Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the all group across 1 directory with 7 updates #180

Closed
wants to merge 1 commit into from
Closed

Bump the all group across 1 directory with 7 updates #180

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 22, 2024
edited
Loading

Bumps the all group with 7 updates in the /Backend directory:

Package From To
DbUp 5.0.40 5.0.41
Microsoft.AspNetCore.Authentication.JwtBearer 8.0.6 8.0.7
Microsoft.AspNetCore.OpenApi 8.0.6 8.0.7
System.IdentityModel.Tokens.Jwt 7.6.2 8.0.0
Microsoft.AspNetCore.Mvc.Testing 8.0.6 8.0.7
xunit 2.8.1 2.9.0
xunit.runner.visualstudio 2.8.1 2.8.2

Updates DbUp from 5.0.40 to 5.0.41

Commits

Updates Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.6 to 8.0.7

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

.NET 8.0.7

Release

Commits

Updates Microsoft.AspNetCore.OpenApi from 8.0.6 to 8.0.7

Release notes

Sourced from Microsoft.AspNetCore.OpenApi's releases.

.NET 8.0.7

Release

Commits

Updates System.IdentityModel.Tokens.Jwt from 7.6.2 to 8.0.0

Release notes

Sourced from System.IdentityModel.Tokens.Jwt's releases.

8.0.0

CVE package updates

CVE-2024-30105

  • See PR #2707 for details.

Breaking change:

Full list of breaking changes.

  • A derived ClaimsIdentity where claim retrieval is case-sensitive. The current ClaimsIdentity, in .NET, retrieves claims in a case-insensitive manner which is different than querying the underlying SecurityToken. The new CaseSensitiveClaimsIdentity class provides consistent retrieval logic with SecurityToken. Fallback to previous behavior via an AppContext switch. See PR #2700 for details.
  • Make CollectionUtilities.IsNullOrEmpty internal. See issues #2651 and #1722 for details.

Overall improvements to the validation in IdentityModel:

  • See design proposal #2711 for details, all work internal for now. Please comment in the GitHub issue and provide feedback there.

New Features:

  • Allow users to provide a Stream to Write in OIDCConfigurationSerializer. See PR #2698 for details.

Bug fixes:

Fundamentals

  • Remove code that was used in target frameworks that got removed. See PR #2673 for details.
  • Rename local variables for better readability. See PR #2674 for details.
  • Refactor XML comments for improved clarity. See PR #2676, #2677, #2678, #2689 and #2703 for details.
  • Fix flaky test. See issue #2683 for details.
  • Made ConfigurationManager.GetConfigurationAsync a virtual method. See PR #2661

8.0.0-preview1

Breaking changes:

  • IdentityModel 8x no longer supports .net461, which has reached end of life and is no longer supported. See issue #2544 for details.
  • Two IdentityModel extension dlls Microsoft.IdentityModel.KeyVaultExtensions and Microsoft.IdentityModel.ManagedKeyVaultSecurityKey were using ADAL, which is no longer supported . The affected packages have been removed, as the replacement is to use Microsoft.Identity.Web. See issue #2454 for details.
  • AppContext.SetSwitch which were included in IdentityModel 7x, have been removed and are the default in IdentityModel 8x. The result is a more performant IdentityModel by default. See issue #2629 and https://aka.ms/IdentityModel8x for details.

7.7.1

Bug Fix

  • Re-add JsonSerializerPrimitives.TryAllStringClaimsAsDateTime which was removed as it is in an internal class, but due to InternalsVisibleTo can lead to a MissingMethodException if IdentityModel versions are not aligned. See PR #2734 for details.

7.7.0

CVE package updates

CVE-2024-30105

... (truncated)

Changelog

Sourced from System.IdentityModel.Tokens.Jwt's changelog.

8.0.0

CVE package updates

CVE-2024-30105

  • See PR #2707 for details.

Breaking change:

Full list of breaking changes.

  • A derived ClaimsIdentity where claim retrieval is case-sensitive. The current ClaimsIdentity, in .NET, retrieves claims in a case-insensitive manner which is different than querying the underlying SecurityToken. The new CaseSensitiveClaimsIdentity class provides consistent retrieval logic with SecurityToken. Fallback to previous behavior via an AppContext switch. See PR #2700 for details.
  • Make CollectionUtilities.IsNullOrEmpty internal. See issues #2651 and #1722 for details.

Overall improvements to the validation in IdentityModel:

  • See design proposal #2711 for details, all work internal for now. Please comment in the GitHub issue and provide feedback there.

New Features:

  • Allow users to provide a Stream to Write in OIDCConfigurationSerializer. See PR #2698 for details.

Bug fixes:

Fundamentals

  • Remove code that was used in target frameworks that got removed. See PR #2673 for details.
  • Rename local variables for better readability. See PR #2674 for details.
  • Refactor XML comments for improved clarity. See PR #2676, #2677, #2678, #2689 and #2703 for details.
  • Fix flaky test. See issue #2683 for details.
  • Made ConfigurationManager.GetConfigurationAsync a virtual method. See PR #2661

8.0.0-preview1

Breaking changes:

  • IdentityModel 8x no longer supports .net461, which has reached end of life and is no longer supported. See issue #2544 for details.
  • Two IdentityModel extension dlls Microsoft.IdentityModel.KeyVaultExtensions and Microsoft.IdentityModel.ManagedKeyVaultSecurityKey were using ADAL, which is no longer supported . The affected packages have been removed, as the replacement is to use Microsoft.Identity.Web. See issue #2454 for details.
  • AppContext.SetSwitch which were included in IdentityModel 7x, have been removed and are the default in IdentityModel 8x. The result is a more performant IdentityModel by default. See issue #2629 and https://aka.ms/IdentityModel8x for details.

7.6.1

New Features:

  • Added an Audiences member to the SecurityTokenDescriptor to make it easier to define multiple audiences in JWT and SAML tokens. Addresses issue #1479 with PR #2575
  • Add missing metadata parameters to OpenIdConnectConfiguration. See issue #2498 for details.

Bug Fixes:

  • Fix over-reporting of IDX14100. See issue #2058 and PR #2618 for details.
  • JwtRegisteredClaimNames now contains previously missing Standard OpenIdConnect claims. See issue #1598 for details.

... (truncated)

Commits

Updates Microsoft.AspNetCore.Mvc.Testing from 8.0.6 to 8.0.7

Release notes

Sourced from Microsoft.AspNetCore.Mvc.Testing's releases.

.NET 8.0.7

Release

Commits

Updates xunit from 2.8.1 to 2.9.0

Commits
  • 593e573 v2.9.0
  • f070472 Enable XUNIT_HIDE_PASSING_OUTPUT_DIAGNOSTICS environment variable to skip sho...
  • 80a2294 For Assert.Equivalent, exclude properties (or property getters) which are obs...
  • b6dabde #2955: Ensure minimum thread pool size (v2)
  • 5fe01ff #2922: Remove obsolete AssemblyRunner.Start() overloads (v2)
  • beab8d9 #1916: Don't try to serialize generic argument types (v2)
  • 27c70a7 Restore the Func<TestOutputHelper> so we re-create the output helper for each...
  • 1fac6f8 #2377: Test logs get mixed across test cases
  • e022e5c Unit test for #2271 (v2)
  • 21f6aee Re-enable IDE0290 as we're using 'dotnet format' now
  • Additional commits viewable in compare view

Updates xunit.runner.visualstudio from 2.8.1 to 2.8.2

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot dependabot bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Jul 22, 2024
@dependabot @FSchiltz
Bump the all group across 1 directory with 7 updates
ad2acc3 
Bumps the all group with 7 updates in the /Backend directory:

| Package | From | To |
| --- | --- | --- |
| [DbUp](https://github.com/DbUp/DbUp) | `5.0.40` | `5.0.41` |
| [Microsoft.AspNetCore.Authentication.JwtBearer](https://github.com/dotnet/aspnetcore) | `8.0.6` | `8.0.7` |
| [Microsoft.AspNetCore.OpenApi](https://github.com/dotnet/aspnetcore) | `8.0.6` | `8.0.7` |
| [System.IdentityModel.Tokens.Jwt](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) | `7.6.2` | `8.0.0` |
| [Microsoft.AspNetCore.Mvc.Testing](https://github.com/dotnet/aspnetcore) | `8.0.6` | `8.0.7` |
| [xunit](https://github.com/xunit/xunit) | `2.8.1` | `2.9.0` |
| [xunit.runner.visualstudio](https://github.com/xunit/visualstudio.xunit) | `2.8.1` | `2.8.2` |



Updates `DbUp` from 5.0.40 to 5.0.41
- [Release notes](https://github.com/DbUp/DbUp/releases)
- [Changelog](https://github.com/DbUp/DbUp/blob/main/docs/breaking-changes.md)
- [Commits](https://github.com/DbUp/DbUp/commits)

Updates `Microsoft.AspNetCore.Authentication.JwtBearer` from 8.0.6 to 8.0.7
- [Release notes](https://github.com/dotnet/aspnetcore/releases)
- [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md)
- [Commits](dotnet/aspnetcore@v8.0.6...v8.0.7)

Updates `Microsoft.AspNetCore.OpenApi` from 8.0.6 to 8.0.7
- [Release notes](https://github.com/dotnet/aspnetcore/releases)
- [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md)
- [Commits](dotnet/aspnetcore@v8.0.6...v8.0.7)

Updates `System.IdentityModel.Tokens.Jwt` from 7.6.2 to 8.0.0
- [Release notes](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)
- [Changelog](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/CHANGELOG.md)
- [Commits](AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@7.6.2...8.0.0)

Updates `Microsoft.AspNetCore.Mvc.Testing` from 8.0.6 to 8.0.7
- [Release notes](https://github.com/dotnet/aspnetcore/releases)
- [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md)
- [Commits](dotnet/aspnetcore@v8.0.6...v8.0.7)

Updates `xunit` from 2.8.1 to 2.9.0
- [Commits](xunit/xunit@2.8.1...2.9.0)

Updates `xunit.runner.visualstudio` from 2.8.1 to 2.8.2
- [Release notes](https://github.com/xunit/visualstudio.xunit/releases)
- [Commits](xunit/visualstudio.xunit@2.8.1...2.8.2)

---
updated-dependencies:
- dependency-name: DbUp
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: Microsoft.AspNetCore.OpenApi
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: System.IdentityModel.Tokens.Jwt
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all
- dependency-name: Microsoft.AspNetCore.Mvc.Testing
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
- dependency-name: xunit
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all
- dependency-name: xunit.runner.visualstudio
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all
...

Signed-off-by: dependabot[bot] <support@github.com>
@FSchiltz FSchiltz force-pushed the dependabot/nuget/Backend/all-450ed257f3 branch from 98fa768 to ad2acc3 Compare July 25, 2024 06:24
@codecov Codecov
Copy link

codecov bot commented Jul 25, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

see 6 files with indirect coverage changes

@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Aug 5, 2024

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Aug 5, 2024
@dependabot dependabot bot deleted the dependabot/nuget/Backend/all-450ed257f3 branch August 5, 2024 02:41
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file .NET Pull requests that update .net code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants