Bump Aspire.Hosting and 14 others

[dependabot]

Pinned Aspire.Hosting at 13.1.2.

Release notes

Sourced from Aspire.Hosting's releases.

13.1.2

What's Changed

• Bump patch version from 13.1.1 to 13.1.2 by @​Copilot in Bump patch version from 13.1.1 to 13.1.2 dotnet/aspire#14699
• [release/13.1] Fix template version parsing for .NET 10.0 SDK separator change by @​JamesNK in [release/13.1] Fix template version parsing for .NET 10.0 SDK separator change dotnet/aspire#14698
• Update pipeline images to non-deprecated pools by @​joperezr in Update pipeline images to non-deprecated pools dotnet/aspire#14707

Full Changelog: dotnet/aspire@v13.1.1...v13.1.2

Commits viewable in compare view.

Updated BCrypt.Net-Next from 4.0.3 to 4.1.0.

Release notes

Sourced from BCrypt.Net-Next's releases.

4.1.0

What's Changed

• Bump xunit.runner.visualstudio from 2.4.3 to 2.4.4 by @​dependabot[bot] in Bump xunit.runner.visualstudio from 2.4.3 to 2.4.4 BcryptNet/bcrypt.net#107
• Bump xunit.runner.visualstudio from 2.4.4 to 2.4.5 by @​dependabot[bot] in Bump xunit.runner.visualstudio from 2.4.4 to 2.4.5 BcryptNet/bcrypt.net#108
• Bump Microsoft.NET.Test.Sdk from 17.1.0 to 17.2.0 by @​dependabot[bot] in Bump Microsoft.NET.Test.Sdk from 17.1.0 to 17.2.0 BcryptNet/bcrypt.net#109
• Bump System.Memory from 4.5.4 to 4.5.5 by @​dependabot[bot] in Bump System.Memory from 4.5.4 to 4.5.5 BcryptNet/bcrypt.net#113
• Bump Microsoft.NET.Test.Sdk from 17.2.0 to 17.3.0 by @​dependabot[bot] in Bump Microsoft.NET.Test.Sdk from 17.2.0 to 17.3.0 BcryptNet/bcrypt.net#115
• Bump xunit from 2.4.1 to 2.4.2 by @​dependabot[bot] in Bump xunit from 2.4.1 to 2.4.2 BcryptNet/bcrypt.net#114
• Bump Microsoft.NET.Test.Sdk from 17.3.0 to 17.3.1 by @​dependabot[bot] in Bump Microsoft.NET.Test.Sdk from 17.3.0 to 17.3.1 BcryptNet/bcrypt.net#118
• Bump BenchmarkDotNet from 0.13.2 to 0.13.4 by @​dependabot[bot] in Bump BenchmarkDotNet from 0.13.2 to 0.13.4 BcryptNet/bcrypt.net#129
• Bump Microsoft.NET.Test.Sdk from 17.3.1 to 17.4.1 by @​dependabot[bot] in Bump Microsoft.NET.Test.Sdk from 17.3.1 to 17.4.1 BcryptNet/bcrypt.net#126
• Use License Expression for NuGet Package and add URLs by @​mus65 in Use License Expression for NuGet Package and add URLs BcryptNet/bcrypt.net#128
• Bump BenchmarkDotNet from 0.13.4 to 0.13.5 by @​dependabot[bot] in Bump BenchmarkDotNet from 0.13.4 to 0.13.5 BcryptNet/bcrypt.net#131
• Bump Microsoft.NET.Test.Sdk from 17.4.1 to 17.5.0 by @​dependabot[bot] in Bump Microsoft.NET.Test.Sdk from 17.4.1 to 17.5.0 BcryptNet/bcrypt.net#133
• Bump Microsoft.NET.Test.Sdk from 17.5.0 to 17.6.0 by @​dependabot[bot] in Bump Microsoft.NET.Test.Sdk from 17.5.0 to 17.6.0 BcryptNet/bcrypt.net#134
• Bump Microsoft.NET.Test.Sdk from 17.6.0 to 17.6.1 by @​dependabot[bot] in Bump Microsoft.NET.Test.Sdk from 17.6.0 to 17.6.1 BcryptNet/bcrypt.net#135
• Bump xunit.runner.visualstudio from 2.4.5 to 2.5.0 by @​dependabot[bot] in Bump xunit.runner.visualstudio from 2.4.5 to 2.5.0 BcryptNet/bcrypt.net#140
• Bump Microsoft.NET.Test.Sdk from 17.6.1 to 17.6.3 by @​dependabot[bot] in Bump Microsoft.NET.Test.Sdk from 17.6.1 to 17.6.3 BcryptNet/bcrypt.net#138
• Bump BenchmarkDotNet from 0.13.5 to 0.13.6 by @​dependabot[bot] in Bump BenchmarkDotNet from 0.13.5 to 0.13.6 BcryptNet/bcrypt.net#141
• Bump Microsoft.Windows.Compatibility from 6.0.0 to 6.0.6 in /IntegrationTest/TestVariousVersionsOfDotNet/WindowsFormAppViaDotnetTools by @​dependabot[bot] in Bump Microsoft.Windows.Compatibility from 6.0.0 to 6.0.6 in /IntegrationTest/TestVariousVersionsOfDotNet/WindowsFormAppViaDotnetTools BcryptNet/bcrypt.net#137
• Bump xunit from 2.4.2 to 2.5.1 by @​dependabot[bot] in Bump xunit from 2.4.2 to 2.5.1 BcryptNet/bcrypt.net#148
• Bump BenchmarkDotNet from 0.13.6 to 0.13.8 by @​dependabot[bot] in Bump BenchmarkDotNet from 0.13.6 to 0.13.8 BcryptNet/bcrypt.net#146
• Bump Microsoft.NET.Test.Sdk from 17.6.3 to 17.7.2 by @​dependabot[bot] in Bump Microsoft.NET.Test.Sdk from 17.6.3 to 17.7.2 BcryptNet/bcrypt.net#145
• Bump xunit.runner.visualstudio from 2.5.0 to 2.5.1 by @​dependabot[bot] in Bump xunit.runner.visualstudio from 2.5.0 to 2.5.1 BcryptNet/bcrypt.net#147
• Bump xunit from 2.5.1 to 2.5.3 by @​dependabot[bot] in Bump xunit from 2.5.1 to 2.5.3 BcryptNet/bcrypt.net#152
• Bump Microsoft.NET.Test.Sdk from 17.7.2 to 17.9.0 by @​dependabot[bot] in Bump Microsoft.NET.Test.Sdk from 17.7.2 to 17.9.0 BcryptNet/bcrypt.net#171
• Bump xunit from 2.5.3 to 2.8.0 by @​dependabot[bot] in Bump xunit from 2.5.3 to 2.8.0 BcryptNet/bcrypt.net#174

New Contributors

• @​mus65 made their first contribution in Use License Expression for NuGet Package and add URLs BcryptNet/bcrypt.net#128

Full Changelog: BcryptNet/bcrypt.net@4.0.3...v4.1.0

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Mvc.Testing from 10.0.0-preview.5.25277.114 to 10.0.5.

Release notes

Sourced from Microsoft.AspNetCore.Mvc.Testing's releases.

10.0.0-preview.6.25358.103

You can build .NET 10.0 Preview 6 from the repository by cloning the release tag v10.0.0-preview.6.25358.103 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

Commits viewable in compare view.

Updated Microsoft.CodeAnalysis.Analyzer.Testing from 1.1.2 to 1.1.3.

Release notes

Sourced from Microsoft.CodeAnalysis.Analyzer.Testing's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.CodeAnalysis.Analyzers from 3.3.4 to 3.11.0.

Release notes

Sourced from Microsoft.CodeAnalysis.Analyzers's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.CodeAnalysis.Common from 4.8.0 to 4.14.0.

Release notes

Sourced from Microsoft.CodeAnalysis.Common's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.CodeAnalysis.CSharp from 4.8.0 to 4.14.0.

Release notes

Sourced from Microsoft.CodeAnalysis.CSharp's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.CodeAnalysis.CSharp from 4.8.0 to 5.3.0.

Updated Microsoft.CodeAnalysis.CSharp.Analyzer.Testing from 1.1.2 to 1.1.3.

Updated Microsoft.CodeAnalysis.CSharp.Workspaces from 4.8.0 to 5.3.0.

Updated Microsoft.CodeAnalysis.Workspaces.Common from 4.8.0 to 4.14.0.

Release notes

Sourced from Microsoft.CodeAnalysis.Workspaces.Common's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.FileProviders.Embedded from 10.0.0 to 10.0.5.

Release notes

Sourced from Microsoft.Extensions.FileProviders.Embedded's releases.

No release notes found for this version range.

Commits viewable in compare view.

Pinned Microsoft.Extensions.Http.Resilience at 10.4.0.

Release notes

Sourced from Microsoft.Extensions.Http.Resilience's releases.

10.4.0

This release advances the AI abstractions with new hosted file, web search, and reasoning content types, stabilizes MCP and tool approval APIs, adds streaming latency metrics to OpenTelemetry instrumentation, and delivers bug fixes across caching, data ingestion, and resource monitoring.

Experimental API Changes

Now Stable

• MCP Server Tool Content and Function Call Approval APIs are now stable (previously MEAI001) #​7299
• FakeLogCollector.GetLogsAsync(CancellationToken) is now stable (previously EXTEXP0003) #​7332

New Experimental APIs

• New experimental AddExtendedHttpClientLogging overloads with wrapHandlersPipeline parameter (EXTEXP0013) #​7231

Removed Experimental APIs

• AI Tool Reduction experimental APIs removed (was experimental under MEAI001) #​7353

What's Changed

AI

• Add IHostedFileClient and friends #​7269 by @​stephentoub
• Add web search tool call content #​7276 by @​stephentoub (co-authored by @​Copilot)
• Surface OpenAI-compatible reasoning_content as TextReasoningContent #​7295 by @​stephentoub
• MCP/Approvals/Tool Contents stabilization #​7299 by @​jozkee
• Implement time_to_first_chunk and time_per_output_chunk streaming metrics in OpenTelemetryChatClient #​7325 by @​stephentoub (co-authored by @​Copilot)
• Add openai.api.type telemetry attribute to OpenAI IChatClient implementations #​7316 by @​stephentoub (co-authored by @​Copilot)
• Update OpenTelemetry Gen AI semantic conventions to v1.40 #​7322 by @​stephentoub (co-authored by @​Copilot)
• Fix tool definitions emission regardless of sensitivity setting #​7346 by @​stephentoub (co-authored by @​Copilot)
• Honor [Required] attribute in AI function parameter JSON schema generation #​7272 by @​stephentoub (co-authored by @​Copilot)
• AddAIContentType automatically registers content type against every base in the inheritance chain up to AIContent #​7358 by @​jozkee (co-authored by @​Copilot)
• Auto-mark server-handled FunctionCallContent as InformationalOnly #​7314 by @​stephentoub (co-authored by @​Copilot)
• Map ReasoningEffort.None and ExtraHigh to none and xhigh in OpenAI IChatClient implementations #​7319 by @​stephentoub (co-authored by @​Copilot)
• Handle DynamicMethod reflection limitations in AIFunctionFactory #​7287 by @​stephentoub (co-authored by @​Copilot)
• Fix Activity.Current nulled during streaming tool invocation #​7321 by @​flaviocdc (co-authored by @​Copilot)
• Handle FunctionCallOutputResponseItem in streaming response conversion #​7307 by @​stephentoub (co-authored by @​Copilot)
• Fix serialization of response continuation tokens #​7356 by @​stephentoub
• Remove AI Tool Reduction experimental APIs #​7353 by @​stephentoub (co-authored by @​Copilot)
• Update OpenAI to 2.9.1 #​7349 by @​stephentoub

Telemetry and Observability

• Introduce support for the Gauge metric type #​7203 by @​rainsxng
• Update logging source generator to support generic methods #​7331 by @​svick (co-authored by @​Copilot)
• Update logging source generator to match runtime PR #​124589 (ref readonly/params/scoped) #​7333 by @​svick (co-authored by @​Copilot)
• Promote FakeLogCollector.GetLogsAsync(CancellationToken) from experimental to stable #​7332 by @​Demo30
• Remove obsolete CS1591 warning suppression from generated file preamble #​7308 by @​luissena

HTTP Resilience and Diagnostics

... (truncated)

Commits viewable in compare view.

Updated Microsoft.IdentityModel.JsonWebTokens from 8.7.0 to 8.16.0.

Release notes

Sourced from Microsoft.IdentityModel.JsonWebTokens's releases.

8.16.0

New Features

• Add telemetry around signature validation. See PR #​3415 for details.

Fundamentals

• Fix FileVersion format to use two-digit year and day of year. See PR #​3389 for details.

8.15.0

New Features

• Add ECDsa support in X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey
  Extended X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey to support ECDSA keys.
  See PR #​2377 for details.

Bug Fixes

• Sanitize logs to avoid leaking sensitive data
  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.
  See PR #​3316 for details.
• Optimize log sanitization with SearchValues
  Improved the performance of the log sanitization logic introduced earlier by using SearchValues, making sanitization more efficient in high-throughput scenarios.
  See PR #​3341 for details.
• Update test for IDX10400
  Adjusted the IDX10400 test to align with the current behavior and error messaging.
  See PR #​3314 for details.

Fundamentals

• Add supported algorithm tests
  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.
  See PR #​3296 for details.
• Migrate repository agent rules from .clinerules to agents.md
  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.
  See PR #​3313 for details.
• Migrate Microsoft.IdentityModel.TestExtensions from Newtonsoft.Json to System.Text.Json
  Updated Microsoft.IdentityModel.TestExtensions to use System.Text.Json instead of Newtonsoft.Json, aligning tests with the runtime serialization stack.
  See PR #​3356 for details.
• Disable code coverage comments
  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.
  See PR #​3349 for details.
• Fix CodeQL alerts
  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.
  See PR #​3364 for details.

.NET 10 / SDK and tooling updates

• Building with .NET 10 preview / RC 1
  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.
  See PRs #​3287, #​3357, and #​3358 for details.
• Fix .NET 10 test execution consistency
  Ensured consistent use of the TargetNetNext parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.
  See PR #​3337 for details.
• Update project files and workflows for .NET 10.0 compatibility
  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.
  See PR #​3363 for details.
• Update .NET version to meet CG compliance
  Updated the .NET version references to be compliant with corporate governance (CG) requirements.
  See PR #​3353 for details.
• Update Coverlet collector and test SDK
  • Bumped CoverletCollectorVersion to 6.0.4.
    See PR #​3333 for details.
  • Upgraded Microsoft.NET.Test.Sdk to a newer version for improved test reliability and tooling support.
    ... (truncated)

8.14.0

8.14.0

Bug Fixes

• Switch back to use ValidationResult instead of OperationResult when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See #​3299 for details.

8.13.1

8.13.1

Dependencies

Microsoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0

Bug Fixes

• Fixed a decompression failure happening for large JWE payloads. See #​3286 for details.

Work related to redesign of IdentityModel's token validation logic #​2711

• Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See #​3284 for details.

8.13.0

8.13.0

8.13.0

Fundamentals

• CaseSensitiveClaimsIdentity.SecurityToken setter is now protected internal (was internal). See PR #​3278 for details.
• Update .NET SDK version to 9.0.108 used when building or running the code. See PR #​3274 for details.
• Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See #​3280 for details.

What's Changed

• Make CaseSensitiveClaimsIdentity.SecurityToken setter protected by @​keegan-caruso in Make CaseSensitiveClaimsIdentity.SecurityToken setter protected AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3278
• Update .NET SDK version in global.json from 9.0.107 to 9.0.108 by @​Copilot in Update .NET SDK version in global.json from 9.0.107 to 9.0.108 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3274
• Update RsaSecurityKey.cs to remove Pkcs 1 by @​keegan-caruso in Update RsaSecurityKey.cs to remove Pkcs 1 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3280
• changelog for 8.13 by @​jennyf19 in changelog for 8.13 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3282

New Contributors

• @​Copilot made their first contribution in Update .NET SDK version in global.json from 9.0.107 to 9.0.108 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3274

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.1...8.13.0

8.12.1

8.12.1

Fundamentals

• Update .NET SDK version to 9.0.107 used when building or running the code. See #​3263 for details.
• To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR #​3261 for details.
• Experimental code leaked into TokenValidationResult from early prototypes. See PR #​3259 for details.

What's Changed

• Remove experimental code from TokenValidationResult by @​brentschmaltz in Remove experimental code from TokenValidationResult AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3259
• Moved files to experimental folder by @​brentschmaltz in Moved files to experimental folder AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3261
• Update global.json to latest by @​jennyf19 in Update global.json to latest AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3263

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.0...8.12.1

8.12.0

8.12.0

New Features

• Enhance ConfigurationManager with event handling
  Added event handling capabilities to the ConfigurationManager, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see #​3253

Bug Fixes

• Add expected Base64UrlEncoder.Decode overload for NET6 and 8
  Introduced the expected overload of Base64UrlEncoder.Decode for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.
  For details see #​3249

Fundamentals

• Add AI assist rules
  Incorporated AI assist rules to enhance AI agents effectiveness.
  For details see #​3255
• Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0
  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).
  For details see #​3256
• Move suppression of RS006 to csproj
  Centralized suppression of RS006 warnings in project files for easier management.
  For details see #​3230

What's Changed

• Move suppression of RS006 to csproj. by @​brentschmaltz in Move suppression of RS006 to csproj. AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3230
• Add expected Base64UrlEncoder.Decode overload for NET6 and 8 by @​pmaytak in Add expected Base64UrlEncoder.Decode overload for NET6 and 8 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3250
• add ai assist rules by @​jennyf19 in add ai assist rules AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3255
• Enhance ConfigurationManager with event handling by @​GeoK in Enhance ConfigurationManager with event handling AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3254
• Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 by @​pmaytak in Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3256
• Update CHANGELOG.md for 8.12.0 by @​jmprieur in Update CHANGELOG.md for 8.12.0 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3258

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.11.0...8.12.0

8.11.0

8.11.0

New Features:

• Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue #​3245 for details.
• Added a new public async API: JsonWebTokenHandler.DecryptTokenWithConfigurationAsync, which decrypts a JWE token using keys from either TokenValidationParameters or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR #​3243 for details.

What's Changed

• few updates by @​jennyf19 in few updates AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3242
• Changelog for 8.10.0 by @​sruke in Changelog for 8.10.0 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3241
• Exposes publicly override of AadIssuerValidator factory taking a delegate by @​jmprieur in Exposes publicly override of AadIssuerValidator factory taking a delegate AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3244
• update current version to 8.10.0 by @​brentschmaltz in update current version to 8.10.0 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3246
• Add DecryptTokenWithConfiguration API by @​pmaytak in Add DecryptTokenWithConfiguration API AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3243
• changelog for 8.11 by @​jennyf19 in changelog for 8.11 AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3248

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.10.0...8.11.0

8.10.0

8.10.0

Bug Fixes

• Corrected casing of the Type attribute in SubjectConfirmationData. See #​3206.
• Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See #​3220.
• Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See #​3226.

Fundamentals

• Introduced Long-Term Support (LTS) policy. See #​3228 and #​3232.

8.9.0

8.9.0

Bug Fixes

• syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See Don't lose TimeZone kind when creating sync after AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3213.
• Fixed a null reference issue in KeyInfo. See fix keyinfo null ref AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3203.

New Features

• Introduced a new delegate for reading custom token payload values on JsonWebToken. See Replace JsonWebToken ReadPayloadValue with a delegate AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#2981.
• Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See add an overload for ReadJsonWebToken to take a ReadOnlyMemory, add te… AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3205.

Fundamentals

• Utilized IList to avoid enumerator allocation during audience validation. See Use IList to avoid enumerator allocation AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet#3204.

8.8.0

8.8.0

New Features

• Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR #​3193 for details.
• Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the Switch.Microsoft.IdentityModel.DoNotScrubExceptions AppContextSwitch. See PR #​3195 and https://aka.ms/identitymodel/app-context-switches for details.
• Change all plain object locks to System.Thread.Lock objects for .NET 9 or greater. See PRs #​3185 and #​3189 for details.

Commits viewable in compare view.

Pinned Npgsql at 9.0.5.

Release notes

Sourced from Npgsql's releases.

9.0.5

v9.0.5 contains several minor bug fixes.

Milestone issues

Full Changelog: npgsql/npgsql@v9.0.4...v9.0.5

9.0.4

v9.0.4 contains several minor bug fixes.

Milestone issues

Full Changelog: npgsql/npgsql@v9.0.3...v9.0.4

Commits viewable in compare view.

Pinned OpenTelemetry.Instrumentation.AspNetCore at 1.15.1.

Release notes

Sourced from OpenTelemetry.Instrumentation.AspNetCore's releases.

1.15.1

• NuGet: OpenTelemetry.Instrumentation.AspNet v1.15.1

  No notable changes.

  See CHANGELOG for details.

• NuGet: OpenTelemetry.Instrumentation.AspNet.TelemetryHttpModule v1.15.1

  • Propagate baggage before Activity is created.
    (#​3820)

  See CHANGELOG for details.

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.