Skip to content

Bump the nuget-minor-patch group with 9 updates#170

Merged
briandenicola merged 1 commit into
mainfrom
dependabot/nuget/nuget-minor-patch-8cd445b69e
May 18, 2026
Merged

Bump the nuget-minor-patch group with 9 updates#170
briandenicola merged 1 commit into
mainfrom
dependabot/nuget/nuget-minor-patch-8cd445b69e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 18, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Updated Azure.Identity from 1.16.0 to 1.21.0.

Release notes

Sourced from Azure.Identity's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Azure.Monitor.OpenTelemetry.Exporter from 1.2.0 to 1.8.0.

Release notes

Sourced from Azure.Monitor.OpenTelemetry.Exporter's releases.

1.8.0

1.8.0 (2026-04-29)

Other Changes

  • Pulled in OpenTelemetry dependency updates.

1.6.3

1.6.3 (2026-05-08)

Bugs Fixed

  • Fixed a misalignment between the explicit net8.0 target of this package and its Microsoft.AspNetCore.DataProtection dependency, which does not offer a net8.0 asset in the 10.x version. The dependency now resolves to version 8.0.26 when targeting net8.0, ensuring consumers receive a framework-compatible asset and eliminating the associated dependency warnings.

1.6.2

1.6.2 (2026-04-28)

Other Changes

1.5.3

1.5.3 (2026-05-08)

Bugs Fixed

  • Fixed a misalignment between the explicit net8.0 target of this package and its Microsoft.AspNetCore.DataProtection dependency, which does not offer a net8.0 asset in the 10.x version. The dependency now resolves to version 8.0.26 when targeting net8.0, ensuring consumers receive a framework-compatible asset and eliminating the associated dependency warnings.

1.5.2

1.5.2 (2026-04-28)

Other Changes

1.5.1

1.5.1 (2026-04-29)

Other Changes

  • Adopted the new Azure.Core version that includes the identity types moved from Azure.Identity.

1.5.0

1.5.0 (2026-04-30)

Features Added

  • Add ability to specify EnableStandardMetrics and EnablePerformanceCounters
    (#​56438)

Breaking Changes

  • Default Sampler Changed: The default sampling behavior has been changed from
    ApplicationInsightsSampler with 100% sampling (all traces sampled) to
    RateLimitedSampler with 5.0 traces per second. This change significantly
    reduces telemetry volume for high-traffic applications and provides better
    cost optimization out of the box.
    Impact: Applications with more than 5 requests per second will see fewer
    traces exported by default.
    Migration: To maintain the previous behavior (100% sampling), explicitly
    configure the sampler:
// Option 1: Set SamplingRatio and clear TracesPerSecond
builder.Services.AddOpenTelemetry()
    .UseAzureMonitor(options =>
    {
        options.SamplingRatio = 1.0f;
        options.TracesPerSecond = null;
    });
// Option 2: Use environment variables
// OTEL_TRACES_SAMPLER=microsoft.fixed_percentage
// OTEL_TRACES_SAMPLER_ARG=1.0

Bugs Fixed

  • Fixed an issue where Azure Container Apps instances were showing VM instance GUIDs
    instead of replica names in the Role Instance field.
    (#​54586)

1.4.2

1.4.2 (2026-04-28)

Other Changes

  • Upgraded dependent Azure.Core to 1.54.0.
  • Upgraded dependent Azure.ResourceManager to 1.14.0.

1.4.1

1.4.1 (2026-04-27)

Other Changes

  • Upgraded dependent Azure.Core to 1.54.0.
  • Upgraded dependent Azure.ResourceManager to 1.14.0.

1.4.0-beta.1

1.4.0-beta.1 (2026-05-07)

Features Added

  • Upgraded api-version to 2026-01-31-preview.

1.3.1

1.3.1 (2026-04-29)

Other Changes

  • Upgraded dependent Azure.Core to 1.54.0.
  • Upgraded dependent Azure.ResourceManager to 1.14.0.

1.3.0-beta.1

1.3.0-beta.1 (2026-04-29)

Other Changes

  • Upgraded dependent Azure.Core to 1.54.0.
  • Upgraded dependent Azure.ResourceManager to 1.14.0.

1.2.3

1.2.3 (2026-04-28)

Other Changes

  • Upgraded dependent Azure.Core to 1.54.0.
  • Upgraded dependent Azure.ResourceManager to 1.14.0.

1.2.2

1.2.2 (2026-04-28)

Other Changes

  • Upgraded dependent Azure.Core to 1.54.0.
  • Upgraded dependent Azure.ResourceManager to 1.14.0.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.0 to 10.0.8.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Azure.Cosmos from 3.58.0 to 3.59.0.

Release notes

Sourced from Microsoft.Azure.Cosmos's releases.

3.59.0

3.59.0 - 2026-4-24

Features Added

  • 5579 Change Feed Processor: Adds Lease container export support
  • 5709 Performance: Adds caching for URL-encoded AAD authorization signature
  • 5731 DNS dot-suffix: Adds TCP DNS dot-suffix for Direct mode to avoid Kubernetes ndots latency
  • 5755 Exceptionless: Adds enabling exception less 400 status code
  • 5756 Exceptionless: Adds enabling exception less 404/1002 status code
  • 5757 Exceptionless: Adds enabling exception less 403
  • 5779 Direct: Adds Direct package version bump to 3.42.4
  • 5786 Region Availability: Adds missing regions from Direct 3.42.4
  • 5788 Socket Handler: Adds HTTP/2 PING keep-alive to detect broken connections in pool

Bugs Fixed

  • 5553 NativeDLLs: Fixes Conditionally include win-x64 native DLLs based on RuntimeIdentifier
  • 5588 LINQ: Fixes memory leak from Expression.Compile() in all call sites
  • 5617 ChangeFeedProcessor: Fixes first-change skip during initial startup by anchoring StartTime
  • 5636 CosmosClientBuilder: Fixes self-referencing loop in GetSerializedConfiguration with STJ TypeInfoResolver
  • 5748 Routing: Fixes GetOverlappingRanges CPU overhead from repeated JSON deserialization
  • 5807 ChangeFeedProcessor: Fixes lease de-duplication for /partitionKey-partitioned lease containers
  • 5778 DocumentClient: Fixes Potential Memory Leak By Properly Disposing GlobalPartitionEndpointManagerCore. This bug left the circuit breaker failback loop running indefinitely, leaking Task.Delay timers.

3.59.0-preview.0

3.59.0-preview.0 - 2026-3-20

Added

  • 5502 VectorIndex Policy: Adds Support for QuantizerType in IndexingPolicy
  • 5634 Semantic Reranking: Adds response body in semantic reranking error responses
  • 5685 Read Consistency Strategy: Adds Read Consistency Strategy option for read requests
  • 5447 Per Partition Automatic Failover: Adds Hub Region Processing Only While Routing Requests Failed with 404/1002 for single master accounts
  • 5551 HPK: Adds internal CosmosClientOptions flag UseLengthAwareRangeComparer for length aware range comparer rollout
  • 5582 Query: Adds ability to choose global vs local/focused statistics for FullTextScore
  • 5610 Refactors N-Region Synchronous Commit feature to use IServiceConfigurationReaderVNext interface.
  • 5693 ThinClient Integration: Adds Enable Multiple Http2 connection on SocketsHttpHandler
  • 5614 ThinClient Integration: Adds support for QueryPlan in thinclient mode

Fixed

  • 5597 CosmosClient: Fixes ObjectDisposedException message when client is disposed during request
  • 5613 CrossRegionHedgingAvailabilityStrategy: Fixes ArgumentNullException race condition in hedging cancellation
  • 5650 Batch: Fixes null ErrorMessage when promoting status from MultiStatus response
  • 5651 Serializer: Fixes unsafe stream cast in FromStream
  • 5697 ResourceThrottleRetryPolicy: Fixes cumulativeRetryDelay tracking when x-ms-retry-after-ms header is absent

Commits viewable in compare view.

Updated Microsoft.IdentityModel.Tokens from 8.3.1 to 8.18.0.

Release notes

Sourced from Microsoft.IdentityModel.Tokens's releases.

8.18.0

New Features

  • Introduced a new interface IConfigurationEventHandlerContextAware<T> that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See PR #​3444.
  • Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See PR #​3443.

8.17.0

Dependencies

  • Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See PR #​3435.

8.16.0

New Features

  • Add telemetry around signature validation. See PR #​3415 for details.

Fundamentals

  • Fix FileVersion format to use two-digit year and day of year. See PR #​3389 for details.

8.15.0

New Features

  • Add ECDsa support in X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey
    Extended X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey to support ECDSA keys.
    See PR #​2377 for details.

Bug Fixes

  • Sanitize logs to avoid leaking sensitive data
    Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.
    See PR #​3316 for details.
  • Optimize log sanitization with SearchValues
    Improved the performance of the log sanitization logic introduced earlier by using SearchValues, making sanitization more efficient in high-throughput scenarios.
    See PR #​3341 for details.
  • Update test for IDX10400
    Adjusted the IDX10400 test to align with the current behavior and error messaging.
    See PR #​3314 for details.

Fundamentals

  • Add supported algorithm tests
    Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.
    See PR #​3296 for details.
  • Migrate repository agent rules from .clinerules to agents.md
    Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.
    See PR #​3313 for details.
  • Migrate Microsoft.IdentityModel.TestExtensions from Newtonsoft.Json to System.Text.Json
    Updated Microsoft.IdentityModel.TestExtensions to use System.Text.Json instead of Newtonsoft.Json, aligning tests with the runtime serialization stack.
    See PR #​3356 for details.
  • Disable code coverage comments
    Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.
    See PR #​3349 for details.
  • Fix CodeQL alerts
    Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.
    See PR #​3364 for details.

.NET 10 / SDK and tooling updates

  • Building with .NET 10 preview / RC 1
    Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.
    See PRs #​3287, #​3357, and #​3358 for details.
  • Fix .NET 10 test execution consistency
    Ensured consistent use of the TargetNetNext parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.
    See PR #​3337 for details.
  • Update project files and workflows for .NET 10.0 compatibility
    Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.
    See PR #​3363 for details.
  • Update .NET version to meet CG compliance
    Updated the .NET version references to be compliant with corporate governance (CG) requirements.
    See PR #​3353 for details.
  • Update Coverlet collector and test SDK
    • Bumped CoverletCollectorVersion to 6.0.4.
      See PR #​3333 for details.
    • Upgraded Microsoft.NET.Test.Sdk to a newer version for improved test reliability and tooling support.
      ... (truncated)

8.14.0

8.14.0

Bug Fixes

  • Switch back to use ValidationResult instead of OperationResult when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See #​3299 for details.

8.13.1

8.13.1

Dependencies

Microsoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0

Bug Fixes

  • Fixed a decompression failure happening for large JWE payloads. See #​3286 for details.

Work related to redesign of IdentityModel's token validation logic #​2711

  • Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See #​3284 for details.

8.13.0

8.13.0

8.13.0

Fundamentals

  • CaseSensitiveClaimsIdentity.SecurityToken setter is now protected internal (was internal). See PR #​3278 for details.
  • Update .NET SDK version to 9.0.108 used when building or running the code. See PR #​3274 for details.
  • Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See #​3280 for details.

What's Changed

New Contributors

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.1...8.13.0

8.12.1

8.12.1

Fundamentals

  • Update .NET SDK version to 9.0.107 used when building or running the code. See #​3263 for details.
  • To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR #​3261 for details.
  • Experimental code leaked into TokenValidationResult from early prototypes. See PR #​3259 for details.

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.12.0...8.12.1

8.12.0

8.12.0

New Features

  • Enhance ConfigurationManager with event handling
    Added event handling capabilities to the ConfigurationManager, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see #​3253

Bug Fixes

  • Add expected Base64UrlEncoder.Decode overload for NET6 and 8
    Introduced the expected overload of Base64UrlEncoder.Decode for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.
    For details see #​3249

Fundamentals

  • Add AI assist rules
    Incorporated AI assist rules to enhance AI agents effectiveness.
    For details see #​3255
  • Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0
    Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).
    For details see #​3256
  • Move suppression of RS006 to csproj
    Centralized suppression of RS006 warnings in project files for easier management.
    For details see #​3230

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.11.0...8.12.0

8.11.0

8.11.0

New Features:

  • Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue #​3245 for details.
  • Added a new public async API: JsonWebTokenHandler.DecryptTokenWithConfigurationAsync, which decrypts a JWE token using keys from either TokenValidationParameters or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR #​3243 for details.

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.10.0...8.11.0

8.10.0

8.10.0

Bug Fixes

  • Corrected casing of the Type attribute in SubjectConfirmationData. See #​3206.
  • Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See #​3220.
  • Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See #​3226.

Fundamentals

8.9.0

8.9.0

Bug Fixes

New Features

Fundamentals

8.8.0

8.8.0

New Features

  • Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR #​3193 for details.
  • Identity.Model updates some log and error messages (IDX10214, IDX10215). If the information is needed for debugging purposes, it can be reverted via the Switch.Microsoft.IdentityModel.DoNotScrubExceptions AppContextSwitch. See PR #​3195 and https://aka.ms/identitymodel/app-context-switches for details.
  • Change all plain object locks to System.Thread.Lock objects for .NET 9 or greater. See PRs #​3185 and #​3189 for details.

8.7.0

Bug Fixes

  • Add back internal methods IsRecoverableException and IsRecoverableExceptionType whose signatures were changed in the previous version. See #​3181.

New Features

  • Make Cnf class public and move it to Microsoft.IdentityModel.Tokens package. See #​3165.

What's Changed

New Contributors

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.6.1...8.7.0

8.6.1

8.6.1

Bug fix

  • Microsoft.IdentityModel now triggers a configuration refresh if token decryption fails. See issue #​3148 for details.
  • Fix a bug in JsonWebTokenHandler where JwtTokenDecryptionParameters's Alg and Enc were not set during token decryption, causing IDX10611 and IDX10619 errors to show null values in the messages. See issue #​3003 for details.

Fundamentals

  • For development, IdentityModel now has a global.json file to specify the .NET SDK version. See issue #​2995 for details.

What's Changed

New Contributors

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.6.0...8.6.1

8.6.0

8.6.0

New Features

  • TokenValidationParameters has a new boolean property TryAllDecryptionKeys that let you choose whether to try all decrypt keys when no key matches the token decrypt key IDs. By default it's set to true (legacy behavior) but you can set it to false to avoid tyring all keys which is more performant. See #​3128
  • Promote KeyInfo.MatchesKey from internal to protected internal virtual to enable SAML extensibility (for CoreWcf). See #​3140

Fundamentals

  • Update dependency on Microsoft.Extensions.Logging.Abstractions from 9.0.0 to 8.0.2 to avoid package downgrade in apps on .NET 9 using a netstandard2.0 library referencing logging.abstractions. See 3143
  • Add more tests for encrypted tokens. See #​3139

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.5.0...8.6.0

8.5.0

8.5.0

Reverting previous breaking change

  • The Configuration Manager has been reverted to version 8.3.1. The changes made in 8.4.0 assume the configuration manager is used as a singleton, which is similar to marking the type as disposable. We have since learned that adding IDisposable is a breaking change, so we are following semver guidance and reverting and releasing a minor version (8.5.0).
  • Cherry-picked Changes: Included changes from PR #​3022 and #​3104.

What's Changed

Full Changelog: AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet@8.4.0...8.5.0

8.4.0

8.4.0

New Features

  • App context switch allows blocking or non-blocking calls for configuration. See PR #​3106 for details and issue #​3082 for details. If you are not using the ConfigurationManager as a singleton and not using the blocking option, you may need to call ShutdownBackgroundTask() to stop the background task to avoid leaking Tasks.
  • IdentityModel now enables symmetric and asymmetric keys to be created publicly with JWK. See #​3094 for details.
  • IdentityModel now allows specifying the HTTP protocol version and version policy. See #​2808 for details.

Repair items

  • Add request count and duration telemetry for configuration requests. See #​3022 for details.
  • KeyID should be present in exception messages and is no longer PII. See #​3104 for details.

Fundamentals

  • Fix spelling issues in xml comments. See #​3117 for details.
  • Fix comment coverage in PR builds. See #​3079 for details.

Work related to redesign of IdentityModel's token validation logic #​2711

Commits viewable in compare view.

Updated Newtonsoft.Json from 13.0.3 to 13.0.4.

Release notes

Sourced from Newtonsoft.Json's releases.

13.0.4

  • New feature - Annotated for trim/AOT (in)compatibility
  • New feature - Added support for using Index with JArray
  • Change - Avoid LINQ expression trees in .NET 6+ reflection
  • Fix - Fixed handling of empty constructor names
  • Fix - Fixed XML convert duplicate attribute error on nested arrays with writeArrayAttribute set to true
  • Fix - Fixed XML convert array attribute is not set for properties with special characters
  • Fix - Fixed TimeOnly deserialization to support more formats

Commits viewable in compare view.

Updated OpenTelemetry.Extensions.Hosting from 1.8.1 to 1.15.3.

Release notes

Sourced from OpenTelemetry.Extensions.Hosting's releases.

1.15.3

For highlights and announcements pertaining to this release see: Release Notes > 1.15.3.

The following changes are from the previous release 1.15.2.

  • NuGet: OpenTelemetry v1.15.3

    • Fix resource leak in batch and periodic exporting task workers for Blazor/WASM.
      (#​7069)

    • Fixed LogRecord.LogLevel to preserve LogLevel.None and handle
      unspecified or out-of-range severities without returning invalid enum values.
      (#​7092)

    • Fixed OTEL_TRACES_SAMPLER_ARG handling to treat out-of-range, NaN, and
      infinite values as invalid and fall back to the default ratio when using
      traceidratio and parentbased_traceidratio samplers.
      (#​7103)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.15.3

    • Fix baggage and trace headers not respecting the maximum length in some cases
      to resolve GHSA-g94r-2vxg-569j.
      (#​7061)

    • Improve efficiency of parsing of baggage and B3 propagation headers
      to resolve GHSA-g94r-2vxg-569j.
      (#​7061)

    • Breaking change: Fixed tracestate parsing to reject keys that do not
      begin with a lowercase letter, including keys beginning with digits, to
      align with the W3C Trace Context specification.
      (#​7065)

    • Fixed BaggagePropagator to trim optional whitespace (OWS) around =
      separators when parsing the baggage header, as required by the
      W3C Baggage specification.
      (#​7009)

    • Fixed BaggagePropagator to strip baggage properties (e.g. ;metadata)
      from values when parsing the baggage header.
      (#​7009)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.15.3

    No notable changes.

... (truncated)

1.15.3-beta.1

The following changes are from the previous release 1.15.2-beta.1.

1.15.2

For highlights and announcements pertaining to this release see: Release Notes > 1.15.2.

The following changes are from the previous release 1.15.1.

1.15.2-beta.1

The following changes are from the previous release 1.15.1-beta.1.

1.15.1

For highlights and announcements pertaining to this release see: Release Notes > 1.15.1.

The following changes are from the previous release 1.15.0.

... (truncated)

1.15.1-beta.1

The following changes are from the previous release 1.15.0-beta.1.

1.15.0

For highlights and announcements pertaining to this release see: Release Notes > 1.15.0.

The following changes are from the previous release 1.14.0.

  • NuGet: OpenTelemetry v1.15.0

    • Added support for the OTEL_SDK_DISABLED environment variable in TracerProvider,
      MeterProvider, and LoggerProvider. When OTEL_SDK_DISABLED=true,
      the SDK returns no-op implementations for all telemetry signals.
      The OTEL_SDK_DISABLED environment variable is only evaluated upon application
      startup, later changes have no effect.
      (#​6568)

    • Added LowMemory temporality as an option in the OTLP metrics exporter.
      (#​6648)

    • Added support for Meter.TelemetrySchemaUrl property.
      (#​6714)

    • Improve performance and reduce memory consumption for metrics histograms.
      (#​6715)

    • Decode value in OTEL_RESOURCE_ATTRIBUTES environment variable.
      (#​6737)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.15.0

    • Added a new overload for TracerProvider.GetTracer which accepts an optional
      string? schemaUrl parameter, allowing a schema URL to be set on the Tracer.
      (#​6736)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.15.0

    No notable changes.

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Exporter.Console v1.15.0

    • Added support for ActivitySource.TelemetrySchemaUrl property.
      (#​6713)

    • Added support for Meter.TelemetrySchemaUrl property.
      (#​6714)

    See CHANGELOG for details.
    ... (truncated)

1.15.0-beta.1

The following changes are from the previous release 1.14.0-beta.1.

1.14.0

For highlights and announcements pertaining to this release see: Release Notes > 1.14.0.

The following changes are from the previous release 1.14.0-rc.1.

  • NuGet: OpenTelemetry v1.14.0

    • Breaking Change NuGet packages now use the Sigstore bundle format
      (.sigstore.json) for digital signatures instead of separate signature
      (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
      for verification. See the Digital signing
      section       for updated verification instructions.
      (#​6623)

    • Update to stable versions for .NET 10.0 NuGet packages.
      (#​6667)

    • Update Microsoft.Extensions.* dependencies to 10.0.0 for .NET Framework
      and .NET Standard.
      (#​6667)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.14.0

    • Breaking Change NuGet packages now use the Sigstore bundle format
      (.sigstore.json) for digital signatures instead of separate signature
      (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
      for verification. See the Digital signing
      section       for updated verification instructions.
      (#​6623)

    • Update System.Diagnostics.DiagnosticSource dependency to 10.0.0
      for all target frameworks.
      (#​6667)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.14.0

    • Breaking Change NuGet packages now use the Sigstore bundle format
      (.sigstore.json) for digital signatures instead of separate signature
      (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
      for verification. See the Digital signing
      section       for updated verification instructions.
      (#​6623)

    • Update to stable versions for .NET 10.0 NuGet packages.
      (#​6667)

    • Update Microsoft.Extensions.* dependencies to 10.0.0 for .NET Framework
      ... (truncated)

1.14.0-rc.1

The following changes are from the previous release 1.13.1.

Description has been truncated

@dependabot
Bump the nuget-minor-patch group with 9 updates
d64747f 
Bumps Azure.Identity from 1.16.0 to 1.21.0
Bumps Azure.Monitor.OpenTelemetry.Exporter from 1.2.0 to 1.8.0
Bumps Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.0 to 10.0.8
Bumps Microsoft.Azure.Cosmos from 3.58.0 to 3.59.0
Bumps Microsoft.IdentityModel.Tokens from 8.3.1 to 8.18.0
Bumps Newtonsoft.Json from 13.0.3 to 13.0.4
Bumps OpenTelemetry.Extensions.Hosting from 1.8.1 to 1.15.3
Bumps OpenTelemetry.Instrumentation.AspNetCore from 1.8.1 to 1.15.2
Bumps OpenTelemetry.Instrumentation.Http from 1.8.1 to 1.15.1

---
updated-dependencies:
- dependency-name: Azure.Identity
  dependency-version: 1.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget-minor-patch
- dependency-name: Azure.Monitor.OpenTelemetry.Exporter
  dependency-version: 1.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget-minor-patch
- dependency-name: OpenTelemetry.Extensions.Hosting
  dependency-version: 1.15.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget-minor-patch
- dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer
  dependency-version: 10.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget-minor-patch
- dependency-name: Microsoft.Azure.Cosmos
  dependency-version: 3.59.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget-minor-patch
- dependency-name: Microsoft.IdentityModel.Tokens
  dependency-version: 8.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget-minor-patch
- dependency-name: Newtonsoft.Json
  dependency-version: 13.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget-minor-patch
- dependency-name: OpenTelemetry.Instrumentation.AspNetCore
  dependency-version: 1.15.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget-minor-patch
- dependency-name: OpenTelemetry.Instrumentation.Http
  dependency-version: 1.15.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels May 18, 2026
@dependabot dependabot Bot requested a review from briandenicola as a code owner May 18, 2026 23:08
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code labels May 18, 2026
@briandenicola briandenicola merged commit f0bca96 into main May 18, 2026
@dependabot @github

dependabot Bot commented on behalf of github May 18, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are no longer updatable, so this is no longer needed.

@dependabot dependabot Bot deleted the dependabot/nuget/nuget-minor-patch-8cd445b69e branch May 18, 2026 23:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@briandenicola briandenicola briandenicola approved these changes

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@briandenicola