Test.Sdk to a newer version for improved test reliability and tooling support.
      See PR #​3336 for details.
  • Update runTests.ps1 to specify dotnet directory
    Updated runTests.ps1 to accept an explicit dotnet directory, improving test execution robustness in environments with multiple SDK installations.
    See PR #​3368 for details.
  • Adjust dotnetcore workflow targeting for .NET 10 SDK
    Iterated on the CI workflow configuration to correctly target the .NET 10 SDK:
    • Temporarily removed targeting of the .NET 10 SDK in dotnetcore.yml.
      See PR #​3335.
    • Reverted that change to restore .NET 10 SDK targeting.
      See PR #​3339 for details.
Documentation
  • Update support policy documentation
    Refreshed supportPolicy.md to reflect the latest support policy for IdentityModel.
    See PR #​3367 for details.
microsoft/sbom-tool (Microsoft.Sbom.Targets)

v4.1.4

⚙️ Changes

andrewlock/NetEscapades.AspNetCore.SecurityHeaders (NetEscapades.AspNetCore.SecurityHeaders)

v1.3.0

Changes from 1.2.0-1.3.0:

Features:

  • Add API for registering an async policy selector #​259 (Thanks @​jchannon)
  • Update Content-Security-Policy builders to encourage correct directives and to flag incorrect directives #​272
  • Add OverInsecureHttp() and OverInsecureWs() scheme sources to CSP builders #​273
App-vNext/Polly (Polly)

v8.6.5

Compare Source

mattfrear/Swashbuckle.AspNetCore.Filters (Swashbuckle.AspNetCore.Filters)

v10.0.1

Fixed

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot enabled auto-merge November 15, 2025 15:33
@renovate renovate bot requested review from a team and MarcoGix as code owners November 15, 2025 15:33
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 0bef7d7 to cb8b288 Compare November 15, 2025 16:42
@renovate renovate bot changed the title chore(deps): update dependency nlog.mailkit to 6.0.4 chore(deps): update dependency nlog.mailkit to 6.0.5 Nov 15, 2025
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 2 times, most recently from f78b485 to 1c430fb Compare November 16, 2025 13:47
@renovate renovate bot changed the title chore(deps): update dependency nlog.mailkit to 6.0.5 chore(deps): update all non-major dependencies Nov 16, 2025
@renovate renovate bot force-pushed the renovate/all-minor-patch branch 7 times, most recently from b8a1fdc to 9a9e7f5 Compare November 24, 2025 08:14
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from 9a9e7f5 to ddc0362 Compare November 24, 2025 08:31
@renovate renovate bot force-pushed the renovate/all-minor-patch branch from ddc0362 to 24bc769 Compare November 24, 2025 08:39
@renovate renovate bot merged commit 0ebc724 into master Nov 24, 2025
6 checks passed
@renovate renovate bot deleted the renovate/all-minor-patch branch November 24, 2025 08:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AndreaCuneo AndreaCuneo AndreaCuneo approved these changes

@MarcoGix MarcoGix Awaiting requested review from MarcoGix MarcoGix is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@AndreaCuneo