chore: Bump the production-dependencies group with 7 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Updated Azure.Security.KeyVault.Secrets from 4.7.0 to 4.8.0.

Release notes

Sourced from Azure.Security.KeyVault.Secrets's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.ApplicationInsights.AspNetCore from 2.21.0 to 2.23.0.

Release notes

Sourced from Microsoft.ApplicationInsights.AspNetCore's releases.

2.23.0

• no changes since beta.

2.23.0-beta1

• Populate required field Message with "n/a" if it is empty
• Fix ITelemetryModule singleton registration to support presence of keyed services

2.22.0

• no changes since beta.

2.22.0-beta4

• Added support to read diagnostics config from the path defined in environment variable.

2.22.0-beta3

• Fixed an adaptive sampling issue that caused incorrect item count when an Activity Recorded flags were modified externally, when enabled side-by-side with OpenTelemetry or other solutions.

2.22.0-beta2

• Upgrade System.Diagnostics.PerformanceCounter to version 6.0.0 to address CVE-2021-24112
• Report internal dependencies from Cosmos SDK as InProc and align with Cosmos SDK EventSource changes

2.22.0-beta1

• Update endpoint redirect header name for QuickPulse module to v2
• AzureSdkDiagnosticListener modified to use sdkversion prefix "rdddsaz" instead of "dotnet".
• ILogger logs with LogLevel.None severity are now ignored by ApplicationInsightsLogger. Fixes (#​2666)
• Fix ExceptionTelemetry clears all Context when updating Exception property
• Support dependency tracking and diagnostics events for Microsoft.Azure.Cosmos v3

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.0 to 10.0.1.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.OpenApi from 10.0.0 to 10.0.1.

Release notes

Sourced from Microsoft.AspNetCore.OpenApi's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Azure.Cosmos from 3.42.0 to 3.56.0.

Release notes

Sourced from Microsoft.Azure.Cosmos's releases.

3.56.0

3.56.0 - 2025-11-25

Fixed

• 5550 Owner not found: Fixes substatus code 1003 for item operations when container doesn't exist (Direct mode)

3.56.0-preview.0

3.56.0-preview.0 - 2025-11-14

Fixed

• 5260 HPK: Fixes Lengthaware normalized EPK comparators as default (only in preview)

3.55.0

3.55.0 - 2025-11-14

Added

• 5462 [VectorIndexPath]: Adds GA IndexingSearchListSize and VectorIndexShardKey
• 5470 Change feed: Adds id and pk to ChangeFeedMetadata for delete operations (Default policy excludes Previous for deletes)
• 5474 Binary Encoding: Adds support to DateTimeOffset type

Fixed

• 5469 BarrierRequests: Adds 410/LeaseNotFound(1022) fail-fast to cross-region retries by retrying on primary (checks last replica response)
• 5475 Query: Fixes query advisor prefix url links to use aka.ms
• 5476 HttpTimeoutPolicy: Fixes QueryPlan retry gaps (Http POST but its Read)
• 5497 HttpTimeoutPolicy: Fixes PPAF and ThinProxy timeout polices to (6s, 6s, 10s) for both PointReads and NonPointReads

3.55.0-preview.1

3.55.0-preview.0

3.55.0-preview.0 - 2025-10-2

Note: FullTextScore query function now expects string value parameters (e.g., FullTextScore(c.text, 'swim','run')); preview array syntax is no longer supported.

Added

• 5368 VectorDataType: Adds Support for Float16 Data Type
• 5411 Hedging: Adds GA for adding hedging via RequestOptions
• 5412 Hedging: Adds back diagnostics filed Response Region to hedging request diagnostics
• 5386 Build: Removes System.Net.Http and System.Text.RegularExpressions package references

Fixed

• 5409 Query: Fixes to not use passthrough context for collections with HPK
• 5422 Diagnostics: Fixes race condition that can cause InvalidOperationException in CosmosOperationCancelledException.ToString()
• 5427 PPAF: Fixes issue where setting RequestTimeout to 0 second will cause PPAF dynamic enablement to break

3.54.1

3.54.0

3.54.0 - 2025-10-2

Note: FullTextScore query function now expects string value parameters (e.g., FullTextScore(c.text, 'swim','run')); preview array syntax is no longer supported.

Added

• 5368 VectorDataType: Adds Support for Float16 Data Type
• 5411 Hedging: Adds GA for adding hedging via RequestOptions
• 5412 Hedging: Adds back diagnostics filed Response Region to hedging request diagnostics
• 5386 Build: Removes System.Net.Http and System.Text.RegularExpressions package references

Fixed

• 5409 Query: Fixes to not use passthrough context for collections with HPK
• 5422 Diagnostics: Fixes race condition that can cause InvalidOperationException in CosmosOperationCancelledException.ToString()
• 5427 PPAF: Fixes issue where setting RequestTimeout to 0 second will cause PPAF dynamic enablement to break

3.54.0-preview.2

3.54.0-preview.2 - 2025-10-7

Fixed

• 5427 PPAF: Fixes issue where setting RequestTimeout to 0 second will cause PPAF dynamic enablement to break

3.54.0-preview.1

3.54.0-preview.1 - 2025-8-28

Added

• 5364 TokenCredentialCache: Adds a fallback mechanism to AAD scope override.
• 5361 Trace: Fixes thread safety issue in Trace class causing high CPU usage and InvalidOperationException

3.54.0-preview.0

3.54.0-preview.0 - 2025-8-13

Added

• 5253 License: Adds new license expression
• 5252 TokenCredentialCache: Adds an options to override AAD audience scope
• 5308 Query: Adds Weighted RRF capability to LINQ
• 5213 Query: Adds GetIndexMetrics LINQ extension method

Fixed

• 5273 Query: Fixes non streaming order by queries to not be tagged as passthrough queries
• 5291 GatewayStoreClient: Fixes stream consumption bug in GatewayStoreClient.CreateDocumentClientExceptionAsync
• 5317 Query: Fixes HybridSearchQueryTests to account for backend changes in phrase search

3.53.2

3.53.2 - 2025-10-7

Fixed

• 5427 PPAF: Fixes issue where setting RequestTimeout to 0 second will cause PPAF dynamic enablement to break

3.53.1

3.53.1 - 2025-8-28

Added

• 5364 TokenCredentialCache: Adds a fallback mechanism to AAD scope override.
• 5361 Trace: Fixes thread safety issue in Trace class causing high CPU usage and InvalidOperationException

3.53.0

3.53.0 - 2025-8-13

Added

• 5253 License: Adds new license expression
• 5252 TokenCredentialCache: Adds an options to override AAD audience scope
• 5308 Query: Adds Weighted RRF capability to LINQ
• 5213 Query: Adds GetIndexMetrics LINQ extension method

Fixed

• 5273 Query: Fixes non streaming order by queries to not be tagged as passthrough queries
• 5291 GatewayStoreClient: Fixes stream consumption bug in GatewayStoreClient.CreateDocumentClientExceptionAsync
• 5317 Query: Fixes HybridSearchQueryTests to account for backend changes in phrase search

3.53.0-preview.1

3.53.0-preview.1 - 2025-7-10

Fixed

• 5257 QueryPlan: Fixes 410 Gone exception on query plan calls in Non-X64 windows platforms

3.53.0-preview.0

3.53.0-preview.0 - 2025-6-13

Added

• 5180 Query: Adds public PopulateQueryAdvice capability
• 5215 Client Encryption: Adds support for latest Cosmos package and bumps up Encryption package for nuget release
• 5157 Query: Adds support for LINQ extension method for VectorDistance

This also includes a Direct Package version update to 3.39.1 in PR #​5241 which includes the following:

• Rntbd Health Check Improvements Part 3: Enables Aggressive Timeout Detection By Default.
• Introduce East US 3 region in the SDK.

Fixed

• 5221 Query : Fixes Skip + Order By Bug
• 5218 Binary Encoding: Fixes DateTime Parsing Issue with Trailing Zeros in the Milli-Seconds Precision
• 5234 Client Encryption: Fixes Encryption Release Pipeline

3.52.1

3.52.1 - 2025-7-10

Fixed

• 5257 QueryPlan: Fixes 410 Gone exception on query plan calls in Non-X64 windows platforms

3.52.0

3.52.0 - 2025-6-13

Added

• 5180 Query: Adds public PopulateQueryAdvice capability
• 5215 Client Encryption: Adds support for latest Cosmos package and bumps up Encryption package for nuget release
• 5157 Query: Adds support for LINQ extension method for VectorDistance

This also includes a Direct Package version update to 3.39.1 in PR #​5241 which includes the following:

• Rntbd Health Check Improvements Part 3: Enables Aggressive Timeout Detection By Default.
• Introduce East US 3 region in the SDK.

Fixed

• 5221 Query : Fixes Skip + Order By Bug
• 5218 Binary Encoding: Fixes DateTime Parsing Issue with Trailing Zeros in the Milli-Seconds Precision
• 5234 Client Encryption: Fixes Encryption Release Pipeline

3.52.0-preview.0

3.52.0-preview.0 - 2025-5-16

Added

• 5182 InMemoryLeaseContainer: Adds public API to use InMemoryLeaseContainer with ChangeFeedProcessorBuilder
• 5170 PPAF: Adds Code to Fetch Enablement Flag Through Gateway Database Account Response

Fixed

• 5197 GlobalEndpointManager: Fixes Observed exception (ObjectDisposedException)

3.51.0

3.51.0 - 2025-5-16

Added

• 5182 InMemoryLeaseContainer: Adds public API to use InMemoryLeaseContainer with ChangeFeedProcessorBuilder
• 5170 PPAF: Adds Code to Fetch Enablement Flag Through Gateway Database Account Response

Fixed

• 5197 GlobalEndpointManager: Fixes Observed exception (ObjectDisposedException)

3.51.0-preview.0

3.51.0-preview.0 - 2025-5-9

Added

• 4993 Query: Adds LINQ extension method for ORDER BY RANK, FullTextScore and RRF
• 5121 Query: Adds support for the optimized query plan that skips the order by rewrite
• 5190 Hedging: Adds Hedging for Write requests GA

Fixed

• 5145 Query: Fixes handling of undefined projections in hybrid search
• 5150 Query: Fixes Full Text Search APIs by marking them public
• 5162 HPK : Fixes code documentation to reference PartitionKeyPaths for HPK scenarios
• 5163 Query: Fixes function signature for RRF, OrderByRank and FullTextScore LINQ extension methods
• 5171 Query: Fixes FullText Policy API by making language optional
• 5189 Hedging: Fixes Concurrency Issue

3.50.0

3.50.0 - 2025-5-9

Added

• 4993 Query: Adds LINQ extension method for ORDER BY RANK, FullTextScore and RRF
• 5121 Query: Adds support for the optimized query plan that skips the order by rewrite
• 5190 Hedging: Adds Hedging for Write requests GA

Fixed

• 5145 Query: Fixes handling of undefined projections in hybrid search
• 5150 Query: Fixes Full Text Search APIs by marking them public
• 5162 HPK : Fixes code documentation to reference PartitionKeyPaths for HPK scenarios
• 5163 Query: Fixes function signature for RRF, OrderByRank and FullTextScore LINQ extension methods
• 5171 Query: Fixes FullText Policy API by making language optional
• 5189 Hedging: Fixes Concurrency Issue

3.50.0-preview.0

3.50.0-preview.0 - 2025-4-17

Added

• 5136 VectorIndexing: Adds Preview APIs for VectorIndexing Policies

3.49.0

3.49.0 - 2025-4-17

Added

• 5077 ThroughputBucketing: Adds changes to make ThroughputBucket public for preview SDK
• 5069 AsyncCache: Adds support for stack trace optimization during exceptions for AsyncCache and AsyncCacheNonblocking
• 5120 Query: Adds an environment variable for disabling the hybrid search query plan optimization
• 5127 UnknownRntbdHeader : Adds a new SDK capability for UnknownRntbdHeaders
• 5128 Session Consistency: Adds SessionTokenMismatchRetryPolicy optimization through customer supplied region switch hints

Fixed

• 5089 WebAssembly : Fixes Guard the ServicePointAccessor call in DocumentClass with IsSupported as well
• 5106 Diagnostics: Fixes bug where some overloaded substatus codes are displayed incorrectly in diagnostics.
• 5139 Query: Fixes flip of boolean switch for hybridSearchSkipOrderByRewrite

3.49.0-preview.1

3.49.0-preview.1 - 2025-4-11

Fixes

• 5108 Metadata requests: Fixes bug where certain metadata requests are not retried with a client cold start with only query requests

3.49.0-preview.0

3.49.0-preview.0 - 2025-3-21

Fixes

• 5024 Query: Fixes logic to determine whether to use distributed query by adding a check for gateway connection mode
• 5049 .NET9: Fixes WebAssembly or browser scenarios by conditionally setting the ConnectionLimit
• 4470 NonBlockingAsyncCache: Fixes lambda func capturing the outer context (memory optimization)
• 4977 Heiarchical Partition Keys: Fixes bug for ReadMany where None Partition does not return results

Added

• 5057 AvailabilityStrategy: Adds WithAvailabilityStrategy method to public GA SDK.
• 5011 Query: Adds query feature and deserialization of component weights for weighted rank fusion
• 4980 Query: Adds FullTextContains, FullTextContainsAll, FullTextContainsAny as LINQ extension method

3.48.1

3.48.1 - 2025-4-11

Fixes

• 5108 Metadata requests: Fixes bug where certain metadata requests are not retried with a client cold start with only query requests

3.48.0

3.48.0 - 2025-3-21

Fixes

• 5024 Query: Fixes logic to determine whether to use distributed query by adding a check for gateway connection mode
• 5049 .NET9: Fixes WebAssembly or browser scenarios by conditionally setting the ConnectionLimit
• 4470 NonBlockingAsyncCache: Fixes lambda func capturing the outer context (memory optimization)
• 4977 Heiarchical Partition Keys: Fixes bug for ReadMany where None Partition does not return results

Added

• 5057 AvailabilityStrategy: Adds WithAvailabilityStrategy method to public GA SDK.
• 5011 Query: Adds query feature and deserialization of component weights for weighted rank fusion
• 4980 Query: Adds FullTextContains, FullTextContainsAll, FullTextContainsAny as LINQ extension method

3.48.0-preview.2

3.48.0-preview.2 - 2025-2-28

Fixed

• 5030 Binary Encoding: Fixes Serialization Gaps on Newtonsoft Reader/Writer for Transactional Batch API.

3.48.0-preview.1

3.48.0-preview.1 - 2025-2-14

Added

• 5013 Resiliency: Fixes a bug in the feature for "Faster detection of broken Transport connections".

Set Environment variable AZURE_COSMOS_AGGRESSIVE_TIMEOUT_DETECTION_ENABLED to "True" to enable the above feature. Fixed an issue where connections weren't marked as "unhealthy" under sustained failures, delaying recovery. Now, unhealthy connections trigger prompt reconnection, ensuring continuous client operations.

3.48.0-preview.0

3.48.0-preview.0 - 2025-2-7

Added

• 4706 Hedging: Adds support for writes on multi region accounts

3.47.2

3.47.2 - 2025-2-28

Fixed

• 5030 Binary Encoding: Fixes Serialization Gaps on Newtonsoft Reader/Writer for Transactional Batch API.

3.47.1

3.47.1 - 2025-2-14

Added

• 5013 Resiliency: Fixes a bug in the feature for "Faster detection of broken Transport connections".

Set Environment variable AZURE_COSMOS_AGGRESSIVE_TIMEOUT_DETECTION_ENABLED to "True" to enable the above feature. Fixed an issue where connections weren't marked as "unhealthy" under sustained failures, delaying recovery. Now, unhealthy connections trigger prompt reconnection, ensuring continuous client operations.

3.47.0

3.47.0 - 2025-2-07

Added

• 4682 OpenTelemetry Metrics: Adds support to collect Operation level metrics
• 4857 Query: Adds LINQ support for Multi-key Group By translation
• 4872 Open Telemetry : Adds implementation for network level Metrics
• 4925 Open Telemetry: Adds option to opt-in optional dimensions
• 4966 Hedging: Adds reads CrossRegionalHedging to GA SDK release
• 4994 Query: Adds Computed Properties to Public Interface

This also includes a Direct Package version update to 3.37.9 in PR #​4990

Fixed

• 4928 Upgrade Resiliency: Fixes Code to Clean-up Unhealthy Connection and LbChannelState Object.
• 4869 Hedging: Fixes NullReference Exception Bug
• 4949 RequestOptions: Fixes Etag code documentation
• 4936 Optimization: Fixes SDK to use static readonly arrays for seperators
• 4970 QuorumReader: Fixes bug where reads will fail in BoundedStaleness when a secondary replica is unresponsive to use primary replica on retries
• 4995 Open Telemetry: Fixes attribute name as per OTel Guidance

3.47.0-preview.1

3.47.0-preview.1 - 2025-01-28

Fixed

• 4928 Upgrade Resiliency: Fixes Code to Clean-up Unhealthy Connection and LbChannelState Object.
• 4934 Region Availability: Adding SDK Changes for Upcoming Regions.

3.47.0-preview.0

3.47.0-preview.0 - 2024-11-19

Added

• 4839 Dependencies: Removes direct reference to the Newtonsoft.Json package, marks it as a private asset, and adds a build target to enforce explicit consumer references.

NOTE: This is a breaking change. Consumer applications must explicitly reference the Newtonsoft.Json package with a version >= 10.0.2 or opt-out of the check by setting <AzureCosmosDisableNewtonsoftJsonCheck>true</AzureCosmosDisableNewtonsoftJsonCheck> in their project file.

3.46.1

3.46.1 - 2024-12-24

Fixed

• 4928 Upgrade Resiliency: Fixes Code to Clean-up Unhealthy Connection and LbChannelState Object.
• 4934 Region Availability: Adding SDK Changes for Upcoming Regions.

3.46.0

3.46.0 - 2024-11-19

Added

• 4839 Dependencies: Removes direct reference to the Newtonsoft.Json package, marks it as a private asset, and adds a build target to enforce explicit consumer references.

NOTE: This is a breaking change. Consumer applications must explicitly reference the Newtonsoft.Json package with a version >= 10.0.2 or opt-out of the check by setting <AzureCosmosDisableNewtonsoftJsonCheck>true</AzureCosmosDisableNewtonsoftJsonCheck> in their project file.

• 4854 Open Telemetry: Adds open telemetry based versioning.
  aavasthy marked this conversation as resolved.

Fixed

• 4860 Open telemetry: Fixes Populating Query text for non-stream Iterator.
• 4649 Query: Fixes prefetching to be disabled when MaxConcurrency is less than or equal to one.
• 4878 Tests: Fixes Assert proper way.
• 4885 Query: Fixes (workaround) for query plan issue where placeholder index does not start at zero.

3.46.0-preview.2

3.46.0-preview.2 - 2024-11-13

Added

• 4866 JSON Binary Encoding: Adds support for encoding uniform arrays.

3.46.0-preview.1

3.46.0-preview.1 - 2024-11-11

Added

• 4863 VectorIndexDefinition: Refactors Code to Remove Support for VectorIndexShardKey from Preview Contract.

3.46.0-preview.0

3.46.0-preview.0 - 2024-10-25

Added

• 4792 VectorIndexDefinition: Adds Support for Partitioned DiskANN

• 4837 ContainerProperties: Adds Full Text Search and Indexing Policy.

3.45.2

3.45.2 - 2024-11-13

Added

• 4866 JSON Binary Encoding: Adds support for encoding uniform arrays.

3.45.1

3.45.1 - 2024-11-11

Added

• 4863 VectorIndexDefinition: Refactors Code to Remove Support for VectorIndexShardKey from Preview Contract.

3.45.0

3.45.0 - 2024-10-25

Added

• 4781 AppInsights: Adds classic attribute back to cosmos db to support appinsights sdk.

• 4709 Availability: Adds account-level read regions as effective preferred regions when preferred regions is not set on client.

• 4810 Package Upgrade: Refactors code to upgrade DiagnosticSource Library from 6.0.1 to 8.0.1

• 4794 Query: Adds hybrid search query pipeline stage

• 4819 Azurecore: Fixes upgrading azure core dependency to latest

• 4814 DeleteAllItemsByPartitionKeyStreamAsync: Adds DeleteAllItemsByPartitionKeyStreamAsync API to GA

• 4845 ContainerProperties: Refactors Vector Embedding and Indexing Policy Interfaces to Mark Them as Public for GA

Fixed

• 4777 Regions: Fixes Removes decommissioned regions.

• 4765 Open Telemetry: Fixes attribute name following otel convention

3.45.0-preview.1

3.45.0-preview.1 - 2024-10-16

Fixed

• 4799 Open Telemetry: Re-added deprecated attribute to support Application Insights SDK by default. For OpenTelemetry attributes, set the environment variable OTEL_SEMCONV_STABILITY_OPT_IN=database/dupe.

3.45.0-preview.0

3.45.0-preview.0 - 2024-10-07

Added

• 4566 Container: Added support for IsFeedRangePartOfAsync, enabling precise comparisons to determine relationships between FeedRanges.

3.44.1

3.44.1 - 2024-10-16

Fixed

• 4799 Open Telemetry: Re-added deprecated attribute to support Application Insights SDK by default. For OpenTelemetry attributes, set the environment variable OTEL_SEMCONV_STABILITY_OPT_IN=database/dupe.

3.44.0

3.44.0 - 2024-10-07

Added

• 4725 Region Availability: Added multiple new regions for public use in bulk.

• 4664 OpenTelemetry: Added query text as an attribute to improve traceability and provide more detailed insights into query execution.

• 4643 OpenTelemetry: Updated operation names to follow standard naming conventions, improving consistency and traceability across services.

Fixed

• 4762 OpenTelemetry: Fixed event filtering to correctly handle non-failure status codes like 404 or 0.

• 4713 Routing: Resolved an issue with excluding specific regions in RequestOptions for the ReadMany operation, ensuring requests are routed only to the desired regions for optimized data retrieval.

3.44.0-preview.1

3.44.0-preview.1 - 2024-09-18

Fixed

• 4684 Hedging: Fixes Typo (WithAvailibilityStrategy -> WithAvailabilityStrategy) in CosmosClientBuilder

3.44.0-preview.0

3.44.0-preview.0 - 2024-09-04

Added

• 4598 Adds: Parallel Request Hedging for cross region read requests

3.43.1

3.43.1 - 2024-09-18

Added

• 4691 ClientRetryPolicy: Adds Cross Regional Retry Logic on 410/1022 and 429/3092

3.43.0

3.43.0 - 2024-09-04

Added

• 4589 SystemTextJsonSerializer: Add UseSystemTextJsonSerializerWithOptions to support SystemTextJsonSerializer
• 4622 Open Telemetry: Adds Batchsize and Rename Batch Operation name in Operation Trace
• 4621 CFP AVAD: Adds new FeedRange to ChangeFeedProcessorContext

Fixed

• 4619 CFP AVAD: Fixes throws when customers use WithStartTime and WithStartFromBeginning with CFP AVAD
• 4638 Documentation: Fixes AnalyticalStoreTimeToLiveInSeconds API documentation to list correct values
• 4640 FeedRanges: Fixes GetFeedRangesAsync throwing DocumentClientException
• 4618 CF/P AVAD: Fixes Deserialization of ChangeFeedItem and ChangeFeedMetadata to support System.Text.Json and Newtonsoft.Json

3.43.0-preview-0

3.43.0-preview.0 - 2024-07-24

Added

• 4544 Azure.Identity: Bumps verion to 1.11.4
• 4546 Client Encryption: Adds support for latest Cosmos Package.
• 4490 Query: Adds Distribution for MakeList and MakeSet
• 4559 Query: Adds a new QueryFeature flag for MakeList and MakeSet
• 4568 VM Metadata API: Adds an option to disable VM metadata API call
• 4481 Query: Adds support for multi-value Group By query for LINQ
• 4583 ChangeFeed: Adds MalformedContinuationToken SubstatusCode to exception

Fixed

• 4538 Query: Fixes plumbing VectorEmbeddingPolicy to ServiceInterop to choose correct default distance function
• 4523 Change Feed / Processor AVAD: Fixes timeToLiveExpired missing from metadata
• 4558 Query: Removes compute specific logic from query pipelines that is no longer required
• 4580 Change Feed: Fixes incorrect exception messages in VersionedAndRidCheckedCompositeToken

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore from 10.0.0 to 10.0.1.

Release notes

Sourced from Microsoft.EntityFrameworkCore's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.SqlServer from 10.0.0 to 10.0.1.

Release notes

Sourced from Microsoft.EntityFrameworkCore.SqlServer's releases.

No release notes found for this version range.

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

Note

Bumps major NuGet dependencies (Cosmos v4, EF Core v10, ASP.NET Core v10, Identity.Web v4, Octokit v13, KeyVault.Secrets 4.8.0) and adds an additional Azure.AI.OpenAI reference in ExternalServices.

• Infrastructure.ExternalServices (CodeReviewAssistant.Infrastructure.ExternalServices.csproj):
  • Upgrade Azure.Security.KeyVault.Secrets to 4.8.0.
  • Upgrade Microsoft.Azure.Cosmos to 4.6.0.
  • Upgrade Octokit to 13.0.0.
  • Add a second Azure.AI.OpenAI reference at 3.56.0 alongside existing 1.0.0-beta.12.
• Infrastructure.Persistence (CodeReviewAssistant.Infrastructure.Persistence.csproj):
  • Upgrade Microsoft.EntityFrameworkCore and Microsoft.EntityFrameworkCore.SqlServer to 10.0.1.
• WebApi (CodeReviewAssistant.WebApi.csproj):
  • Upgrade Microsoft.AspNetCore.Authentication.JwtBearer and Microsoft.AspNetCore.OpenApi to 10.0.1.
  • Upgrade Microsoft.Identity.Web to 4.1.1.
  • Upgrade Microsoft.AspNetCore.Mvc.Testing to 8.0.22.

^{Written by Cursor Bugbot for commit b62b3fe. This will update automatically on new commits. Configure here.}

[dependabot]

Assignees

The following users could not be added as assignees: org/backend-team. Either the username does not exist or it does not have the correct permissions to be added as an assignee.

Labels

The following labels could not be found: dependencies, dotnet. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[qodo-code-review]

CI Feedback 🧐

A test triggered by this PR failed. Here is an AI-generated analysis of the failure:

Action: Test

Failed stage: Set up job [❌]

Failure summary: The workflow failed during the "Prepare all required actions" step because it referenced a deprecated action version: - It attempted to use actions/upload-artifact@v3, which has been deprecated and is now blocked. - The runner aborted with the error: "This request has been automatically failed because it uses a deprecated version of actions/upload-artifact: v3." - Update the workflow to use a supported version (e.g., actions/upload-artifact@v4).

Relevant error logs: 1: ##[group]Runner Image Provisioner 2: Hosted Compute Agent ... 12: ##[group]Runner Image 13: Image: ubuntu-24.04 14: Version: 20251208.163.1 15: Included Software: https://github.com/actions/runner-images/blob/ubuntu24/20251208.163/images/ubuntu/Ubuntu2404-Readme.md 16: Image Release: https://github.com/actions/runner-images/releases/tag/ubuntu24%2F20251208.163 17: ##[endgroup] 18: ##[group]GITHUB_TOKEN Permissions 19: Contents: read 20: Metadata: read 21: Packages: read 22: ##[endgroup] 23: Secret source: Actions 24: Prepare workflow directory 25: Prepare all required actions 26: Getting action download info 27: ##[error]This request has been automatically failed because it uses a deprecated version of `actions/upload-artifact: v3`. Learn more: https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/

[cursor]

This is the final PR Bugbot will review for you during this billing cycle

Your free Bugbot reviews will reset on January 21

Details

You are on the Bugbot Free tier. On this plan, Bugbot will review limited PRs each billing cycle.

To receive Bugbot reviews on all of your PRs, visit the Cursor dashboard to activate Pro and start your 14-day free trial.

[cursor]

Bug: Duplicate Azure.AI.OpenAI package with conflicting versions

The project file now has two PackageReference entries for Azure.AI.OpenAI with conflicting versions (1.0.0-beta.12 on line 10 and 3.56.0 on line 15). This will cause build conflicts or unpredictable package resolution. The entry on line 15 appears to be a rebase error where the package name was incorrectly set—the version 3.56.0 matches the Microsoft.Azure.Cosmos version mentioned in the PR description, suggesting the package name got mixed up during the dependency update.

Additional Locations (1)

• src/Infrastructure/ExternalServices/CodeReviewAssistant.Infrastructure.ExternalServices/CodeReviewAssistant.Infrastructure.ExternalServices.csproj#L9-L10

 

[cursor]

Bug: Wrong version assigned to Microsoft.Azure.Cosmos package

The Microsoft.Azure.Cosmos package is set to version 4.6.0, but this version does not exist. The PR description states the update should be from 3.42.0 to 3.56.0. Version 4.6.0 appears to be a typo or rebase error—the version numbers seem to have been swapped with Azure.Security.KeyVault.Secrets (which was updated to 4.8.0). This will cause a package restore failure since Microsoft.Azure.Cosmos version 4.6.0 is not published on NuGet.