Skip to content

Bump Azure.Identity and 14 others#147

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/src/XtremeIdiots.Portal.Integrations.Forums/nuget-911ecb513d
Closed

Bump Azure.Identity and 14 others#147
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/src/XtremeIdiots.Portal.Integrations.Forums/nuget-911ecb513d

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 19, 2026

Updated Azure.Identity from 1.17.1 to 1.21.0.

Release notes

Sourced from Azure.Identity's releases.

1.21.0

1.21.0 (2026-04-10)

Other Changes

  • All Azure.Identity types have been moved to Azure.Core and are now available through TypeForwardedTo attributes. This is a non-breaking change — existing code continues to work transparently. The library's version number now aligns with that of Azure.Core. See the Migration Guide for details.

1.20.0

1.20.0 (2026-03-30)

Features Added

  • Added a JSON schema segment to the NuGet package that provides IntelliSense and validation for Azure.Identity credential configuration in appsettings.json.

Breaking Changes

  • AddAzureClient, AddKeyedAzureClient, and WithAzureCredential return type changed from IHostApplicationBuilder to IClientBuilder to align with the IClientBuilder composition change in System.ClientModel.

1.19.0

1.19.0 (2026-03-11)

Features Added

  • Added support in ClientCertificateCredential to specify a path in the form of cert:/StoreLocation/StoreName/Thumbprint to refer to a certificate in the platform certificate store - such as the Windows Certificate Store on Windows, and the KeyChain on MacOS - instead of a file on disk. For example to load a certificate from the "My" store in the "CurrentUser" location use the path cert:/CurrentUser/My/E661583E8FABEF4C0BEF694CBC41C28FB81CD870 (A community contribution, courtesy of fowl2).

Other Changes

  • Updated Microsoft.Identity.Client and Microsoft.Identity.Client.Extensions.Msal dependencies to version 4.83.1.

1.17.2

1.17.2 (2026-04-15)

Other Changes

  • Updated Microsoft.Identity.Client and Microsoft.Identity.Client.Extensions.Msal dependencies to version 4.83.1.

Commits viewable in compare view.

Updated coverlet.collector from 8.0.0 to 10.0.0.

Release notes

Sourced from coverlet.collector's releases.

10.0.0

Improvements

  • Unique Report Filenames (coverlet.MTP and AzDO) #​1866
  • Add --coverlet-file-prefix option for unique report files #​1869
  • Introduce .NET 10 support #​1823

Fixed

  • Fix [BUG] Wrong branch rate on IAsyncEnumerable for generic type #​1836
  • Fix [BUG] Missing Coverage after moving to MTP #​1843
  • Fix [BUG] No coverage reported when targeting .NET Framework with 8.0.1 #​1842
  • Fix [BUG] Behavior changes between MTP and Legacy (msbuild) #​1878
  • Fix [BUG] Coverlet.MTP - Unable to load coverlet.mtp.appsettings.json #​1880
  • Fix [BUG] Coverlet.Collector produces empty report when Mediator.SourceGenerator is referenced #​1718 by https://github.com/yusyd
  • Fix [BUG] Crash during instrumentation (Methods using LibraryImport/DllImport have no body) #​1762

Maintenance

  • Add comprehensive async method tests and documentation for issue #​1864
  • Replace Tmds.ExecFunction Package in coverlet.core.coverage.tests #​1833
  • Add net9.0 and net10.0 targets #​1822

Diff between 8.0.1 and 10.0.0

8.0.1

Fixed

  • Fix [BUG] TypeInitializationException when targeting .NET Framework #​1818
  • Fix [BUG] coverlet.MTP build fails with CS0400 due to developmentDependency=true #​1827

Improvements

  • Additional improvements needed for .NET Framework instrumentation type import #​1825

Diff between 8.0.0 and 8.0.1

Commits viewable in compare view.

Updated Microsoft.ApplicationInsights.AspNetCore from 2.23.0 to 3.1.0.

Release notes

Sourced from Microsoft.ApplicationInsights.AspNetCore's releases.

3.1.0

Version 3.1.0

3.0.0

3.0.0-rc1

3.0.0-beta2

Added

  • Automatic configuration binding from "ApplicationInsights" section in appsettings.json for both AspNetCore and WorkerService packages with configuration precedence: environment variables > explicit configuration > appsettings.json
  • Added support for Entra ID (Azure Active Directory) authentication using Azure.Core.TokenCredential
  • Added Self Diagnostics feature
  • Updated the default sampler from Fixed Rate to Rate-Limited Sampling.
  • Update Azure Monitor Exporter to 1.6.0-beta.2
  • Add comprehensive applicationinsights.config support
  • Add properties in TelemetryConfiguration to configure underlying exporter

Bug fix

  • Fix TrackMetric(MetricTelemetry) unsupported telemetry type error

3.0.0-beta1

  • The following Application Insights packages in this repo now use OpenTelemetry internally. OpenTelemetry is the industry standard for telemetry collection and provides better interoperability with other observability tools.
    • Microsoft.ApplicationInsights
    • Microsoft.ApplicationInsights.AspNetCore
    • Microsoft.ApplicationInsights.WorkerService
    • Microsoft.ApplicationInsights.Web
    • Microsoft.ApplicationInsights.NLogTarget
  • Classic APIs of the above packages are preserved; calls are translated to OpenTelemetry telemetry.
  • Other packages not listed above (such as certain auto-collectors and logging adapters that were published from this repo previously) will not have future versions published. See BreakingChanges.md for details.

Commits viewable in compare view.

Updated Microsoft.ApplicationInsights.Profiler.AspNetCore from 3.0.1 to 3.0.2.

Updated Microsoft.AspNetCore.Authentication.OpenIdConnect from 9.0.13 to 9.0.15.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.OpenIdConnect's releases.

9.0.15

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.14...v9.0.15

9.0.14

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.13...v9.0.14

Commits viewable in compare view.

Updated Microsoft.AspNetCore.DataProtection.EntityFrameworkCore from 9.0.13 to 9.0.15.

Release notes

Sourced from Microsoft.AspNetCore.DataProtection.EntityFrameworkCore's releases.

9.0.15

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.14...v9.0.15

9.0.14

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.13...v9.0.14

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Identity.EntityFrameworkCore from 9.0.13 to 9.0.15.

Release notes

Sourced from Microsoft.AspNetCore.Identity.EntityFrameworkCore's releases.

9.0.15

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.14...v9.0.15

9.0.14

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.13...v9.0.14

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Identity.UI from 9.0.13 to 9.0.15.

Release notes

Sourced from Microsoft.AspNetCore.Identity.UI's releases.

9.0.15

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.14...v9.0.15

9.0.14

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.13...v9.0.14

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation from 9.0.13 to 9.0.15.

Release notes

Sourced from Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation's releases.

9.0.15

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.14...v9.0.15

9.0.14

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.13...v9.0.14

Commits viewable in compare view.

Updated Microsoft.Data.SqlClient from 6.1.4 to 7.0.0.

Release notes

Sourced from Microsoft.Data.SqlClient's releases.

7.0.0

This is the general availability release of Microsoft.Data.SqlClient 7.0, a major milestone for the .NET data provider for SQL Server. This release addresses the most upvoted issue in the repository's history — extracting Azure dependencies from the core package — introduces pluggable SSPI authentication, adds enhanced routing for Azure SQL Hyperscale, and delivers async read performance improvements.

Also released as part of this milestone:

  • Released Microsoft.Data.SqlClient.Extensions.Abstractions 1.0.0. See release notes.
  • Released Microsoft.Data.SqlClient.Extensions.Azure 1.0.0. See release notes.
  • Released Microsoft.Data.SqlClient.Internal.Logging 1.0.0. See release notes.
  • Released Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider 7.0.0. See release notes.

Changes Since 7.0.0-preview4

Added

  • Added actionable error message when Entra ID authentication methods are used without the Microsoft.Data.SqlClient.Extensions.Azure package installed, guiding users to install the correct package. (#​3962, #​4046)
  • Added Azure authentication sample application. (#​3988)

Changed

Other changes

  • Renamed the Microsoft.Data.SqlClient.Extensions.Logging package to Microsoft.Data.SqlClient.Internal.Logging to indicate it is for internal use only and should not be referenced directly by application code. (#​4038)
  • Fixed non-localized exception strings. (#​4022)
  • Codebase merge and cleanup: (#​3997, #​4052)
  • Various test improvements: (#​3891, #​3996, #​4002, #​4034, #​4041, #​4044)
  • Documentation improvements (including Entra ID branding updates): (#​4021, #​4047, #​4049)
  • Updated Dependencies (#​4045):
    • Updated Azure.Core to v1.51.1
    • Updated Azure.Identity to v1.18.0
    • Updated Azure.Security.KeyVault.Keys to v4.9.0
    • Updated Microsoft.Extensions.Caching.Memory to v9.0.13 (.NET 9.0)
    • Updated Microsoft.IdentityModel.JsonWebTokens to v8.16.0
    • Updated Microsoft.IdentityModel.Protocols.OpenIdConnect to v8.16.0
    • Updated Microsoft.Bcl.Cryptography to v9.0.13 (.NET 9.0)
    • Updated System.Configuration.ConfigurationManager to v9.0.13 (.NET 9.0)
    • Updated System.Diagnostics.DiagnosticSource to v10.0.3
    • Updated System.Security.Cryptography.Pkcs to v9.0.13 (.NET 9.0)
    • Updated System.Text.Json to v10.0.3
    • Updated System.Threading.Channels to v10.0.3
    • Updated System.ValueTuple to v4.6.2

Cumulative Changes Since 6.1

This section summarizes all changes across the 7.0 preview cycle for users upgrading from the latest 6.1 stable release.

Changed

Azure Dependencies Removed from Core Package

What Changed:

  • The core Microsoft.Data.SqlClient package no longer depends on Azure.Core, Azure.Identity, or their transitive dependencies (e.g., Microsoft.Identity.Client, Microsoft.Web.WebView2). Azure Active Directory / Entra ID authentication functionality (ActiveDirectoryAuthenticationProvider and related types) has been extracted into a new Microsoft.Data.SqlClient.Extensions.Azure package. (#​1108, #​3680, #​3902, #​3904, #​3908, #​3917, #​3982, #​3978, #​3986)
    ... (truncated)

7.0.0-preview4

Changed

Azure Dependencies Removed from Core Package

What Changed:

  • The core Microsoft.Data.SqlClient package no longer depends on Azure.Core, Azure.Identity, or their transitive dependencies (e.g., Microsoft.Identity.Client, Microsoft.Web.WebView2). Azure Active Directory / Entra authentication functionality (ActiveDirectoryAuthenticationProvider and related types) has been extracted into a new Microsoft.Data.SqlClient.Extensions.Azure package that can be installed separately when needed. (#​1108, #​3680, #​3902, #​3904, #​3908, #​3917, #​3982, #​3978, #​3986)
  • To support this separation, two additional packages were introduced: Microsoft.Data.SqlClient.Extensions.Abstractions (shared types between the core driver and extensions) and Microsoft.Data.SqlClient.Extensions.Logging (shared ETW tracing infrastructure). (#​3626, #​3628, #​3967)

Who Benefits:

  • All users benefit from a significantly lighter core package. Previously, the Azure dependency chain pulled in numerous assemblies (including Azure.Core, Azure.Identity, Microsoft.Identity.Client, and Microsoft.Web.WebView2) even for applications that only needed basic SQL Server connectivity. This was the most upvoted open issue in the repository (#​1108).
  • Users who do not use Azure AD authentication no longer carry Azure-related assemblies in their build output, reducing deployment size and eliminating confusion about unexpected dependencies.
  • Users who do use Azure AD authentication can now manage Azure dependency versions independently from the core driver.

Impact:

  • Applications using Azure AD authentication (e.g., ActiveDirectoryPassword, ActiveDirectoryInteractive, ActiveDirectoryDefault, etc.) must now install the Microsoft.Data.SqlClient.Extensions.Azure NuGet package separately. No code changes are required beyond adding the package reference.

Added

Expose SSPI Context Provider as Public API

What Changed:

  • Added the SspiContextProvider abstract class and a public SspiContextProvider property on SqlConnection, allowing applications to supply a custom SSPI context provider for integrated authentication. This enables custom Kerberos ticket negotiation and NTLM username/password authentication scenarios that the driver does not natively support. (#​2253, #​2494)

Who Benefits:

  • Users authenticating across untrusted domains, non-domain-joined machines, or cross-platform environments where configuring integrated authentication on the client is difficult or impossible.
  • Users running in containers who need manual Kerberos negotiation without deploying sidecars or external ticket-refresh mechanisms.
  • Users who need NTLM username/password authentication to SQL Server, which the driver does not provide natively.

Impact:

  • Applications can set a custom SspiContextProvider on SqlConnection before opening the connection. The provider handles the authentication token exchange during integrated authentication. This is an additive API — existing authentication behavior is unchanged when no custom provider is set. See SspiContextProvider_CustomProvider.cs for a sample implementation.
  • Note: The SspiContextProvider is a part of the connection pool key. Care should be taken when using this property to ensure the implementation returns a stable identity per resource.

Expose Default Transient Error List

What Changed:

  • Exposed the default transient error codes list via the new SqlConfigurableRetryFactory.BaselineTransientErrors static property (returns a ReadOnlyCollection<int>), making it easier to extend the set of transient errors without copy-pasting from the repository source. (#​3903)

Who Benefits:

  • Developers implementing custom retry logic who want to extend the built-in transient error list rather than replacing it.

Impact:

... (truncated)

7.0.0-preview3

Preview Release 7.0.0-preview3.25342.7 - December 8, 2025

Added

Support for .NET 10

What Changed:

  • Updated pipelines and test suites to compile the driver using the .NET 10 SDK. Cleaned up unnecessary dependency references.
    (#​3686)

Who Benefits:

  • Developers targeting .NET 10.

Impact:

  • Addressed .NET 10 warnings regarding unused/unnecessary dependencies.

Enable SqlClientDiagnosticListener in SqlCommand on .NET Framework

What Changed:

  • Enabled SqlClientDiagnosticListener functionality on SqlCommand for .NET Framework.
    (#​3658)

Who Benefits:

  • Developers requiring diagnostic information on .NET Framework.

Impact:

  • Improved observability and diagnostics for SqlCommand on .NET Framework.

Enable User Agent Extension

What Changed:

  • Enabled User Agent Feature Extension.
    (#​3606)

Who Benefits:

  • Telemetry and diagnostics consumers.

Impact:

  • When the Switch.Microsoft.Data.SqlClient.EnableUserAgent app context switch is enabled, the driver sends more detailed user agent strings. This switch is disabled by default. This change will assist with troubleshooting and quantifying driver usage by version and operating system.

Fixed

... (truncated)

7.0.0-preview2

This update brings the following changes since the 7.0.0-preview1 release:

Bug Fixes

  • Fixed a debug assertion in connection pool (no impact to production code) (#​3587)
  • Prevent uninitialized performance counters escaping CreatePerformanceCounters (#​3623)
  • Fix SetProvider to return immediately if user-defined authentication provider found (#​3620)
  • Allow SqlBulkCopy to operate on hidden columns (#​3590)
  • Fix connection pool concurrency issue (#​3632)

Added

App Context Switch for Ignoring Server-Provided Failover Partner

What Changed:

  • A new app context switch Switch.Microsoft.Data.SqlClient.IgnoreServerProvidedFailoverPartner was introduced to let the client ignore server-provided failover partner info in Basic Availability Groups (BAGs). When the switch is enabled, only the failover partner specified in the connection string is used; server-supplied partner values are skipped. This context switch was introduced in PR #​3625.

Who Benefits:

  • Applications connecting to SQL Server BAGs using TCP and custom ports, especially where the server's provided partner name lacks the protocol, host, or port. This avoids connection failures when the server-provided partner is incompatible or incomplete.
  • Teams who manage availability groups and rely on client-side control of failover behavior in heterogeneous networking environments.

Impact:

  • If your environment might be affected (i.e., you operate a BAG with custom ports, or have experienced failures after failover), you can enable the new switch in your application:
AppContext.SetSwitch("Switch.Microsoft.Data.SqlClient.IgnoreServerProvidedFailoverPartner", true);
  • Then, ensure your connection string includes your preferred failover partner (with correct tcp:host,port) so that the client uses that instead of the server's suggestion.
  • Without enabling this, by default, the client continues to prefer the server-provided partner, maintaining backwards compatibility.

Other Additions

  • Add app context switch for enabling asynchronous multi-packet improvements (#​3605)

Changed

Deprecation of SqlAuthenticationMethod.ActiveDirectoryPassword

What Changed:

  • Username/Password authentication for Microsoft Entra (formerly Active Directory) has been deprecated. SqlAuthenticationMethod.ActiveDirectoryPassword is now marked as [Obsolete]. This change occurred in PR #​3671

Who benefits:

... (truncated)

7.0.0-preview1

Changes Since 6.1.0

This update brings the following changes since the 6.1.0 release:

Breaking Changes

  • Removed Constrained Execution Region error handling blocks and associated SqlConnection cleanup which may affect how potentially-broken connections are expunged from the pool. (#​3535)

Bug Fixes

  • Packet multiplexing disabled by default, and several bug fixes. (#​3534, #​3537)

Added

  • SqlColumnEncryptionCertificateStoreProvider now works on Windows, Linux, and macOS. (#​3014)

Changed

Changes Since 6.0.2

This update brings the following changes since the 6.0.2 release. Changes already noted above are omitted:

Additions

Added dedicated SQL Server vector datatype support

What Changed:

  • Optimized vector communications between MDS and SQL Server 2025, employing a custom binary format over the TDS protocol. (#​3433, #​3443)
  • Reduced processing load compared to existing JSON-based vector support.
  • Initial support for 32-bit single-precision floating point vectors.

Who Benefits:

  • Applications moving large vector data sets will see beneficial improvements to processing times and memory requirements.
  • Vector-specific APIs are ready to support future numeric representations with a consistent look-and-feel.

Impact:
... (truncated)

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.Design from 9.0.13 to 9.0.15.

Release notes

Sourced from Microsoft.EntityFrameworkCore.Design's releases.

9.0.15

Release

What's Changed

Full Changelog: dotnet/efcore@v9.0.14...v9.0.15

9.0.14

Release

What's Changed

Full Changelog: dotnet/efcore@v9.0.13...v9.0.14

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.SqlServer from 9.0.13 to 9.0.15.

Release notes

Sourced from Microsoft.EntityFrameworkCore.SqlServer's releases.

9.0.15

Release

What's Changed

Full Changelog: dotnet/efcore@v9.0.14...v9.0.15

9.0.14

Release

What's Changed

Full Changelog: dotnet/efcore@v9.0.13...v9.0.14

Commits viewable in compare view.

Updated Microsoft.Extensions.Caching.Memory from 10.0.3 to 10.0.6.

Release notes

Sourced from Microsoft.Extensions.Caching.Memory's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.NET.Test.Sdk from 18.0.1 to 18.4.0.

Release notes

Sourced from Microsoft.NET.Test.Sdk's releases.

18.4.0

What's Changed

New Contributors

Full Changelog: microsoft/vstest@v18.3.0...v18.4.0

18.3.0

What's Changed

Internal fixes and updates

New Contributors

Commits viewable in compare view.

Updated XtremeIdiots.Portal.Integrations.Servers.Api.Client.V1 from 2.1.138 to 2.1.153.

Release notes

Sourced from XtremeIdiots.Portal.Integrations.Servers.Api.Client.V1's releases.

2.1.153

Full Changelog: frasermolyneux/portal-servers-integration@v2.1.152...v2.1.153

2.1.152

Full Changelog: frasermolyneux/portal-servers-integration@v2.1.151...v2.1.152

2.1.151

Full Changelog: frasermolyneux/portal-servers-integration@v2.1.150...v2.1.151

2.1.150

Full Changelog: frasermolyneux/portal-servers-integration@v2.1.149...v2.1.150

2.1.149

Full Changelog: frasermolyneux/portal-servers-integration@v2.1.148...v2.1.149

2.1.148

Full Changelog: frasermolyneux/portal-servers-integration@v2.1.147...v2.1.148

2.1.147

Full Changelog: frasermolyneux/portal-servers-integration@v2.1.146...v2.1.147

2.1.146

What's Changed

Full Changelog: frasermolyneux/portal-servers-integration@v2.1.144...v2.1.146

2.1.144

Full Changelog: frasermolyneux/portal-servers-integration@v2.1.143...v2.1.144

2.1.143

Full Changelog: frasermolyneux/portal-servers-integration@v2.1.142...v2.1.143

2.1.142

Full Changelog: frasermolyneux/portal-servers-integration@v2.1.141...v2.1.142

2.1.141

Full Changelog: frasermolyneux/portal-servers-integration@v2.1.140...v2.1.141

2.1.140

Full Changelog: frasermolyneux/portal-servers-integration@v2.1.139...v2.1.140

2.1.139

Full Changelog: frasermolyneux/portal-servers-integration@v2.1.138...v2.1.139

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump Azure.Identity and 14 others
0458c48 
Bumps Azure.Identity from 1.17.1 to 1.21.0
Bumps coverlet.collector from 8.0.0 to 10.0.0
Bumps Microsoft.ApplicationInsights.AspNetCore from 2.23.0 to 3.1.0
Bumps Microsoft.ApplicationInsights.Profiler.AspNetCore from 3.0.1 to 3.0.2
Bumps Microsoft.AspNetCore.Authentication.OpenIdConnect from 9.0.13 to 9.0.15
Bumps Microsoft.AspNetCore.DataProtection.EntityFrameworkCore from 9.0.13 to 9.0.15
Bumps Microsoft.AspNetCore.Identity.EntityFrameworkCore from 9.0.13 to 9.0.15
Bumps Microsoft.AspNetCore.Identity.UI from 9.0.13 to 9.0.15
Bumps Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation from 9.0.13 to 9.0.15
Bumps Microsoft.Data.SqlClient from 6.1.4 to 7.0.0
Bumps Microsoft.EntityFrameworkCore.Design from 9.0.13 to 9.0.15
Bumps Microsoft.EntityFrameworkCore.SqlServer from 9.0.13 to 9.0.15
Bumps Microsoft.Extensions.Caching.Memory from 10.0.3 to 10.0.6
Bumps Microsoft.NET.Test.Sdk from 18.0.1 to 18.4.0
Bumps XtremeIdiots.Portal.Integrations.Servers.Api.Client.V1 from 2.1.138 to 2.1.153

---
updated-dependencies:
- dependency-name: Azure.Identity
  dependency-version: 1.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget
- dependency-name: Microsoft.Extensions.Caching.Memory
  dependency-version: 10.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget
- dependency-name: Azure.Identity
  dependency-version: 1.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget
- dependency-name: Microsoft.ApplicationInsights.AspNetCore
  dependency-version: 3.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: nuget
- dependency-name: Microsoft.ApplicationInsights.Profiler.AspNetCore
  dependency-version: 3.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget
- dependency-name: Microsoft.AspNetCore.Authentication.OpenIdConnect
  dependency-version: 9.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget
- dependency-name: Microsoft.AspNetCore.DataProtection.EntityFrameworkCore
  dependency-version: 9.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget
- dependency-name: Microsoft.AspNetCore.Identity.EntityFrameworkCore
  dependency-version: 9.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget
- dependency-name: Microsoft.AspNetCore.Identity.UI
  dependency-version: 9.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget
- dependency-name: Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation
  dependency-version: 9.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget
- dependency-name: Microsoft.Data.SqlClient
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: nuget
- dependency-name: Microsoft.EntityFrameworkCore.Design
  dependency-version: 9.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget
- dependency-name: Microsoft.EntityFrameworkCore.SqlServer
  dependency-version: 9.0.15
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget
- dependency-name: Microsoft.Extensions.Caching.Memory
  dependency-version: 10.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget
- dependency-name: XtremeIdiots.Portal.Integrations.Servers.Api.Client.V1
  dependency-version: 2.1.153
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget
- dependency-name: coverlet.collector
  dependency-version: 10.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: nuget
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-version: 18.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Apr 19, 2026
@github-actions github-actions bot enabled auto-merge (squash) April 19, 2026 03:12
@github-actions
Copy link
Copy Markdown
Contributor

github-actions bot commented Apr 19, 2026

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 17 package(s) with unknown licenses.
See the Details below.

License Issues

src/XtremeIdiots.Portal.Integrations.Forums/XtremeIdiots.Portal.Integrations.Forums.csproj

PackageVersionLicenseIssue Type
Azure.Identity1.21.0NullUnknown License
Microsoft.Extensions.Caching.Memory10.0.6NullUnknown License

src/XtremeIdiots.Portal.Web.Tests/XtremeIdiots.Portal.Web.Tests.csproj

PackageVersionLicenseIssue Type
Microsoft.NET.Test.Sdk18.4.0NullUnknown License
coverlet.collector10.0.0NullUnknown License

src/XtremeIdiots.Portal.Web/XtremeIdiots.Portal.Web.csproj

PackageVersionLicenseIssue Type
Azure.Identity1.21.0NullUnknown License
Microsoft.ApplicationInsights.AspNetCore3.1.0NullUnknown License
Microsoft.ApplicationInsights.Profiler.AspNetCore3.0.2NullUnknown License
Microsoft.AspNetCore.Authentication.OpenIdConnect9.0.15NullUnknown License
Microsoft.AspNetCore.DataProtection.EntityFrameworkCore9.0.15NullUnknown License
Microsoft.AspNetCore.Identity.EntityFrameworkCore9.0.15NullUnknown License
Microsoft.AspNetCore.Identity.UI9.0.15NullUnknown License
Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation9.0.15NullUnknown License
Microsoft.Data.SqlClient7.0.0NullUnknown License
Microsoft.EntityFrameworkCore.Design9.0.15NullUnknown License
Microsoft.EntityFrameworkCore.SqlServer9.0.15NullUnknown License
Microsoft.Extensions.Caching.Memory10.0.6NullUnknown License
XtremeIdiots.Portal.Integrations.Servers.Api.Client.V12.1.153NullUnknown License

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
nuget/Azure.Identity 1.21.0 UnknownUnknown
nuget/Microsoft.Extensions.Caching.Memory 10.0.6 UnknownUnknown
nuget/Microsoft.NET.Test.Sdk 18.4.0 🟢 5.1
Details
CheckScoreReason
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 8Found 22/25 approved changesets -- score normalized to 8
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Maintained🟢 1030 commit(s) and 24 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts⚠️ 0binaries present in source code
License🟢 10license file detected
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
Signed-Releases⚠️ -1no releases found
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 2branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
nuget/coverlet.collector 10.0.0 🟢 5
Details
CheckScoreReason
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 0Found 0/21 approved changesets -- score normalized to 0
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Binary-Artifacts🟢 7binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
SAST🟢 9SAST tool detected but not run on all commits
nuget/Azure.Identity 1.21.0 UnknownUnknown
nuget/Microsoft.ApplicationInsights.AspNetCore 3.1.0 UnknownUnknown
nuget/Microsoft.ApplicationInsights.Profiler.AspNetCore 3.0.2 UnknownUnknown
nuget/Microsoft.AspNetCore.Authentication.OpenIdConnect 9.0.15 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 7Found 14/20 approved changesets -- score normalized to 7
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 9binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
nuget/Microsoft.AspNetCore.DataProtection.EntityFrameworkCore 9.0.15 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 7Found 14/20 approved changesets -- score normalized to 7
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 9binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
nuget/Microsoft.AspNetCore.Identity.EntityFrameworkCore 9.0.15 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 7Found 14/20 approved changesets -- score normalized to 7
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 9binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
nuget/Microsoft.AspNetCore.Identity.UI 9.0.15 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 7Found 14/20 approved changesets -- score normalized to 7
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 9binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
nuget/Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation 9.0.15 🟢 6.2
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Code-Review🟢 7Found 14/20 approved changesets -- score normalized to 7
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Binary-Artifacts🟢 9binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
nuget/Microsoft.Data.SqlClient 7.0.0 UnknownUnknown
nuget/Microsoft.EntityFrameworkCore.Design 9.0.15 🟢 5.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
nuget/Microsoft.EntityFrameworkCore.SqlServer 9.0.15 🟢 5.9
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Binary-Artifacts🟢 10no binaries found in the repo
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Branch-Protection🟢 4branch protection is not maximal on development and all release branches
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
nuget/Microsoft.Extensions.Caching.Memory 10.0.6 UnknownUnknown
nuget/XtremeIdiots.Portal.Integrations.Servers.Api.Client.V1 2.1.153 UnknownUnknown

Scanned Files

  • src/XtremeIdiots.Portal.Integrations.Forums/XtremeIdiots.Portal.Integrations.Forums.csproj
  • src/XtremeIdiots.Portal.Web.Tests/XtremeIdiots.Portal.Web.Tests.csproj
  • src/XtremeIdiots.Portal.Web/XtremeIdiots.Portal.Web.csproj

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Apr 19, 2026

Superseded by #148.

@dependabot dependabot bot closed this Apr 19, 2026
auto-merge was automatically disabled April 19, 2026 03:12

Pull request was closed

@dependabot dependabot bot deleted the dependabot/nuget/src/XtremeIdiots.Portal.Integrations.Forums/nuget-911ecb513d branch April 19, 2026 03:12
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@frasermolyneux frasermolyneux

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@frasermolyneux