Skip to content

Bump the dependencies group with 8 updates #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dependabot wants to merge 1 commit into from
Closed

Bump the dependencies group with 8 updates #39

dependabot wants to merge 1 commit into from
+8 −8

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Dec 22, 2025
edited
Loading

Updated Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.16 to 8.0.22.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

8.0.22

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.21...v8.0.22

8.0.21

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.20...v8.0.21

8.0.20

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.19...v8.0.20

8.0.18

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.17...v8.0.18

8.0.17

Bug Fixes

  • Forwarded Headers Middleware: Ignore X-Forwarded-Headers from Unknown Proxy (#​61623)
    The Forwarded Headers Middleware now ignores X-Forwarded-Headers sent from unknown proxies. This change improves security by ensuring that only trusted proxies can influence the forwarded headers, preventing potential spoofing or misrouting of requests.

Dependency Updates

  • Update dependencies from dotnet/arcade (#​61832)
    This update brings in the latest changes from the dotnet/arcade repository, ensuring that ASP.NET Core benefits from recent improvements, bug fixes, and security patches in the shared build infrastructure.

  • Bump src/submodules/googletest from 52204f7 to 04ee1b4 (#​61761)
    The GoogleTest submodule has been updated to a newer commit, providing the latest testing features, bug fixes, and performance improvements for the project's C++ test components.

Miscellaneous

  • Update branding to 8.0.17 (#​61830)
    The project version branding has been updated to reflect the new 8.0.17 release, ensuring consistency across build outputs and documentation.

  • Merging internal commits for release/8.0 (#​61924)
    This change merges various internal commits into the release/8.0 branch, incorporating minor fixes, documentation updates, and other non-user-facing improvements to keep the release branch up to date.

This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests.

Full Changelog: dotnet/aspnetcore@v8.0.16...v8.0.17

Commits viewable in compare view.

Updated Microsoft.NET.Test.Sdk from 17.14.1 to 18.0.1.

Release notes

Sourced from Microsoft.NET.Test.Sdk's releases.

18.0.1

What's Changed

Fixing an issue with loading covrun64.dll on systems that have .NET 10 SDK installed: https://learn.microsoft.com/en-us/dotnet/core/compatibility/sdk/10.0/code-coverage-dynamic-native-instrumentation

Internal changes

Full Changelog: microsoft/vstest@v18.0.0...v18.0.1

18.0.0

What's Changed

Internal fixes and updates

Commits viewable in compare view.

Updated MongoDB.Driver from 3.4.0 to 3.5.2.

Release notes

Sourced from MongoDB.Driver's releases.

3.5.2

[!IMPORTANT]

.NET 10 / C# 14

If you are targeting .NET 10 or using C# 14 in your project you should upgrade to this release as soon as possible as it contains important compatibilty fixes.

Projects targeting prior versions of .NET or not using C# 14 can upgrade at their convenience.

This is a patch release that contains fixes and stability improvements:

  • CSHARP-5793: Map MemoryExtensions Contains and SequenceEqual with null comparer to Enumerable methods with no comparer parameter

The full list of issues resolved in this release is available at CSHARP JIRA project.
Documentation on the .NET driver can be found here.

3.5.1

This is a patch release that contains fixes and stability improvements:

  • CSHARP-5777: Avoid ThreadPool-dependent IO methods in sync API
  • CSHARP-5743: Version 3.5 causes delays and disruptions because it is trying to access a disposed semaphore slim
  • CSHARP-5749: Support C# 14 changes that result in overloads now binding MemoryExtensions extension methods
  • CSHARP-5786: Add Decimal128 byte constructor overload (net10 compat)

The full list of issues resolved in this release is available at CSHARP JIRA project.
Documentation on the .NET driver can be found here.

3.5.0

This is the general availability release for the 3.5.0 version of the driver.

[!IMPORTANT]

Internal Changes for an Upcoming Feature

This release includes low level changes to internal subsystems including operation execution, timeout handling, and resource cleanup logic - in preparation for supporting Client-Side Operations Timeout (CSOT) in an upcoming release.
While these changes should be backward-compatible and not alter existing behavior, they touch core driver infrastructure.
If you experience unexpected issues such as:

  • Operations timing out unexpectedly or not timing out when expected
  • Unusual delays or hangs in database calls
  • Differences in command cancellation behavior

Please let us know via the MongoDB JIRA Driver project or your MongoDB support channel, providing driver logs and a reproduction if possible.

Experimental Support for Queryable Encryption Text Field Prefix, Suffix and Substring Queries

Substring, prefix and suffix search for Queryable Encryption are in preview and should be used for experimental workloads only. These features are unstable and their security is not guaranteed until released as Generally Available (GA). The GA version of these features may not be backwards compatible with the preview version.

The main new features in 3.5.0 include:

  • CSHARP-5453: Add builder for CSFLE schemas
  • CSHARP-3222: Add LINQ support for median and percentile accumulators/window functions
  • CSHARP-5672: Support sorting by value in PushEach operation
  • CSHARP-5625: Support text indexes for explicit and automatic encryption
  • CSHARP-734: SOCKS5 Proxy Support
  • CSHARP-3458: Extend IAsyncCursor and IAsyncCursorSource to support IAsyncEnumerable

Improvements:

  • CSHARP-5603: Add Big Endian support in BinaryVectorReader and BinaryVectorWriter
  • CSHARP-5614: Fix deserialization of primitive arrays on Big Endian systems
  • CSHARP-5619: Replace IConnection.SendMessages with the method to send a single message
  • CSHARP-5377: Eliminate unnecessary killCursors command when batchSize == limit

Fixes:

  • CSHARP-3435: FilterDefinition Inject method should use root serializer
  • CSHARP-3662: MongoClientSettings.SocketTimeout does not work for values under 500ms on Windows for sync code
  • CSHARP-4040: Fix bug when using field with same element name as discriminator
  • CSHARP-5587: FindOneAndUpdate should insert correct discriminator value on upsert
  • CSHARP-3494: Fix discriminator for generic types
  • CSHARP-5588: Unable to select KeyValuePair Key when using camelCase convention
  • CSHARP-5633: BsonSerializer.IsTypeDiscriminated is not thread-safe

Maintenance:

The full list of issues resolved in this release is available at CSHARP JIRA project.
Documentation on the .NET driver can be found here.

3.4.3

This is a patch release that contains fixes and stability improvements:

  • CSHARP-5697: Fix Client.BulkWrite failure in case complex type is being used as Document's Id

The full list of issues resolved in this release is available at CSHARP JIRA project.
Documentation on the .NET driver can be found here.

3.4.2

This is a patch release that contains fixes and stability improvements:

  • CSHARP-5661: Fix UnobservedTaskException on socket connecting timeout

The full list of issues resolved in this release is available at CSHARP JIRA project.

Documentation on the .NET driver can be found here.

Upgrading
There are no known backwards breaking changes in this release.

3.4.1

This is a patch release that addresses some issues reported since 3.4.0 was released:

  • CSHARP-5588 Fix issue with conventions being ignored when using KeyValuePair in LINQ
  • CSHARP-5633 Fix thread safety issue with BsonSerializer.IsTypeDiscriminated

The list of JIRA tickets resolved in this release is available at CSHARP JIRA project.

Documentation on the .NET driver can be found here.

Upgrading
There are no known backwards breaking changes in this release.

Commits viewable in compare view.

Updated OpenTelemetry.Exporter.Console from 1.12.0 to 1.14.0.

Release notes

Sourced from OpenTelemetry.Exporter.Console's releases.

1.14.0

For highlights and announcements pertaining to this release see: Release Notes > 1.14.0.

The following changes are from the previous release 1.14.0-rc.1.

  • NuGet: OpenTelemetry v1.14.0

    • Breaking Change NuGet packages now use the Sigstore bundle format
      (.sigstore.json) for digital signatures instead of separate signature
      (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
      for verification. See the Digital signing
      section       for updated verification instructions.
      (#​6623)

    • Update to stable versions for .NET 10.0 NuGet packages.
      (#​6667)

    • Update Microsoft.Extensions.* dependencies to 10.0.0 for .NET Framework
      and .NET Standard.
      (#​6667)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.14.0

    • Breaking Change NuGet packages now use the Sigstore bundle format
      (.sigstore.json) for digital signatures instead of separate signature
      (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
      for verification. See the Digital signing
      section       for updated verification instructions.
      (#​6623)

    • Update System.Diagnostics.DiagnosticSource dependency to 10.0.0
      for all target frameworks.
      (#​6667)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.14.0

    • Breaking Change NuGet packages now use the Sigstore bundle format
      (.sigstore.json) for digital signatures instead of separate signature
      (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
      for verification. See the Digital signing
      section       for updated verification instructions.
      (#​6623)

    • Update to stable versions for .NET 10.0 NuGet packages.
      (#​6667)

    • Update Microsoft.Extensions.* dependencies to 10.0.0 for .NET Framework
      ... (truncated)

1.14.0-rc.1

The following changes are from the previous release 1.13.1.

... (truncated)

1.14.0-beta.1

The following changes are from the previous release 1.13.1-beta.1.

  • NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.14.0-beta.1

    • Breaking Change When targeting net8.0, the package now depends on version
      8.0.0 of the Microsoft.Extensions.DependencyInjection.Abstractions,
      Microsoft.Extensions.Diagnostics.Abstractions and
      Microsoft.Extensions.Logging.Configuration NuGet packages.
      (#​6327)

    • Add support for .NET 10.0.
      (#​6307)

    • Added the possibility to disable timestamps via the PrometheusAspNetCoreOptions.
      (#​6600)

    • Breaking Change NuGet packages now use the Sigstore bundle format
      (.sigstore.json) for digital signatures instead of separate signature
      (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
      for verification. See the Digital signing
      section       for updated verification instructions.
      (#​6623)

    • Updated OpenTelemetry core component version(s) to 1.14.0.
      (#​6689)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Exporter.Prometheus.HttpListener v1.14.0-beta.1

    • Breaking Change When targeting net8.0, the package now depends on version
      8.0.0 of the Microsoft.Extensions.DependencyInjection.Abstractions,
      Microsoft.Extensions.Diagnostics.Abstractions and
      Microsoft.Extensions.Logging.Configuration NuGet packages.
      (#​6327)

    • Add support for .NET 10.0.
      (#​6307)

    • Added the possibility to disable timestamps via the PrometheusHttpListenerOptions.
      (#​6600)

    • Breaking Change NuGet packages now use the Sigstore bundle format
      (.sigstore.json) for digital signatures instead of separate signature
      (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
      for verification. See the Digital signing
      section       for updated verification instructions.
      (#​6623)

    • Updated OpenTelemetry core component version(s) to 1.14.0.
      ... (truncated)

1.13.1

For highlights and announcements pertaining to this release see: Release Notes > 1.13.1.

The following changes are from the previous release 1.13.0.

... (truncated)

1.13.1-beta.1

The following changes are from the previous release 1.13.0-beta.1.

1.13.0

For highlights and announcements pertaining to this release see: Release Notes > 1.13.0.

The following changes are from the previous release 1.12.0.

  • NuGet: OpenTelemetry v1.13.0

    • Added a verification to ensure that a MetricReader can only be registered
      to a single MeterProvider, as required by the OpenTelemetry specification.
      (#​6458)

    • Added FormatMessage configuration option to self-diagnostics feature. When
      set to true (default is false), log messages will be formatted by replacing
      placeholders with actual parameter values for improved readability.

      Example OTEL_DIAGNOSTICS.json:

      {
    "LogDirectory": ".",
    "FileSize": 32768,
    "LogLevel": "Warning",
    "FormatMessage": true
}

    • Fixed parsing of OTEL_TRACES_SAMPLER_ARG decimal values to always use .
      as the delimiter when using the traceidratio sampler, preventing
      locale-specific parsing issues.
      (#​6444)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.13.0

    • Added AddLink(SpanContext, SpanAttributes?) to TelemetrySpan to support
      linking spans and associating optional attributes for advanced trace relationships.
      (#​6305)

    • Experimental (only in pre-release versions): Added the EventName property
      to LogRecordData
      (#​6306)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.13.0

    No notable changes.

    See CHANGELOG for details.

... (truncated)

1.13.0-beta.1

The following changes are from the previous release 1.12.0-beta.1.

Commits viewable in compare view.

Updated OpenTelemetry.Extensions.Hosting from 1.12.0 to 1.14.0.

Release notes

Sourced from OpenTelemetry.Extensions.Hosting's releases.

1.14.0

For highlights and announcements pertaining to this release see: Release Notes > 1.14.0.

The following changes are from the previous release 1.14.0-rc.1.

  • NuGet: OpenTelemetry v1.14.0

    • Breaking Change NuGet packages now use the Sigstore bundle format
      (.sigstore.json) for digital signatures instead of separate signature
      (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
      for verification. See the Digital signing
      section       for updated verification instructions.
      (#​6623)

    • Update to stable versions for .NET 10.0 NuGet packages.
      (#​6667)

    • Update Microsoft.Extensions.* dependencies to 10.0.0 for .NET Framework
      and .NET Standard.
      (#​6667)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.14.0

    • Breaking Change NuGet packages now use the Sigstore bundle format
      (.sigstore.json) for digital signatures instead of separate signature
      (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
      for verification. See the Digital signing
      section       for updated verification instructions.
      (#​6623)

    • Update System.Diagnostics.DiagnosticSource dependency to 10.0.0
      for all target frameworks.
      (#​6667)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.14.0

    • Breaking Change NuGet packages now use the Sigstore bundle format
      (.sigstore.json) for digital signatures instead of separate signature
      (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
      for verification. See the Digital signing
      section       for updated verification instructions.
      (#​6623)

    • Update to stable versions for .NET 10.0 NuGet packages.
      (#​6667)

    • Update Microsoft.Extensions.* dependencies to 10.0.0 for .NET Framework
      ... (truncated)

1.14.0-rc.1

The following changes are from the previous release 1.13.1.

... (truncated)

1.14.0-beta.1

The following changes are from the previous release 1.13.1-beta.1.

  • NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.14.0-beta.1

    • Breaking Change When targeting net8.0, the package now depends on version
      8.0.0 of the Microsoft.Extensions.DependencyInjection.Abstractions,
      Microsoft.Extensions.Diagnostics.Abstractions and
      Microsoft.Extensions.Logging.Configuration NuGet packages.
      (#​6327)

    • Add support for .NET 10.0.
      (#​6307)

    • Added the possibility to disable timestamps via the PrometheusAspNetCoreOptions.
      (#​6600)

    • Breaking Change NuGet packages now use the Sigstore bundle format
      (.sigstore.json) for digital signatures instead of separate signature
      (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
      for verification. See the Digital signing
      section       for updated verification instructions.
      (#​6623)

    • Updated OpenTelemetry core component version(s) to 1.14.0.
      (#​6689)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Exporter.Prometheus.HttpListener v1.14.0-beta.1

    • Breaking Change When targeting net8.0, the package now depends on version
      8.0.0 of the Microsoft.Extensions.DependencyInjection.Abstractions,
      Microsoft.Extensions.Diagnostics.Abstractions and
      Microsoft.Extensions.Logging.Configuration NuGet packages.
      (#​6327)

    • Add support for .NET 10.0.
      (#​6307)

    • Added the possibility to disable timestamps via the PrometheusHttpListenerOptions.
      (#​6600)

    • Breaking Change NuGet packages now use the Sigstore bundle format
      (.sigstore.json) for digital signatures instead of separate signature
      (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
      for verification. See the Digital signing
      section       for updated verification instructions.
      (#​6623)

    • Updated OpenTelemetry core component version(s) to 1.14.0.
      ... (truncated)

1.13.1

For highlights and announcements pertaining to this release see: Release Notes > 1.13.1.

The following changes are from the previous release 1.13.0.

... (truncated)

1.13.1-beta.1

The following changes are from the previous release 1.13.0-beta.1.

1.13.0

For highlights and announcements pertaining to this release see: Release Notes > 1.13.0.

The following changes are from the previous release 1.12.0.

  • NuGet: OpenTelemetry v1.13.0

    • Added a verification to ensure that a MetricReader can only be registered
      to a single MeterProvider, as required by the OpenTelemetry specification.
      (#​6458)

    • Added FormatMessage configuration option to self-diagnostics feature. When
      set to true (default is false), log messages will be formatted by replacing
      placeholders with actual parameter values for improved readability.

      Example OTEL_DIAGNOSTICS.json:

      {
    "LogDirectory": ".",
    "FileSize": 32768,
    "LogLevel": "Warning",
    "FormatMessage": true
}

    • Fixed parsing of OTEL_TRACES_SAMPLER_ARG decimal values to always use .
      as the delimiter when using the traceidratio sampler, preventing
      locale-specific parsing issues.
      (#​6444)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.13.0

    • Added AddLink(SpanContext, SpanAttributes?) to TelemetrySpan to support
      linking spans and associating optional attributes for advanced trace relationships.
      (#​6305)

    • Experimental (only in pre-release versions): Added the EventName property
      to LogRecordData
      (#​6306)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.13.0

    No notable changes.

    See CHANGELOG for details.

... (truncated)

1.13.0-beta.1

The following changes are from the previous release 1.12.0-beta.1.

Commits viewable in compare view.

Updated OpenTelemetry.Instrumentation.AspNetCore from 1.12.0 to 1.14.0.

Release notes

Sourced from OpenTelemetry.Instrumentation.AspNetCore's releases.

1.14.0

1.14.0-rc.1

1.14.0-beta.2

1.14.0-beta.1

1.14.0-alpha.1

1.13.1

1.13.0

1.13.0-rc.1

1.13.0-beta.2

1.13.0-beta.1

1.13.0-alpha.1

Description has been truncated

@dependabot
Bump the dependencies group with 8 updates
0170db3 
Bumps Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.16 to 8.0.22
Bumps Microsoft.NET.Test.Sdk from 17.14.1 to 18.0.1
Bumps MongoDB.Driver from 3.4.0 to 3.5.2
Bumps OpenTelemetry.Exporter.Console from 1.12.0 to 1.14.0
Bumps OpenTelemetry.Extensions.Hosting from 1.12.0 to 1.14.0
Bumps OpenTelemetry.Instrumentation.AspNetCore from 1.12.0 to 1.14.0
Bumps Swashbuckle.AspNetCore from 8.1.4 to 10.1.0
Bumps xunit.runner.visualstudio from 3.1.1 to 3.1.5

---
updated-dependencies:
- dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer
  dependency-version: 8.0.22
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-version: 18.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: MongoDB.Driver
  dependency-version: 3.5.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: OpenTelemetry.Exporter.Console
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: OpenTelemetry.Extensions.Hosting
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: OpenTelemetry.Instrumentation.AspNetCore
  dependency-version: 1.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependencies
- dependency-name: Swashbuckle.AspNetCore
  dependency-version: 10.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dependencies
- dependency-name: xunit.runner.visualstudio
  dependency-version: 3.1.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Dec 22, 2025

Labels

The following labels could not be found: api, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

This was referenced Dec 22, 2025
Closed
Closed
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 12, 2026

Superseded by #42.

@dependabot dependabot bot closed this Jan 12, 2026
@dependabot dependabot bot deleted the dependabot/nuget/apps/api/Api.Tests/dependencies-d18ca2ddd8 branch January 12, 2026 01:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant