Skip to content

⬆️ Bump Microsoft.AspNetCore.Identity.EntityFrameworkCore and 6 others #43

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

⬆️ Bump Microsoft.AspNetCore.Identity.EntityFrameworkCore and 6 others #43

wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Oct 24, 2025

Updated Microsoft.AspNetCore.Identity.EntityFrameworkCore from 8.0.11 to 8.0.21.

Release notes

Sourced from Microsoft.AspNetCore.Identity.EntityFrameworkCore's releases.

8.0.21

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.20...v8.0.21

8.0.20

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.19...v8.0.20

8.0.18

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.17...v8.0.18

8.0.17

Bug Fixes

  • Forwarded Headers Middleware: Ignore X-Forwarded-Headers from Unknown Proxy (#​61623)
    The Forwarded Headers Middleware now ignores X-Forwarded-Headers sent from unknown proxies. This change improves security by ensuring that only trusted proxies can influence the forwarded headers, preventing potential spoofing or misrouting of requests.

Dependency Updates

  • Update dependencies from dotnet/arcade (#​61832)
    This update brings in the latest changes from the dotnet/arcade repository, ensuring that ASP.NET Core benefits from recent improvements, bug fixes, and security patches in the shared build infrastructure.

  • Bump src/submodules/googletest from 52204f7 to 04ee1b4 (#​61761)
    The GoogleTest submodule has been updated to a newer commit, providing the latest testing features, bug fixes, and performance improvements for the project's C++ test components.

Miscellaneous

  • Update branding to 8.0.17 (#​61830)
    The project version branding has been updated to reflect the new 8.0.17 release, ensuring consistency across build outputs and documentation.

  • Merging internal commits for release/8.0 (#​61924)
    This change merges various internal commits into the release/8.0 branch, incorporating minor fixes, documentation updates, and other non-user-facing improvements to keep the release branch up to date.

This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests.

Full Changelog: dotnet/aspnetcore@v8.0.16...v8.0.17

8.0.16

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.15...v8.0.16

8.0.15

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.14...v8.0.15

8.0.14

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.13...v8.0.14

8.0.13

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.12...v8.0.13

8.0.12

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.11...v8.0.12

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore from 8.0.11 to 8.0.21.

Release notes

Sourced from Microsoft.EntityFrameworkCore's releases.

8.0.21

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.20...v8.0.21

8.0.20

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.19...v8.0.20

8.0.17

Dependency Updates

  • Update dependencies from dotnet/arcade (#​36085)
    Updates the project's dependencies using the latest versions from the dotnet/arcade repository. This ensures that the build infrastructure and related tooling are up to date, which can bring in important bug fixes, security patches, and improvements from upstream.

Miscellaneous

  • Update branding to 8.0.17 (#​36043)
    Updates the internal version branding to 8.0.17. This change ensures that the product and its packages correctly reflect the new release version, helping users and developers identify the build.

  • Merging internal commits for release/8.0 (#​36080)
    Integrates various internal commits into the release/8.0 branch. This merge brings together important updates and ensures the release branch is synchronized with recent internal development, maintaining consistency and stability for the release.

This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests.

Full Changelog: v8.0.16...v8.0.17

8.0.16

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.15...v8.0.16

8.0.15

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.14...v8.0.15

8.0.14

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.13...v8.0.14

8.0.13

[Release](https://github.com/dotnet/core/releases/tag/v8.0.13

What's Changed

Full Changelog: dotnet/efcore@v8.0.12...v8.0.13

8.0.12

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.11...v8.0.12

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.InMemory from 8.0.11 to 8.0.21.

Release notes

Sourced from Microsoft.EntityFrameworkCore.InMemory's releases.

8.0.21

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.20...v8.0.21

8.0.20

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.19...v8.0.20

8.0.17

Dependency Updates

  • Update dependencies from dotnet/arcade (#​36085)
    Updates the project's dependencies using the latest versions from the dotnet/arcade repository. This ensures that the build infrastructure and related tooling are up to date, which can bring in important bug fixes, security patches, and improvements from upstream.

Miscellaneous

  • Update branding to 8.0.17 (#​36043)
    Updates the internal version branding to 8.0.17. This change ensures that the product and its packages correctly reflect the new release version, helping users and developers identify the build.

  • Merging internal commits for release/8.0 (#​36080)
    Integrates various internal commits into the release/8.0 branch. This merge brings together important updates and ensures the release branch is synchronized with recent internal development, maintaining consistency and stability for the release.

This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests.

Full Changelog: v8.0.16...v8.0.17

8.0.16

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.15...v8.0.16

8.0.15

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.14...v8.0.15

8.0.14

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.13...v8.0.14

8.0.13

[Release](https://github.com/dotnet/core/releases/tag/v8.0.13

What's Changed

Full Changelog: dotnet/efcore@v8.0.12...v8.0.13

8.0.12

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.11...v8.0.12

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.SqlServer from 8.0.11 to 8.0.21.

Release notes

Sourced from Microsoft.EntityFrameworkCore.SqlServer's releases.

8.0.21

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.20...v8.0.21

8.0.20

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.19...v8.0.20

8.0.17

Dependency Updates

  • Update dependencies from dotnet/arcade (#​36085)
    Updates the project's dependencies using the latest versions from the dotnet/arcade repository. This ensures that the build infrastructure and related tooling are up to date, which can bring in important bug fixes, security patches, and improvements from upstream.

Miscellaneous

  • Update branding to 8.0.17 (#​36043)
    Updates the internal version branding to 8.0.17. This change ensures that the product and its packages correctly reflect the new release version, helping users and developers identify the build.

  • Merging internal commits for release/8.0 (#​36080)
    Integrates various internal commits into the release/8.0 branch. This merge brings together important updates and ensures the release branch is synchronized with recent internal development, maintaining consistency and stability for the release.

This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests.

Full Changelog: v8.0.16...v8.0.17

8.0.16

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.15...v8.0.16

8.0.15

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.14...v8.0.15

8.0.14

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.13...v8.0.14

8.0.13

[Release](https://github.com/dotnet/core/releases/tag/v8.0.13

What's Changed

Full Changelog: dotnet/efcore@v8.0.12...v8.0.13

8.0.12

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.11...v8.0.12

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.Tools from 8.0.8 to 8.0.21.

Release notes

Sourced from Microsoft.EntityFrameworkCore.Tools's releases.

8.0.21

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.20...v8.0.21

8.0.20

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.19...v8.0.20

8.0.17

Dependency Updates

  • Update dependencies from dotnet/arcade (#​36085)
    Updates the project's dependencies using the latest versions from the dotnet/arcade repository. This ensures that the build infrastructure and related tooling are up to date, which can bring in important bug fixes, security patches, and improvements from upstream.

Miscellaneous

  • Update branding to 8.0.17 (#​36043)
    Updates the internal version branding to 8.0.17. This change ensures that the product and its packages correctly reflect the new release version, helping users and developers identify the build.

  • Merging internal commits for release/8.0 (#​36080)
    Integrates various internal commits into the release/8.0 branch. This merge brings together important updates and ensures the release branch is synchronized with recent internal development, maintaining consistency and stability for the release.

This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests.

Full Changelog: v8.0.16...v8.0.17

8.0.16

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.15...v8.0.16

8.0.15

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.14...v8.0.15

8.0.14

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.13...v8.0.14

8.0.13

[Release](https://github.com/dotnet/core/releases/tag/v8.0.13

What's Changed

Full Changelog: dotnet/efcore@v8.0.12...v8.0.13

8.0.12

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.11...v8.0.12

8.0.11

Release

What's Changed

Full Changelog: dotnet/efcore@v8.0.10...v8.0.11

8.0.10

Release

Commits viewable in compare view.

Pinned Microsoft.Extensions.Logging.Abstractions at 8.0.3.

Release notes

Sourced from Microsoft.Extensions.Logging.Abstractions's releases.

8.0.3

Release

Commits viewable in compare view.

Updated Microsoft.Identity.Client from 4.61.3 to 4.78.0.

Release notes

Sourced from Microsoft.Identity.Client's releases.

4.78.0

Changes

  • Update SDK version from 8.0.404 to 8.0.415. #​5543
  • Hide / deprecate some obscure APIs. #​5484

Bug Fixes

  • Support Android edge-to-edge. #​5499
  • Android broker does not support ADFS authority. #​5522

4.77.1

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.77.0...4.77.1

4.77.0

Features

Changes

Bug fixes

4.76.0

What's Changed

New Contributors

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.74.1...4.76.0

4.74.1

Bug fixes

4.74.0

Features

Bug fixes

4.73.1

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.73.0...4.73.1

4.73.0

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.72.1...4.73.0

4.72.1

4.72.1

Bug Fixes

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.72.0...4.72.1

4.72.0

4.72.0

Features

Bug Fixes

  • Ensure additional cache parameters are persisted in cache serializationIssue #​5261

4.71.1

Bug Fixes

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.71.0...4.71.1

4.71.0

Bug Fixes

  • Enable the Service Fabric flow to get a httpClient from the factory with ssl validation callback. See Issue #​5220

Full changelog: 4.70.2 .. 4.71.0

4.70.2

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.70.1...4.70.2

4.70.1

What's Changed

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.70.0...4.70.1

4.70.0

Features

  • Added a .WithAccessTokenSha256ToRefresh() method to AcquireTokenForClientParameterBuilder for ConfidentialClientApplication, allowing finer control over token refresh scenarios. Issue #​5111, PR #​5179
  • Added TokenCacheNotificationArgs.NoDistributedCacheUseReason in order to indicate that the configured serialized cache should not be a distributed cache to prevent issues when acquiring tokens. Issue #​5199

Bug Fixes

  • Removed invalid tenant checks (/organizations or /common) in MTLS flows for AAD/dSTS authorities. Issue #​5093
  • Fixed an issue where specifying a null service config region in MTLS scenarios did not correctly throw an exception. Issue #​5181

4.69.1

4.69.1

Features

  • Enabled broker support on the Linux platform. See Issue #​5086
  • Added a WithCertificate(..., bool associateTokensWithCertificateSerialNumber) overload to enable the use of the certificate's serial number as part of the cache key for tokens. Issue #​5150

Bug Fixes

  • MSAL will now stop replacing "%20" with "+" since it is obsolete. See Issue #​5061
  • Exposed client capabilities in AssertionRequestOptions for MSI FIC scenarios Issue #​4948
  • Added the missing claims in SignedAssertion when using the AssertionRequestOptions Delegate Issue #​5143

4.68.0

Features

  • Added WithFmiPath() api to support FMI scenarios in MSAL. See Issue #​5110
  • MSAL will now pass Client sku and Version to MsalRuntime for MSAL Runtime's client telemetry. See Issue #​5103

Bug Fixes

  • Reordered the condition for ManagedIdentitySource.MachineLearning to be checked after ManagedIdentitySource.AppService instead of before it. See Issue #​5077
  • Improved Managed Identity Source Detection Logging for Debugging. See Issue #​5097
  • When a 404 error occurs, MSAL will now include the endpoint and authority URLs in the exception message for better debugging. See Issue #​4769
  • MSAL will now set UseShellExecute to false in OpenLinuxBrowser. See Issue #​5075
  • Fixed a threading exception when using ExtraQueryParameters. See Issue #​5108

4.67.2

Bug Fixes

  • Fixed an issue with Managed Identity source detection where Azure ML was prioritized incorrectly over Azure App Service, causing token acquisition failures. See Bug #​5077

4.67.1

Bug Fixes

  • Added support for Azure Machine Learning (Azure ML) Managed Identity (MSI) to address missing functionality for token acquisition in Azure Machine Learning environments. See Bug #​4984

4.67.0

New Features

  • MSAL.NET now supports acquiring token for Client Credentials flow with a Subject Name Issuer (SNI) certificate over Mutual TLS (mTLS) for first-party applications. See Issue #​4986
  • Bumped NET SDK from net6 to net8, aligning MSAL.NET with the latest .NET standards and features. See Feature Request #​5025
  • Public API analyzer integrated to enhance API compliance and stability. See Feature Request #​4931

Bug Fixes

  • Improved AcquireTokenSilent logging and handling of Family of Client IDs (FOCI). See Bug #​4988
  • Fixed issues where DurationTotalInMs in AuthenticationResultMetadata differed from Stopwatch measurements. See Bug #​4895
  • Resolved incorrect computation of OTel durations in L1 cache and during the creation of POP tokens. See Bug #​5036
  • Addressed an issue where AbstractAcquireTokenParameterBuilder<T>.WithAdfsAuthority threw exceptions when the tenant ID was null and the authority host URI ended in /adfs. See Bug #​4860
  • Fixed a parsing issue in Managed Identity to align with Azure.Identity's behavior for handling invalid JSON responses. See Bug #​5016

Deprecated

4.66.2

4.66.2

Bug Fixes

  • Fixed a bug where MSAL .NET fails to launch the iOS broker on IOS 18.0.1. See Issue #​4958

4.66.1

Bug Fixes

  • Fixed a bug where MSAL .NET fails to correctly handle the expires_on field for Managed Identity tokens in ISO 8601 format. This fix ensures accurate parsing of ISO 8601 date-time formats during token acquisition. See Issue #​4963

4.66.0

4.66.0

New Features

  • Enabled extended functionality in the MSAL authentication flow through the implementation of IAuthenticationOperation. This allows for custom extensions in the authentication flow by providing an authentication operation interface. See Issue #​4956
  • MSAL.NET will now opt-in to regional ESTS when the environment variable MSAL_FORCE_REGION is set (e.g., MSAL_FORCE_REGION=eastus). This automatically directs MSAL to use the specified region for token acquisition. If the region is explicitly set to "DisableMsalForceRegion", MSAL will not opt-in to regional ESTS. Use of the WithAzureRegion(xyz) API takes precedence over the environment variable. See Issue #​4930

4.65.2-Preview

  • Refactored CDT Prototype
  • Moved prototype to separate folder
  • Removed dependency on MSAL internals

4.65.0

New Features

  • Update telemetry to include the caller SDK details. See Issue #​4863
  • MSAL.Net now exposes an API to enable developers to cache additional values in the token response. See Issue #​4922
  • Managed identity .WithClaims() and .WithClientCapabilities() APIs are now g...

Description has been truncated

@dependabot
⬆️ Bump Microsoft.AspNetCore.Identity.EntityFrameworkCore and 6 others
e919a32 
Bumps Microsoft.AspNetCore.Identity.EntityFrameworkCore from 8.0.11 to 8.0.21
Bumps Microsoft.EntityFrameworkCore from 8.0.11 to 8.0.21
Bumps Microsoft.EntityFrameworkCore.InMemory from 8.0.11 to 8.0.21
Bumps Microsoft.EntityFrameworkCore.SqlServer from 8.0.11 to 8.0.21
Bumps Microsoft.EntityFrameworkCore.Tools from 8.0.8 to 8.0.21
Bumps Microsoft.Extensions.Logging.Abstractions from 8.0.2 to 8.0.3
Bumps Microsoft.Identity.Client from 4.61.3 to 4.78.0

---
updated-dependencies:
- dependency-name: Microsoft.AspNetCore.Identity.EntityFrameworkCore
  dependency-version: 8.0.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: microsoft-packages
- dependency-name: Microsoft.EntityFrameworkCore
  dependency-version: 8.0.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: microsoft-packages
- dependency-name: Microsoft.EntityFrameworkCore.InMemory
  dependency-version: 8.0.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: microsoft-packages
- dependency-name: Microsoft.EntityFrameworkCore.SqlServer
  dependency-version: 8.0.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: microsoft-packages
- dependency-name: Microsoft.EntityFrameworkCore.Tools
  dependency-version: 8.0.21
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: microsoft-packages
- dependency-name: Microsoft.Extensions.Logging.Abstractions
  dependency-version: 8.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: microsoft-packages
- dependency-name: Microsoft.Extensions.Logging.Abstractions
  dependency-version: 8.0.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: microsoft-packages
- dependency-name: Microsoft.Identity.Client
  dependency-version: 4.78.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: microsoft-packages
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot @github
Copy link
Author

dependabot bot commented on behalf of github Oct 24, 2025

Labels

The following labels could not be found: dependencies, nuget, security. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot mentioned this pull request Oct 24, 2025
Closed
@github-actions
Copy link

🛡️ Security Scan Summary

Scan Date: Fri Oct 24 19:49:04 UTC 2025
Commit: 5343496

🔍 Scan Results

Tool Status Details
TruffleHog ✅ Secure No secrets detected
.NET Vulnerability Scan ℹ️ Skipped Scan not executed
CodeQL 📊 Uploaded Results uploaded to GitHub Security tab - manual review required
Semgrep SAST ✅ Secure No security issues detected
Trivy Filesystem ℹ️ Skipped Scan not executed
OWASP Dependency Check ℹ️ Skipped Scan not executed
OWASP ZAP Dynamic Scan ℹ️ Skipped Scan not executed (scheduled runs only)
Security Configuration ℹ️ Skipped Audit not executed

⚠️ CRITICAL: CodeQL Security Analysis

IMPORTANT: This summary may show CodeQL as 'secure' even if issues exist.
ALWAYS check the GitHub Security Tab for CodeQL findings.
High/Critical CodeQL issues MUST be resolved before merge, regardless of this summary.

📋 Recommendations

  • PRIORITY: Check GitHub Security tab for CodeQL findings
  • Fix all high/critical CodeQL issues before merge
  • Review all findings in the Security tab
  • Update vulnerable dependencies promptly
  • Follow secure coding practices from copilot-instructions.md
  • Regular security reviews and updates

Security scan generated by Setlist Studio CI/CD Pipeline 🔒

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@eugenecp eugenecp

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@eugenecp