Skip to content

Bump the nuget group with 2 updates#1

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/Pastelaria/Comercio.MVC.Application/nuget-f08fecba35
Open

Bump the nuget group with 2 updates#1
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/Pastelaria/Comercio.MVC.Application/nuget-f08fecba35

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 14, 2026

Updated AutoMapper from 9.0.0 to 16.1.1.

Release notes

Sourced from AutoMapper's releases.

16.1.1

What's Changed

Security

Fixed an issue where certain cyclic or self-referential object graphs could trigger uncontrolled recursion during mapping, potentially resulting in stack exhaustion and denial of service.

Applications that process untrusted or attacker-controlled object graphs through affected mapping paths may be impacted.

Users should upgrade to this release.

Security advisory: GHSA-rvv3-g6hj-g44x

Thanks to @​bluefossa for responsibly disclosing this issue.

Full Changelog: LuckyPennySoftware/AutoMapper@v16.1.0...v16.1.1

16.1.0

What's Changed

New Contributors

Full Changelog: LuckyPennySoftware/AutoMapper@v16.0.0...v16.1.0

16.0.0

What's Changed

Full Changelog: LuckyPennySoftware/AutoMapper@v15.1.0...v16.0.0

16.0.0-beta-1

What's Changed

Full Changelog: LuckyPennySoftware/AutoMapper@v15.1.0...v16.0.0-beta-1

This release is a beta release that introduces .NET 10 support and package signing. Signed packages means going forward packages can be validated against trusted authorities that the package has been published by Lucky Penny Software and not tampered with.

15.1.0

What's Changed

New Contributors

Full Changelog: LuckyPennySoftware/AutoMapper@v15.0.1...v15.1.0

15.0.1

What's Changed

Full Changelog: LuckyPennySoftware/AutoMapper@v15.0.0...v15.0.1

This release supersedes the 15.0.0 release, reverting behavior and overloads so that the AddAutoMapper overloads separate the "scanning for maps" from the "scanning for dependencies". Unfortunately it's not really possible to combine these two together.

This also fixes a critical bug in #​4545 that does not work with .NET 4.x applications (as intended).

Because of this, the 15.0.0 will be delisted because of the breaking changes there.

15.0.0

Full Changelog: LuckyPennySoftware/AutoMapper@v14.0.0...v15.0.0

  • Added support for .NET Standard 2.0
  • Requiring license key
  • Moving from MIT license to dual commercial/OSS license

To set your license key:

services.AddAutoMapper(cfg => {
    cfg.LicenseKey = "<License key here>";
});

This also introduced a breaking change with MapperConfiguration requiring an ILoggerFactory for logging purposes:

public MapperConfiguration(MapperConfigurationExpression configurationExpression, ILoggerFactory loggerFactory)

Registering AutoMapper with services.AddAutoMapper will automatically supply this parameter. Otherwise you'll need to supply the logger factory.

You can obtain your license key at AutoMapper.io

14.0.0

What's Changed

New Contributors

Full Changelog: LuckyPennySoftware/AutoMapper@v13.0.1...v14.0.0

13.0.1

What's Changed

New Contributors

Full Changelog: LuckyPennySoftware/AutoMapper@v13.0.0...v13.0.1

13.0.0

What's Changed

New Contributors

Full Changelog: LuckyPennySoftware/AutoMapper@v12.0.1...v13.0.0

12.0.1

What's Changed

Full Changelog: LuckyPennySoftware/AutoMapper@v12.0.0...v12.0.1

12.0.0

What's Changed

New Contributors

Full Changelog: LuckyPennySoftware/AutoMapper@v11.0.1...v12.0.0
Upgrade Guide: https://docs.automapper.org/en/latest/12.0-Upgrade-Guide.html

11.0.1

As part of this release we had 10 issues closed.

Bugs

  • #​3870 Handle identity lambda resolvers with ProjectTo subquery
  • #​3869 v11 InvalidOperationException: Stack Empty on mapping which used to generate a subquery
  • #​3856 Allow non-public Enumerator.Current
  • #​3821 Assign collections we can't handle
  • #​3820 StackOverflowException when using JObject.Parse
  • #​3818 Return the first method we find
  • #​3817 Calling IMapper.Map with an OrderBy causes an AmbiguousMatchException to be thrown

Improvements/Features

  • #​3874 Fix EF6 relationships and Id initialization
  • #​3839 Add AsProxy property to AutoMapAttribute
  • #​3830 Adding information to exception message; Addresses #​3828

Where to get it

You can download this release from nuget

11.0.0

The upgrade guide.

As part of this release we had 17 issues closed.

Bugs

  • #​3676 Error when using nullables with an implicit conversion operation.
  • #​3595 Open Generics with base generic
  • #​3565 Evaluate Conditional Expressions for projections with subqueries
  • #​3563 Query projection with subquery can generate non-compiling expression
  • #​3523 Multiple source matches for a destination property
  • #​3516 Static field requires null instance, non-static field requires non-null instance

Improvements/Features

  • #​3723 Inherited source operators support for ConversionOperatorMapper
  • #​3613 Map closed to ienumerable generic destination
  • #​3605 Generic destination value resolver
  • #​3596 11.0 upgrade guide
  • #​3593 InvalidCastException with multi-dimensional arrays
  • #​3537 CreateProjection
  • #​3532 IncludeBase is ignored when ForAllOtherMembers are used
  • #​3526 Expression of type 'TInterface' cannot be used for parameter of type 'TConcrete' (Parameter 'arg1')
  • #​3518 Global pre and postfixes
  • #​3510 Unable to map byte[] or byte[]? (nullable byte[]) using AutoMapper ForCtorParam function
  • #​3504 Separate internal APIs

Where to get it

You can download this release from nuget

10.1.1

As part of this release we had 3 issues closed.

Bugs

  • #​3520 NonNullableToNullable
  • #​3519 InvalidProgramException with ProjectTo and nullable ints
  • #​3517 Operation could destabilize the runtime with ProjectTo and NHibernate

10.1.0

As part of this release we had 6 issues closed.

Bugs

  • #​3490 Ignore static constructors
  • #​3458 Null destination value type with mapper
  • #​3453 Mapping with struct destination

Improvements/Features

  • #​3509 Update 10.0-Upgrade-Guide.md
  • #​3487 Trim keys when mapping from dictionaries
  • #​3473 Issue 3422 ExplicitExpansion

Where to get it

You can download this release from nuget

10.0.0

https://docs.automapper.org/en/latest/10.0-Upgrade-Guide.html

As part of this release we had 30 issues closed.

Bugs

  • #​3413 Enable ForAllMaps to work with ForCtorParam
  • #​3334 The source type must be assignable to the type of the transformation

Improvements/Features

  • #​3451 Update 10.0-Upgrade-Guide.md
  • #​3448 10.0 upgrade guide and some refactorings
  • #​3443 Links to more ReadableExpressions resources
  • #​3438 Clean up Mapper and friends
  • #​3437 AllowNull overrides per member AllowNullDestinationValues/Collections
  • #​3424 Allow any expression with IncludeMembers
  • #​3415 Exclude some public members from api checks
  • #​3411 EF Core; generalize constructor mapping for ProjectTo
  • #​3408 Update Open-Generics.md
  • #​3405 Improve cycle detection with inheritance
  • #​3403 Example for setting up DI for Catel.IoC
  • #​3401 Matching source values should override constructor parameters default…
  • #​3400 ExactMatchNamingConvention
  • #​3396 Only check simple member expressions for source members
  • #​3393 Avoid collections with null values when reaching max depth
  • #​3387 Non generic member transformer
  • #​3379 ProjectTo does not load expanded child collections.
  • #​3374 Generic value resolvers
  • #​3373 String based MapFrom for constructors
  • #​3368 Map read-only collections by default
  • #​3356 Reverse naming conventions for reverse maps by default
  • #​3349 Allow recursive queries
  • #​3347 Add brief documentation for 8.1.1 upgrade
  • #​3337 Attribute-based reverse mapping with SourceMemberAttribute
  • #​3336 Reverse the string based MapFrom
  • #​3319 Update Expression-Translation-(UseAsDataSource).md
  • #​3314 Fix .NET standard link on docs homepage
  • #​3306 Update Flattening.md

Where to get it

You can download this release from nuget

Commits viewable in compare view.

Updated Azure.Identity from 1.2.2 to 1.11.4.

Release notes

Sourced from Azure.Identity's releases.

1.9.0

1.9.0 (2026-01-27)

Features Added

  • Added core support for Microsoft.Extensions.Configuration and Microsoft.Extensions.DependencyInjection.
  • Added JsonModel<T> abstract base class that provides a simplified way to implement IJsonModel<T> for JSON serialization and deserialization.

Bugs Fixed

  • Fixed an issue with ClientRetryPolicy where delays were being calculated using the retry count instead of the attempt count, causing the initial retry to occur without delay and subsequent retries to be performed more quickly than intended.

1.8.0

1.8.0 (2026-01-27)

Features Added

  • Added new methods, CheckConfigurationSettings and CheckConfigurationSettingsAsync, which can be used to check settings from the Azure App Configuration store using HEAD requests, returning only headers without the response body. #​54669

Other Changes

  • Added internal pipeline policy to handle audience error and surface up an improved error message. #​53834

1.6.0

1.6.0 (2026-01-28)

Other Changes

  • The customer-facing SDK stats feature
    metric names have been updated to match the stable specification.
    • Metric names changed: preview.item.success.countItem_Success_Count,
      preview.item.dropped.countItem_Dropped_Count,
      preview.item.retry.countItem_Retry_Count.
    • New environment variable: To enable, set environment variable
      APPLICATIONINSIGHTS_SDKSTATS_DISABLED=false.
    • The old environment variable APPLICATIONINSIGHTS_SDKSTATS_ENABLED_PREVIEW
      is no longer recognized.

1.6.0-beta.2

1.6.0-beta.2 (2026-02-03)

Features Added

  • Support for MicrosoftTeamsAppIdentifier CommunicationIdentifier

1.6.0-beta.1

1.6.0-beta.1 (2026-03-11)

Features Added

  • Added Condition property to ResourceBicepMetadata to support conditional resource deployment. The condition generates Bicep if (condition) syntax and accepts literal boolean values, parameter references, or complex expressions.

1.5.1

1.5.1 (2026-01-29)

Features Added

  • Support for MicrosoftTeamsAppIdentifier CommunicationIdentifier

1.5.0

1.5.0 (2026-03-04)

Features Added

  • Added AddKeyVaultSecrets extension methods on IConfigurationBuilder that create a SecretClient from configuration using the Azure.Core configuration extensions (built on System.ClientModel).

Bugs Fixed

  • Handle OperationCanceledException in PollForSecretChangesAsync so the background polling loop exits cleanly when the provider is disposed.

1.5.0-beta.1

1.5.0-beta.1 (2026-01-23)

Features Added

  • Added BicepMetadata class that provides a clean, type-safe way to set Bicep metadata on resources:
    • Description - Adds @​description('...') decorator
    • BatchSize - Adds @​batchSize(n) decorator for loop deployments
    • OnlyIfNotExists - Adds @​onlyIfNotExists() decorator
  • Added BicepMetadata property on ProvisionableResource

Bugs Fixed

  • Fixed PropertyName in Self reference for IBicepValue instances of collection items to include its index (for list) or its key (for dictionary) to avoid colliding with its enclosing collection's property name. (#​54802)

1.4.1

1.4.1 (2026-02-12)

Other Changes

  • Removed show-serialized-names debug configuration to clean up unnecessary serialized name annotations from XML docs.

1.4.1-beta.3

1.4.1-beta.3 (2026-02-17)

Features Added

  • Added ConfidentialLedgerRedirectPolicy to automatically follow HTTP 307/308 redirects while preserving the Authorization header. Previously, the SDK did not follow redirects by default, and even when redirects were enabled, the Authorization header was stripped on cross-domain redirects between ACL nodes, causing write operations to fail when routed to non-primary nodes.

1.4.0

1.4.0 (2026-01-30)

Features Added

Other Changes

  • Upgraded Azure.Core from 1.47.1 to 1.50.0

1.4.0-beta.2

1.4.0-beta.2 (2026-03-02)

Features Added

  • StaticSiteBasicAuthProperty.Name now defaults to "default" and is read-only, matching the only accepted Bicep value.
  • SiteNetworkConfig.Name now defaults to "virtualNetwork" and is read-only, matching the only accepted Bicep value.

Breaking Changes

  • StaticSiteBasicAuthProperty.Name is now read-only (setter removed). The property only accepts "default".
  • SiteNetworkConfig.Name is now read-only (setter removed). The property only accepts "virtualNetwork".
  • Removed generated enum StaticSiteBasicAuthName. A backward-compatible version is preserved but hidden from IntelliSense.

Bugs Fixed

  • Fixed SiteNetworkConfig.Name not having a default value (#​54629).

1.4.0-beta.1

1.4.0-beta.1 (2026-02-27)

Features Added

  • Regenerated from the latest Azure.ResourceManager.AppService package.

1.3.1

1.3.1 (2026-02-28)

Bugs Fixed

  • Fixed swapped CreatedOn/LastUpdatedOn property mappings in EmailSuppressionListData. CreatedOn was incorrectly bound to lastUpdatedTimeStamp and LastUpdatedOn to createdTimeStamp.

1.3.0

1.3.0 (2026-01-26)

Features Added

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the nuget group with 2 updates
4016fc2 
Bumps AutoMapper from 9.0.0 to 16.1.1
Bumps Azure.Identity from 1.2.2 to 1.11.4

---
updated-dependencies:
- dependency-name: AutoMapper
  dependency-version: 16.1.1
  dependency-type: direct:production
  dependency-group: nuget
- dependency-name: AutoMapper
  dependency-version: 16.1.1
  dependency-type: direct:production
  dependency-group: nuget
- dependency-name: Azure.Identity
  dependency-version: 1.11.4
  dependency-type: direct:production
  dependency-group: nuget
- dependency-name: AutoMapper
  dependency-version: 16.1.1
  dependency-type: direct:production
  dependency-group: nuget
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code labels Mar 14, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants