Skip to content

Bump Aspire.Hosting.PostgreSQL and 12 others#18

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/Abies.AppHost/minor-and-patch-80a533ab44
Open

Bump Aspire.Hosting.PostgreSQL and 12 others#18
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/Abies.AppHost/minor-and-patch-80a533ab44

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 9, 2026

Updated Aspire.Hosting.PostgreSQL from 9.3.0 to 9.5.2.

Release notes

Sourced from Aspire.Hosting.PostgreSQL's releases.

9.5.2

What's Changed

Full Changelog: dotnet/aspire@v9.5.1...v9.5.2

9.5.1

What's Changed

Full Changelog: dotnet/aspire@v9.5.0...v9.5.1

9.5.0

We are excited to share that our 9.5.0 release of Aspire has shipped! All of the packages are available in NuGet.org now. Head over to https://learn.microsoft.com/en-us/dotnet/aspire/whats-new/dotnet-aspire-9.5 to find what's new in 9.5.0!

New Contributors

Full Changelog: dotnet/aspire@v9.4.0...v9.5.0

9.4.2

What's Changed

Full Changelog: dotnet/aspire@v9.4.1...v9.4.2

9.4.1

What's Changed

Full Changelog: dotnet/aspire@v9.4.0...v9.4.1

9.4.0

We are excited to share that our 9.4.0 release of Aspire has shipped! All of the packages are available in NuGet.org now. Head over to https://learn.microsoft.com/en-us/dotnet/aspire/whats-new/dotnet-aspire-9.4 to find what's new in 9.4.0!

What's Changed

9.3.2

What's Changed

Full Changelog: dotnet/aspire@v9.3.1...v9.3.2

9.3.1

What's Changed

Full Changelog: dotnet/aspire@v9.3.0...v9.3.1

Commits viewable in compare view.

Updated BCrypt.Net-Next from 4.0.3 to 4.1.0.

Release notes

Sourced from BCrypt.Net-Next's releases.

4.1.0

What's Changed

New Contributors

Full Changelog: BcryptNet/bcrypt.net@4.0.3...v4.1.0

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Mvc.Testing from 10.0.0-preview.5.25277.114 to 10.0.3.

Release notes

Sourced from Microsoft.AspNetCore.Mvc.Testing's releases.

10.0.0-preview.6.25358.103

You can build .NET 10.0 Preview 6 from the repository by cloning the release tag v10.0.0-preview.6.25358.103 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

Commits viewable in compare view.

Pinned Microsoft.Extensions.Http.Resilience at 10.3.0.

Release notes

Sourced from Microsoft.Extensions.Http.Resilience's releases.

10.3.0

What's Changed

New Contributors

... (truncated)

10.2.0

What's Changed

New Contributors

Full Changelog: dotnet/extensions@v10.1...v10.2.0

Commits viewable in compare view.

Pinned Microsoft.Extensions.ServiceDiscovery at 10.3.0.

Release notes

Sourced from Microsoft.Extensions.ServiceDiscovery's releases.

10.3.0

What's Changed

New Contributors

... (truncated)

10.2.0

What's Changed

New Contributors

Full Changelog: dotnet/extensions@v10.1...v10.2.0

Commits viewable in compare view.

Updated Microsoft.IdentityModel.JsonWebTokens from 8.7.0 to 8.16.0.

Release notes

Sourced from Microsoft.IdentityModel.JsonWebTokens's releases.

8.16.0

New Features

  • Add telemetry around signature validation. See PR #​3415 for details.

Fundamentals

  • Fix FileVersion format to use two-digit year and day of year. See PR #​3389 for details.

8.15.0

New Features

  • Add ECDsa support in X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey
    Extended X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey to support ECDSA keys.
    See PR #​2377 for details.

Bug Fixes

  • Sanitize logs to avoid leaking sensitive data
    Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.
    See PR #​3316 for details.
  • Optimize log sanitization with SearchValues
    Improved the performance of the log sanitization logic introduced earlier by using SearchValues, making sanitization more efficient in high-throughput scenarios.
    See PR #​3341 for details.
  • Update test for IDX10400
    Adjusted the IDX10400 test to align with the current behavior and error messaging.
    See PR #​3314 for details.

Fundamentals

  • Add supported algorithm tests
    Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.
    See PR #​3296 for details.
  • Migrate repository agent rules from .clinerules to agents.md
    Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.
    See PR #​3313 for details.
  • Migrate Microsoft.IdentityModel.TestExtensions from Newtonsoft.Json to System.Text.Json
    Updated Microsoft.IdentityModel.TestExtensions to use System.Text.Json instead of Newtonsoft.Json, aligning tests with the runtime serialization stack.
    See PR #​3356 for details.
  • Disable code coverage comments
    Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.
    See PR #​3349 for details.
  • Fix CodeQL alerts
    Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.
    See PR #​3364 for details.

.NET 10 / SDK and tooling updates

  • Building with .NET 10 preview / RC 1
    Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.
    See PRs #​3287, #​3357, and #​3358 for details.
  • Fix .NET 10 test execution consistency
    Ensured consistent use of the TargetNetNext parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.
    See PR #​3337 for details.
  • Update project files and workflows for .NET 10.0 compatibility
    Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.
    See PR #​3363 for details.
  • Update .NET version to meet CG compliance
    Updated the .NET version references to be compliant with corporate governance (CG) requirements.
    See PR #​3353 for details.
  • Update Coverlet collector and test SDK
    • Bumped CoverletCollectorVersion to 6.0.4.
      See PR #​3333 for details.
    • Upgraded Microsoft.NET.Test.Sdk to a newer version for improved test reliability and tooling support.
      ... (truncated)

8.14.0

8.14.0

Bug Fixes

  • Switch back to use ValidationResult instead of OperationResult when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See #​3299 for details.

8.13.1

8.13.1

Dependencies

Microsoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0

Bug Fixes

  • Fixed a decompression failure happening for large JWE payloads. See #​3286 for details.

Work related to redesign of IdentityModel's token validation logic #​2711

  • Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See #​3284 for details.

8.13.0

8.13.0

8.13.0

Fundamentals

  • CaseSensitiveClaimsIdentity.SecurityToken setter is now protected internal (was internal). See PR #​3278 for details.
  • Update .NET SDK version to 9.0.108 used when building or running the code. See PR #​3274 for details.
  • Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See #​3280 for details.

What's Changed

New Contributors

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.1...8.13.0

8.12.1

8.12.1

Fundamentals

  • Update .NET SDK version to 9.0.107 used when building or running the code. See #​3263 for details.
  • To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR #​3261 for details.
  • Experimental code leaked into TokenValidationResult from early prototypes. See PR #​3259 for details.

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.0...8.12.1

8.12.0

8.12.0

New Features

  • Enhance ConfigurationManager with event handling
    Added event handling capabilities to the ConfigurationManager, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see #​3253

Bug Fixes

  • Add expected Base64UrlEncoder.Decode overload for NET6 and 8
    Introduced the expected overload of Base64UrlEncoder.Decode for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.
    For details see #​3249

Fundamentals

  • Add AI assist rules
    Incorporated AI assist rules to enhance AI agents effectiveness.
    For details see #​3255
  • Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0
    Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).
    For details see #​3256
  • Move suppression of RS006 to csproj
    Centralized suppression of RS006 warnings in project files for easier management.
    For details see #​3230

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.11.0...8.12.0

8.11.0

8.11.0

New Features:

  • Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue #​3245 for details.
  • Added a new public async API: JsonWebTokenHandler.DecryptTokenWithConfigurationAsync, which decrypts a JWE token using keys from either TokenValidationParameters or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR #​3243 for details.

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.10.0...8.11.0

8.10.0

8.10.0

Bug Fixes

  • Corrected casing of the Type attribute in SubjectConfirmationData. See #​3206.
  • Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See #​3220.
  • Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See #​3226.

Fundamentals

8.9.0

8.9.0

Bug Fixes

New Features

Fundamentals

8.8.0

8.8.0

New Features

  • Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR #​3193 for details.
  • Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the Switch.Microsoft.IdentityModel.DoNotScrubExceptions AppContextSwitch. See PR #​3195 and https://aka.ms/identitymodel/app-context-switches for details.
  • Change all plain object locks to System.Thread.Lock objects for .NET 9 or greater. See PRs #​3185 and #​3189 for details.

Commits viewable in compare view.

Pinned Npgsql at 8.0.8.

Release notes

Sourced from Npgsql's releases.

8.0.8

v8.0.8 contains quite a few bug fixes.

Full Changelog: npgsql/npgsql@v8.0.7...v8.0.8

8.0.7

v9.0.3 contains several bug fixes.

Full Changelog: npgsql/npgsql@v8.0.6...v8.0.7

8.0.6

The full list of changes is available here.

Full Changelog: npgsql/npgsql@v8.0.5...v8.0.6

8.0.5

8.0.5 contains quite a few fixes, everyone is strongly encouraged to upgrade.

The full list of changes is available here.

Full Changelog: npgsql/npgsql@v8.0.4...v8.0.5

8.0.4

A large number of number of bugs have been fixed, here is the full list.

Full Changelog: npgsql/npgsql@v8.0.3...v8.0.4

Commits viewable in compare view.

Pinned Npgsql at 9.0.4.

Release notes

Sourced from Npgsql's releases.

9.0.4

v9.0.4 contains several minor bug fixes.

Milestone issues

Full Changelog: npgsql/npgsql@v9.0.3...v9.0.4

Commits viewable in compare view.

Pinned OpenTelemetry.Exporter.OpenTelemetryProtocol at 1.15.0.

Release notes

Sourced from OpenTelemetry.Exporter.OpenTelemetryProtocol's releases.

1.15.0

For highlights and announcements pertaining to this release see: Release Notes > 1.15.0.

The following changes are from the previous release 1.14.0.

  • NuGet: OpenTelemetry v1.15.0

    • Added support for the OTEL_SDK_DISABLED environment variable in TracerProvider,
      MeterProvider, and LoggerProvider. When OTEL_SDK_DISABLED=true,
      the SDK returns no-op implementations for all telemetry signals.
      The OTEL_SDK_DISABLED environment variable is only evaluated upon application
      startup, later changes have no effect.
      (#​6568)

    • Added LowMemory temporality as an option in the OTLP metrics exporter.
      (#​6648)

    • Added support for Meter.TelemetrySchemaUrl property.
      (#​6714)

    • Improve performance and reduce memory consumption for metrics histograms.
      (#​6715)

    • Decode value in OTEL_RESOURCE_ATTRIBUTES environment variable.
      (#​6737)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.15.0

    • Added a new overload for TracerProvider.GetTracer which accepts an optional
      string? schemaUrl parameter, allowing a schema URL to be set on the Tracer.
      (#​6736)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.15.0

    No notable changes.

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Exporter.Console v1.15.0

    • Added support for ActivitySource.TelemetrySchemaUrl property.
      (#​6713)

    • Added support for Meter.TelemetrySchemaUrl property.
      (#​6714)

    See CHANGELOG for details.
    ... (truncated)

1.15.0-beta.1

The following changes are from the previous release 1.14.0-beta.1.

Commits viewable in compare view.

Pinned OpenTelemetry.Extensions.Hosting at 1.15.0.

Release notes

Sourced from OpenTelemetry.Extensions.Hosting's releases.

1.15.0

For highlights and announcements pertaining to this release see: Release Notes > 1.15.0.

The following changes are from the previous release 1.14.0.

  • NuGet: OpenTelemetry v1.15.0

    • Added support for the OTEL_SDK_DISABLED environment variable in TracerProvider,
      Meter...

Description has been truncated

@dependabot
Bump Aspire.Hosting.PostgreSQL and 12 others
54c15ee 
Bumps Aspire.Hosting.PostgreSQL from 9.3.0 to 9.5.2
Bumps BCrypt.Net-Next from 4.0.3 to 4.1.0
Bumps Microsoft.AspNetCore.Mvc.Testing from 10.0.0-preview.5.25277.114 to 10.0.3
Bumps Microsoft.Extensions.Http.Resilience from 10.1.0 to 10.3.0
Bumps Microsoft.Extensions.ServiceDiscovery from 10.1.0 to 10.3.0
Bumps Microsoft.IdentityModel.JsonWebTokens from 8.7.0 to 8.16.0
Bumps Npgsql to 8.0.8, 9.0.4
Bumps OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.14.0 to 1.15.0
Bumps OpenTelemetry.Extensions.Hosting from 1.14.0 to 1.15.0
Bumps OpenTelemetry.Instrumentation.AspNetCore from 1.14.0 to 1.15.0
Bumps OpenTelemetry.Instrumentation.Http from 1.14.0 to 1.15.0
Bumps OpenTelemetry.Instrumentation.Runtime from 1.14.0 to 1.15.0
Bumps xunit.runner.visualstudio from 3.1.4 to 3.1.5

---
updated-dependencies:
- dependency-name: Aspire.Hosting.PostgreSQL
  dependency-version: 9.5.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: BCrypt.Net-Next
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Extensions.Http.Resilience
  dependency-version: 10.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Extensions.ServiceDiscovery
  dependency-version: 10.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Microsoft.IdentityModel.JsonWebTokens
  dependency-version: 8.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Npgsql
  dependency-version: 8.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Npgsql
  dependency-version: 9.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: OpenTelemetry.Exporter.OpenTelemetryProtocol
  dependency-version: 1.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: OpenTelemetry.Extensions.Hosting
  dependency-version: 1.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: OpenTelemetry.Instrumentation.AspNetCore
  dependency-version: 1.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: OpenTelemetry.Instrumentation.Http
  dependency-version: 1.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: OpenTelemetry.Instrumentation.Runtime
  dependency-version: 1.15.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Microsoft.AspNetCore.Mvc.Testing
  dependency-version: 10.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Npgsql
  dependency-version: 9.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: xunit.runner.visualstudio
  dependency-version: 3.1.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: xunit.runner.visualstudio
  dependency-version: 3.1.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: xunit.runner.visualstudio
  dependency-version: 3.1.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: xunit.runner.visualstudio
  dependency-version: 3.1.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Mar 9, 2026

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot requested a review from MCGPPeters as a code owner March 9, 2026 16:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@MCGPPeters MCGPPeters Awaiting requested review from MCGPPeters MCGPPeters is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants