Skip to content

Bump the duende group with 2 updates #12

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the duende group with 2 updates #12

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 6, 2025
edited
Loading

Updated Duende.IdentityServer from 7.1.1 to 7.3.2.

Release notes

Sourced from Duende.IdentityServer's releases.

7.3.2

This is a patch release that optimizes key creation when not using X509 Certificates.

Details

  • Do not unnecessarily request current issuer when creating new key

7.3.1

This is a patch release that fixes a bug and enables a System.Text.Json serialization option.

Details

  • Fixed an issue where uncommon license features caused an exception.
  • Allow RespectNullableAnnotationsDefault to be globally enabled. This is a relatively new feature in System.Text.Json that can be globally opted in to.

7.3.0

IdentityServer 7.3.0 is a significant release that includes:

  • FAPI 2.0 profile certification
  • JWT Response from the introspection endpoint (RFC 9701)
  • Diagnostic data
  • Removal of the experimental label from OpenTelemetry metrics
  • Additional license compliance warnings
  • Several bug fixes
  • Numerous small code quality and performance enhancements from the community

Breaking Changes

There are no schema changes needed for IdentityServer 7.3.0. Small code changes maybe be required for some users to upgrade.

  • The SendLogoutNotificationAsync method has been removed from the DefaultBackChannelLogoutService class
  • Client Secret is now required for Clients with ClientCredentials Grant

The SendLogoutNotificationAsync method has been removed from the DefaultBackChannelLogoutService class

  • Fix Concurrent DbContext Access on Back Channel Logout by @​bhazen in Fix Concurrent DbContext Access on Back Channel Logout DuendeSoftware/products#2019
    To fix a bug where when using EntityFramework, code which previously executed in parallel needed to be modified to execute sequentially. This necessitated the removal of the SendLogoutNotificationAsync method in the DefaultBackChannelLogoutService class. Anyone who had previously overridden the SendLogoutNotificationAsync as an extensibility point will likely need to move their customization to the PostLogoutJwt method.

Client Secret is now required for Clients with ClientCredentials Grant

  • Ensure Client Secret is Required for Clients with ClientCredentials Grant by @​bhazen in Ensure Client Secret is Required for Clients with ClientCredentials Grant DuendeSoftware/products#1796
    Previously, it was possible to configure a Client to allow the ClientCredentials Grant without requiring a client secret which is undesirable. The default validation of Clients has been updated to ensure any Client which allows the ClientCredentials grant also sets the RequireClientSecret flag to true to disallow the configuration of a private client to behave like a public client.

Enhancements

FAPI 2.0 Profile Certification

IdentityServer is 7.3.0 is officially certified as conformant with the FAPI 2.0 Security Profile.

JWT Response from Introspection Endpoint

IdentityServer now supports RFC 9701 to return a JWT Response from the Introspection endpoint.

Diagnostic Data

Diagnostic data has been added to IdentityServer to help support with troubleshooting. Read more about this new feature in our docs. TODO: link to docs

7.3.0-rc.2

This is the second release candidate for IdentityServer 7.3.0, containing several bug fixes from 7.2 releases that were missed in the first release candidate, as well as editorial changes to some new log messages.

Detailed change log

Previously fixed bugs

Log messages

7.3.0-rc.1

This is release candidate 1 of IdentityServer 7.3.0, a significant release that includes:

  • FAPI 2.0 profile certification
  • JWT Response from the introspection endpoint (RFC 9701)
  • Diagnostic data
  • Removal of the experimental label from OpenTelemetry metrics
  • Additional license compliance warnings
  • Several bug fixes
  • Numerous small code quality and performance enhancements from the community

Breaking Changes

There are no schema changes needed for IdentityServer 7.3.0. Small code changes maybe be required for some users to upgrade.

  • The SendLogoutNotificationAsync method has been removed from the DefaultBackChannelLogoutService class
  • Client Secret is now required for Clients with ClientCredentials Grant

The SendLogoutNotificationAsync method has been removed from the DefaultBackChannelLogoutService class

  • Fix Concurrent DbContext Access on Back Channel Logout by @​bhazen in Fix Concurrent DbContext Access on Back Channel Logout DuendeSoftware/products#2019
    To fix a bug where when using EntityFramework, code which previously executed in parallel needed to be modified to execute sequentially. This necessitated the removal of the SendLogoutNotificationAsync method in the DefaultBackChannelLogoutService class. Anyone who had previously overridden the SendLogoutNotificationAsync as an extensibility point will likely need to move their customization to the PostLogoutJwt method.

Client Secret is now required for Clients with ClientCredentials Grant

  • Ensure Client Secret is Required for Clients with ClientCredentials Grant by @​bhazen in Ensure Client Secret is Required for Clients with ClientCredentials Grant DuendeSoftware/products#1796
    Previously, it was possible to configure a Client to allow the ClientCredentials Grant without requiring a client secret which is undesirable. The default validation of Clients has been updated to ensure any Client which allows the ClientCredentials grant also sets the RequireClientSecret flag to true to disallow the configuration of a private client to behave like a public client.

Enhancements

FAPI 2.0 Profile Certification

IdentityServer is 7.3.0 is officially certified as conformant with the FAPI 2.0 Security Profile.

JWT Response from Introspection Endpoint

IdentityServer now supports RFC 9701 to return a JWT Response from the Introspection endpoint.

Diagnostic Data

Diagnostic data has been added to IdentityServer to help support with troubleshooting. Read more about this new feature in our docs. TODO: link to docs

7.2.4

This is a patch release that fixes a null reference exception that could occur if a client configuration is removed while active server side sessions exist that involve that client.

Detailed changelog

Full Changelog: DuendeSoftware/products@is-7.2.3...is-7.2.4

7.2.3

This is a patch release that fixes a regression where multiple WWW-authenticate headers where issued.

What's Changed

Full Changelog: DuendeSoftware/products@is-7.2.2...is-7.2.3

7.2.2

This is a patch release that

  • Hardens the default configuration of the sensitive values filters and
  • Fixes mTLS binding so that port numbers can be used as part of mTLS domain

Sensitive Values Filter Defaults

hardens the security of the default configuration that controls the redaction in logs of parameters passed to the Pushed Authorization (PAR) and Authorize endpoint, ensuring that client secrets and client assertions are not logged by default.

In particular, the default value of AuthorizeRequestSensitiveValuesFilter and PushedAuthorizationSensitiveValuesFilter have been changed to both be ["client_secret", "client_assertion", "id_token_hint"].

PAR requests sometimes are handled by the same code path as authorize requests, so this makes both filters the same by default.

mTLS port number

The MtlsOptions.DomainName can now include a port number.

Detailed Changelog

Full Changelog: DuendeSoftware/products@is-7.2.1...is-7.2.2

7.2.1

This is a patch release of IdentityServer that fixes a bug where a private_key_jwt client authentication token would be rejected if it had no typ header, even if strict validation of such tokens was not enabled.

What's Changed

7.2.0

IdentityServer 7.2 is a significant release that includes:

  • Optional strict validation of private_key_jwt audiences, implementing RFC 7523 bis
  • Optional caching of the discovery endpoint
  • Less log noise when issuing the use_dpop_nonce response from the token endpoint
  • Bug fixes and optimizations

Upgrading

There are no breaking changes or schema updates required to upgrade from IdentityServer 7.1 to 7.2.

Upgrading from IdentityServer 7.2.0-preview.1

We have moved the StrictClientAssertionAudienceValidation option that was introduced in 7.2.0-preview.1 into a new Preview section of the options. This new section provides a mechanism for us to deliver new features more quickly, and gives us the flexibility to change implementation details, behavior, or the API surface. Users can opt in to preview features at their own discretion, with the understanding that we make a stronger commitment to API stability once a feature leaves preview. Our intent with Preview flags is to be able to iterate quickly while still providing stability.

We've decided to mark StrictClientAssertionAudienceValidation as a preview option since the formal specification that it is based on (RFC 7523 bis) has not yet been adopted by the IETF OAuth working group.

RFC 7523 bis

RFC 7523 bis is a proposed update to RFC 7523 in which two new requirements for private_key_jwt client assertions are proposed:

  • That the audience (aud claim) must be the issuer of the authorization server and must be a single string
  • That the type (typ header) must be "client-authentication+jwt"

Similar strict audience validation requirements can be found in the FAPI 2.0 Profile.

The intent of the audience validation is to prevent certain academic attacks against OAuth ecosystems that include multiple Authorization Servers in which one of the Authorization Servers is compromised or malicious. The new type header value provides a mechanism to facilitate upgrades, because conforming clients that adopt the proposed changes will produce a token that can be easily distinguished by looking for the new type.

IdentityServer 7.2 includes preview support for RFC 7523 bis. Client applications can opt in to this support by setting the new type header; assertions that set the typ header to client-authentication+jwt always have their audience validated strictly. Other clients can continue to authenticate with private_key_jwts as they do today. IdentityServer can be configured to force clients to update by setting the option options.Preview.StrictClientAssertionAudienceValidation. When that flag is enabled, all private_key_jwt client assertions must set the typ to client-authentication+jwt, and must set their audience to the IdentityServer's issuer.

Discovery Document Caching

We've heard reports of cases where a high volume of requests to the discovery endpoint caused memory pressure and strain on server resources. This could happen in a solution with many clients calling the discovery endpoint, such as native (mobile) clients, SPA clients, or microservices that connect directly to the identity provider. It could also happen if misconfigured clients fail to cache the discovery response.

We’ve added a preview feature that allows you to cache the endpoint output using your distributed cache registration, with the default cache being an in-memory implementation. The cache is meant to reduce pressure when a sudden spike in requests occurs.

You must set the following property in your IdentityServerOptions instance to enable discovery document caching:

#pragma warning disable DUENDEPREVIEW001
pipeline.Options.Preview.EnableDiscoveryDocumentCache = true;
#pragma warning restore DUENDEPREVIEW001
pipeline.Options.Preview.DiscoveryDocumentCacheDuration = TimeSpan.FromMinutes(1);

It's best to keep the cache time low if you utilize the CustomEntries element on the discovery document or implement a custom IDiscoveryResponseGenerator.
This feature is a step in optimizing Duende IdentityServer to utilize server resources and improve performance. More benchmarking and tuning will follow.

use_dpop_nonce Log Noise Reduction

One way to configure DPoP is to require a server-issued nonce value. A nonce prevents replay or pre-generation of the proof tokens used in DPoP by having the authorization server provide a nonce value that the client must include in its signatures. That nonce is provided to the client through a protocol error response.

In IdentityServer 7.1 and earlier, this raised the TokenIssuedFailureEvent because, technically, the token endpoint returns an error. However, this interaction is an expected part of the interaction between client and server. It isn’t an error in the usual sense of the word, and it can happen quite often, resulting in lots of noise in the logs. Therefore, we no longer raise the TokenIssuedFailureEvent when returning a server-generated DPoP nonce.

For those still interested in knowing these errors are occurring, we have added additional Debug log messages to help diagnose and troubleshoot your client implementations. Because these messages are low severity, you must explicitly enable them in your environments to see them. The existing OTel metrics that track token error responses are unchanged, as they don’t add noise to the logs.

Detailed changelog

... (truncated)

7.2.0-preview.1

This is the first preview of IdentityServer 7.2. Highlights include:

  • Optional strict validation of private_key_jwt audiences
  • Error events are no longer raised for the use_dpop_nonce response from the token endpoint
  • Bug fixes and optimizations

Upgrading

There are no breaking changes or schema updates required to upgrade from IdentityServer 7.1 to 7.2.

What's Changed

New Contributors

Full Changelog: DuendeSoftware/products@is-7.1.0...is-7.2.0-preview.1

Commits viewable in compare view.

Updated Duende.IdentityServer.Storage from 7.1.1 to 7.3.2.

Release notes

Sourced from Duende.IdentityServer.Storage's releases.

7.3.2

This is a patch release that optimizes key creation when not using X509 Certificates.

Details

  • Do not unnecessarily request current issuer when creating new key

7.3.1

This is a patch release that fixes a bug and enables a System.Text.Json serialization option.

Details

  • Fixed an issue where uncommon license features caused an exception.
  • Allow RespectNullableAnnotationsDefault to be globally enabled. This is a relatively new feature in System.Text.Json that can be globally opted in to.

7.3.0

IdentityServer 7.3.0 is a significant release that includes:

  • FAPI 2.0 profile certification
  • JWT Response from the introspection endpoint (RFC 9701)
  • Diagnostic data
  • Removal of the experimental label from OpenTelemetry metrics
  • Additional license compliance warnings
  • Several bug fixes
  • Numerous small code quality and performance enhancements from the community

Breaking Changes

There are no schema changes needed for IdentityServer 7.3.0. Small code changes maybe be required for some users to upgrade.

  • The SendLogoutNotificationAsync method has been removed from the DefaultBackChannelLogoutService class
  • Client Secret is now required for Clients with ClientCredentials Grant

The SendLogoutNotificationAsync method has been removed from the DefaultBackChannelLogoutService class

  • Fix Concurrent DbContext Access on Back Channel Logout by @​bhazen in Fix Concurrent DbContext Access on Back Channel Logout DuendeSoftware/products#2019
    To fix a bug where when using EntityFramework, code which previously executed in parallel needed to be modified to execute sequentially. This necessitated the removal of the SendLogoutNotificationAsync method in the DefaultBackChannelLogoutService class. Anyone who had previously overridden the SendLogoutNotificationAsync as an extensibility point will likely need to move their customization to the PostLogoutJwt method.

Client Secret is now required for Clients with ClientCredentials Grant

  • Ensure Client Secret is Required for Clients with ClientCredentials Grant by @​bhazen in Ensure Client Secret is Required for Clients with ClientCredentials Grant DuendeSoftware/products#1796
    Previously, it was possible to configure a Client to allow the ClientCredentials Grant without requiring a client secret which is undesirable. The default validation of Clients has been updated to ensure any Client which allows the ClientCredentials grant also sets the RequireClientSecret flag to true to disallow the configuration of a private client to behave like a public client.

Enhancements

FAPI 2.0 Profile Certification

IdentityServer is 7.3.0 is officially certified as conformant with the FAPI 2.0 Security Profile.

JWT Response from Introspection Endpoint

IdentityServer now supports RFC 9701 to return a JWT Response from the Introspection endpoint.

Diagnostic Data

Diagnostic data has been added to IdentityServer to help support with troubleshooting. Read more about this new feature in our docs. TODO: link to docs

7.3.0-rc.2

This is the second release candidate for IdentityServer 7.3.0, containing several bug fixes from 7.2 releases that were missed in the first release candidate, as well as editorial changes to some new log messages.

Detailed change log

Previously fixed bugs

Log messages

7.3.0-rc.1

This is release candidate 1 of IdentityServer 7.3.0, a significant release that includes:

  • FAPI 2.0 profile certification
  • JWT Response from the introspection endpoint (RFC 9701)
  • Diagnostic data
  • Removal of the experimental label from OpenTelemetry metrics
  • Additional license compliance warnings
  • Several bug fixes
  • Numerous small code quality and performance enhancements from the community

Breaking Changes

There are no schema changes needed for IdentityServer 7.3.0. Small code changes maybe be required for some users to upgrade.

  • The SendLogoutNotificationAsync method has been removed from the DefaultBackChannelLogoutService class
  • Client Secret is now required for Clients with ClientCredentials Grant

The SendLogoutNotificationAsync method has been removed from the DefaultBackChannelLogoutService class

  • Fix Concurrent DbContext Access on Back Channel Logout by @​bhazen in Fix Concurrent DbContext Access on Back Channel Logout DuendeSoftware/products#2019
    To fix a bug where when using EntityFramework, code which previously executed in parallel needed to be modified to execute sequentially. This necessitated the removal of the SendLogoutNotificationAsync method in the DefaultBackChannelLogoutService class. Anyone who had previously overridden the SendLogoutNotificationAsync as an extensibility point will likely need to move their customization to the PostLogoutJwt method.

Client Secret is now required for Clients with ClientCredentials Grant

  • Ensure Client Secret is Required for Clients with ClientCredentials Grant by @​bhazen in Ensure Client Secret is Required for Clients with ClientCredentials Grant DuendeSoftware/products#1796
    Previously, it was possible to configure a Client to allow the ClientCredentials Grant without requiring a client secret which is undesirable. The default validation of Clients has been updated to ensure any Client which allows the ClientCredentials grant also sets the RequireClientSecret flag to true to disallow the configuration of a private client to behave like a public client.

Enhancements

FAPI 2.0 Profile Certification

IdentityServer is 7.3.0 is officially certified as conformant with the FAPI 2.0 Security Profile.

JWT Response from Introspection Endpoint

IdentityServer now supports RFC 9701 to return a JWT Response from the Introspection endpoint.

Diagnostic Data

Diagnostic data has been added to IdentityServer to help support with troubleshooting. Read more about this new feature in our docs. TODO: link to docs

7.2.4

This is a patch release that fixes a null reference exception that could occur if a client configuration is removed while active server side sessions exist that involve that client.

Detailed changelog

Full Changelog: DuendeSoftware/products@is-7.2.3...is-7.2.4

7.2.3

This is a patch release that fixes a regression where multiple WWW-authenticate headers where issued.

What's Changed

Full Changelog: DuendeSoftware/products@is-7.2.2...is-7.2.3

7.2.2

This is a patch release that

  • Hardens the default configuration of the sensitive values filters and
  • Fixes mTLS binding so that port numbers can be used as part of mTLS domain

Sensitive Values Filter Defaults

hardens the security of the default configuration that controls the redaction in logs of parameters passed to the Pushed Authorization (PAR) and Authorize endpoint, ensuring that client secrets and client assertions are not logged by default.

In particular, the default value of AuthorizeRequestSensitiveValuesFilter and PushedAuthorizationSensitiveValuesFilter have been changed to both be ["client_secret", "client_assertion", "id_token_hint"].

PAR requests sometimes are handled by the same code path as authorize requests, so this makes both filters the same by default.

mTLS port number

The MtlsOptions.DomainName can now include a port number.

Detailed Changelog

Full Changelog: DuendeSoftware/products@is-7.2.1...is-7.2.2

7.2.1

This is a patch release of IdentityServer that fixes a bug where a private_key_jwt client authentication token would be rejected if it had no typ header, even if strict validation of such tokens was not enabled.

What's Changed

7.2.0

IdentityServer 7.2 is a significant release that includes:

  • Optional strict validation of private_key_jwt audiences, implementing RFC 7523 bis
  • Optional caching of the discovery endpoint
  • Less log noise when issuing the use_dpop_nonce response from the token endpoint
  • Bug fixes and optimizations

Upgrading

There are no breaking changes or schema updates required to upgrade from IdentityServer 7.1 to 7.2.

Upgrading from IdentityServer 7.2.0-preview.1

We have moved the StrictClientAssertionAudienceValidation option that was introduced in 7.2.0-preview.1 into a new Preview section of the options. This new section provides a mechanism for us to deliver new features more quickly, and gives us the flexibility to change implementation details, behavior, or the API surface. Users can opt in to preview features at their own discretion, with the understanding that we make a stronger commitment to API stability once a feature leaves preview. Our intent with Preview flags is to be able to iterate quickly while still providing stability.

We've decided to mark StrictClientAssertionAudienceValidation as a preview option since the formal specification that it is based on (RFC 7523 bis) has not yet been adopted by the IETF OAuth working group.

RFC 7523 bis

RFC 7523 bis is a proposed update to RFC 7523 in which two new requirements for private_key_jwt client assertions are proposed:

  • That the audience (aud claim) must be the issuer of the authorization server and must be a single string
  • That the type (typ header) must be "client-authentication+jwt"

Similar strict audience validation requirements can be found in the FAPI 2.0 Profile.

The intent of the audience validation is to prevent certain academic attacks against OAuth ecosystems that include multiple Authorization Servers in which one of the Authorization Servers is compromised or malicious. The new type header value provides a mechanism to facilitate upgrades, because conforming clients that adopt the proposed changes will produce a token that can be easily distinguished by looking for the new type.

IdentityServer 7.2 includes preview support for RFC 7523 bis. Client applications can opt in to this support by setting the new type header; assertions that set the typ header to client-authentication+jwt always have their audience validated strictly. Other clients can continue to authenticate with private_key_jwts as they do today. IdentityServer can be configured to force clients to update by setting the option options.Preview.StrictClientAssertionAudienceValidation. When that flag is enabled, all private_key_jwt client assertions must set the typ to client-authentication+jwt, and must set their audience to the IdentityServer's issuer.

Discovery Document Caching

We've heard reports of cases where a high volume of requests to the discovery endpoint caused memory pressure and strain on server resources. This could happen in a solution with many clients calling the discovery endpoint, such as native (mobile) clients, SPA clients, or microservices that connect directly to the identity provider. It could also happen if misconfigured clients fail to cache the discovery response.

We’ve added a preview feature that allows you to cache the endpoint output using your distributed cache registration, with the default cache being an in-memory implementation. The cache is meant to reduce pressure when a sudden spike in requests occurs.

You must set the following property in your IdentityServerOptions instance to enable discovery document caching:

#pragma warning disable DUENDEPREVIEW001
pipeline.Options.Preview.EnableDiscoveryDocumentCache = true;
#pragma warning restore DUENDEPREVIEW001
pipeline.Options.Preview.DiscoveryDocumentCacheDuration = TimeSpan.FromMinutes(1);

It's best to keep the cache time low if you utilize the CustomEntries element on the discovery document or implement a custom IDiscoveryResponseGenerator.
This feature is a step in optimizing Duende IdentityServer to utilize server resources and improve performance. More benchmarking and tuning will follow.

use_dpop_nonce Log Noise Reduction

One way to configure DPoP is to require a server-issued nonce value. A nonce prevents replay or pre-generation of the proof tokens used in DPoP by having the authorization server provide a nonce value that the client must include in its signatures. That nonce is provided to the client through a protocol error response.

In IdentityServer 7.1 and earlier, this raised the TokenIssuedFailureEvent because, technically, the token endpoint returns an error. However, this interaction is an expected part of the interaction between client and server. It isn’t an error in the usual sense of the word, and it can happen quite often, resulting in lots of noise in the logs. Therefore, we no longer raise the TokenIssuedFailureEvent when returning a server-generated DPoP nonce.

For those still interested in knowing these errors are occurring, we have added additional Debug log messages to help diagnose and troubleshoot your client implementations. Because these messages are low severity, you must explicitly enable them in your environments to see them. The existing OTel metrics that track token error responses are unchanged, as they don’t add noise to the logs.

Detailed changelog

... (truncated)

7.2.0-preview.1

This is the first preview of IdentityServer 7.2. Highlights include:

  • Optional strict validation of private_key_jwt audiences
  • Error events are no longer raised for the use_dpop_nonce response from the token endpoint
  • Bug fixes and optimizations

Upgrading

There are no breaking changes or schema updates required to upgrade from IdentityServer 7.1 to 7.2.

What's Changed

New Contributors

Full Changelog: DuendeSoftware/products@is-7.1.0...is-7.2.0-preview.1

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the duende group with 2 updates
14d6f7b 
Bumps Duende.IdentityServer from 7.1.1 to 7.3.2
Bumps Duende.IdentityServer.Storage from 7.1.1 to 7.3.2

---
updated-dependencies:
- dependency-name: Duende.IdentityServer
  dependency-version: 7.3.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: duende
- dependency-name: Duende.IdentityServer.Storage
  dependency-version: 7.3.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: duende
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Oct 6, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Nov 17, 2025

Dependabot tried to update this pull request, but something went wrong. We're looking into it, but in the meantime you can retry the update by commenting @dependabot recreate.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant