Skip to content

Bump the dotnet group with 19 updates#34

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/dotnet-25cd2910ce
Open

Bump the dotnet group with 19 updates#34
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/dotnet-25cd2910ce

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Jun 3, 2026
edited
Loading

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

Updated coverlet.collector from 6.0.4 to 10.0.1.

Release notes

Sourced from coverlet.collector's releases.

10.0.1

Improvements

Fixed

  • Fix inconsistent paths in cobertura reports #​1723
  • Fix when using "is" with "and" in pattern matching, branch coverage is lower than normal #​1313
  • Fix Coverlet flagging a branch for an async functions finally block where none exists #​1337
  • Fix Coverlet Tracker Missing CompilerGeneratedAttribute #​1828

Maintenance

  • Add architecture docs and diagrams for all integrations #​1927
  • Update NuGet packages and .NET SDK versions #​1933

Diff between 10.0.0 and 10.0.1

10.0.0

Improvements

  • Unique Report Filenames (coverlet.MTP and AzDO) #​1866
  • Add --coverlet-file-prefix option for unique report files #​1869
  • Introduce .NET 10 support #​1823

Fixed

  • Fix [BUG] Wrong branch rate on IAsyncEnumerable for generic type #​1836
  • Fix [BUG] Missing Coverage after moving to MTP #​1843
  • Fix [BUG] No coverage reported when targeting .NET Framework with 8.0.1 #​1842
  • Fix [BUG] Behavior changes between MTP and Legacy (msbuild) #​1878
  • Fix [BUG] Coverlet.MTP - Unable to load coverlet.mtp.appsettings.json #​1880
  • Fix [BUG] Coverlet.Collector produces empty report when Mediator.SourceGenerator is referenced #​1718 by https://github.com/yusyd
  • Fix [BUG] Crash during instrumentation (Methods using LibraryImport/DllImport have no body) #​1762

Maintenance

  • Add comprehensive async method tests and documentation for issue #​1864
  • Replace Tmds.ExecFunction Package in coverlet.core.coverage.tests #​1833
  • Add net9.0 and net10.0 targets #​1822

Diff between 8.0.1 and 10.0.0

8.0.1

Fixed

  • Fix [BUG] TypeInitializationException when targeting .NET Framework #​1818
  • Fix [BUG] coverlet.MTP build fails with CS0400 due to developmentDependency=true #​1827

Improvements

  • Additional improvements needed for .NET Framework instrumentation type import #​1825

Diff between 8.0.0 and 8.0.1

8.0.0

Special Thanks: A huge thank you to @​Bertk for driving the majority of the work in this release! 🎉

Fixed

Improvements

  • Coverlet MTP extension feature #​1788
  • Generate SBOM for nuget packages #​1752
  • Use multi targets projects for coverlet.collector, coverlet.msbuild.tasks packages #​1742
  • Use .NET 8.0 target framework for coverlet.core and remove Newtonsoft.Json #​1733
  • Use latest System.CommandLine version #​1660
  • Upgraded minimum required .NET SDK and runtime to .NET 8.0 LTS (Long Term Support) (Breaking Change)
  • Use xunit.v3 for tests and example code

Diff between 6.0.4 and 8.0.0

Commits viewable in compare view.

Updated FluentAssertions from 7.2.0 to 8.10.0.

Release notes

Sourced from FluentAssertions's releases.

8.10.0

What's Changed

Improvements

Documentation

Others

Full Changelog: fluentassertions/fluentassertions@8.9.0...8.10.0

8.9.0

[!WARNING]
For projects targeting .NET 9, you need at least .NET SDK 9.0.200 as earlier versions will trigger compile errors because of invalid overload resolution. See #​3225

What's Changed

New features

Improvements

Fixes

Documentation

Others

8.8.0

What's Changed

New features

Improvements

Documentation

Others

Full Changelog: fluentassertions/fluentassertions@8.7.1...8.8.0

8.7.1

What's Changed

Others

Full Changelog: fluentassertions/fluentassertions@8.7.0...8.7.1

8.7.0

What's Changed

New features

Others

Full Changelog: fluentassertions/fluentassertions@8.6.0...8.7.0

8.6.0

What's Changed

Improvements

Others

New Contributors

Full Changelog: fluentassertions/fluentassertions@8.5.0...8.6.0

8.5.0

What's Changed

New features

Fixes

Others

Full Changelog: fluentassertions/fluentassertions@8.4.0...8.5.0

8.4.0

What's Changed

Improvements

Others

New Contributors

Full Changelog: fluentassertions/fluentassertions@8.3.0...8.4.0

8.3.0

What's Changed

Improvements

Others

Full Changelog: fluentassertions/fluentassertions@8.2.0...8.3.0

8.2.0

What's Changed

Improvements

Fixes

Others

Full Changelog: fluentassertions/fluentassertions@8.1.1...8.2.0

8.1.1

What's Changed

Fixes

Full Changelog: fluentassertions/fluentassertions@8.1.0...8.1.1

8.1.0

What's Changed

Improvements

Fixes

Documentation

Others

New Contributors

Full Changelog: fluentassertions/fluentassertions@8.0.1...8.1.0

8.0.1

What's Changed

Improvements

Others

Full Changelog: fluentassertions/fluentassertions@8.0.0...8.0.1

8.0.0

What's Changed

License change

Breaking Changes

New features

Improvements

8.0.0-rc.2

What's Changed

Fixes

Others

Full Changelog: fluentassertions/fluentassertions@8.0.0-rc.1...8.0.0-rc.2

8.0.0-rc.1

What's Changed

Breaking Changes

Fixes

Documentation

Others

8.0.0-alpha.1

What's Changed

Others

Full Changelog: fluentassertions/fluentassertions@7.0.0-alpha.6...8.0.0-alpha.1

7.2.2

What's Changed

Fixes

Building

Full Changelog: fluentassertions/fluentassertions@7.2.1...7.2.2

7.2.1

What's Changed

Fixes

Full Changelog: fluentassertions/fluentassertions@7.2.0...7.2.1

Commits viewable in compare view.

Updated FluentValidation from 12.0.0 to 12.1.1.

Release notes

Sourced from FluentValidation's releases.

12.1.0

Release notes

Please read the upgrade guide if you are moving from 11.x to 12.x

Changes in 12.1.0

  • Add Tamil language (#​2334)
  • Add Telugu language (#​2333)
  • Fixes to Japanese translations (#​2340)

Changes in 12.0.0

  • Drops support for netstandard2.0, netstandard2.1, .net 5, .net 6 and .net 7. Minimum supported platform is now .net 8.
  • Add support for dependent rules for custom rules (#​2170)
  • Removes deprecated DI extensions
  • Removes deprecated transform methods (#​2027)
  • Remove the ability to disable the root-model null check (#​2069)
  • Use Zomp.SyncMethodGenerator to clean up internal sync/async code paths and increase performance (#​2136)
  • Add Serbian (Cyrillic) language; rename existing Serbian to Serbian (Latin) (#​2283)

Downloads

Binaries can be downloaded from nuget:

Commits viewable in compare view.

Updated FluentValidation.DependencyInjectionExtensions from 12.0.0 to 12.1.1.

Release notes

Sourced from FluentValidation.DependencyInjectionExtensions's releases.

12.1.0

Release notes

Please read the upgrade guide if you are moving from 11.x to 12.x

Changes in 12.1.0

  • Add Tamil language (#​2334)
  • Add Telugu language (#​2333)
  • Fixes to Japanese translations (#​2340)

Changes in 12.0.0

  • Drops support for netstandard2.0, netstandard2.1, .net 5, .net 6 and .net 7. Minimum supported platform is now .net 8.
  • Add support for dependent rules for custom rules (#​2170)
  • Removes deprecated DI extensions
  • Removes deprecated transform methods (#​2027)
  • Remove the ability to disable the root-model null check (#​2069)
  • Use Zomp.SyncMethodGenerator to clean up internal sync/async code paths and increase performance (#​2136)
  • Add Serbian (Cyrillic) language; rename existing Serbian to Serbian (Latin) (#​2283)

Downloads

Binaries can be downloaded from nuget:

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Authentication.Google from 10.0.0 to 10.0.8.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.Google's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.0 to 10.0.8.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.OpenApi from 10.0.0 to 10.0.8.

Release notes

Sourced from Microsoft.AspNetCore.OpenApi's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore from 10.0.0 to 10.0.8.

Release notes

Sourced from Microsoft.EntityFrameworkCore's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.Relational from 10.0.0 to 10.0.4.

Release notes

Sourced from Microsoft.EntityFrameworkCore.Relational's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.DependencyInjection.Abstractions from 10.0.0 to 10.0.8.

Release notes

Sourced from Microsoft.Extensions.DependencyInjection.Abstractions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Hosting.Abstractions from 10.0.3 to 10.0.8.

Release notes

Sourced from Microsoft.Extensions.Hosting.Abstractions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.IdentityModel.JsonWebTokens from 8.14.0 to 8.19.0.

Release notes

Sourced from Microsoft.IdentityModel.JsonWebTokens's releases.

8.19.0

New Features

  • Add ML-DSA (FIPS 204) post-quantum signature support. See PR #​3479.
  • Cache custom crypto providers in CryptoProviderFactory. See PR #​3489.

Bug Fixes

  • Disable automatic redirects on default HttpClient for JKU retrieval. See PR #​3494.
  • Adjust rented buffer handling in claim set parsing. See PR #​3493.
  • Tidy null handling in SAML conditions validation. See PR #​3491.
  • Improve validation of jku claim. See PR #​3481.
  • Limit telemetry algorithm dimension cardinality. See PR #​3490.
  • Add defensive copy of collections in ValidationParameters. See PR #​3492.
  • Update TokenValidationParameter copy constructor to make a deep copy. See PR #​3488.
  • Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #​3505.
  • Apply RFC 3986 section 6.2.2 normalization to DPoP htu comparison. See PR #​3509.

8.18.0

New Features

  • Introduced a new interface IConfigurationEventHandlerContextAware<T> that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See PR #​3444.
  • Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See PR #​3443.

8.17.0

Dependencies

  • Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See PR #​3435.

8.16.0

New Features

  • Add telemetry around signature validation. See PR #​3415 for details.

Fundamentals

  • Fix FileVersion format to use two-digit year and day of year. See PR #​3389 for details.

8.15.0

New Features

  • Add ECDsa support in X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey
    Extended X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey to support ECDSA keys.
    See PR #​2377 for details.

Bug Fixes

  • Sanitize logs to avoid leaking sensitive data
    Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.
    See PR #​3316 for details.
  • Optimize log sanitization with SearchValues
    Improved the performance of the log sanitization logic introduced earlier by using SearchValues, making sanitization more efficient in high-throughput scenarios.
    See PR #​3341 for details.
  • Update test for IDX10400
    Adjusted the IDX10400 test to align with the current behavior and error messaging.
    See PR #​3314 for details.

Fundamentals

  • Add supported algorithm tests
    Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.
    See PR #​3296 for details.
  • Migrate repository agent rules from .clinerules to agents.md
    Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.
    See PR #​3313 for details.
  • Migrate Microsoft.IdentityModel.TestExtensions from Newtonsoft.Json to System.Text.Json
    Updated Microsoft.IdentityModel.TestExtensions to use System.Text.Json instead of Newtonsoft.Json, aligning tests with the runtime serialization stack.
    See PR #​3356 for details.
  • Disable code coverage comments
    Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.
    See PR #​3349 for details.
  • Fix CodeQL alerts
    Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.
    See PR #​3364 for details.

.NET 10 / SDK and tooling updates

  • Building with .NET 10 preview / RC 1
    Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.
    See PRs #​3287, #​3357, and #​3358 for details.
  • Fix .NET 10 test execution consistency
    Ensured consistent use of the TargetNetNext parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.
    See PR #​3337 for details.
  • Update project files and workflows for .NET 10.0 compatibility
    Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.
    See PR #​3363 for details.
  • Update .NET version to meet CG compliance
    Updated the .NET version references to be compliant with corporate governance (CG) requirements.
    See PR #​3353 for details.
  • Update Coverlet collector and test SDK
    • Bumped CoverletCollectorVersion to 6.0.4.
      See PR #​3333 for details.
    • Upgraded Microsoft.NET.Test.Sdk to a newer version for improved test reliability and tooling support.
      ... (truncated)

Commits viewable in compare view.

Updated Microsoft.IdentityModel.Tokens from 8.14.0 to 8.19.0.

Release notes

Sourced from Microsoft.IdentityModel.Tokens's releases.

8.19.0

New Features

  • Add ML-DSA (FIPS 204) post-quantum signature support. See PR #​3479.
  • Cache custom crypto providers in CryptoProviderFactory. See PR #​3489.

Bug Fixes

  • Disable automatic redirects on default HttpClient for JKU retrieval. See PR #​3494.
  • Adjust rented buffer handling in claim set parsing. See PR #​3493.
  • Tidy null handling in SAML conditions validation. See PR #​3491.
  • Improve validation of jku claim. See PR #​3481.
  • Limit telemetry algorithm dimension cardinality. See PR #​3490.
  • Add defensive copy of collections in ValidationParameters. See PR #​3492.
  • Update TokenValidationParameter copy constructor to make a deep copy. See PR #​3488.
  • Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #​3505.
  • Apply RFC 3986 section 6.2.2 normalization to DPoP htu comparison. See PR #​3509.

8.18.0

New Features

  • Introduced a new interface IConfigurationEventHandlerContextAware<T> that provides context to the configuration event handler implementation, allowing it to optionally bypass a cache lookup. See PR #​3444.
  • Added Microsoft.IdentityModel.Dpop — a new package implementing DPoP (Demonstrating Proof-of-Possession) per RFC 9449. Provides both client-side and server-side proof validation with no System.Net.Http dependency. See PR #​3443.

8.17.0

Dependencies

  • Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See PR #​3435.

8.16.0

New Features

  • Add telemetry around signature validation. See PR #​3415 for details.

Fundamentals

  • Fix FileVersion format to use two-digit year and day of year. See PR #​3389 for details.

8.15.0

New Features

  • Add ECDsa support in X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey
    Extended X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey to support ECDSA keys.
    See PR #​2377 for details.

Bug Fixes

  • Sanitize logs to avoid leaking sensitive data
    Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.
    See PR #​3316 for details.
  • Optimize log sanitization with SearchValues
    Improved the performance of the log sanitization logic introduced earlier by using SearchValues, making sanitization more efficient in high-throughput scenarios.
    See PR #​3341 for details.
  • Update test for IDX10400
    Adjusted the IDX10400 test to align with the current behavior and error messaging.
    See PR #​3314 for details.

Fundamentals

  • Add supported algorithm tests
    Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.
    See PR #​3296 for details.
  • Migrate repository agent rules from .clinerules to agents.md
    Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.
    See PR #​3313 for details.
  • Migrate Microsoft.IdentityModel.TestExtensions from Newtonsoft.Json to System.Text.Json
    Updated Microsoft.IdentityModel.TestExtensions to use System.Text.Json instead of Newtonsoft.Json, aligning tests with the runtime serialization stack.
    See PR #​3356 for details.
  • **Disable code coverage co....

Description has been truncated

@dependabot
Bump the dotnet group with 19 updates
a0203a5 
Bumps coverlet.collector from 6.0.4 to 10.0.1
Bumps FluentAssertions from 7.2.0 to 8.10.0
Bumps FluentValidation from 12.0.0 to 12.1.1
Bumps FluentValidation.DependencyInjectionExtensions from 12.0.0 to 12.1.1
Bumps Microsoft.AspNetCore.Authentication.Google from 10.0.0 to 10.0.8
Bumps Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.0 to 10.0.8
Bumps Microsoft.AspNetCore.OpenApi from 10.0.0 to 10.0.8
Bumps Microsoft.EntityFrameworkCore from 10.0.0 to 10.0.8
Bumps Microsoft.EntityFrameworkCore.Relational from 10.0.0 to 10.0.4
Bumps Microsoft.Extensions.DependencyInjection.Abstractions from 10.0.0 to 10.0.8
Bumps Microsoft.Extensions.Hosting.Abstractions from 10.0.3 to 10.0.8
Bumps Microsoft.IdentityModel.JsonWebTokens from 8.14.0 to 8.19.0
Bumps Microsoft.IdentityModel.Tokens from 8.14.0 to 8.19.0
Bumps Microsoft.NET.Test.Sdk from 17.14.1 to 18.6.0
Bumps Npgsql.EntityFrameworkCore.PostgreSQL from 10.0.0 to 10.0.2
Bumps Scalar.AspNetCore from 2.10.0 to 2.14.14
Bumps StackExchange.Redis from 2.9.25 to 2.13.17
Bumps Testcontainers.PostgreSql from 4.7.0 to 4.12.0
Bumps xunit.runner.visualstudio from 3.1.4 to 3.1.5

---
updated-dependencies:
- dependency-name: coverlet.collector
  dependency-version: 10.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet
- dependency-name: FluentAssertions
  dependency-version: 8.10.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet
- dependency-name: FluentValidation
  dependency-version: 12.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
- dependency-name: FluentValidation.DependencyInjectionExtensions
  dependency-version: 12.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
- dependency-name: Microsoft.AspNetCore.Authentication.Google
  dependency-version: 10.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
- dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer
  dependency-version: 10.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
- dependency-name: Microsoft.AspNetCore.OpenApi
  dependency-version: 10.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
- dependency-name: Microsoft.EntityFrameworkCore
  dependency-version: 10.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
- dependency-name: Microsoft.Extensions.DependencyInjection.Abstractions
  dependency-version: 10.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
- dependency-name: Microsoft.Extensions.Hosting.Abstractions
  dependency-version: 10.0.8
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
- dependency-name: Microsoft.IdentityModel.JsonWebTokens
  dependency-version: 8.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
- dependency-name: Microsoft.IdentityModel.Tokens
  dependency-version: 8.19.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-version: 18.6.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet
- dependency-name: Microsoft.EntityFrameworkCore.Relational
  dependency-version: 10.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
- dependency-name: Npgsql.EntityFrameworkCore.PostgreSQL
  dependency-version: 10.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
- dependency-name: Scalar.AspNetCore
  dependency-version: 2.14.14
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
- dependency-name: StackExchange.Redis
  dependency-version: 2.13.17
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
- dependency-name: Testcontainers.PostgreSql
  dependency-version: 4.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
- dependency-name: xunit.runner.visualstudio
  dependency-version: 3.1.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Jun 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants