Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump Microsoft.Extensions.Logging, Microsoft.Extensions.Logging.Abstractions, Newtonsoft.Json and itext7 #325

Merged
merged 1 commit into from
Nov 18, 2024

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Nov 18, 2024

Bumps Microsoft.Extensions.Logging, Microsoft.Extensions.Logging.Abstractions, Newtonsoft.Json and itext7. These dependencies needed to be updated together.
Updates Microsoft.Extensions.Logging from 9.0.0 to 5.0.0

Commits
  • cf258a1 [release/5.0] [browser][crypto] Remove restraining not supported attribute Pr...
  • 25c7409 [release/5.0] Fix missing signatures for Cross bitness DAC symbols (#43499)
  • aedbe68 Pass target properties to signing
  • 2b9b47d Pass down buildArchitecture for signing
  • 4de00f8 Unify paths used for cross-bit components
  • 25e8b0d [release/5.0] [.NET 5.0] Add support for libicu67 and several more higher ver...
  • 2d8e19f Change default FeedbackSize for TripleDES internal implementation to 8
  • 78740be Don't autoupgrade homebrew formula in install-native-dependencies.sh (#43353)
  • be12034 [release/5.0] Update dependencies from dotnet/arcade (#43321)
  • d90f149 [release/5.0] [wasm][net] System.Net.Mail should not throw PNSE for full asse...
  • Additional commits viewable in compare view

Updates Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 5.0.0

Commits
  • cf258a1 [release/5.0] [browser][crypto] Remove restraining not supported attribute Pr...
  • 25c7409 [release/5.0] Fix missing signatures for Cross bitness DAC symbols (#43499)
  • aedbe68 Pass target properties to signing
  • 2b9b47d Pass down buildArchitecture for signing
  • 4de00f8 Unify paths used for cross-bit components
  • 25e8b0d [release/5.0] [.NET 5.0] Add support for libicu67 and several more higher ver...
  • 2d8e19f Change default FeedbackSize for TripleDES internal implementation to 8
  • 78740be Don't autoupgrade homebrew formula in install-native-dependencies.sh (#43353)
  • be12034 [release/5.0] Update dependencies from dotnet/arcade (#43321)
  • d90f149 [release/5.0] [wasm][net] System.Net.Mail should not throw PNSE for full asse...
  • Additional commits viewable in compare view

Updates Newtonsoft.Json from 13.0.3 to 13.0.1

Commits

Updates itext7 from 8.0.5 to 9.0.0

Release notes

Sourced from itext7's releases.

iText Core/Community 9.0.0

For this Q4 release, we’re pleased to announce a new major version of iText. iText Core version 9.0 introduces significant new features, support for new specifications, and revised APIs to delight developers.

We’ve added support for the ISO/TS 320003 and 320004 standards, enabling even more secure PDF documents. Also on the list is the finalized digital signature validation module, along with a new API to easily get layers used in a page, and improved PDF/UA signing.

NOTE: Since iText 9.0 is a major release version, it naturally means a break in compatibility with iText 8. As the developers among you will appreciate, this is necessary to make quality-of-life improvements and reduce our technical debt.

However, thanks to the solid foundations laid with iText 7 and 8 there are few major API differences in iText 9. The iText Knowledge Base has extensive documentation on the breaking changes to ease the migration of existing projects from earlier versions.

New ISO Standards Support

First and foremost, iText Core version 9.0 incorporates support for the very latest ISO PDF document security standards. ISO/TS 32003 adds AES-GCM encryption to the PDF 2.0 specification, allowing documents to be protected with high-performance, yet extremely secure encryption.

ISO/TS 32004 introduces an integrity protection mechanism for encrypted PDFs, using a Message Authentication Code (MAC) to ensure authenticity. To fully understand what this means for securing PDF documents, we highly recommend reading two great articles on the PDF Association site: ISO 32004: an overview and the follow-up MACs vs. signatures in PDF which go into detail on this subject.

Digital Signature Validation Module

On the subject of PDF digital signatures, we’re also proud to present the finalized version of our dedicated validation module. This forms an integral piece of iText’s enhanced digital signing capabilities introduced with iText 8.

The aim is to provide simpler, more extensive API methods to not just sign PDF documents, but also validate the digital signatures within them – whether iText created them or not. Since you can validate multiple document revisions as well as certificate chains, iText can now be your Swiss Army knife for digital signatures, as well as PDF creation and manipulation.

This release enables you to only validate a single signature in a document, as opposed to all signatures. In addition, the signature validator will now work for encrypted documents.

API Improvements

There are also major refinements to iText’s API. These include streamlining PDF/A and PDF/UA creation and conformance to simplify the process. We’ve also developed a new API to identify the layers used in a page. This will help to find which Optional Content Groups (OCGs) belong to which page in a document.

Signing of PDF/UA documents has been improved. When creating a signature form field iText will now take into account if an alternative description is set in the accessibility properties of the signature appearance. Additionally, if you forget to set a font for the signature appearance this will now result in a conformance exception, rather than a property error.

Further improvements have been made to the rebuilding of invalid cross-reference (xref) tables in corrupt documents. When iText encounters and resolves such errors in non-strict mode, specific information on the cause will now be provided.

Adding to the recent addition of RSASSA-PSS encryption support for .NET, this release now allows it to be supported in FIPS mode.

Along with that is improved font selection and general handling, performance enhancements, and much more. iText has a reputation amongst Java and .NET developers for its speed and ease of use, and we’re ensuring that remains the case in the future.

Make sure to check out the Breaking Changes if you’re migrating from a previous version of iText.

Pull Requests

Once again, we’d like to thank Matthias Valvekens for another pull request submission. This relates to Unicode, and adds support for platform 0 encoding 3 in the Truetype and OpenType character map table. This is used in some fonts shipped with macOS, among other places.

Bug Fixes and Miscellaneous

For content extraction, we fixed a bug in the RegexBasedLocationExtractionStrategy API (Java/.NET) . It now produces better results by default when processing multiple pages.

We fixed an edge-case bug in Certificate Revocation List validation. When a CRL response existed, but its issuer was neither trusted, nor self-signed, it could result in a stack overflow error.

In addition, a fix was made to SVG rendering to honor dy attributes in parent text attributes.

Other Stuff

... (truncated)

Commits
  • 99dacf9 [RELEASE] iText 9.0.0
  • 5e6f04c [RELEASE] 9.0.0
  • 52792d5 Make 'floatMultiplier' in ClipperBridge non-static configuration
  • 2b2ca05 Move all logic from PdfA/UaDocuments to pluggalbe mechanisms into PdfDocument
  • a7c25b0 Support encrypted documents in SignatureValidator
  • 58de35d Support MAC integrity protection for different signing modes
  • 25f51c2 Timestamp reference files for supporting MAC integrity protection for differe...
  • 2ededc9 Add missing javadocs
  • 3e7b63a Refactor com.itextpdf.kernel.events mechanism
  • 74fd7e5 Fix cyclic references handling in struct tree parent
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

…actions, Newtonsoft.Json and itext7

Bumps [Microsoft.Extensions.Logging](https://github.com/dotnet/runtime), [Microsoft.Extensions.Logging.Abstractions](https://github.com/dotnet/runtime), [Newtonsoft.Json](https://github.com/JamesNK/Newtonsoft.Json) and [itext7](https://github.com/itext/itext7-dotnet). These dependencies needed to be updated together.

Updates `Microsoft.Extensions.Logging` from 9.0.0 to 5.0.0
- [Release notes](https://github.com/dotnet/runtime/releases)
- [Commits](dotnet/runtime@v9.0.0...v5.0.0)

Updates `Microsoft.Extensions.Logging.Abstractions` from 9.0.0 to 5.0.0
- [Release notes](https://github.com/dotnet/runtime/releases)
- [Commits](dotnet/runtime@v9.0.0...v5.0.0)

Updates `Newtonsoft.Json` from 13.0.3 to 13.0.1
- [Release notes](https://github.com/JamesNK/Newtonsoft.Json/releases)
- [Commits](JamesNK/Newtonsoft.Json@13.0.3...13.0.1)

Updates `itext7` from 8.0.5 to 9.0.0
- [Release notes](https://github.com/itext/itext7-dotnet/releases)
- [Commits](itext/itext-dotnet@8.0.5...9.0.0)

---
updated-dependencies:
- dependency-name: Microsoft.Extensions.Logging
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: Microsoft.Extensions.Logging.Abstractions
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: Newtonsoft.Json
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: itext7
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 18, 2024
Copy link

sonarcloud bot commented Nov 18, 2024

Copy link

Development container published

Install with:

docker pull vibenl/ghostfoliosidekick:pr-325

@VibeNL VibeNL enabled auto-merge (squash) November 18, 2024 18:02
@VibeNL VibeNL merged commit 735cf18 into master Nov 18, 2024
2 checks passed
@VibeNL VibeNL deleted the dependabot/nuget/multi-bec76f5621 branch November 18, 2024 18:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant