Bump the nuget-all group with 4 updates#341
Closed
dependabot[bot] wants to merge 945 commits into
Closed
Conversation
Copy runtime artefacts as root:root and apply chmod -R a-w /app so the non-root runtime user cannot modify deployed application files. - apps/app-frontend/Dockerfile: COPY --chown=root:root + chmod -R a-w /app - apps/marketing-site/Dockerfile: COPY --chown=root:root + chmod -R a-w /app - services/core-api/src/Curvit.Api/Dockerfile: COPY --chown=root:root + chmod -R a-w /app + move USER appuser after chmod Each service's ephemeral write needs (uploads, temp buffers) are satisfied by the world-writable /tmp mount; no /app path requires runtime write access. Agent-Logs-Url: https://github.com/NickLetts2/Curvit/sessions/5b834229-6f26-48e1-a7bb-3e840815643f Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
Agent-Logs-Url: https://github.com/NickLetts2/Curvit/sessions/8f73b982-b6ac-4512-b002-d2a3a5a1273c Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
- Fix apps/marketing-site/Dockerfile line 6: replace glob `COPY package.json package-lock.json* ./` with explicit `COPY package.json package-lock.json ./` (resolves docker:S6470) - Expand apps/marketing-site/.dockerignore to exclude secrets, private keys, .sops.yaml, .git, test tooling, dev config files, and OS artefacts. Existing entries reorganised with comments. - Expand services/core-api/.dockerignore to exclude secrets, private keys, .sops.yaml, .git, test projects, test results, coverage outputs, solution metadata, and OS artefacts. Build contexts confirmed from docker-compose.yml: marketing-site → ./apps/marketing-site core-api → ./services/core-api Both .dockerignore files sit at their effective build context roots. Agent-Logs-Url: https://github.com/NickLetts2/Curvit/sessions/b1673847-1861-4418-8ff7-da30504ff961 Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
Agent-Logs-Url: https://github.com/NickLetts2/Curvit/sessions/a4778587-1778-4f63-8c5b-1ba6638daec9 Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
- content-sanitiser: add MAX_SCAN_CHARS=200_000 guard before injection
pattern scan; simplify delete-files regex to remove adjacent optional
whitespace groups that could cause super-linear backtracking
- content-sanitiser tests: add TestReDoSAdversarialInput with 5 regression
tests for long/pathological inputs; all 44 tests pass
- EmailContinueForm: replace unbounded EMAIL_REGEX with bounded-quantifier
version, add MAX_EMAIL_LENGTH=254 constant, maxLength={254} on input,
and explicit length guard in both isEmailValid and handleSubmit
- BlogPostForm: add maxLength={200} to title input; split slug cleanup into
two linear anchored replaces to eliminate alternation flagged by Sonar S5852
- check-naming-conventions.js: add NOSONAR:javascript:S5852 comments with
written justification for both CI-only regex patterns (lines 35, 50)
that run only against trusted repository source
Agent-Logs-Url: https://github.com/NickLetts2/Curvit/sessions/992012cf-81a3-4603-a017-531d943556a4
Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
…ction - Add requireHttpsInProduction helper to app-frontend and marketing-site - Validate NEXT_PUBLIC_API_URL uses HTTPS in production via next.config.ts - Validate PUBLIC_APP_URL uses HTTPS in production via marketing-site config.ts - Add unit tests for both URL validation helpers (18 tests total) All server-only Docker network URLs (http://core-api:5000, etc.) are correctly classified as safe — they communicate over private Docker networks and never reach a browser. Closes: S5332 SonarCloud hotspots for public-facing URLs" Agent-Logs-Url: https://github.com/NickLetts2/Curvit/sessions/d94c2413-0222-438c-8feb-754db10cd98d Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
… tests Agent-Logs-Url: https://github.com/NickLetts2/Curvit/sessions/992012cf-81a3-4603-a017-531d943556a4 Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
…ocument Astro dual-detection rationale Agent-Logs-Url: https://github.com/NickLetts2/Curvit/sessions/d94c2413-0222-438c-8feb-754db10cd98d Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
…calls Replace `curl -fsSL` with `curl --fail --show-error --silent --location --proto '=https' --tlsv1.2` for both public GitHub binary downloads (sops and age) in STAGING_FIRST_DEPLOY.sh. This resolves SonarCloud shell:S6506 hotspots on lines 144 and 162 by preventing curl from following redirects to non-HTTPS URLs. Add inline comments explaining the HTTPS restriction for each call. Shellcheck exits 0 on the modified script. Agent-Logs-Url: https://github.com/NickLetts2/Curvit/sessions/fa1b3a40-7840-4a00-81b7-eb544de09b98 Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
- Create docs/security/internal-networking.md documenting TLS boundary, internal Docker networking, hotspot classification, and future considerations - Add NOSONAR: S5332 comments to all internal Docker-network service URLs in production TypeScript source files (health.ts, internal-auth.ts, account.ts, messages.ts, blog.ts, admin.ts, billing.ts, logoutCookies.ts, e2e auth route, middleware.ts already annotated) - Add NOSONAR: S5332 comments to marketing-site source files (config.ts, search/index.ts) - Add NOSONAR: S5332 comments to Python production source files (analysis-worker config, admin-service config, document-ingestion config, shared/config.py, billing-service config, docx_extractor namespace URI) - Add NOSONAR: S5332 comments to Python test files (analysis-worker test_internal_api_key.py, document-ingestion scanner tests, conftest.py http://test httpx transport base URLs, ai-orchestrator JSON schema ID) - Add NOSONAR: S5332 comments to TypeScript test files (MSW handler setup lines, playwright configs, checkout/billing E2E test URLs, logoutCookies test, admin-visibility E2E spec, publicMessages marketing-site tests) - Add NOSONAR: S5332 comments to manual test harnesses in data/Testing/ All 323 app-frontend unit tests pass. All 74 marketing-site unit tests pass. All 22 document-ingestion service tests pass. All 14 analysis-worker tests pass. Agent-Logs-Url: https://github.com/NickLetts2/Curvit/sessions/6ed98df5-a975-4f0d-ac6c-c3d3c87d77b1 Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
- Remove redundant file-level NOSONAR from internal-auth.ts (keep inline only) - Replace block-level NOSONAR comment in health.ts with inline-only approach - Fix conftest.py NOSONAR placement to be inline on URL-containing lines - Fix test_internal_api_key.py docstring to have NOSONAR outside string literal - Replace file-level NOSONAR comments in playwright configs with precise inline comments on each URL-containing line Agent-Logs-Url: https://github.com/NickLetts2/Curvit/sessions/6ed98df5-a975-4f0d-ac6c-c3d3c87d77b1 Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
- Move NOSONAR from docstring closing in test_internal_api_key.py to a standalone comment line after the docstring - Clean up file-level comment in publicMessages.test.ts to not embed NOSONAR text in a regular comment (inline NOSONAR on call sites retained) Agent-Logs-Url: https://github.com/NickLetts2/Curvit/sessions/6ed98df5-a975-4f0d-ac6c-c3d3c87d77b1 Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
…urls Security: Classify S5332 HTTP hotspots and document internal Docker networking boundary
…-script security: enforce HTTPS-only redirects in staging deploy script curl downloads
feat(security): enforce HTTPS for public/browser-facing URLs in production
chore(load-tests): document non-security-sensitive Math.random() usages to resolve SonarCloud hotspots
…redos Security: harden regex usage against ReDoS (S5852)
…krest-root-usage security: minimise pgBackRest container root usage (SonarCloud S6471)
…contexts Security: tighten Docker build contexts and .dockerignore rules
…-file-ownership Security: harden Docker runtime file ownership to resolve docker:S6504 hotspots
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
…ctor fix: enforce API-layer DB access boundary across billing-service, admin-service, and core-api controllers
- Create /articles/[slug].astro — SSR article detail page with breadcrumbs, author/date/reading-time meta, markdown rendering, inline conversion CTA, related articles section, Article + BreadcrumbList JSON-LD schemas - Update sitemap.xml.ts: add /guides and /articles to static routes; fetch and include all published guides and articles with lastmod dates - Create docs/content-ui.md: full developer reference covering routing, content hubs, detail page features, SEO, CMS API, editorial workflow, internal linking, accessibility, and testing commands All 93 CMS service tests pass." Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
- Move `or_` import to module level in content.py - Escape LIKE wildcards (%, _) in search params to prevent unexpected results - Extract shared `calcReadingTime` and `extractCategories` utilities into lib/content/content-utils.ts; use in all four hub/detail pages - Restore explicit BlogPost interface in sitemap.xml.ts; remove inline type - Update docs/content-ui.md: WCAG 2.1 → WCAG 2.2 AA Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
- Extract _escape_like() helper; escape [ and ] in LIKE wildcards - Extract _resolve_actor() helper; use across all workflow endpoints - Add create_content_item() to conftest.py; remove duplicate _create_item methods from TestContentPublicRoutes, TestSlugUniquenessPerType, TestPublicSearchAndRelated - Add lib/cms-client.ts with cmsBase/internalApiKey/cmsHeaders(); use in all four content pages (guides/articles hub + detail pages) - Add buildPaginationUrl() to content-utils.ts; use in guides/articles hub pages pagination links - Add explicit slug guard (if !slug return redirect) in detail pages - Document word-count approximation limitation in content-utils.ts All 93 CMS tests pass. Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
… limit - Pass escape="\\" to all ilike() calls so the database correctly interprets the backslash-escaped LIKE pattern from _escape_like() - Add inline comment noting that not_in set is bounded to limit+1 items - Add sitemap comment about the 100-item-per-content-type cap Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
- Export MS_PER_DAY = 86_400_000 from content-utils.ts; import and use it in guides/[slug].astro and articles/[slug].astro in place of the inline magic number - Change sitemap 100-item comment to a TODO for future pagination - Clarify not_in comment to reference validated limit constraint Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
…ain permissions Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Potential fix for code scanning alert no. 298: Workflow does not contain permissions
…actor feat(#330): Content UI refactor — guides & articles hub/detail pages, CMS editorial workflow
- New Docker service: services/content-creator/ - 10-stage workflow: content inventory, research, opportunity analysis, brief generation, draft generation, link audit, conversion validation, quality review, CMS draft creation, admin support data - Two operating modes: NewContent and Refresh/Expansion (Mixed default) - Separate CONTENT_CREATOR_AI_API_KEY from cv-analysis service - AI provenance tracking: PromptVersion, ModelUsed, GeneratedAt, GenerationMode - Ad-hoc generation endpoint for admins (POST /admin/generate) - Weekly Monday 01:00 UTC asyncio scheduler - Safety: never auto-publishes, no fabrication, draft-only CMS writes - Conversion rules: Curvit mention after 25%, max 2 refs, no hard sell - DB models: GenerationRun, ResearchDigest, ContentOpportunity, ContentBrief, ContentQualityReview, ContentLinkAudit - 78 tests: unit, route, workflow, scheduling, safety - docker-compose.yml: content-creator service entry (no Traefik) - .github/workflows/ci-python.yml: content-creator path triggers - docs/content-creator.md: full architecture, workflow, operations docs Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
- Fix prompt version constant names (drop redundant -v1 suffix) - Fix semaphore lazy init to avoid race condition - Fix link auditor HEAD→GET fallback (check 405 status, not exception) - Fix SQLAlchemy boolean comparison to use .is_(False) - Propagate KeyboardInterrupt/SystemExit in workflow exception handler - Fix CodeQL URL substring check in test (use startswith) Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
…ring sanitization' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
…ator feat: curvit-content-creator service — scheduled AI editorial assistant (issue #331)
Co-authored-by: NickLetts2 <90337962+NickLetts2@users.noreply.github.com>
…ervice-to-ci-cd Wire `content-creator` into build-push and staging/prod deploy image flow
Bumps MailKit from 4.16.0 to 4.17.0 Bumps Npgsql.EntityFrameworkCore.PostgreSQL from 10.0.1 to 10.0.2 Bumps StackExchange.Redis from 2.13.1 to 2.13.17 Bumps Stripe.net from 51.1.0 to 51.2.0 --- updated-dependencies: - dependency-name: MailKit dependency-version: 4.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-all - dependency-name: Npgsql.EntityFrameworkCore.PostgreSQL dependency-version: 10.0.2 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-all - dependency-name: StackExchange.Redis dependency-version: 2.13.17 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-all - dependency-name: Stripe.net dependency-version: 51.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-all ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
.NET
dependabot
Bot
added
dependencies
NickLetts2
deleted the
dependabot/nuget/services/core-api/src/Curvit.Infrastructure/nuget-all-dd3b1b044f
branch
Contributor
Author
|
This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests. To ignore these dependencies, configure ignore rules in dependabot.yml |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updated MailKit from 4.16.0 to 4.17.0.
Release notes
Sourced from MailKit's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Npgsql.EntityFrameworkCore.PostgreSQL from 10.0.1 to 10.0.2.
Release notes
Sourced from Npgsql.EntityFrameworkCore.PostgreSQL's releases.
10.0.2
Milestone issue
What's Changed
bytea.Any()aslength > 0by @georg-jung in Translatebytea.Any()aslength > 0npgsql/efcore.pg#3817Full Changelog: npgsql/efcore.pg@v10.0.1...v10.0.2
Commits viewable in compare view.
Updated StackExchange.Redis from 2.13.1 to 2.13.17.
Release notes
Sourced from StackExchange.Redis's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Stripe.net from 51.1.0 to 51.2.0.
Release notes
Sourced from Stripe.net's releases.
51.2.0
This release changes the pinned API version to 2026-05-27.dahlia.
V2.Commerce.ProductCatalogImportCreateandGetmethods on resourceV2.Commerce.ProductCatalogImportBizumPaymentsandScalapayPaymentsonAccount.CapabilitiesandAccountCapabilitiesOptionsAutomaticTransferRulesByCurrencyonBalanceSettings.Payments.PayoutsandBalanceSettingsPaymentsPayoutsOptionsStartOfDayonBalanceSettings.Payments.SettlementTimingandBalanceSettingsPaymentsSettlementTimingOptionsDescriptiononChargeTransferDataOptions,PaymentIntent.TransferData, andPaymentIntentTransferDataOptionsBizumonCharge.PaymentMethodDetails,ConfirmationToken.PaymentMethodPreview,ConfirmationTokenPaymentMethodDataOptions,PaymentAttemptRecord.PaymentMethodDetails,PaymentIntent.PaymentMethodOptions,PaymentIntentPaymentMethodDataOptions,PaymentIntentPaymentMethodOptionsOptions,PaymentMethodConfigurationCreateOptions,PaymentMethodConfigurationUpdateOptions,PaymentMethodConfiguration,PaymentMethodCreateOptions,PaymentMethod,PaymentRecord.PaymentMethodDetails,SetupIntent.PaymentMethodOptions,SetupIntentPaymentMethodDataOptions, andSetupIntentPaymentMethodOptionsOptionsScalapayonCharge.PaymentMethodDetails,Checkout.Session.PaymentMethodOptions,CheckoutSessionPaymentMethodOptionsOptions,ConfirmationToken.PaymentMethodPreview,ConfirmationTokenPaymentMethodDataOptions,PaymentAttemptRecord.PaymentMethodDetails,PaymentIntent.PaymentMethodOptions,PaymentIntentPaymentMethodDataOptions,PaymentIntentPaymentMethodOptionsOptions,PaymentMethodConfigurationCreateOptions,PaymentMethodConfigurationUpdateOptions,PaymentMethodConfiguration,PaymentMethodCreateOptions,PaymentMethod,PaymentRecord.PaymentMethodDetails,Refund.DestinationDetails, andSetupIntentPaymentMethodDataOptionsMandateonCharge.PaymentMethodDetails.Twint,PaymentAttemptRecord.PaymentMethodDetails.Twint, andPaymentRecord.PaymentMethodDetails.TwintCheckoutSessionPaymentMethodOptionsTwintOptions.SetupFutureUsageandPaymentIntentPaymentMethodOptionsTwintOptions.SetupFutureUsagefromliteral('none')toenum('none'|'off_session')Checkout.Session.PaymentMethodOptions.Twint.SetupFutureUsageandPaymentIntent.PaymentMethodOptions.Twint.SetupFutureUsagefromliteral('none')toenum('none'|'off_session')CreditedItemsonInvoiceItem.ProrationDetailsDiscountableonInvoiceScheduleDetailsPhaseAddInvoiceItemOptions,SubscriptionAddInvoiceItemOptions,SubscriptionSchedule.Phase.AddInvoiceItem, andSubscriptionSchedulePhaseAddInvoiceItemOptionsBillingSchedulesonInvoiceSubscriptionDetailsOptions,SubscriptionCreateOptions,SubscriptionUpdateOptions, andSubscriptionAmountPaidOffStripeonInvoiceTwintonMandate.PaymentMethodDetailsandSetupAttempt.PaymentMethodDetailsMetadataonPaymentIntent.TransferData,PaymentIntentTransferDataOptions, andSubscription.PendingUpdatePaymentDataonPaymentIntent.TransferDataandPaymentIntentTransferDataOptionsBlikAuthorizeonPaymentIntent.NextActionandSetupIntent.NextActionPaymentMethodOptionsonPaymentLinkCreateOptions,PaymentLinkUpdateOptions, andPaymentLinkActiveonPaymentMethodConfigurationListOptionsBilledUntilonSubscriptionItemDiscountandDiscountsonSubscription.PendingUpdateVerifoneM425,VerifoneP630,VerifoneUx700, andVerifoneV660ponTerminal.ConfigurationCreateOptions,Terminal.ConfigurationUpdateOptions, andTerminal.ConfigurationApiErrorandPrintContentonTerminal.Reader.ActionCustomeronTestHelpers.TestClockCreateOptionsSigneronV2.Core.Account.Identity.BusinessDetails.Documents.ProofOfRegistration,V2.Core.Account.Identity.BusinessDetails.Documents.ProofOfUltimateBeneficialOwnership,V2CoreAccountIdentityBusinessDetailsDocumentsProofOfRegistrationOptions,V2CoreAccountIdentityBusinessDetailsDocumentsProofOfUltimateBeneficialOwnershipOptions,V2CoreAccountTokenIdentityBusinessDetailsDocumentsProofOfRegistrationOptions, andV2CoreAccountTokenIdentityBusinessDetailsDocumentsProofOfUltimateBeneficialOwnershipOptionsAzureEventGridonV2.Core.EventDestinationCreateOptionsandV2.Core.EventDestinationV2CommerceProductCatalogImportsFailedEvent,V2CommerceProductCatalogImportsProcessingEvent,V2CommerceProductCatalogImportsSucceededEvent, andV2CommerceProductCatalogImportsSucceededWithErrorsEventwith related objectV2.Commerce.ProductCatalogImportstripe-notifyheader is present in responseSee the changelog for more details.
51.2.0-beta.2
V2.Commerce.ProductCatalogImport,V2.Data.Reporting.QueryRun,V2.Extend.WorkflowRun,V2.Extend.Workflow,V2.Iam.ActivityLog,V2.Network.BusinessProfile, andV2.OrchestratedCommerce.AgreementConfirm,Create,Get,List, andTerminatemethods on resourceV2.OrchestratedCommerce.AgreementGetandMemethods on resourceV2.Network.BusinessProfileListmethod on resourceV2.Iam.ActivityLogGetandListmethods on resourceV2.Extend.WorkflowRunGet,Invoke, andListmethods on resourceV2.Extend.WorkflowCreateandGetmethods on resourcesV2.Commerce.ProductCatalogImportandV2.Data.Reporting.QueryRunV2.Billing.Cadence.SettingsData.Collection.PaymentMethodOptions.Konbini,V2.Billing.CollectionSetting.PaymentMethodOptions.Konbini,V2.Billing.CollectionSettingVersion.PaymentMethodOptions.Konbini, andV2BillingCollectionSettingPaymentMethodOptionsOptions.Konbinifrommap(string: dynamic)toan objectV2.Billing.Cadence.SettingsData.Collection.PaymentMethodOptions.SepaDebit,V2.Billing.CollectionSetting.PaymentMethodOptions.SepaDebit,V2.Billing.CollectionSettingVersion.PaymentMethodOptions.SepaDebit, andV2BillingCollectionSettingPaymentMethodOptionsOptions.SepaDebitfrommap(string: dynamic)toan objectV2.MoneyManagement.InboundTransfer.TransferHistory.BankDebitProcessingfrommap(string: dynamic)toan objectV2.MoneyManagement.InboundTransfer.TransferHistory.BankDebitQueuedfrommap(string: dynamic)toan objectV2.MoneyManagement.InboundTransfer.TransferHistory.BankDebitSucceededfrommap(string: dynamic)toan objectV2CoreBatchJobEndpointOptions.HttpMethodfromliteral('post')toenum('delete'|'post')TreasuryTransactiononEventsV2MoneyManagementTransactionCreatedEventV2CommerceProductCatalogImportsFailedEvent,V2CommerceProductCatalogImportsProcessingEvent,V2CommerceProductCatalogImportsSucceededEvent, andV2CommerceProductCatalogImportsSucceededWithErrorsEventwith related objectV2.Commerce.ProductCatalogImportV2DataReportingQueryRunCreatedEvent,V2DataReportingQueryRunFailedEvent,V2DataReportingQueryRunSucceededEvent, andV2DataReportingQueryRunUpdatedEventwith related objectV2.Data.Reporting.QueryRunV2ExtendWorkflowRunFailedEvent,V2ExtendWorkflowRunStartedEvent, andV2ExtendWorkflowRunSucceededEventwith related objectV2.Extend.WorkflowRunV2OrchestratedCommerceAgreementConfirmedEvent,V2OrchestratedCommerceAgreementCreatedEvent,V2OrchestratedCommerceAgreementPartiallyConfirmedEvent, andV2OrchestratedCommerceAgreementTerminatedEventwith related objectV2.OrchestratedCommerce.AgreementCannotProceedExceptionSee the changelog for more details.
51.2.0-beta.1
This release changes the pinned API version to 2026-04-22.private.
SharedPayment.GrantedTokenandSharedPayment.IssuedTokenGetmethod on resourceSharedPayment.GrantedTokenCreateandRevoketest helper methods on resourceSharedPayment.GrantedTokenCreate,Get, andRevokemethods on resourceSharedPayment.IssuedTokenBlikonCheckoutSessionPaymentMethodOptionsOptions,Invoice.PaymentSettings.PaymentMethodOptions,InvoicePaymentSettingsPaymentMethodOptionsOptions,QuotePreviewInvoice.PaymentSettings.PaymentMethodOptions,Subscription.PaymentSettings.PaymentMethodOptions, andSubscriptionPaymentSettingsPaymentMethodOptionsOptionsSharedPaymentGrantedTokenonConfirmationTokenPaymentMethodDataOptions,PaymentIntentPaymentMethodDataOptions,PaymentMethod, andSetupIntentPaymentMethodDataOptionsValidationErrorsonPrivacy.RedactionJobTaxDetailsonProductQuotePreviewInvoice.TotalTaxes.TaxRateDetails.TaxRatefromstringtoexpandable($TaxRate)AdmissionsTax,AttendanceTax,EntertainmentTax,GrossReceiptsTax,HospitalityTax,LuxuryTax,ResortTax, andTourismTaxonTaxRegistrationCountryOptionsUsOptionsPurposeonTreasury.OutboundPaymentCreateOptionsandTreasury.OutboundPaymentSee the changelog for more details.
51.2.0-alpha.6
PaymentLocationCapabilityGet,List, andUpdatemethods on resourcePaymentLocationCapabilityCloseandSimulateNetworkLifecycleDisputeResponsetest helper methods on resourceIssuing.DisputeDelegatedCheckoutRequestedSessionDiscountsOptions.Codesfromarray(string)toemptyable(array(string))CreditedItemsonInvoiceItem.ProrationDetailsBalanceResponseonIssuing.AuthorizationPaymentEvaluationsonPaymentAttemptRecordReportCanceledOptions,PaymentAttemptRecordReportFailedOptions,PaymentRecordFailedOptions,PaymentRecordReportPaymentAttemptCanceledOptions, andPaymentRecordReportPaymentAttemptFailedOptionsEnabledonPaymentIntentPaymentDetailsBenefitFrMealVoucherOptionsandSetupIntentSetupDetailsBenefitFrMealVoucherOptionsAdvancedFeatureDetailsandAllowedPaymentMethodTypesonPaymentIntentPaymentLocationAddressOptions.Cityfromstringtoemptyable(string)PaymentLocationAddressOptions.Line1fromstringtoemptyable(string)PaymentLocationAddressOptions.Line2fromstringtoemptyable(string)PaymentLocationAddressOptions.PostalCodefromstringtoemptyable(string)PaymentLocationAddressOptions.Statefromstringtoemptyable(string)PaymentBehavioronSubscriptionResumeOptionsStatusDetailsonSubscriptionSee the changelog for more details.
51.2.0-alpha.5
V2.Core.FeeBatch,V2.Core.FeeEntry,V2.MoneyManagement.DebitDispute, andV2.MoneyManagement.FinancialAccountStatementSimulateNetworkLifecyclePreArbitrationResponseandSimulateNetworkLifecyclePreArbitrationSubmissiontest helper methods on resourceIssuing.DisputeListmethod on resourcePaymentLocationGetandListmethods on resourcesV2.Core.FeeBatch,V2.Core.FeeEntry, andV2.MoneyManagement.FinancialAccountStatementCreate,Get, andListmethods on resourceV2.MoneyManagement.DebitDisputeDiscountsonDelegatedCheckout.RequestedSessionCreateOptions,DelegatedCheckout.RequestedSessionUpdateOptions, andDelegatedCheckout.RequestedSessionAmountSaleonDelegatedCheckout.RequestedSession.LineItemDetailandDelegatedCheckout.RequestedSession.TotalDetailsAmountDiscountandBreakdownonDelegatedCheckout.RequestedSession.TotalDetailsCheckDepositAddressonInvoice.PaymentSettings.PaymentMethodOptions.CheckScan,InvoicePaymentSettingsPaymentMethodOptionsCheckScanOptions,QuotePreviewInvoice.PaymentSettings.PaymentMethodOptions.CheckScan,Subscription.PaymentSettings.PaymentMethodOptions.CheckScan, andSubscriptionPaymentSettingsPaymentMethodOptionsCheckScanOptionsPaymentEvaluationsonPaymentAttemptRecordReportGuaranteedOptions,PaymentRecordGuaranteedOptions, andPaymentRecordReportPaymentAttemptGuaranteedOptionsLocationonPaymentIntentPaymentDetailsOptionsandSetupIntentSetupDetailsOptionsOnboardingDataUpdateAcknowledgedonPaymentLocationUpdateOptionsCustomeronRadar.CustomerEvaluationUpdateOptionsStatusonRadar.CustomerEvaluationUpdateOptionsandRadar.CustomerEvaluationPaymentBehavioronSubscriptionResumeOptionsDisputeDetailsonV2.MoneyManagement.ReceivedDebitDebitDisputeonV2.MoneyManagement.Transaction.FlowandV2.MoneyManagement.TransactionEntry.TransactionDetails.FlowPaymentAttemptRecordonEventsV2PaymentsOffSessionPaymentAttemptFailedEventandEventsV2PaymentsOffSessionPaymentFailedEventV2MoneyManagementFinancialAccountStatementCreatedEventandV2MoneyManagementFinancialAccountStatementRestatedEventwith related objectV2.MoneyManagement.FinancialAccountStatementSee the changelog for more details.
51.2.0-alpha.4
PaymentLocationCreate,Delete,Get, andUpdatemethods on resourcePaymentLocationProtectionsonAccountCapabilitiesCardPaymentsOptionsandCapabilityGiftCardonConfirmationToken.PaymentMethodPreview,ConfirmationTokenPaymentMethodDataOptions,PaymentIntentPaymentMethodDataOptions,PaymentMethodCreateOptions,PaymentMethod,SetupIntentPaymentMethodDataOptions, andSharedPayment.GrantedToken.PaymentMethodDetailsMetadataonDelegatedCheckout.RequestedSessionConfirmOptionsCreditedItemsonInvoiceItem.ProrationDetailsNetworkLifecycleonIssuing.DisputeStatusDetailsonSubscriptionSee the changelog for more details.
51.2.0-alpha.3
DebitCardonV2.Core.Account.Configuration.CardCreator.Capabilities.Consumer.Lead,V2.Core.Account.Identity.Attestations.TermsOfService.CardCreator.Consumer.Lead,V2CoreAccountConfigurationCardCreatorCapabilitiesConsumerLeadOptions, andV2CoreAccountIdentityAttestationsTermsOfServiceCardCreatorConsumerLeadOptionsSee the changelog for more details.
51.2.0-alpha.2
V2.Data.Analytics.MetricQueryResultCreate,Get, andRevokemethods on resourceSharedPayment.IssuedTokenCreatemethod on resourceV2.Data.Analytics.MetricQueryResultBalanceReportandPayoutReconciliationReportonAccountSession.ComponentsandAccountSessionComponentsOptionsAppDistributionandSunbitPaymentsonAccount.CapabilitiesandAccountCapabilitiesOptionsSunbitonCharge.PaymentMethodDetails,ConfirmationToken.PaymentMethodPreview,ConfirmationTokenPaymentMethodDataOptions,PaymentAttemptRecord.PaymentMethodDetails,PaymentIntentPaymentMethodDataOptions,PaymentMethodConfigurationCreateOptions,PaymentMethodConfigurationUpdateOptions,PaymentMethodConfiguration,PaymentMethodCreateOptions,PaymentMethod,PaymentRecord.PaymentMethodDetails, andSetupIntentPaymentMethodDataOptionsLast4onCharge.PaymentMethodDetails.GiftCard,PaymentAttemptRecord.PaymentMethodDetails.GiftCard, andPaymentRecord.PaymentMethodDetails.GiftCardLocationandReaderonCharge.PaymentMethodDetails.Klarna,PaymentAttemptRecord.PaymentMethodDetails.Klarna, andPaymentRecord.PaymentMethodDetails.KlarnaBlikonCheckoutSessionPaymentMethodOptionsOptions,Invoice.PaymentSettings.PaymentMethodOptions,InvoicePaymentSettingsPaymentMethodOptionsOptions,QuotePreviewInvoice.PaymentSettings.PaymentMethodOptions,Subscription.PaymentSettings.PaymentMethodOptions, andSubscriptionPaymentSettingsPaymentMethodOptionsOptionsSharedPaymentGrantedTokenonConfirmationTokenPaymentMethodDataOptions,PaymentIntentPaymentMethodDataOptions,PaymentMethod, andSetupIntentPaymentMethodDataOptionsCreditNote.TotalTaxes.TaxRateDetails.TaxRate,CreditNoteLineItem.Taxes.TaxRateDetails.TaxRate,Invoice.TotalTaxes.TaxRateDetails.TaxRate,InvoiceLineItem.Taxes.TaxRateDetails.TaxRate, andQuotePreviewInvoice.TotalTaxes.TaxRateDetails.TaxRatefromstringtoexpandable($TaxRate)BuyerConsentsonDelegatedCheckout.RequestedSessionConfirmOptionsConsentsonDelegatedCheckout.RequestedSession.BuyerConsents.MarketingPaymentFacilitatorIdandSubMerchantIdonIssuingAuthorizationMerchantDataOptionsandIssuingTransactionMerchantDataOptionsCardPresenceonIssuing.AuthorizationAllowedCardPresencesandBlockedCardPresencesonIssuing.Card.SpendingControls,Issuing.Cardholder.SpendingControls,IssuingCardSpendingControlsOptions, andIssuingCardholderSpendingControlsOptionsPaymentAttemptRecord.PaymentMethodDetails.GiftCard.BalanceandPaymentRecord.PaymentMethodDetails.GiftCard.BalancefromPaymentFlowsPrivatePaymentMethodsGiftCardDeprecatedDetailsResourceBalanceAmounttonullable(PaymentsPrimitivesPaymentRecordsResourcePaymentMethodGiftCardDetailsResourceBalance)AmountToConfirmonPaymentIntentConfirmOptionsKlarnaDisplayQrCodeonPaymentIntent.NextActionValidationErrorsonPrivacy.RedactionJobTaxDetailsonProductMotoonSetupAttempt.PaymentMethodDetails.CardAdmissionsTax,AttendanceTax,EntertainmentTax,GrossReceiptsTax,HospitalityTax,LuxuryTax,ResortTax, andTourismTaxonTaxRegistrationCountryOptionsUsOptionsPurposeonTreasury.OutboundPaymentCreateOptionsandTreasury.OutboundPaymentCryptoWalletonV2.MoneyManagement.FinancialAddress.CredentialsMxBankAccountonV2.MoneyManagement.FinancialAddress.CredentialsandV2.MoneyManagement.ReceivedCredit.BankTransferCryptoWalletTransferonV2.MoneyManagement.ReceivedCreditEuBankAccountonV2.MoneyManagement.ReceivedCredit.BankTransferCryptoPropertiesandSettlementCurrencyonV2.MoneyManagement.FinancialAddressCreateOptionsV2CoreApprovalRequestCreatedEventandV2CoreApprovalRequestExpiredEventwith related objectV2.Core.ApprovalRequestV2ExtendExtensionRunFailedEventSee the changelog for more details.
51.2.0-alpha.1
This release changes the pinned API version to 2026-04-22.private.
V2.Commerce.ProductCatalogImport,V2.Core.ApprovalRequest,V2.Extend.WorkflowRun,V2.Extend.Workflow,V2.Iam.ActivityLog,V2.Network.BusinessProfile, andV2.OrchestratedCommerce.AgreementV2.Core.WorkflowRunandV2.Core.WorkflowConfirm,Create,Get,List, andTerminatemethods on resourceV2.OrchestratedCommerce.AgreementGetandMemethods on resourceV2.Network.BusinessProfileListmethod on resourceV2.Iam.ActivityLogGetandListmethods on resourceV2.Extend.WorkflowRunGet,Invoke, andListmethods on resourceV2.Extend.WorkflowCancel,Execute,Get,List, andSubmitmethods on resourceV2.Core.ApprovalRequestCreateandGetmethods on resourceV2.Commerce.ProductCatalogImportGetandListmethods on resourceV2.Core.WorkflowRunGet,Invoke, andListmethods on resourceV2.Core.WorkflowRenewOnboardingLinkmethod on resourceV2.Core.ClaimableSandboxCustomeronSharedPayment.IssuedTokenBillManagementandSendMoneyonAccountSession.Components.Bills.FeaturesGiftCardonCharge.PaymentMethodDetails,PaymentAttemptRecord.PaymentMethodDetails, andPaymentRecord.PaymentMethodDetailsCustomPaymentMethodTypesonCheckout.SessionCreateOptionsandCheckout.SessionPaymentRecordonCheckout.SessionSharedPaymentGrantedTokenonConfirmationTokenPaymentMethodDataOptions,PaymentIntentPaymentMethodDataOptions,PaymentIntent,PaymentMethod, andSetupIntentPaymentMethodDataOptionsPaymentMethodonConfirmationToken.PaymentMethodPreview.SepaDebit.GeneratedFrom,PaymentMethod.SepaDebit.GeneratedFrom, andSharedPayment.GrantedToken.PaymentMethodDetails.SepaDebit.GeneratedFromReturnUrlonDelegatedCheckout.RequestedSessionConfirmOptionsBuyerConsentsonDelegatedCheckout.RequestedSessionCryptoTransactionsonIssuing.Authorization,Issuing.Dispute, andIssuing.TransactionPaymentFacilitatorIdandSubMerchantIdonIssuing.Authorization.MerchantDataandIssuing.Transaction.MerchantDataIdentifiersonOrderLineItemProductDataOptions,ProductCreateOptions,ProductUpdateOptions, andProductAgentDetailsonPaymentIntentExternalReferenceonPriceCreateOptionsandPriceUpdateOptionsLoginSucceededandRegistrationSucceededonRadar.AccountEvaluation.EventsandRadar.AccountEvaluationUpdateOptionsPrintContentonTerminal.Reader.ActionAppChannelonV2.Core.ClaimableSandboxCreateOptionsandV2.Core.ClaimableSandboxOnboardingLinkDetailsandOwnerDetailsonV2.Core.ClaimableSandboxClaimUrlonV2.Core.ClaimableSandboxOwnerAccountonV2.Core.ClaimableSandbox.SandboxDetailsSnapshotEventonV2.Core.EventMultiprocessorSettlementonV2.MoneyManagement.FinancialAccountCaBankAccountonV2.MoneyManagement.FinancialAddress.CredentialsandV2.MoneyManagement.ReceivedCredit.BankTransferAmountDetailsandPaymentDetailsonV2.Payments.OffSessionPaymentCaptureOptions,V2.Payments.OffSessionPaymentCreateOptions, andV2.Payments.OffSessionPaymentDescriptiononV2.Payments.OffSessionPaymentCreateOptionsandV2.Payments.OffSessionPaymentMcconV2PaymentsOffSessionPaymentPaymentMethodOptionsCardOptionsStorageonV2.MoneyManagement.FinancialAccountUpdateOptionsFxQuoteonV2.MoneyManagement.CurrencyConversionCreateOptionsOnboardingLinkDetailsonV2.Core.ClaimableSandboxCreateOptionsV2CoreBatchJobEndpointOptions.HttpMethodfromliteral('post')toenum('delete'|'post')TreasuryTransactiononEventsV2MoneyManagementTransactionCreatedEventV1AccountApplicationAuthorizedEvent,V1AccountApplicationDeauthorizedEvent,V1AccountExternalAccountCreatedEvent,V1AccountExternalAccountDeletedEvent,V1AccountExternalAccountUpdatedEvent,V1BillingPortalSessionCreatedEvent,V1EntitlementsActiveEntitlementSummaryUpdatedEvent,V2CoreHealthMeterEventSummariesDelayedFiringEvent, andV2CoreHealthMeterEventSummariesDelayedResolvedEventV1AccountUpdatedEventwith related objectAccountV1ApplicationFeeCreatedEventandV1ApplicationFeeRefundedEventwith related objectApplicationFeeV1ApplicationFeeRefundUpdatedEventwith related objectApplicationFeeRefund... (truncated)
Commits viewable in compare view.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions