Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the all-dependencies group with 5 updates #16519

Merged
merged 3 commits into from
Aug 5, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 5, 2024

Bumps the all-dependencies group with 5 updates:

Package From To
AWSSDK.S3 3.7.400 3.7.400.2
DocumentFormat.OpenXml 3.0.2 3.1.0
Microsoft.IdentityModel.Protocols.OpenIdConnect 7.6.2 8.0.1
JsonPath.Net 1.1.2 1.1.3
Serilog.AspNetCore 8.0.1 8.0.2

Updates AWSSDK.S3 from 3.7.400 to 3.7.400.2

Commits

Updates DocumentFormat.OpenXml from 3.0.2 to 3.1.0

Release notes

Sourced from DocumentFormat.OpenXml's releases.

[3.1.0]

Added

  • Added DocumentFormat.OpenXml.Office.SpreadSheetML.Y2024.PivotAutoRefresh namespace
  • Added DocumentFormat.OpenXml.Office.SpreadSheetML.Y2024.PivotDynamicArrays namespace
  • Added DocumentFormat.OpenXml.Office.SpreadSheetML.Y2023.DataSourceVersioning namespace
  • Added DocumentFormat.OpenXml.Office.SpreadSheetML.Y2023.ExternalCodeService namespace
  • Added DocumentFormat.OpenXml.Office.SpreadSheetML.Y2023.MsForms namespace
  • Added DocumentFormat.OpenXml.Office.SpreadSheetML.Y2023.Pivot2023Calculation namespace

Fixed

  • Fixed issue where OpenXmlUnknownElement is returned instead of CommentPropertiesExtension (#1751)
  • Fixed issue where OpenXmlWriter is unable to write SharedStringTablePart (#1755)
Changelog

Sourced from DocumentFormat.OpenXml's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

Commits
  • 522f9f3 Unload root element if Part.GetStream updates the underlying value (#1760)
  • f1fecd3 Office Update for May 2024 (#1759)
  • cd814ec Change commentextensionlist ext element to 2006/main namespace (#1754)
  • 27ba922 Make LINQ classes partial (#1756)
  • 2c3d5d2 Bump gittools/actions from 1 to 2 (#1753)
  • d9ea8cd Bump danielpalme/ReportGenerator-GitHub-Action from 5.3.0 to 5.3.6 (#1734)
  • 062ea5e Bump xunit.runner.visualstudio from 2.8.0 to 2.8.1 (#1733)
  • b78695b Bump Microsoft.NET.Test.Sdk from 17.9.0 to 17.10.0 (#1727)
  • 8e28b6d Bump NuGet.Resolver, NuGet.Protocol, NuGet.Packaging and NuGet.Common (#1725)
  • b1b6682 add Feb24 Schema updates without specialized <Feature>Extension and <Feature>...
  • Additional commits viewable in compare view

Updates Microsoft.IdentityModel.Protocols.OpenIdConnect from 7.6.2 to 8.0.1

Release notes

Sourced from Microsoft.IdentityModel.Protocols.OpenIdConnect's releases.

8.0.1

Bug fixes

  • IdentityModel now resolves the public key to EPK. See issue #1951 for details.
  • Fix a race condition where SignatureProvider was disposed but still able to leverage the cache and SignatureProvider now disposes when compacting. See PR #2682 for details.
  • For JWE, JsonWebTokenHandler.ValidateJWEAsync now considers the decrypt keys in the configuration. See issue #2737 for details.

Performance improvement

  • AppContext.TryGetSwitch statically caches internally but takes out a lock. .NET almost always caches these values. They're not expected to change while the process is running unlike normal config. IdentityModel now caches the value. See issue #2722 for details.

8.0.0

CVE package updates

CVE-2024-30105

  • See PR #2707 for details.

Breaking change:

Full list of breaking changes.

  • A derived ClaimsIdentity where claim retrieval is case-sensitive. The current ClaimsIdentity, in .NET, retrieves claims in a case-insensitive manner which is different than querying the underlying SecurityToken. The new CaseSensitiveClaimsIdentity class provides consistent retrieval logic with SecurityToken. Fallback to previous behavior via an AppContext switch. See PR #2700 for details.
  • Make CollectionUtilities.IsNullOrEmpty internal. See issues Order is not preserved when returning documents from SQL query #2651 and #1722 for details.

Overall improvements to the validation in IdentityModel:

  • See design proposal #2711 for details, all work internal for now. Please comment in the GitHub issue and provide feedback there.

New Features:

  • Allow users to provide a Stream to Write in OIDCConfigurationSerializer. See PR #2698 for details.

Bug fixes:

Fundamentals

  • Remove code that was used in target frameworks that got removed. See PR #2673 for details.
  • Rename local variables for better readability. See PR #2674 for details.
  • Refactor XML comments for improved clarity. See PR #2676, #2677, #2678, #2689 and #2703 for details.
  • Fix flaky test. See issue #2683 for details.
  • Made ConfigurationManager.GetConfigurationAsync a virtual method. See PR #2661

8.0.0-preview1

Breaking changes:

  • IdentityModel 8x no longer supports .net461, which has reached end of life and is no longer supported. See issue #2544 for details.
  • Two IdentityModel extension dlls Microsoft.IdentityModel.KeyVaultExtensions and Microsoft.IdentityModel.ManagedKeyVaultSecurityKey were using ADAL, which is no longer supported . The affected packages have been removed, as the replacement is to use Microsoft.Identity.Web. See issue #2454 for details.
  • AppContext.SetSwitch which were included in IdentityModel 7x, have been removed and are the default in IdentityModel 8x. The result is a more performant IdentityModel by default. See issue #2629 and https://aka.ms/IdentityModel8x for details.

... (truncated)

Changelog

Sourced from Microsoft.IdentityModel.Protocols.OpenIdConnect's changelog.

8.0.1

Bug fixes

  • IdentityModel now resolves the public key to EPK. See issue #1951 for details.
  • Fix a race condition where SignatureProvider was disposed but still able to leverage the cache and SignatureProvider now disposes when compacting. See PR #2682 for details.
  • For JWE, JsonWebTokenHandler.ValidateJWEAsync now considers the decrypt keys in the configuration. See issue #2737 for details.

Performance improvement

  • AppContext.TryGetSwitch statically caches internally but takes out a lock. .NET almost always caches these values. They're not expected to change while the process is running unlike normal config. IdentityModel now caches the value. See issue #2722 for details.

8.0.0

CVE package updates

CVE-2024-30105

  • See PR #2707 for details.

Breaking change:

Full list of breaking changes.

  • A derived ClaimsIdentity where claim retrieval is case-sensitive. The current ClaimsIdentity, in .NET, retrieves claims in a case-insensitive manner which is different than querying the underlying SecurityToken. The new CaseSensitiveClaimsIdentity class provides consistent retrieval logic with SecurityToken. Fallback to previous behavior via an AppContext switch. See PR #2700 for details.
  • Make CollectionUtilities.IsNullOrEmpty internal. See issues Order is not preserved when returning documents from SQL query #2651 and #1722 for details.

Overall improvements to the validation in IdentityModel:

  • See design proposal #2711 for details, all work internal for now. Please comment in the GitHub issue and provide feedback there.

New Features:

  • Allow users to provide a Stream to Write in OIDCConfigurationSerializer. See PR #2698 for details.

Bug fixes:

Fundamentals

  • Remove code that was used in target frameworks that got removed. See PR #2673 for details.
  • Rename local variables for better readability. See PR #2674 for details.
  • Refactor XML comments for improved clarity. See PR #2676, #2677, #2678, #2689 and #2703 for details.
  • Fix flaky test. See issue #2683 for details.
  • Made ConfigurationManager.GetConfigurationAsync a virtual method. See PR #2661

8.0.0-preview1

Breaking changes:

  • IdentityModel 8x no longer supports .net461, which has reached end of life and is no longer supported. See issue #2544 for details.
  • Two IdentityModel extension dlls Microsoft.IdentityModel.KeyVaultExtensions and Microsoft.IdentityModel.ManagedKeyVaultSecurityKey were using ADAL, which is no longer supported . The affected packages have been removed, as the replacement is to use Microsoft.Identity.Web. See issue #2454 for details.
  • AppContext.SetSwitch which were included in IdentityModel 7x, have been removed and are the default in IdentityModel 8x. The result is a more performant IdentityModel by default. See issue #2629 and https://aka.ms/IdentityModel8x for details.

... (truncated)

Commits

Updates JsonPath.Net from 1.1.2 to 1.1.3

Commits

Updates Serilog.AspNetCore from 8.0.1 to 8.0.2

Release notes

Sourced from Serilog.AspNetCore's releases.

v8.0.2

Commits
  • 57d78d1 Merge pull request #378 from serilog/dev
  • 1a88701 Merge pull request #377 from nblumhardt/dependency-update
  • 77bd65c Update Serilog.Settings.Configuration dependency to avoid transitive dependen...
  • 70808df Fix comment in sample code [skip ci]
  • cd8662f Merge pull request #370 from nblumhardt/readme-updates
  • 92bc15a README and sample updates to match recent .NET hosting models
  • c862bfc Merge pull request #367 from sungam3r/cleanup
  • 656b79e Remove excessive dependencies + format
  • 0b2a9ab Merge pull request #364 from RandomBuffer/FixPushPropertyExample
  • 178f6df Fix C# example for PushProperty.
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the all-dependencies group with 5 updates:

| Package | From | To |
| --- | --- | --- |
| [AWSSDK.S3](https://github.com/aws/aws-sdk-net) | `3.7.400` | `3.7.400.2` |
| [DocumentFormat.OpenXml](https://github.com/dotnet/Open-XML-SDK) | `3.0.2` | `3.1.0` |
| [Microsoft.IdentityModel.Protocols.OpenIdConnect](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) | `7.6.2` | `8.0.1` |
| [JsonPath.Net](https://github.com/json-everything/json-everything) | `1.1.2` | `1.1.3` |
| [Serilog.AspNetCore](https://github.com/serilog/serilog-aspnetcore) | `8.0.1` | `8.0.2` |


Updates `AWSSDK.S3` from 3.7.400 to 3.7.400.2
- [Changelog](https://github.com/aws/aws-sdk-net/blob/main/SDK.CHANGELOG.MD)
- [Commits](https://github.com/aws/aws-sdk-net/commits)

Updates `DocumentFormat.OpenXml` from 3.0.2 to 3.1.0
- [Release notes](https://github.com/dotnet/Open-XML-SDK/releases)
- [Changelog](https://github.com/dotnet/Open-XML-SDK/blob/main/CHANGELOG.md)
- [Commits](dotnet/Open-XML-SDK@v3.0.2...v3.1.0)

Updates `Microsoft.IdentityModel.Protocols.OpenIdConnect` from 7.6.2 to 8.0.1
- [Release notes](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)
- [Changelog](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/blob/dev/CHANGELOG.md)
- [Commits](AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@7.6.2...8.0.1)

Updates `JsonPath.Net` from 1.1.2 to 1.1.3
- [Commits](https://github.com/json-everything/json-everything/commits)

Updates `Serilog.AspNetCore` from 8.0.1 to 8.0.2
- [Release notes](https://github.com/serilog/serilog-aspnetcore/releases)
- [Commits](serilog/serilog-aspnetcore@v8.0.1...v8.0.2)

---
updated-dependencies:
- dependency-name: AWSSDK.S3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: DocumentFormat.OpenXml
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-dependencies
- dependency-name: Microsoft.IdentityModel.Protocols.OpenIdConnect
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: all-dependencies
- dependency-name: JsonPath.Net
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
- dependency-name: Serilog.AspNetCore
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Aug 5, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file .NET Pull requests that update .net code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant