Skip to content

Bump the all-updates group with 6 updates#728

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/src/MX.GeoLocation.Abstractions.V1/all-updates-5619f5ab22
Closed

Bump the all-updates group with 6 updates#728
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/src/MX.GeoLocation.Abstractions.V1/all-updates-5619f5ab22

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 5, 2026

Copy link
Copy Markdown
Contributor

Updated Microsoft.Identity.Web from 4.11.0 to 4.12.2.

Release notes

Sourced from Microsoft.Identity.Web's releases.

4.12.2

Bug fixes

  • Make the Microsoft.Identity.Client.KeyAttestation dependency conditional on modern .NET (.NETCoreApp) targets. It transitively pulls the native-only Microsoft.Azure.Security.KeyGuardAttestation package, which ships no .NET Framework/netstandard-compatible assets and broke NuGet restore for .NET Framework (packages.config) projects. Microsoft.Identity.Web.Certificateless now multi-targets, and .NET Framework consumers use the netstandard2.0 asset without this dependency. See #​3894.

4.12.1

Bug fixes

  • Preserve ManagedIdentity when converting AcquireTokenOptions to TokenAcquisitionOptions in TokenAcquirer. Previously the ITokenAcquirer.GetTokenForAppAsync / GetTokenForUserAsync paths silently dropped ManagedIdentity and fell back to the confidential-client path, breaking managed-identity mTLS PoP (e.g. MISE Native). See #​3914.

Behavior changes

  • Sidecar: outbound HTTP redirects suppressed by default. The sidecar no longer follows outbound HTTP redirects; a new opt-in Sidecar:AllowOutboundRedirects flag (default false) restores the previous behavior. See #​3906.
  • Sidecar: per-request isolation of downstream API options. Downstream API options resolved from the singleton IOptionsMonitor are now cloned per request (including fresh ExtraParameters / ExtraHeaderParameters / ExtraQueryParameters dictionaries), preventing request-scoped values from leaking across requests or racing under concurrency. See #​3919.

Fundamentals

  • Build the solution in the PR pipeline before running tests. See #​3911.
  • Restore OWIN 5.7.1 packages from the internal IDDP feed in the PR pipeline. See #​3912.
  • Run the PR pipeline on the Wilson pool so integration/E2E tests can access the lab KeyVault. See #​3913.

4.12.0

New features

  • Implement IAuthorizationHeaderProvider2 (from Microsoft.Identity.Abstractions 12.3.0) on DefaultAuthorizationHeaderProvider and the public BaseAuthorizationHeaderProvider, exposing the metadata-rich CreateAuthorizationHeaderInformation* surface (returning OperationResult<AuthorizationHeaderInformation, AuthorizationHeaderError>) with binding-certificate propagation. DownstreamApi and MicrosoftIdentityMessageHandler now prefer IAuthorizationHeaderProvider2 for mTLS PoP and soft-deprecate the bound-only IBoundAuthorizationHeaderProvider path (kept as a fallback for source/binary compatibility). See #​3899.
  • Populate TokenAcquisitionMetadata.ExpiresOn on AcquireTokenResult from the MSAL AuthenticationResult.ExpiresOn value. See #​3905.

Bug fixes

  • Finalize the DownstreamApi request (headers, query parameters, content, and customizations) before creating the authorization header, adding Authorization only after signing so request-binding providers do not include it in their signed material. See #​3902.

Dependencies updates

  • Update Microsoft.Identity.Abstractions to 12.4.0. See #​3899, #​3905.
  • Update MSAL.NET (Microsoft.Identity.Client / Microsoft.Identity.Client.KeyAttestation) to 4.85.2. See #​3896.
  • Update Microsoft.IdentityModel.Protocols.WsFederation (Microsoft.Identity.Web.OWIN) to 5.7.1. See #​3900.

Commits viewable in compare view.

Updated MX.Api.Abstractions from 2.3.60 to 2.3.67.

Release notes

Sourced from MX.Api.Abstractions's releases.

2.3.67

Full Changelog: frasermolyneux/api-client-abstractions@v2.3.60...v2.3.67

Commits viewable in compare view.

Updated MX.Api.Client from 2.3.60 to 2.3.67.

Release notes

Sourced from MX.Api.Client's releases.

2.3.67

Full Changelog: frasermolyneux/api-client-abstractions@v2.3.60...v2.3.67

Commits viewable in compare view.

Updated MX.Api.Web.Extensions from 2.3.60 to 2.3.67.

Release notes

Sourced from MX.Api.Web.Extensions's releases.

2.3.67

Full Changelog: frasermolyneux/api-client-abstractions@v2.3.60...v2.3.67

Commits viewable in compare view.

Updated MX.Observability.ApplicationInsights.AspNetCore from 1.1.16 to 1.1.24.

Release notes

Sourced from MX.Observability.ApplicationInsights.AspNetCore's releases.

1.1.24

What's Changed

Full Changelog: frasermolyneux/observability-appinsights@v1.1.22...v1.1.24

1.1.22

Full Changelog: frasermolyneux/observability-appinsights@v1.1.16...v1.1.22

Commits viewable in compare view.

Updated Scalar.AspNetCore from 2.16.5 to 2.16.10.

Release notes

Sourced from Scalar.AspNetCore's releases.

No release notes found for this version range.

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps Microsoft.Identity.Web from 4.11.0 to 4.12.2
Bumps MX.Api.Abstractions from 2.3.60 to 2.3.67
Bumps MX.Api.Client from 2.3.60 to 2.3.67
Bumps MX.Api.Web.Extensions from 2.3.60 to 2.3.67
Bumps MX.Observability.ApplicationInsights.AspNetCore from 1.1.16 to 1.1.24
Bumps Scalar.AspNetCore from 2.16.5 to 2.16.10

---
updated-dependencies:
- dependency-name: Microsoft.Identity.Web
  dependency-version: 4.12.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-updates
- dependency-name: MX.Api.Abstractions
  dependency-version: 2.3.67
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-updates
- dependency-name: MX.Api.Abstractions
  dependency-version: 2.3.67
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-updates
- dependency-name: MX.Api.Abstractions
  dependency-version: 2.3.67
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-updates
- dependency-name: MX.Api.Client
  dependency-version: 2.3.67
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-updates
- dependency-name: MX.Api.Web.Extensions
  dependency-version: 2.3.67
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-updates
- dependency-name: MX.Api.Web.Extensions
  dependency-version: 2.3.67
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-updates
- dependency-name: MX.Observability.ApplicationInsights.AspNetCore
  dependency-version: 1.1.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-updates
- dependency-name: MX.Observability.ApplicationInsights.AspNetCore
  dependency-version: 1.1.24
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-updates
- dependency-name: Scalar.AspNetCore
  dependency-version: 2.16.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-updates
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Jul 5, 2026
@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 11 package(s) with unknown licenses.
See the Details below.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA a033acb.
Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

License Issues

src/MX.GeoLocation.Abstractions.V1/MX.GeoLocation.Abstractions.V1.csproj

PackageVersionLicenseIssue Type
MX.Api.Abstractions2.3.67NullUnknown License

src/MX.GeoLocation.Api.Client.Testing/MX.GeoLocation.Api.Client.Testing.csproj

PackageVersionLicenseIssue Type
MX.Api.Abstractions2.3.67NullUnknown License

src/MX.GeoLocation.Api.Client.V1/MX.GeoLocation.Api.Client.V1.csproj

PackageVersionLicenseIssue Type
MX.Api.Abstractions2.3.67NullUnknown License
MX.Api.Client2.3.67NullUnknown License

src/MX.GeoLocation.Api.V1/MX.GeoLocation.Api.V1.csproj

PackageVersionLicenseIssue Type
MX.Api.Abstractions2.3.67NullUnknown License
MX.Api.Web.Extensions2.3.67NullUnknown License
MX.Observability.ApplicationInsights.AspNetCore1.1.24NullUnknown License
Microsoft.Identity.Web4.12.2NullUnknown License
Scalar.AspNetCore2.16.10NullUnknown License

src/MX.GeoLocation.Web/MX.GeoLocation.Web.csproj

PackageVersionLicenseIssue Type
MX.Api.Web.Extensions2.3.67NullUnknown License
MX.Observability.ApplicationInsights.AspNetCore1.1.24NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
nuget/MX.Api.Abstractions 2.3.67 UnknownUnknown
nuget/MX.Api.Abstractions 2.3.67 UnknownUnknown
nuget/MX.Api.Abstractions 2.3.67 UnknownUnknown
nuget/MX.Api.Client 2.3.67 UnknownUnknown
nuget/MX.Api.Abstractions 2.3.67 UnknownUnknown
nuget/MX.Api.Web.Extensions 2.3.67 UnknownUnknown
nuget/MX.Observability.ApplicationInsights.AspNetCore 1.1.24 UnknownUnknown
nuget/Microsoft.Identity.Web 4.12.2 UnknownUnknown
nuget/Scalar.AspNetCore 2.16.10 UnknownUnknown
nuget/MX.Api.Web.Extensions 2.3.67 UnknownUnknown
nuget/MX.Observability.ApplicationInsights.AspNetCore 1.1.24 UnknownUnknown

Scanned Files

  • src/MX.GeoLocation.Abstractions.V1/MX.GeoLocation.Abstractions.V1.csproj
  • src/MX.GeoLocation.Api.Client.Testing/MX.GeoLocation.Api.Client.Testing.csproj
  • src/MX.GeoLocation.Api.Client.V1/MX.GeoLocation.Api.Client.V1.csproj
  • src/MX.GeoLocation.Api.V1/MX.GeoLocation.Api.V1.csproj
  • src/MX.GeoLocation.Web/MX.GeoLocation.Web.csproj

@github-actions
github-actions Bot enabled auto-merge (squash) July 5, 2026 03:38
@sonarqubecloud

sonarqubecloud Bot commented Jul 5, 2026

Copy link
Copy Markdown

@dependabot
dependabot Bot temporarily deployed to Development July 5, 2026 03:44 Inactive
@github-actions

github-actions Bot commented Jul 5, 2026

Copy link
Copy Markdown
Contributor

🏗️ Terraform Plan

🌍 Environment: dev

✅ Validate — Passed

✅ Plan

Count
➕ Add 43
📋 Resource Details
Action Resource
➕ Create azuread_app_role_assignment.web_to_api
➕ Create azuread_application.api
➕ Create azuread_application.web
➕ Create azuread_application_password.api
➕ Create azuread_application_password.web
➕ Create azuread_service_principal.api
➕ Create azuread_service_principal.web
➕ Create azurerm_api_management.apim
➕ Create azurerm_api_management_api_version_set.api_version_set
➕ Create azurerm_api_management_diagnostic.app_insights
➕ Create azurerm_api_management_logger.app_insights
➕ Create azurerm_api_management_product.api_product
➕ Create azurerm_api_management_product_policy.api_product_policy
➕ Create azurerm_api_management_subscription.web
➕ Create azurerm_app_service_certificate_binding.web
➕ Create azurerm_app_service_custom_hostname_binding.web
➕ Create azurerm_app_service_managed_certificate.web
➕ Create azurerm_application_insights.ai
➕ Create azurerm_dns_cname_record.web
➕ Create azurerm_dns_txt_record.web_verification
➕ Create azurerm_key_vault.kv
➕ Create azurerm_key_vault_secret.api_client_id
➕ Create azurerm_key_vault_secret.api_client_secret
➕ Create azurerm_key_vault_secret.google_maps_api_key
➕ Create azurerm_key_vault_secret.maxmind_apikey
➕ Create azurerm_key_vault_secret.maxmind_userid
➕ Create azurerm_key_vault_secret.proxycheck_apikey
➕ Create azurerm_key_vault_secret.web_apim_subscription_key
➕ Create azurerm_linux_web_app.api
➕ Create azurerm_linux_web_app.web
➕ Create azurerm_role_assignment.api_kv_secrets_user
➕ Create azurerm_role_assignment.api_table_data_contributor
➕ Create azurerm_role_assignment.deploy_kv_secrets_officer
➕ Create azurerm_role_assignment.web_kv_secrets_user
➕ Create azurerm_storage_account.data
➕ Create azurerm_storage_table.geolocations
➕ Create azurerm_storage_table.geolocationsv11
➕ Create azurerm_storage_table.proxycheck
➕ Create google_apikeys_key.maps
➕ Create random_id.environment_id
➕ Create random_id.storage
➕ Create time_rotating.thirty_days
➕ Create time_sleep.wait_for_hostname_binding

@dependabot @github

dependabot Bot commented on behalf of github Jul 12, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #729.

@dependabot dependabot Bot closed this Jul 12, 2026
auto-merge was automatically disabled July 12, 2026 03:38

Pull request was closed

@dependabot
dependabot Bot deleted the dependabot/nuget/src/MX.GeoLocation.Abstractions.V1/all-updates-5619f5ab22 branch July 12, 2026 03:38
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .net code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant