Skip to content

Bump the minor-and-patch group with 20 updates#23

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/apps/api/src/SharedCookbook.Api/minor-and-patch-8ef3b9a09c
Closed

Bump the minor-and-patch group with 20 updates#23
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/apps/api/src/SharedCookbook.Api/minor-and-patch-8ef3b9a09c

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 26, 2026

Copy link
Copy Markdown

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.


Updated Hangfire.AspNetCore from 1.8.20 to 1.8.23.

Release notes

Sourced from Hangfire.AspNetCore's releases.

1.8.23

Release Notes

Hangfire.Core

  • Changed – Use stable sorting algorithm for background job filters again (by @​jirikanda).
  • Fixed – Custom AutomaticRetryAttribute is ignored under certain conditions regression from 1.8.14 (by @​jirikanda).
  • Fixed – Add missing keys for Swedish translation (by @​karl-sjogren).
  • Project – Use TypeNameAssemblyFormatHandling in tests with .NET 6 (by @​viktor-vintertass).

Hangfire.AspNetCore

  • FixedInvalidOperationException: The request reached the end of the pipeline without executing the endpoint.

1.8.22

Release Notes

Hangfire.Core

  • AddedIGlobalConfiguration.UseNoOpLogProvider method to disable logging.
  • Changed – Un-deprecate interval methods in the Cron class, add remarks in docs instead.
  • Changed – Bump internalized version of Cronos to 0.11.1.
  • Changed – Bump internalized version of Microsoft.Owin to 4.2.3.
  • Fixed – Serialization of arrays of nested types SimpleAssemblyTypeSerializer.
  • Fixed – Remove wrong escaping characters in Portuguese translations on the "Servers" page.
  • Fixed – Properly remove registered IBackgroundProcessingServer instances on OWIN app shutdown.
  • FixedAspNetShutdownDetector for early ASP.NET shutdown detection is not working (regression from 1.7.30).
  • Project – Replace the netcoreapp3.1 target with the net8.0 one in tests.

Hangfire.SqlServer

  • FixedInvalidCastException when creating a background job with Schema 5 (regression from 1.8.15).
  • Project – Replace the netcoreapp3.1 target with the net8.0 one in tests.

Hangfire.AspNetCore

  • AddedMapHangfireDashboardWithNoAuthorizationFilters method, which does not include local-only filters.
  • Changed – Set 404 status code when MapHangfireDashboard is used and no dispatcher is found.
  • FixedInvalidOperationException upon receiving a request for 'hangfire/bootstrap.min.css.map'.

1.8.21

Release Notes

Hangfire.Core

  • AddedFailedState.IncludeFileInfo to optionally show/hide line numbers in exceptions in Failed state.
  • Changed – Include line numbers for exceptions by default when available.
  • Fixed – Portuguese (Brazil) translations in Strings.pt-BR.resx (by @​pedro-cons).
  • Fixed – Static BackgroundJob class always acquires the most current JobStorage.Current instance.
  • Fixed – Static RecurringJob class always acquires the most current JobStorage.Current instance.

Hangfire.SqlServer

  • AddedSqlServerStorageOptions.DisableTransactionScope option for .NET Framework targets.
  • Project – Port Monitoring API tests from the Hangfire.InMemory storage for better coverage.
  • Project – Run tests for different targets in parallel with different databases.

Commits viewable in compare view.

Updated Hangfire.PostgreSql from 1.20.12 to 1.21.1.

Release notes

Sourced from Hangfire.PostgreSql's releases.

1.21.1

What's Changed

Full Changelog: hangfire-postgres/Hangfire.PostgreSql@1.21.0...1.21.1

1.21.0

What's Changed

New Contributors

Full Changelog: hangfire-postgres/Hangfire.PostgreSql@1.20.13...1.21.0

1.20.13

What's Changed

New Contributors

Full Changelog: hangfire-postgres/Hangfire.PostgreSql@1.20.12...1.20.13

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.0 to 10.0.7.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Identity.EntityFrameworkCore from 10.0.0 to 10.0.7.

Release notes

Sourced from Microsoft.AspNetCore.Identity.EntityFrameworkCore's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Mvc.Testing from 10.0.0 to 10.0.7.

Release notes

Sourced from Microsoft.AspNetCore.Mvc.Testing's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.SignalR.Client from 10.0.0 to 10.0.7.

Release notes

Sourced from Microsoft.AspNetCore.SignalR.Client's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Data.Sqlite from 10.0.0 to 10.0.7.

Release notes

Sourced from Microsoft.Data.Sqlite's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore from 10.0.0 to 10.0.7.

Release notes

Sourced from Microsoft.EntityFrameworkCore's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.Design from 10.0.0 to 10.0.7.

Release notes

Sourced from Microsoft.EntityFrameworkCore.Design's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.Sqlite from 10.0.0 to 10.0.7.

Release notes

Sourced from Microsoft.EntityFrameworkCore.Sqlite's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Http from 10.0.0 to 10.0.7.

Release notes

Sourced from Microsoft.Extensions.Http's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Identity.Stores from 10.0.0 to 10.0.7.

Release notes

Sourced from Microsoft.Extensions.Identity.Stores's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Logging.Abstractions from 10.0.0 to 10.0.7.

Release notes

Sourced from Microsoft.Extensions.Logging.Abstractions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Options from 10.0.0 to 10.0.7.

Release notes

Sourced from Microsoft.Extensions.Options's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Options.ConfigurationExtensions from 10.0.0 to 10.0.7.

Release notes

Sourced from Microsoft.Extensions.Options.ConfigurationExtensions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.TimeProvider.Testing from 10.0.0 to 10.5.0.

Release notes

Sourced from Microsoft.Extensions.TimeProvider.Testing's releases.

10.5.0

HTTP Logging Middleware APIs in Microsoft.AspNetCore.Diagnostics.Middleware are now stable. This release also transfers Microsoft.Extensions.VectorData.Abstractions and Microsoft.Extensions.VectorData.ConformanceTests from the Semantic Kernel repository into dotnet/extensions, jumping from 10.1.0 to 10.5.0 for consistent versioning. The release also delivers fixes across the AI libraries, AI Evaluation, and Service Discovery.

Breaking Changes

  1. Rename VectorStoreVectorAttribute constructor parameter #​7460
    • The Dimensions parameter was renamed to dimensions (lowercase). This is a source-breaking change only — binary compatibility is preserved.
    • If you use the named argument syntax new VectorStoreVectorAttribute(Dimensions: 1536), update it to new VectorStoreVectorAttribute(dimensions: 1536).

Experimental API Changes

Now Stable

  • HTTP Logging Middleware APIs are now stable (previously EXTEXP0013): AddHttpLogEnricher<T>, IHttpLogEnricher, and RequestHeadersLogEnricherOptions.HeadersDataClasses #​7380

What's Changed

AI

  • Fix OpenAIResponsesChatClient to respect "store":false in responses #​7417 by @​stephentoub
  • Fix InvalidOperationException in CoalesceWebSearchToolCallContent #​7419 by @​stephentoub
  • Handle F# optional parameters in AIFunctionFactory schema generation #​7439 by @​eiriktsarpalis
  • Fix ComputerCallResponseItem using Item.Id instead of CallId #​7446 by @​jozkee
  • Fix HostedFileContent with image MIME type sent as input_file instead of input_image #​7438 by @​stephentoub (co-authored by @​copilot)
  • Guard Activity.Current restore with null check in OpenTelemetry streaming clients #​7443 by @​stephentoub (co-authored by @​copilot)
  • Enable stateless mode in remote MCP server template (released as v1.2.0 on 2026-04-01) #​7441 by @​jeffhandley

Vector Data

  • Move Microsoft.Extensions.VectorData.Abstractions over from Semantic Kernel #​7434 by @​roji
  • Rename VectorStoreVectorAttribute dimensions constructor parameter #​7460 by @​roji

AI Evaluation

  • Add Path Validation for DiskBasedResponseCache and DiskBasedResultStore #​7397 by @​peterwald
  • Update brace-expansion for CVE-2026-33750 #​7457 by @​SamMonoRT

ASP.NET Core Extensions

  • Removing experimental attribute from Http logging middleware #​7380 by @​mariamgerges

Service Discovery

  • Implement RFC6761 reserved DNS names handling #​6924 by @​rzikm

Documentation Updates

  • Remove per-library CHANGELOG.md files #​7413 by @​jeffhandley

Test Improvements

... (truncated)

10.4.1

This release of the Microsoft.Extensions.AI packages adds new experimental APIs for Realtime client sessions and Text-to-Speech, along with OpenTelemetry and middleware improvements.

Packages in this release

Package Version
Microsoft.Extensions.AI.Abstractions 10.4.1
Microsoft.Extensions.AI 10.4.1
Microsoft.Extensions.AI.OpenAI 10.4.1

Experimental API Changes

New Experimental APIs

  • New experimental API: Realtime Client Sessions #​7285 and #​7399
  • New experimental API: Text-to-Speech Client #​7381

Changes to Experimental APIs

  • Hosted File Download Stream: write-path methods now explicitly throw NotSupportedException #​7394

What's Changed

AI

  • Add ITextToSpeechClient abstraction, middleware, and OpenAI implementation #​7381 by @​stephentoub
  • Realtime Client Proposal #​7285 by @​tarekgh
  • Add VoiceActivityDetection options to realtime session abstractions #​7399 by @​tarekgh
  • Make UriContent mediaType parameter optional with inference from URI file extension #​7398 by @​stephentoub (co-authored by @​Copilot)
  • Emit gen_ai.client.operation.exception via ILogger LoggerMessage on OpenTelemetry instrumentation classes #​7379 by @​stephentoub (co-authored by @​Copilot)
  • Support invoke_workflow as an equivalent parent span to invoke_agent in FunctionInvokingChatClient #​7382 by @​stephentoub (co-authored by @​Copilot)
  • Make HostedFileDownloadStream explicitly read-only #​7394 by @​stephentoub (co-authored by @​Copilot)

Documentation Updates

  • Document JSON schema derivation for return types in AIFunctionFactory #​7400 by @​stephentoub (co-authored by @​Copilot)

Test Improvements

  • Fix test warnings #​7369 by @​jozkee
  • Add tests for JSON deserialization of serializable types #​7373 by @​stephentoub (co-authored by @​Copilot)

Repository Infrastructure Updates

  • Update Package Validation Baseline to 10.4.0 #​7389 by @​jeffhandley (co-authored by @​Copilot)
  • Update ModelContextProtocol libraries to version 1.0.0 #​7340 by @​stephentoub (co-authored by @​Copilot)

Acknowledgements

  • @​eiriktsarpalis @​ericstj @​CodeBlanch @​lmolkova @​adamsitnik @​joperezr reviewed pull requests
    ... (truncated)

10.4.0

This release advances the AI abstractions with new hosted file, web search, and reasoning content types, stabilizes MCP and tool approval APIs, adds streaming latency metrics to OpenTelemetry instrumentation, and delivers bug fixes across caching, data ingestion, and resource monitoring.

Experimental API Changes

Now Stable

  • MCP Server Tool Content and Function Call Approval APIs are now stable (previously MEAI001) #​7299
  • FakeLogCollector.GetLogsAsync(CancellationToken) is now stable (previously EXTEXP0003) #​7332

New Experimental APIs

  • New experimental AddExtendedHttpClientLogging overloads with wrapHandlersPipeline parameter (EXTEXP0013) #​7231

Removed Experimental APIs

  • AI Tool Reduction experimental APIs removed (was experimental under MEAI001) #​7353

What's Changed

AI

  • Add IHostedFileClient and friends #​7269 by @​stephentoub
  • Add web search tool call content #​7276 by @​stephentoub (co-authored by @​Copilot)
  • Surface OpenAI-compatible reasoning_content as TextReasoningContent #​7295 by @​stephentoub
  • MCP/Approvals/Tool Contents stabilization #​7299 by @​jozkee
  • Implement time_to_first_chunk and time_per_output_chunk streaming metrics in OpenTelemetryChatClient #​7325 by @​stephentoub (co-authored by @​Copilot)
  • Add openai.api.type telemetry attribute to OpenAI IChatClient implementations #​7316 by @​stephentoub (co-authored by @​Copilot)
  • Update OpenTelemetry Gen AI semantic conventions to v1.40 #​7322 by @​stephentoub (co-authored by @​Copilot)
  • Fix tool definitions emission regardless of sensitivity setting #​7346 by @​stephentoub (co-authored by @​Copilot)
  • Honor [Required] attribute in AI function parameter JSON schema generation #​7272 by @​stephentoub (co-authored by @​Copilot)
  • AddAIContentType automatically registers content type against every base in the inheritance chain up to AIContent #​7358 by @​jozkee (co-authored by @​Copilot)
  • Auto-mark server-handled FunctionCallContent as InformationalOnly #​7314 by @​stephentoub (co-authored by @​Copilot)
  • Map ReasoningEffort.None and ExtraHigh to none and xhigh in OpenAI IChatClient implementations #​7319 by @​stephentoub (co-authored by @​Copilot)
  • Handle DynamicMethod reflection limitations in AIFunctionFactory #​7287 by @​stephentoub (co-authored by @​Copilot)
  • Fix Activity.Current nulled during streaming tool invocation #​7321 by @​flaviocdc (co-authored by @​Copilot)
  • Handle FunctionCallOutputResponseItem in streaming response conversion #​7307 by @​stephentoub (co-authored by @​Copilot)
  • Fix serialization of response continuation tokens #​7356 by @​stephentoub
  • Remove AI Tool Reduction experimental APIs #​7353 by @​stephentoub (co-authored by @​Copilot)
  • Update OpenAI to 2.9.1 #​7349 by @​stephentoub

Telemetry and Observability

  • Introduce support for the Gauge metric type #​7203 by @​rainsxng
  • Update logging source generator to support generic methods #​7331 by @​svick (co-authored by @​Copilot)
  • Update logging source generator to match runtime PR #​124589 (ref readonly/params/scoped) #​7333 by @​svick (co-authored by @​Copilot)
  • Promote FakeLogCollector.GetLogsAsync(CancellationToken) from experimental to stable #​7332 by @​Demo30
  • Remove obsolete CS1591 warning suppression from generated file preamble #​7308 by @​luissena

HTTP Resilience and Diagnostics

... (truncated)

10.3.0

Experimental API Changes

Now Stable

  • IChatReducer interface — graduated from experimental to stable. The interface is now stable; concrete implementations (MessageCountingChatReducer, SummarizingChatReducer, ReducingChatClient) remain experimental. #​7235 by @​jeffhandley
  • FunctionCallContent and FunctionResultContent unsealed — changed from sealed class to class, enabling derivation. #​7229 by @​stephentoub (co-authored by @​Copilot)

Breaking Changes to Experimental APIs

  • Experimental diagnostic ID reorganization — the blanket MEAI001 diagnostic ID was split into feature-specific constants. OpenAI-specific experimental APIs now use OPENAI001, OPENAI002, or SCME0001 instead of MEAI001. Consumers who suppressed MEAI001 for OpenAI APIs may need to suppress OPENAI001/OPENAI002 instead. #​7116 by @​jeffhandley (co-authored by @​Copilot), #​7235 by @​jeffhandley

New Experimental APIs

  • Chat reduction implementationsMessageCountingChatReducer, SummarizingChatReducer, ReducingChatClient, and UseChatReducer builder extension. #​7235 by @​jeffhandley
  • OpenAI Responses/Assistants/Realtime/Image/Audio integrations — assigned feature-specific experimental diagnostic IDs (OPENAI001, OPENAI002). #​7235 by @​jeffhandley
  • ImageGenerationToolCallContent and ImageGenerationToolResultContent — added to JSON serialization infrastructure. #​7275 by @​stephentoub (co-authored by @​Copilot)

What's Changed

AI

  • Add ReasoningOptions to ChatOptions #​7252 by @​stephentoub (co-authored by @​Copilot)
  • Add LoadFromAsync and SaveToAsync helper methods to DataContent #​7159 by @​stephentoub (co-authored by @​Copilot)
  • Add FunctionCallContent.InformationalOnly property #​7126, #​7262 by @​stephentoub (co-authored by @​Copilot)
  • Add server tool call support to OpenTelemetryChatClient per semantic conventions #​7240 by @​stephentoub (co-authored by @​Copilot)
  • Add ImageGenerationToolCallContent and ImageGenerationToolResultContent to JSON serialization infrastructure #​7275 by @​stephentoub (co-authored by @​Copilot)
  • Add logging to FunctionInvokingChatClient for approval flow, error handling, and loop control #​7228 by @​stephentoub (co-authored by @​Copilot)
  • Allow FunctionResultContent pass-through when CallId matches #​7229 by @​stephentoub (co-authored by @​Copilot)
  • Remove AIFunctionDeclaration tools on last iteration in FunctionInvokingChatClient #​7207 by @​stephentoub (co-authored by @​Copilot)
  • Propagate CachedInputTokenCount in OpenTelemetry telemetry #​7234 by @​stephentoub (co-authored by @​Copilot)
  • Categorize MEAI001 experimental APIs #​7116 by @​jeffhandley (co-authored by @​Copilot)
  • MEAI: Update Experimental / Preview Features #​7235 by @​jeffhandley
  • ToChatResponse: Merge AdditionalProperties into ChatMessage instead of ChatResponse #​7194 by @​stephentoub (co-authored by @​Copilot)
  • Fix FunctionInvokingChatClient to respect ChatOptions.Tools modifications by function tools #​7218 by @​stephentoub (co-authored by @​Copilot)
  • Fix FunctionInvokingChatClient invoke_agent span detection with exact match or space delimiter #​7224 by @​stephentoub (co-authored by @​Copilot)
  • Fix approval request/response correlation in FunctionInvokingChatClient #​7261 by @​stephentoub (co-authored by @​Copilot)
  • Fix DataUriParser to default to text/plain;charset=US-ASCII per RFC 2397 #​7247 by @​stephentoub (co-authored by @​Copilot)
  • Fix NRT resolution for AIFunction parameters #​7200 by @​eiriktsarpalis
  • Preserve extra JSON schema properties in ToolJson serialization #​7250 by @​stephentoub (co-authored by @​Copilot)
  • Fix token metric unit to use UCUM format {token} #​7241 by @​stephentoub
  • Fix OpenAI responses streaming to preserve encrypted reasoning content #​7266 by @​stephentoub
  • Update OpenAIResponsesChatClient to handle streaming code interpreter content #​7267 by @​stephentoub

Diagnostics, Health Checks, and Resource Monitoring

  • [5752] FakeLogCollector waiting capabilities #​6228 by @​Demo30
  • Bring new cpu.requests formula from Kubernetes #​7239 by @​amadeuszl

Service Discovery

... (truncated)

10.2.0

What's Changed

New Contributors

Full Changelog: dotnet/extensions@v10.1...v10.2.0

10.1.0

What's Changed

Commits viewable in compare view.

Updated Microsoft.IdentityModel.JsonWebTokens from 8.14.0 to 8.17.0.

Release notes

Sourced from Microsoft.IdentityModel.JsonWebTokens's releases.

8.17.0

Dependencies

  • Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See PR #​3435.

8.16.0

New Features

  • Add telemetry around signature validation. See PR #​3415 for details.

Fundamentals

  • Fix FileVersion format to use two-digit year and day of year. See PR #​3389 for details.

8.15.0

New Features

  • Add ECDsa support in X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey
    Extended X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey to support ECDSA keys.
    See PR #​2377 for details.

Bug Fixes

  • Sanitize logs to avoid leaking sensitive data
    Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.
    See PR #​3316 for details.
  • Optimize log sanitization with SearchValues
    Improved the performance of the log sanitization logic introduced earlier by using SearchValues, making sanitization more efficient in high-throughput scenarios.
    See PR #​3341 for details.
  • Update test for IDX10400
    Adjusted the IDX10400 test to align with the current behavior and error messaging.
    See PR #​3314 for details.

Fundamentals

  • Add supported algorithm tests
    Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.
    See PR #​3296 for details.
  • Migrate repository agent rules from .clinerules to agents.md
    Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.
    See PR #​3313 for details.
  • Migrate Microsoft.IdentityModel.TestExtensions from Newtonsoft.Json to System.Text.Json
    Updated Microsoft.IdentityModel.TestExtensions to use System.Text.Json instead of Newtonsoft.Json, aligning tests with the runtime serialization stack.
    See PR #​3356 for details.
  • Disable code coverage comments
    Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.
    See PR #​3349 for details.
  • Fix CodeQL alerts
    Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.
    See PR #​3364 for details.

.NET 10 / SDK and tooling updates

  • Building with .NET 10 preview / RC 1
    Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.
    See PRs #​3287, #​3357, and #​3358 for details.
  • Fix .NET 10 test execution consistency
    Ensured consistent use of the TargetNetNext parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.
    See PR #​3337 for details.
  • Update project files and workflows for .NET 10.0 compatibility
    Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.
    See PR #​3363 for details.
  • Update .NET version to meet CG compliance
    Updated the .NET version references to be compliant with corporate governance (CG) requirements.
    See PR #​3353 for details.
  • Update Coverlet collector and test SDK
    • Bumped CoverletCollectorVersion to 6.0.4.
      See PR #​3333 for details.
    • Upgraded Microsoft.NET.Test.Sdk to a newer version for improved test reliability and tooling support.
      ... (truncated)

Commits viewable in compare view.

Updated Npgsql.EntityFrameworkCore.PostgreSQL from 10.0.0 to 10.0.1.

Release notes

Sourced from Npgsql.EntityFrameworkCore.PostgreSQL's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated System.IdentityModel.Tokens.Jwt from 8.14.0 to 8.17.0.

Release notes

Sourced from System.IdentityModel.Tokens.Jwt's releases.

8.17.0

Dependencies

  • Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See PR #​3435.

8.16.0

New Features

  • Add telemetry around signature validation. See PR #​3415 for details.

Fundamentals

  • Fix FileVersion format to use two-digit year and day of year. See PR #​3389 for details.

8.15.0

New Features

  • Add ECDsa support in X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey
    Extended X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey to support ECDSA keys.
    See PR #​2377 for details.

Bug Fixes

  • Sanitize logs to avoid leaking sensitive data
    Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.
    See PR #​3316 for details.
  • Optimize log sanitization with SearchValues
    Improved the performance of the log sanitization logic introduced earlier by using SearchValues, making sanitization more efficient in high-throughput scenarios.
    See PR #​3341 for details.
  • Update test for IDX10400
    Adjusted the IDX10400 test to align with the current behavior and error messaging.
    See PR #​3314 for details.

Fundamentals

  • Add supported algorithm tests
    Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.
    See PR #​3296 for details.
  • Migrate repository agent rules from .clinerules to agents.md
    Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.
    See PR #​3313 for details.
  • Migrate Microsoft.IdentityModel.TestExtensions from Newtonsoft.Json to System.Text.Json
    Updated Microsoft.IdentityModel.TestExtensions to use System.Text.Json instead of Newtonsoft.Json, aligning tests with the runtime serialization stack.
    See PR #​3356 for details.
  • Disable code coverage comments
    Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.
    See PR #​3349 for details.
  • Fix CodeQL alerts
    Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.
    See PR #​3364 for details.

.NET 10 / SDK and tooling updates

  • Building with .NET 10 preview / RC 1
    Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.
    See PRs #​3287, #​3357, and #​3358 for details.
  • Fix .NET 10 test execution consistency
    Ensured consistent use of the TargetNetNext parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.
    See PR #​3337 for details.
  • Update project files and workflows for .NET 10.0 compatibility
    Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.
    See PR #​3363 for details.
  • Update .NET version to meet CG compliance
    Updated the .NET version references to be compliant with corporate governance (CG) requirements.
    See PR #​3353 for details.
  • Update Coverlet collector and test SDK
    • Bumped CoverletCollectorVersion to 6.0.4.
      See PR #​3333 for details.
    • Upgraded Microsoft.NET.Test.Sdk to a newer version for improved test reliability and tooling support.
      ... (truncated)

Commits viewable in compare view.

Updated System.Security.Cryptography.Xml from 10.0.6 to 10.0.7.

Release notes

Sourced from System.Security.Cryptography.Xml's releases.

No release notes found for this version range.

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps Hangfire.AspNetCore from 1.8.20 to 1.8.23
Bumps Hangfire.PostgreSql from 1.20.12 to 1.21.1
Bumps Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.0 to 10.0.7
Bumps Microsoft.AspNetCore.Identity.EntityFrameworkCore from 10.0.0 to 10.0.7
Bumps Microsoft.AspNetCore.Mvc.Testing from 10.0.0 to 10.0.7
Bumps Microsoft.AspNetCore.SignalR.Client from 10.0.0 to 10.0.7
Bumps Microsoft.Data.Sqlite from 10.0.0 to 10.0.7
Bumps Microsoft.EntityFrameworkCore from 10.0.0 to 10.0.7
Bumps Microsoft.EntityFrameworkCore.Design from 10.0.0 to 10.0.7
Bumps Microsoft.EntityFrameworkCore.Sqlite from 10.0.0 to 10.0.7
Bumps Microsoft.Extensions.Http from 10.0.0 to 10.0.7
Bumps Microsoft.Extensions.Identity.Stores from 10.0.0 to 10.0.7
Bumps Microsoft.Extensions.Logging.Abstractions from 10.0.0 to 10.0.7
Bumps Microsoft.Extensions.Options from 10.0.0 to 10.0.7
Bumps Microsoft.Extensions.Options.ConfigurationExtensions from 10.0.0 to 10.0.7
Bumps Microsoft.Extensions.TimeProvider.Testing from 10.0.0 to 10.5.0
Bumps Microsoft.IdentityModel.JsonWebTokens from 8.14.0 to 8.17.0
Bumps Npgsql.EntityFrameworkCore.PostgreSQL from 10.0.0 to 10.0.1
Bumps System.IdentityModel.Tokens.Jwt from 8.14.0 to 8.17.0
Bumps System.Security.Cryptography.Xml from 10.0.6 to 10.0.7

---
updated-dependencies:
- dependency-name: Hangfire.AspNetCore
  dependency-version: 1.8.23
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Hangfire.PostgreSql
  dependency-version: 1.21.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.AspNetCore.Identity.EntityFrameworkCore
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.AspNetCore.Mvc.Testing
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.AspNetCore.SignalR.Client
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Data.Sqlite
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Data.Sqlite
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.EntityFrameworkCore
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.EntityFrameworkCore.Design
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.EntityFrameworkCore.Sqlite
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.EntityFrameworkCore.Sqlite
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Extensions.Http
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Extensions.Logging.Abstractions
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Extensions.Options
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Extensions.Identity.Stores
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Extensions.Options.ConfigurationExtensions
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Extensions.TimeProvider.Testing
  dependency-version: 10.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Extensions.TimeProvider.Testing
  dependency-version: 10.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Microsoft.IdentityModel.JsonWebTokens
  dependency-version: 8.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Npgsql.EntityFrameworkCore.PostgreSQL
  dependency-version: 10.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: System.IdentityModel.Tokens.Jwt
  dependency-version: 8.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: System.IdentityModel.Tokens.Jwt
  dependency-version: 8.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: System.Security.Cryptography.Xml
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Apr 26, 2026
dKaulig added a commit that referenced this pull request Apr 26, 2026
Vier verbleibende NuGet-Minor-Bumps die DEPS-1 bewusst nicht mitgenommen
hatte (alle bewusst gewählt vs. Dependabot-Default):

- Hangfire.PostgreSql 1.20.12 → 1.21.1
  (1.x Minor auf Job-Queue-Driver; sicher per .NET-Suite belegt)
- System.IdentityModel.Tokens.Jwt 8.14.0 → 8.17.0
  Microsoft.IdentityModel.JsonWebTokens 8.14.0 → 8.17.0
  (immer im Doppel; JWT-Stack der Auth-Endpoints)
- Microsoft.Extensions.TimeProvider.Testing 10.0.0 → 10.5.0
  (nur Test-Code: FakeTimeProvider in Auth/Chat-Integrationstests)

.NET-Suite 1756/1756 grün (Domain 523 + Infra 123 + Api 1110).

Schließt PR #23 als superseded.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@dKaulig

dKaulig commented Apr 26, 2026

Copy link
Copy Markdown
Owner

Superseded by DEPS-3 commit f2e0673 on main.

@dKaulig dKaulig closed this Apr 26, 2026
@dependabot @github

dependabot Bot commented on behalf of github Apr 26, 2026

Copy link
Copy Markdown
Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/nuget/apps/api/src/SharedCookbook.Api/minor-and-patch-8ef3b9a09c branch April 26, 2026 05:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant