chore(deps): Bump the nuget-dependencies group with 5 updates

[dependabot]

Updated Microsoft.Data.SqlClient from 7.0.1 to 7.0.2.

Release notes

Sourced from Microsoft.Data.SqlClient's releases.

7.0.2

This update brings the following changes since the 7.0.1 release:

Important — package version alignment: Starting with 7.0.2, the Microsoft.Data.SqlClient driver and its companion packages share a single aligned version. The following packages now ship together as 7.0.2:

• Microsoft.Data.SqlClient
• Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider
• Microsoft.Data.SqlClient.Extensions.Azure
• Microsoft.Data.SqlClient.Extensions.Abstractions
• Microsoft.Data.SqlClient.Internal.Logging

(Microsoft.SqlServer.Server continues to version independently and remains at 1.0.0.)

Applications must reference the same versions of Microsoft.Data.SqlClient and its extensions for best compatibility. In particular, applications that reference Microsoft.Data.SqlClient.Extensions.Azure must upgrade it to 7.0.2 when upgrading Microsoft.Data.SqlClient to 7.0.2.

Breaking change (.NET Framework only): As part of this alignment, the AssemblyVersion of Microsoft.Data.SqlClient.Extensions.Azure, Microsoft.Data.SqlClient.Extensions.Abstractions, and Microsoft.Data.SqlClient.Internal.Logging changed from 1.0.0.0 to 7.0.0.0 (the Microsoft.Data.SqlClient and Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider assembly versions are unchanged). On .NET Framework, AssemblyVersion is part of the strong-name identity, so applications that drop these assemblies into an existing deployment without rebuilding must rebuild against the 7.0.2 packages (or add binding redirects). Applications on .NET / .NET Core are not affected.

Companion package release notes

The following companion packages ship aligned as 7.0.2. See their individual release notes for package-specific changes (including the Microsoft.Data.SqlClient.Extensions.Azure WAM broker support):

• Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider 7.0.2
• Microsoft.Data.SqlClient.Extensions.Azure 7.0.2
• Microsoft.Data.SqlClient.Extensions.Abstractions 7.0.2
• Microsoft.Data.SqlClient.Internal.Logging 7.0.2

Fixed

• Fixed a NullReferenceException in SqlCommand.Cancel(). The diagnostic message built during cancellation dereferenced the active connection directly; it now uses a null-conditional access so cancellation no longer throws when the connection has already been torn down.
  (#​4372,#​4373)

• Fixed a NullReferenceException in SqlDataReader when calling GetBytes/GetChars with a null destination buffer. The argument-validation path that constructs the InvalidDestinationBufferIndex exception now guards against the null buffer so the correct ArgumentException is surfaced instead of an NRE.
  (#​4159,#​4206)

• Fixed Always Encrypted column master key signature verification incorrectly reusing cached results. The SignatureVerificationCache lookup logic was corrected so signature verification outcomes are cached and retrieved against the correct key, preventing stale or mismatched verification results.
  (#​4339,#​4343)

Changed

Hardened TDS token parsing with data-length bounds checks

What Changed:

• Added bounds checking when parsing TDS token and feature-extension-acknowledgment data lengths. The parser now validates the declared length of incoming token data against the available buffer before reading, rejecting malformed or out-of-range length values instead of reading past the intended boundary.
  (#​4340,#​4358)

Who Benefits:

• All consumers benefit from improved resilience against malformed or hostile TDS responses. A server (or man-in-the-middle) sending an invalid token length can no longer drive the parser to read beyond the declared payload.

Impact:
... (truncated)

Commits viewable in compare view.

Updated Microsoft.NET.Test.Sdk from 18.6.0 to 18.7.0.

Release notes

Sourced from Microsoft.NET.Test.Sdk's releases.

18.7.0

What's Changed

• Add ARM64 msdia140.dll support to test platform packages by @​jamesmcroft in Add ARM64 msdia140.dll support to test platform packages microsoft/vstest#15689
• Update System.Memory from 4.5.5 to 4.6.3 by @​nohwnd in Update System.Memory from 4.5.5 to 4.6.3 microsoft/vstest#15706

New Contributors

• @​jamesmcroft made their first contribution in Add ARM64 msdia140.dll support to test platform packages microsoft/vstest#15689

Full Changelog: microsoft/vstest@v18.6.0...v18.7.0

Commits viewable in compare view.

Updated Microsoft.Playwright from 1.60.0 to 1.61.0.

Release notes

Sourced from Microsoft.Playwright's releases.

1.61.0

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via BrowserContext.Credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:

var context = await browser.NewContextAsync();

// Seed a passkey your backend provisioned for a test user.
await context.Credentials.CreateAsync("example.com", new()
{
    Id = credentialId,
    UserHandle = userHandle,
    PrivateKey = privateKey,
    PublicKey = publicKey,
});
await context.Credentials.InstallAsync();

var page = await context.NewPageAsync();
await page.GotoAsync("https://example.com/login");
// The page's navigator.credentials.get() is answered with the seeded passkey.

You can also let the app register a passkey once in a setup test, read it back with Credentials.GetAsync(), and seed it into later tests — see Credentials for details.

🗃️ Web Storage

New WebStorage API, available via Page.LocalStorage and Page.SessionStorage, reads and writes the page's storage for the current origin:

await page.LocalStorage.SetItemAsync("token", "abc");
var token = await page.LocalStorage.GetItemAsync("token");
var items = await page.SessionStorage.ItemsAsync();

New APIs

• APIResponse.SecurityDetailsAsync() and APIResponse.ServerAddrAsync() mirror the browser-side Response.SecurityDetailsAsync() and Response.ServerAddrAsync().
• New option ArtifactsDir in BrowserType.ConnectOverCDPAsync() controls where artifacts such as traces and downloads are stored when attached to an existing browser.
• New option Cursor in Screencast.ShowActionsAsync() controls the cursor decoration rendered for pointer actions.
• The OnFrame callback in Screencast.StartAsync() now receives a Timestamp of when the frame was presented by the browser.

🛠️ Other improvements

• Playwright now supports Ubuntu 26.04.
• HAR and trace recordings now include WebSocket requests.

Browser Versions

• Chromium 149.0.7827.55
• Mozilla Firefox 151.0
• WebKit 26.5

This version was also tested against the following stable channels:
... (truncated)

Commits viewable in compare view.

Updated OpenTelemetry.Instrumentation.AspNetCore from 1.15.2 to 1.16.0.

Release notes

Sourced from OpenTelemetry.Instrumentation.AspNetCore's releases.

1.16.0

• NuGet: OpenTelemetry.Extensions.AWS v1.16.0

  • Fix sampling behaviour to be compatible with .NET 11.
    (#​4396)

  • Updated OpenTelemetry core component version(s) to 1.16.0.
    (#​4487)

  See CHANGELOG for details.

• NuGet: OpenTelemetry.Instrumentation.AWS v1.16.0

  • Add instrumentation scope version and schema URL to metrics and traces.
    (#​4063)

  • Pass AWS attribute values to created meters as tags.
    (#​4063)

  • Capture SNS TopicArn as the aws.sns.topic.arn span attribute.
    (#​4043)

  • Add cloud.region attribute to all AWS SDK client spans.
    (#​4043)

  • Add messaging attributes for AWS SNS and SQS.
    (#​4043)

  • BREAKING: Update latest AWS Semantic Conventions to 1.40.0.
    (#​4043)

  • Fix suppression scope leakage when SuppressDownstreamInstrumentation is
    enabled.
    (#​4304)

  See CHANGELOG for details.

• NuGet: OpenTelemetry.Instrumentation.AWSLambda v1.16.0

  • Update System.Text.Json for netstandard2.0 to 8.0.5.
    (#​4154)

  • Add instrumentation scope version and schema URL to traces.
    (#​4063)

  See CHANGELOG for details.

1.16.0-beta.1

• NuGet: OpenTelemetry.Instrumentation.ServiceFabricRemoting v1.16.0-beta.1

  • Raised the minimum required version of Microsoft.ServiceFabric.Actors and
    Microsoft.ServiceFabric.Services.Remoting from 7.1.2448 to 8.4.268, as the
    7.1 Service Fabric runtime is going out of support.
    (#​4510)

  • Updated OpenTelemetry core component version(s) to 1.16.0.
    (#​4487)

  See CHANGELOG for details.

1.16.0-alpha.1

• NuGet: OpenTelemetry.Instrumentation.EventCounters v1.16.0-alpha.1

  • Fixed OnEventWritten processing events from EventSources that were not
    configured via AddEventSources.
    (#​4031)

  • Updated OpenTelemetry core component version(s) to 1.16.0.
    (#​4487)

  See CHANGELOG for details.

Commits viewable in compare view.

Updated OpenTelemetry.Instrumentation.Http from 1.15.1 to 1.16.0.

Release notes

Sourced from OpenTelemetry.Instrumentation.Http's releases.

1.16.0

• NuGet: OpenTelemetry.Extensions.AWS v1.16.0

  • Fix sampling behaviour to be compatible with .NET 11.
    (#​4396)

  • Updated OpenTelemetry core component version(s) to 1.16.0.
    (#​4487)

  See CHANGELOG for details.

• NuGet: OpenTelemetry.Instrumentation.AWS v1.16.0

  • Add instrumentation scope version and schema URL to metrics and traces.
    (#​4063)

  • Pass AWS attribute values to created meters as tags.
    (#​4063)

  • Capture SNS TopicArn as the aws.sns.topic.arn span attribute.
    (#​4043)

  • Add cloud.region attribute to all AWS SDK client spans.
    (#​4043)

  • Add messaging attributes for AWS SNS and SQS.
    (#​4043)

  • BREAKING: Update latest AWS Semantic Conventions to 1.40.0.
    (#​4043)

  • Fix suppression scope leakage when SuppressDownstreamInstrumentation is
    enabled.
    (#​4304)

  See CHANGELOG for details.

• NuGet: OpenTelemetry.Instrumentation.AWSLambda v1.16.0

  • Update System.Text.Json for netstandard2.0 to 8.0.5.
    (#​4154)

  • Add instrumentation scope version and schema URL to traces.
    (#​4063)

  See CHANGELOG for details.

1.16.0-beta.1

• NuGet: OpenTelemetry.Instrumentation.ServiceFabricRemoting v1.16.0-beta.1

  • Raised the minimum required version of Microsoft.ServiceFabric.Actors and
    Microsoft.ServiceFabric.Services.Remoting from 7.1.2448 to 8.4.268, as the
    7.1 Service Fabric runtime is going out of support.
    (#​4510)

  • Updated OpenTelemetry core component version(s) to 1.16.0.
    (#​4487)

  See CHANGELOG for details.

1.16.0-alpha.1

• NuGet: OpenTelemetry.Instrumentation.EventCounters v1.16.0-alpha.1

  • Fixed OnEventWritten processing events from EventSources that were not
    configured via AddEventSources.
    (#​4031)

  • Updated OpenTelemetry core component version(s) to 1.16.0.
    (#​4487)

  See CHANGELOG for details.

1.15.2

• NuGet: OpenTelemetry.Exporter.Geneva v1.15.2

  • Updated OpenTelemetry core component version(s) to 1.15.3.
    (#​4166)

  See CHANGELOG for details.

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

PR Size Analysis

Size: XS (10 changes across 1 files)

• Additions: 5
• Deletions: 5

✅ This PR is small and easy to review!