Skip to content

Bump BCrypt.Net-Next and 25 others#50

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/apps/api/src/Modules/Artifacts/dotnet-deps-e555c876e4
Closed

Bump BCrypt.Net-Next and 25 others#50
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/apps/api/src/Modules/Artifacts/dotnet-deps-e555c876e4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown

Updated BCrypt.Net-Next from 4.0.3 to 4.2.0.

Release notes

Sourced from BCrypt.Net-Next's releases.

4.2.0

Full Changelog: BcryptNet/bcrypt.net@v4.1.0...v4.2.0

4.1.0

What's Changed

New Contributors

Full Changelog: BcryptNet/bcrypt.net@4.0.3...v4.1.0

Commits viewable in compare view.

Updated Dapper from 2.1.72 to 2.1.79.

Release notes

Sourced from Dapper's releases.

2.1.79

What's Changed

New Contributors

Full Changelog: DapperLib/Dapper@2.1.72...2.1.79

Commits viewable in compare view.

Updated FluentAssertions from 8.9.0 to 8.10.0.

Release notes

Sourced from FluentAssertions's releases.

8.10.0

What's Changed

Improvements

Documentation

Others

Full Changelog: fluentassertions/fluentassertions@8.9.0...8.10.0

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Mvc.Testing from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.AspNetCore.Mvc.Testing's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.EntityFrameworkCore's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.Design from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.EntityFrameworkCore.Design's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.InMemory from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.EntityFrameworkCore.InMemory's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.Relational from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.EntityFrameworkCore.Relational's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Caching.Memory from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Caching.Memory's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Caching.StackExchangeRedis from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Caching.StackExchangeRedis's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration.Abstractions from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Configuration.Abstractions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration.Binder from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Configuration.Binder's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.DependencyInjection.Abstractions from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.DependencyInjection.Abstractions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Pinned Microsoft.Extensions.Http at 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Http's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Http from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Http's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Logging.Abstractions from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Logging.Abstractions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Options from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Options's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Options.ConfigurationExtensions from 10.0.7 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Options.ConfigurationExtensions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.IdentityModel.Tokens from 8.12.0 to 8.19.1.

Release notes

Sourced from Microsoft.IdentityModel.Tokens's releases.

8.19.1

Bug Fixes

  • Update JwtSecurityTokenHandler for IssuerSigningKeyResolverUsingConfiguration to take priority over IssuerSigningKeyResolver, matching the documented contract and the correct behavior already present in JsonWebTokenHandler. See PR #​3519.

8.19.0

New Features

  • Add ML-DSA (FIPS 204) post-quantum signature support. See PR #​3479.
  • Cache custom crypto providers in CryptoProviderFactory. See PR #​3489.

Bug Fixes

  • Disable automatic redirects on default HttpClient for JKU retrieval. See PR #​3494.
  • Adjust rented buffer handling in claim set parsing. See PR #​3493.
  • Tidy null handling in SAML conditions validation. See PR #​3491.
  • Improve validation of jku claim. See PR #​3481.
  • Limit telemetry algorithm dimension cardinality. See PR #​3490.
  • Add defensive copy of collections in ValidationParameters. See PR #​3492.
  • Update TokenValidationParameter copy constructor to make a deep copy. See PR #​3488.
  • Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #​3505.
  • Apply RFC 3986 section 6.2.2 normalization to DPoP htu comparison. See PR #​3509.

8.18.0

New Features

  • Introduced a new interface IConfigurationEventHandlerContextAware<T> that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See PR #​3444.
  • Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See PR #​3443.

8.17.0

Dependencies

  • Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See PR #​3435.

8.16.0

New Features

  • Add telemetry around signature validation. See PR #​3415 for details.

Fundamentals

  • Fix FileVersion format to use two-digit year and day of year. See PR #​3389 for details.

8.15.0

New Features

  • Add ECDsa support in X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey
    Extended X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey to support ECDSA keys.
    See PR #​2377 for details.

Bug Fixes

  • Sanitize logs to avoid leaking sensitive data
    Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.
    See PR #​3316 for details.
  • Optimize log sanitization with SearchValues
    Improved the performance of the log sanitization logic introduced earlier by using SearchValues, making sanitization more efficient in high-throughput scenarios.
    See PR #​3341 for details.
  • Update test for IDX10400
    Adjusted the IDX10400 test to align with the current behavior and error messaging.
    See PR #​3314 for details.

Fundamentals

  • Add supported algorithm tests
    Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.
    See PR #​3296 for details.
  • Migrate repository agent rules from .clinerules to agents.md
    Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.
    See PR #​3313 for details.
  • Migrate Microsoft.IdentityModel.TestExtensions from Newtonsoft.Json to System.Text.Json
    Updated Microsoft.IdentityModel.TestExtensions to use System.Text.Json instead of Newtonsoft.Json, aligning tests with the runtime serialization stack.
    See PR #​3356 for details.
  • Disable code coverage comments
    Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.
    See PR #​3349 for details.
  • Fix CodeQL alerts
    Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.
    See PR #​3364 for details.

.NET 10 / SDK and tooling updates

  • Building with .NET 10 preview / RC 1
    Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.
    See PRs #​3287, #​3357, and #​3358 for details.
  • Fix .NET 10 test execution consistency
    Ensured consistent use of the TargetNetNext parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.
    See PR #​3337 for details.
  • Update project files and workflows for .NET 10.0 compatibility
    Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.
    See PR #​3363 for details.
  • Update .NET version to meet CG compliance
    Updated the .NET version references to be compliant with corporate governance (CG) requirements.
    See PR #​3353 for details.
  • Update Coverlet collector and test SDK
    • Bumped CoverletCollectorVersion to 6.0.4.
      See PR #​3333 for details.
    • Upgraded Microsoft.NET.Test.Sdk to a newer version for improved test reliability and tooling support.
      ... (truncated)

8.14.0

8.14.0

Bug Fixes

  • Switch back to use ValidationResult instead of OperationResult when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See #​3299 for details.

8.13.1

8.13.1

Dependencies

Microsoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0

Bug Fixes

  • Fixed a decompression failure happening for large JWE payloads. See #​3286 for details.

Work related to redesign of IdentityModel's token validation logic #​2711

  • Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See #​3284 for details.

8.13.0

8.13.0

8.13.0

Fundamentals

  • CaseSensitiveClaimsIdentity.SecurityToken setter is now protected internal (was internal). See PR #​3278 for details.
  • Update .NET SDK version to 9.0.108 used when building or running the code. See PR #​3274 for details.
  • Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See #​3280 for details.

What's Changed

New Contributors

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.1...8.13.0

8.12.1

8.12.1

Fundamentals

  • Update .NET SDK version to 9.0.107 used when building or running the code. See #​3263 for details.
  • To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR #​3261 for details.
  • Experimental code leaked into TokenValidationResult from early prototypes. See PR #​3259 for details.

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.0...8.12.1

Commits viewable in compare view.

Updated Microsoft.IdentityModel.Tokens from 8.12.1 to 8.19.1.

Release notes

Sourced from Microsoft.IdentityModel.Tokens's releases.

8.19.1

Bug Fixes

  • Update JwtSecurityTokenHandler for IssuerSigningKeyResolverUsingConfiguration to take priority over IssuerSigningKeyResolver, matching the documented contract and the correct behavior already present in JsonWebTokenHandler. See PR #​3519.

8.19.0

New Features

  • Add ML-DSA (FIPS 204) post-quantum signature support. See PR #​3479.
  • Cache custom crypto providers in CryptoProviderFactory. See PR #​3489.

Bug Fixes

  • Disable automatic redirects on default HttpClient for JKU retrieval. See PR #​3494.
  • Adjust rented buffer handling in claim set parsing. See PR #​3493.
  • Tidy null handling in SAML conditions validation. See PR #​3491.
  • Improve validation of jku claim. See PR #​3481.
  • Limit telemetry algorithm dimension cardinality. See PR #​3490.
  • Add defensive copy of collections in ValidationParameters. See PR #​3492.
  • Update TokenValidationParameter copy constructor to make a deep copy. See PR #​3488.
  • Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #​3505.
  • Apply RFC 3986 section 6.2.2 normalization to DPoP htu comparison. See PR #​3509.

8.18.0

New Features

  • Introduced a new interface IConfigurationEventHandlerContextAware<T> that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See PR #​3444.
  • Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See PR #​3443.

8.17.0

Dependencies

  • Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See PR #​3435.

8.16.0

New Features

  • Add telemetry around signature validation. See PR #​3415 for details.

Fundamentals

  • Fix FileVersion format to use two-digit year and day of year. See PR #​3389 for details.

8.15.0

New Features

  • Add ECDsa support in X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey
    Extended X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey to support ECDSA keys.
    See PR #​2377 for details.

Bug Fixes

  • Sanitize logs to avoid leaking sensitive data
    Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.
    See PR #​3316 for details.
  • Optimize log sanitization with SearchValues
    Improved the performance of the log sanitization logic introduced earlier by using SearchValues, making sanitization more efficient in high-throughput scenarios.
    See PR #​3341 for details.
  • Update test for IDX10400
    Adjusted the IDX10400 test to align with the current behavior and error messaging.
    See PR #​3314 for details.

Fundamentals

  • Add supported algorithm tests
    Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.
    See PR #​3296 for details.
  • Migrate repository agent rules from .clinerules to agents.md
    Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.
    See PR #​3313 for details.
  • Migrate Microsoft.IdentityModel.TestExtensions from Newtonsoft.Json to System.Text.Json
    Updated Microsoft.IdentityModel.TestExtensions to use System.Text.Json instead of Newtonsoft.Json, aligning tests with the runtime serialization stack.
    See PR #​3356 for details.
  • Disable code coverage comments
    Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.
    See PR #​3349 for details.
  • Fix CodeQL alerts
    Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.
    See PR #​3364 for details.

.NET 10 / SDK and tooling updates

  • Building with .NET 10 preview / RC 1
    Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.
    See PRs #​3287, #​3357, and #​3358 for details.
  • Fix .NET 10 test execution consistency
    Ensured consistent use of the TargetNetNext parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.
    See PR #​3337 for details.
  • Update project files and workflows for .NET 10.0 compatibility
    Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.
    See PR #​3363 for details.
  • Update .NET version to meet CG compliance
    Updated the .NET version references to be compliant with corporate governance (CG) requirements.
    See PR #​3353 for details.
  • Update Coverlet collector and test SDK
    • Bumped CoverletCollectorVersion to 6.0.4.
      See PR #​3333 for details.
    • Upgraded Microsoft.NET.Test.Sdk to a newer version for improved test reliability and tooling support.
      ... (truncated)

8.14.0

8.14.0

Bug Fixes

  • Switch back to use ValidationResult instead of OperationResult when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See #​3299 for details.

8.13.1

8.13.1

Dependencies

Microsoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0

Bug Fixes

  • Fixed a decompression failure happening for large JWE payloads. See #​3286 for details.

Work related to redesign of IdentityModel's token validation logic #​2711

  • Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See #​3284 for details.

8.13.0

8.13.0

8.13.0

Fundamentals

  • CaseSensitiveClaimsIdentity.SecurityToken setter is now protected internal (was internal). See PR #​3278 for details.
  • Update .NET SDK version to 9.0.108 used when building or running the code. See PR #​3274 for details.
  • Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See #​3280 for details.

What's Changed

New Contributors

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.1...8.13.0

Commits viewable in compare view.

Updated Minio from 6.0.4 to 7.0.0.

Release notes

Sourced from Minio's releases.

7.0.0

What's Changed

New Contributors

Full Changelog: minio/minio-dotnet@6.0.5...7.0.0

6.0.5

What's Changed

Commits viewable in compare view.

Updated OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.15.3 to 1.16.0.

Release notes

Sourced from OpenTelemetry.Exporter.OpenTelemetryProtocol's releases.

1.16.0

For highlights and announcements pertaining to this release see: Release Notes > 1.16.0.

The following changes are from the previous release 1.16.0-rc.1.

... (truncated)

1.16.0-rc.1

The following changes are from the previous release 1.15.3.

  • NuGet: OpenTelemetry v1.16.0-rc.1

    • Stop validating View-provided metric stream Name against the instrument
      name syntax, per
      spec clarification.
      (#​7300)

    • Fix incorrect validation of OTEL_BSP_* and OTEL_BLRP_* environment
      variables.
      (#​7187)

    • Fix observable instrument callbacks running once per reader instead of
      once per collection cycle.
      (#​7188)

    • Added exception safety for user-supplied ExemplarReservoir implementations.
      Exceptions thrown from Offer are now caught and logged rather than propagating
      out of Counter.Add/Histogram.Record.
      (#​7277)

    • Update OpenTelemetrySdkEventSource to support the W3C randomness flag.
      (#​7301)

    • Added ObservedTimestamp property to LogRecord.
      (#​6979)

    • Breaking Change Explicit histogram boundaries no longer allow more than
      10 million values.
      (#​7165)

    • Fixed a circular reference which could cause a LoggerProvider to fail to
      resolve when one of its dependencies depends on ILogger or ILoggerFactory.
      As part of this fix the LoggerProvider resolved from dependency injection
      is now created lazily when the first logger is created rather than when
      ILoggerProvider or ILoggerFactory is resolved. A consequence is that any
      invalid configuration now surfaces when the first log record is written instead
      of when the logging services are resolved.
      (#​7308)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.16.0-rc.1

    • Experimental (pre-release builds only):
      Add support for using environment variables as context propagation carriers.
      (#​7174)

    • Fix BaggagePropagator to correctly follow Key and Value Encoding rules as per
      ... (truncated)

1.16.0-beta.1

The following changes are from the previous release 1.15.3-beta.1.

  • NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.16.0-beta.1

    • Fixed scrape response cache freshness using monotonic time so it is not
      affected by NTP system clock adjustments.
      (#​7253)

    • Breaking Change Removed DisableTimestamp property from
      PrometheusAspNetCoreOptions.
      (#​7176)

    • Fixed the serialization of NaN, PositiveInfinity, and NegativeInfinity
      values in Prometheus metrics to be compliant with the specification.
      (#​7179)

    • Fixed loss of precision when serializing double and float values in
      Prometheus metrics to be compliant with the specification by using 17
      significant digits to represent such values.
      (#​7179)

    • Fix non-ASCII characters in metric names and unit strings not being sanitized
      correctly during Prometheus serialization.
      (#​7184)

    • Fix case where reader tracking could be reset while readers were still active.
      (#​7190)

    • Improve Accept header handling for format negotiation so OpenMetrics is
      selected correctly by considering whitespace and q weights.
      (#​7208)

    • Emit OpenMetrics exemplars for counters and histogram buckets.
      (#​7222)

    • Fix incorrect handling of untyped metrics when using OpenMetrics format.
      (#​7219)

    • Fix Prometheus/OpenMetrics serialization to emit metric and label names
      containing _ instead of dropping them and prefixing leading digits.
      Invalid characters are replaced with _ instead of being dropped.
      (#​7209)

    • Add escaping=underscores to the Accept header handling for content
      negotiation so OpenMetrics are handled correctly.
      (#​7209)

    • Omit histogram _sum and _count in OpenMetrics when negative bucket
      thresholds are present.
      (#​7221)
      ... (truncated)

Commits viewable in compare view.

Updated OpenTelemetry.Extensions.Hosting from 1.15.3 to 1.16.0.

Release notes

Sourced from OpenTelemetry.Extensions.Hosting's releases.

1.16.0

For highlights and announcements pertaining to this release see: Release Notes > 1.16.0.

The following changes are from the previous release 1.16.0-rc.1.

... (truncated)

1.16.0-rc.1

The following changes are from the previous release 1.15.3.

  • NuGet: OpenTelemetry v1.16.0-rc.1

    • Stop validating View-provided metric stream Name against the instrument
      name syntax, per
      spec clarification.
      (#​7300)

    • Fix incorrect validation of OTEL_BSP_* and OTEL_BLRP_* environment
      variables.
      (#​7187)

    • Fix observable instrument callbacks running once per reader instead of
      once per collection cycle.
      (#​7188)

    • Added exception safety for user-supplied ExemplarReservoir implementations.
      Exceptions thrown from Offer are now caught and logged rather than propagating
      out of Counter.Add/Histogram.Record.
      (#​7277)

    • Update OpenTelemetrySdkEventSource to support the W3C randomness flag.
      (#​7301)

    • Added ObservedTimestamp property to LogRecord.
      (#​6979)

    • Breaking Change Explicit histogram boundaries no longer allow more than
      10 million values.
      (#​7165)

    • Fixed a circular reference which could cause a LoggerProvider to fail to
      resolve when one of its dependencies depends on ILogger or ILoggerFactory.
      As part of this fix the LoggerProvider resolved from dependency injection
      is now created lazily when the first logger is created rather than when
      ILoggerProvider or ILoggerFactory is resolved. A consequence is that any
      invalid configuration now surfaces when the first log record is written instead
      of when the logging services are resolved.
      (#​7308)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.16.0-rc.1

    • Experimental (pre-release builds only):
      Add support for using environment variables as context propagation carriers.
      (#​7174)

    • Fix BaggagePropagator to correctly follow Key and Value Encoding rules as per
      ... (truncated)

1.16.0-beta.1

The following changes are from the previous release 1.15.3-beta.1.

  • NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.16.0-beta.1

    • Fixed scrape response cache freshness using monotonic time so it is not
      affected by NTP system clock adjustments.
      (#​7253)

    • Breaking Change Removed DisableTimestamp property from
      PrometheusAspNetCoreOptions.
      (#​7176)

    • Fixed the serialization of NaN, PositiveInfinity, and NegativeInfinity
      values in Prometheus metrics to be compliant with the specification.
      (#​7179)

    • Fixed loss of precision when serializing double and float values in
      Prometheus metrics to be compliant with the specification by using 17
      significant digits to represent such values.
      (#​7179)

    • Fix non-ASCII characters in metric names and unit strings not being sanitized
      correctly during Prometheus serialization.
      (#​7184)

    • Fix case where reader tracking could be reset while readers were still active.
      (#​7190)

    • Improve Accept header handling for format negotiation so OpenMetrics is
      selected correctly by considering whitespace and q weights.
      (#​7208)

    • Emit OpenMetrics exemplars for counters and histogram buckets.
      (#​7222)

    • Fix incorrect handling of untyped metrics when using OpenMetrics format.
      (#​7219)

    • Fix Prometheus/OpenMetrics serialization to emit metric and label names
      containing _ instead of dropping them and prefixing leading digits.
      Invalid characters are replaced with _ instead of being dropped.
      (#​7209)

    • Add escaping=underscores to the Accept header handling for content
      negotiation so OpenMetrics are handled correctly.
      (#​7209)

    • Omit histogram _sum and _count in OpenMetrics when negative bucket
      thresholds are present.
      (#​7221)
      ... (truncated)

Commits viewable in compare view.

Updated Scalar.AspNetCore from 2.14.10 to 2.16.4.

Release notes

Sourced from Scalar.AspNetCore's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Serilog.Sinks.Seq from 9.0.0 to 9.1.0.

Release notes

Sourced from Serilog.Sinks.Seq's releases.

9.1.0

What's Changed

Full Changelog: datalust/serilog-sinks-seq@v9.0.0...v9.1.0

Commits viewable in [compare view](https://github.com/...

Description has been truncated

Bumps BCrypt.Net-Next from 4.0.3 to 4.2.0
Bumps Dapper from 2.1.72 to 2.1.79
Bumps FluentAssertions from 8.9.0 to 8.10.0
Bumps Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.7 to 10.0.9
Bumps Microsoft.AspNetCore.Mvc.Testing from 10.0.7 to 10.0.9
Bumps Microsoft.EntityFrameworkCore from 10.0.7 to 10.0.9
Bumps Microsoft.EntityFrameworkCore.Design from 10.0.7 to 10.0.9
Bumps Microsoft.EntityFrameworkCore.InMemory from 10.0.7 to 10.0.9
Bumps Microsoft.EntityFrameworkCore.Relational from 10.0.7 to 10.0.9
Bumps Microsoft.Extensions.Caching.Memory from 10.0.7 to 10.0.9
Bumps Microsoft.Extensions.Caching.StackExchangeRedis from 10.0.7 to 10.0.9
Bumps Microsoft.Extensions.Configuration.Abstractions from 10.0.7 to 10.0.9
Bumps Microsoft.Extensions.Configuration.Binder from 10.0.7 to 10.0.9
Bumps Microsoft.Extensions.DependencyInjection.Abstractions from 10.0.7 to 10.0.9
Bumps Microsoft.Extensions.Http to 10.0.9
Bumps Microsoft.Extensions.Logging.Abstractions from 10.0.7 to 10.0.9
Bumps Microsoft.Extensions.Options from 10.0.7 to 10.0.9
Bumps Microsoft.Extensions.Options.ConfigurationExtensions from 10.0.7 to 10.0.9
Bumps Microsoft.IdentityModel.Tokens to 8.19.1
Bumps Minio from 6.0.4 to 7.0.0
Bumps OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.15.3 to 1.16.0
Bumps OpenTelemetry.Extensions.Hosting from 1.15.3 to 1.16.0
Bumps Scalar.AspNetCore from 2.14.10 to 2.16.4
Bumps Serilog.Sinks.Seq from 9.0.0 to 9.1.0
Bumps StackExchange.Redis from 2.12.14 to 3.0.0
Bumps System.IdentityModel.Tokens.Jwt to 8.19.1

---
updated-dependencies:
- dependency-name: Microsoft.EntityFrameworkCore
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore.Design
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore.Relational
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.DependencyInjection.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Logging.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Options
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: BCrypt.Net-Next
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore.Design
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore.Relational
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Caching.StackExchangeRedis
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Options.ConfigurationExtensions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.IdentityModel.Tokens
  dependency-version: 8.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: StackExchange.Redis
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet-deps
- dependency-name: System.IdentityModel.Tokens.Jwt
  dependency-version: 8.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: BCrypt.Net-Next
  dependency-version: 4.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore.Design
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore.Relational
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Options.ConfigurationExtensions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.IdentityModel.Tokens
  dependency-version: 8.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: System.IdentityModel.Tokens.Jwt
  dependency-version: 8.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore.Design
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore.Relational
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Http
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Options.ConfigurationExtensions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Configuration.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Options.ConfigurationExtensions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Dapper
  dependency-version: 2.1.79
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore.Design
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore.Relational
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Configuration.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Caching.StackExchangeRedis
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Options.ConfigurationExtensions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: StackExchange.Redis
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore.Design
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore.Relational
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Configuration.Binder
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Options.ConfigurationExtensions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Minio
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore.Relational
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Caching.Memory
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore.Relational
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Configuration.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Http
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Options.ConfigurationExtensions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Configuration.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Logging.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Options.ConfigurationExtensions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Configuration.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Logging.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Options.ConfigurationExtensions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Configuration.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Logging.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Options.ConfigurationExtensions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: OpenTelemetry.Exporter.OpenTelemetryProtocol
  dependency-version: 1.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: OpenTelemetry.Extensions.Hosting
  dependency-version: 1.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.DependencyInjection.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Http
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Logging.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Options
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore.Design
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Http
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: OpenTelemetry.Exporter.OpenTelemetryProtocol
  dependency-version: 1.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: OpenTelemetry.Extensions.Hosting
  dependency-version: 1.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: Scalar.AspNetCore
  dependency-version: 2.16.4
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: Serilog.Sinks.Seq
  dependency-version: 9.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: FluentAssertions
  dependency-version: 8.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore.InMemory
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: FluentAssertions
  dependency-version: 8.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: Microsoft.AspNetCore.Mvc.Testing
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: System.IdentityModel.Tokens.Jwt
  dependency-version: 8.19.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: FluentAssertions
  dependency-version: 8.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: Microsoft.EntityFrameworkCore.InMemory
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Jun 22, 2026
@dependabot dependabot Bot requested a review from aturzone as a code owner June 22, 2026 11:52
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code labels Jun 22, 2026
@github-advanced-security

Copy link
Copy Markdown

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this Jun 29, 2026
@dependabot dependabot Bot deleted the dependabot/nuget/apps/api/src/Modules/Artifacts/dotnet-deps-e555c876e4 branch June 29, 2026 11:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant