Skip to content

Bump the nuget-dependencies group with 5 updates#302

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/src/WebApiBolierplate/API/nuget-dependencies-3057bb3ecc
Open

Bump the nuget-dependencies group with 5 updates#302
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/src/WebApiBolierplate/API/nuget-dependencies-3057bb3ecc

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026

Updated BCrypt.Net-Next from 4.0.3 to 4.1.0.

Release notes

Sourced from BCrypt.Net-Next's releases.

4.1.0

What's Changed

New Contributors

Full Changelog: BcryptNet/bcrypt.net@4.0.3...v4.1.0

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.20 to 8.0.25.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

8.0.25

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.24...v8.0.25

8.0.24

Release

8.0.23

Release

What's Changed

https://devblogs.microsoft.com/dotnet/dotnet-and-dotnet-framework-january-2026-servicing-updates/#release-changelogs

8.0.22

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.21...v8.0.22

8.0.21

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.20...v8.0.21

Commits viewable in compare view.

Updated Microsoft.Data.SqlClient from 6.1.3 to 7.0.0.

Release notes

Sourced from Microsoft.Data.SqlClient's releases.

7.0.0

This is the general availability release of Microsoft.Data.SqlClient 7.0, a major milestone for the .NET data provider for SQL Server. This release addresses the most upvoted issue in the repository's history — extracting Azure dependencies from the core package — introduces pluggable SSPI authentication, adds enhanced routing for Azure SQL Hyperscale, and delivers async read performance improvements.

Also released as part of this milestone:

  • Released Microsoft.Data.SqlClient.Extensions.Abstractions 1.0.0. See release notes.
  • Released Microsoft.Data.SqlClient.Extensions.Azure 1.0.0. See release notes.
  • Released Microsoft.Data.SqlClient.Internal.Logging 1.0.0. See release notes.
  • Released Microsoft.Data.SqlClient.AlwaysEncrypted.AzureKeyVaultProvider 7.0.0. See release notes.

Changes Since 7.0.0-preview4

Added

  • Added actionable error message when Entra ID authentication methods are used without the Microsoft.Data.SqlClient.Extensions.Azure package installed, guiding users to install the correct package. (#​3962, #​4046)
  • Added Azure authentication sample application. (#​3988)

Changed

Other changes

  • Renamed the Microsoft.Data.SqlClient.Extensions.Logging package to Microsoft.Data.SqlClient.Internal.Logging to indicate it is for internal use only and should not be referenced directly by application code. (#​4038)
  • Fixed non-localized exception strings. (#​4022)
  • Codebase merge and cleanup: (#​3997, #​4052)
  • Various test improvements: (#​3891, #​3996, #​4002, #​4034, #​4041, #​4044)
  • Documentation improvements (including Entra ID branding updates): (#​4021, #​4047, #​4049)
  • Updated Dependencies (#​4045):
    • Updated Azure.Core to v1.51.1
    • Updated Azure.Identity to v1.18.0
    • Updated Azure.Security.KeyVault.Keys to v4.9.0
    • Updated Microsoft.Extensions.Caching.Memory to v9.0.13 (.NET 9.0)
    • Updated Microsoft.IdentityModel.JsonWebTokens to v8.16.0
    • Updated Microsoft.IdentityModel.Protocols.OpenIdConnect to v8.16.0
    • Updated Microsoft.Bcl.Cryptography to v9.0.13 (.NET 9.0)
    • Updated System.Configuration.ConfigurationManager to v9.0.13 (.NET 9.0)
    • Updated System.Diagnostics.DiagnosticSource to v10.0.3
    • Updated System.Security.Cryptography.Pkcs to v9.0.13 (.NET 9.0)
    • Updated System.Text.Json to v10.0.3
    • Updated System.Threading.Channels to v10.0.3
    • Updated System.ValueTuple to v4.6.2

Cumulative Changes Since 6.1

This section summarizes all changes across the 7.0 preview cycle for users upgrading from the latest 6.1 stable release.

Changed

Azure Dependencies Removed from Core Package

What Changed:

  • The core Microsoft.Data.SqlClient package no longer depends on Azure.Core, Azure.Identity, or their transitive dependencies (e.g., Microsoft.Identity.Client, Microsoft.Web.WebView2). Azure Active Directory / Entra ID authentication functionality (ActiveDirectoryAuthenticationProvider and related types) has been extracted into a new Microsoft.Data.SqlClient.Extensions.Azure package. (#​1108, #​3680, #​3902, #​3904, #​3908, #​3917, #​3982, #​3978, #​3986)
    ... (truncated)

7.0.0-preview4

Changed

Azure Dependencies Removed from Core Package

What Changed:

  • The core Microsoft.Data.SqlClient package no longer depends on Azure.Core, Azure.Identity, or their transitive dependencies (e.g., Microsoft.Identity.Client, Microsoft.Web.WebView2). Azure Active Directory / Entra authentication functionality (ActiveDirectoryAuthenticationProvider and related types) has been extracted into a new Microsoft.Data.SqlClient.Extensions.Azure package that can be installed separately when needed. (#​1108, #​3680, #​3902, #​3904, #​3908, #​3917, #​3982, #​3978, #​3986)
  • To support this separation, two additional packages were introduced: Microsoft.Data.SqlClient.Extensions.Abstractions (shared types between the core driver and extensions) and Microsoft.Data.SqlClient.Extensions.Logging (shared ETW tracing infrastructure). (#​3626, #​3628, #​3967)

Who Benefits:

  • All users benefit from a significantly lighter core package. Previously, the Azure dependency chain pulled in numerous assemblies (including Azure.Core, Azure.Identity, Microsoft.Identity.Client, and Microsoft.Web.WebView2) even for applications that only needed basic SQL Server connectivity. This was the most upvoted open issue in the repository (#​1108).
  • Users who do not use Azure AD authentication no longer carry Azure-related assemblies in their build output, reducing deployment size and eliminating confusion about unexpected dependencies.
  • Users who do use Azure AD authentication can now manage Azure dependency versions independently from the core driver.

Impact:

  • Applications using Azure AD authentication (e.g., ActiveDirectoryPassword, ActiveDirectoryInteractive, ActiveDirectoryDefault, etc.) must now install the Microsoft.Data.SqlClient.Extensions.Azure NuGet package separately. No code changes are required beyond adding the package reference.

Added

Expose SSPI Context Provider as Public API

What Changed:

  • Added the SspiContextProvider abstract class and a public SspiContextProvider property on SqlConnection, allowing applications to supply a custom SSPI context provider for integrated authentication. This enables custom Kerberos ticket negotiation and NTLM username/password authentication scenarios that the driver does not natively support. (#​2253, #​2494)

Who Benefits:

  • Users authenticating across untrusted domains, non-domain-joined machines, or cross-platform environments where configuring integrated authentication on the client is difficult or impossible.
  • Users running in containers who need manual Kerberos negotiation without deploying sidecars or external ticket-refresh mechanisms.
  • Users who need NTLM username/password authentication to SQL Server, which the driver does not provide natively.

Impact:

  • Applications can set a custom SspiContextProvider on SqlConnection before opening the connection. The provider handles the authentication token exchange during integrated authentication. This is an additive API — existing authentication behavior is unchanged when no custom provider is set. See SspiContextProvider_CustomProvider.cs for a sample implementation.
  • Note: The SspiContextProvider is a part of the connection pool key. Care should be taken when using this property to ensure the implementation returns a stable identity per resource.

Expose Default Transient Error List

What Changed:

  • Exposed the default transient error codes list via the new SqlConfigurableRetryFactory.BaselineTransientErrors static property (returns a ReadOnlyCollection<int>), making it easier to extend the set of transient errors without copy-pasting from the repository source. (#​3903)

Who Benefits:

  • Developers implementing custom retry logic who want to extend the built-in transient error list rather than replacing it.

Impact:

... (truncated)

7.0.0-preview3

Preview Release 7.0.0-preview3.25342.7 - December 8, 2025

Added

Support for .NET 10

What Changed:

  • Updated pipelines and test suites to compile the driver using the .NET 10 SDK. Cleaned up unnecessary dependency references.
    (#​3686)

Who Benefits:

  • Developers targeting .NET 10.

Impact:

  • Addressed .NET 10 warnings regarding unused/unnecessary dependencies.

Enable SqlClientDiagnosticListener in SqlCommand on .NET Framework

What Changed:

  • Enabled SqlClientDiagnosticListener functionality on SqlCommand for .NET Framework.
    (#​3658)

Who Benefits:

  • Developers requiring diagnostic information on .NET Framework.

Impact:

  • Improved observability and diagnostics for SqlCommand on .NET Framework.

Enable User Agent Extension

What Changed:

  • Enabled User Agent Feature Extension.
    (#​3606)

Who Benefits:

  • Telemetry and diagnostics consumers.

Impact:

  • When the Switch.Microsoft.Data.SqlClient.EnableUserAgent app context switch is enabled, the driver sends more detailed user agent strings. This switch is disabled by default. This change will assist with troubleshooting and quantifying driver usage by version and operating system.

Fixed

... (truncated)

7.0.0-preview2

This update brings the following changes since the 7.0.0-preview1 release:

Bug Fixes

  • Fixed a debug assertion in connection pool (no impact to production code) (#​3587)
  • Prevent uninitialized performance counters escaping CreatePerformanceCounters (#​3623)
  • Fix SetProvider to return immediately if user-defined authentication provider found (#​3620)
  • Allow SqlBulkCopy to operate on hidden columns (#​3590)
  • Fix connection pool concurrency issue (#​3632)

Added

App Context Switch for Ignoring Server-Provided Failover Partner

What Changed:

  • A new app context switch Switch.Microsoft.Data.SqlClient.IgnoreServerProvidedFailoverPartner was introduced to let the client ignore server-provided failover partner info in Basic Availability Groups (BAGs). When the switch is enabled, only the failover partner specified in the connection string is used; server-supplied partner values are skipped. This context switch was introduced in PR #​3625.

Who Benefits:

  • Applications connecting to SQL Server BAGs using TCP and custom ports, especially where the server's provided partner name lacks the protocol, host, or port. This avoids connection failures when the server-provided partner is incompatible or incomplete.
  • Teams who manage availability groups and rely on client-side control of failover behavior in heterogeneous networking environments.

Impact:

  • If your environment might be affected (i.e., you operate a BAG with custom ports, or have experienced failures after failover), you can enable the new switch in your application:
AppContext.SetSwitch("Switch.Microsoft.Data.SqlClient.IgnoreServerProvidedFailoverPartner", true);
  • Then, ensure your connection string includes your preferred failover partner (with correct tcp:host,port) so that the client uses that instead of the server's suggestion.
  • Without enabling this, by default, the client continues to prefer the server-provided partner, maintaining backwards compatibility.

Other Additions

  • Add app context switch for enabling asynchronous multi-packet improvements (#​3605)

Changed

Deprecation of SqlAuthenticationMethod.ActiveDirectoryPassword

What Changed:

  • Username/Password authentication for Microsoft Entra (formerly Active Directory) has been deprecated. SqlAuthenticationMethod.ActiveDirectoryPassword is now marked as [Obsolete]. This change occurred in PR #​3671

Who benefits:

... (truncated)

7.0.0-preview1

Changes Since 6.1.0

This update brings the following changes since the 6.1.0 release:

Breaking Changes

  • Removed Constrained Execution Region error handling blocks and associated SqlConnection cleanup which may affect how potentially-broken connections are expunged from the pool. (#​3535)

Bug Fixes

  • Packet multiplexing disabled by default, and several bug fixes. (#​3534, #​3537)

Added

  • SqlColumnEncryptionCertificateStoreProvider now works on Windows, Linux, and macOS. (#​3014)

Changed

Changes Since 6.0.2

This update brings the following changes since the 6.0.2 release. Changes already noted above are omitted:

Additions

Added dedicated SQL Server vector datatype support

What Changed:

  • Optimized vector communications between MDS and SQL Server 2025, employing a custom binary format over the TDS protocol. (#​3433, #​3443)
  • Reduced processing load compared to existing JSON-based vector support.
  • Initial support for 32-bit single-precision floating point vectors.

Who Benefits:

  • Applications moving large vector data sets will see beneficial improvements to processing times and memory requirements.
  • Vector-specific APIs are ready to support future numeric representations with a consistent look-and-feel.

Impact:
... (truncated)

6.1.4

This update brings the following changes since the 6.1.3 release:

Fixed

  • Fixed NullReferenceException issue with SqlDataAdapter when processing batch scenarios where certain SQL RPC calls may not include system parameters.
    (#​3877)
  • Fixed connection pooling issue where extra connection deactivation was causing active connection counts to go negative.
    (#​3776)

Added

AppContext Switch for enabling MultiSubnetFailover

What Changed:

  • Added new AppContext switch Switch.Microsoft.Data.SqlClient.EnableMultiSubnetFailoverByDefault to set MultiSubnetFailover=true by default in connection string.
    (#​3851)

Who Benefits:

  • Applications that need MultiSubnetFailover enabled globally without modifying connection strings.

Impact:

  • Applications can now enable MultiSubnetFailover globally using one of the following methods:
// In application code
AppContext.SetSwitch("Switch.Microsoft.Data.SqlClient.EnableMultiSubnetFailoverByDefault", true);
// In runtimeconfig.json
{
  "configProperties": {
    "Switch.Microsoft.Data.SqlClient.EnableMultiSubnetFailoverByDefault": true
  }
}
<!-- In App.Config -->
<runtime>
  <AppContextSwitchOverrides value="Switch.Microsoft.Data.SqlClient.EnableMultiSubnetFailoverByDefault=true" />
</runtime>

Changed

  • Optimized SqlStatistics execution timing by using Environment.TickCount instead of more expensive timing mechanisms.
    ... (truncated)

Commits viewable in compare view.

Updated Serilog.AspNetCore from 9.0.0 to 10.0.0.

Release notes

Sourced from Serilog.AspNetCore's releases.

10.0.0

What's Changed

New Contributors

Full Changelog: serilog/serilog-aspnetcore@v9.0.0...v10.0.0

Commits viewable in compare view.

Updated Swashbuckle.AspNetCore from 9.0.5 to 10.1.7.

Release notes

Sourced from Swashbuckle.AspNetCore's releases.

10.1.7

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.6...v10.1.7

10.1.6

What's Changed

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.5...v10.1.6

10.1.5

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.4...v10.1.5

10.1.4

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.3...v10.1.4

10.1.3

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.2...v10.1.3

10.1.2

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.1...v10.1.2

10.1.1

What's Changed

New Contributors

Full Changelog:

domaindrivendev/Swashbuckle.AspNetCore@v10.1.0...v10.1.1

10.1.0

What's Changed

New Features

Bug Fixes

Miscellaneous

New Contributors

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.0.1...v10.1.0

10.0.1

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.0.0...v10.0.1

10.0.0

Swashbuckle.AspNetCore v10.0.0

[!IMPORTANT]
This release contains major breaking changes.

Read our v10 migration guide for further information.

With this release, Swashbuckle.AspNetCore adds support for generating OpenAPI 3.1 documents and for ASP.NET Core 10.

Swashbuckle.AspNetCore v10 depends on OpenAPI.NET v2.3 which introduces many breaking changes to the public API surface. More information can be found in their OpenAPI.NET v2 Upgrade Guide.

To reduce the number of breaking behavioural changes in Swashbuckle.AspNetCore v10, generation of OpenAPI 3.1 documents is opt-in.
To generate OpenAPI 3.1 documents, change the OpenAPI version as shown in the code snippet below:

app.UseSwagger(options =>
{
    options.OpenApiVersion = OpenApiSpecVersion.OpenApi3_1;
});

[!TIP]
It is strongly recommended that you upgrade to Swashbuckle.AspNetCore v9.0.6 before upgrading to v10.

[!IMPORTANT]
Use of Swashbuckle.AspNetCore with the ASP.NET Core WithOpenApi() method is no longer supported.

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v9.0.6...v10.0.0

9.0.6

What's Changed

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v9.0.5...v9.0.6

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the nuget-dependencies group with 5 updates
e7ca660 
Bumps BCrypt.Net-Next from 4.0.3 to 4.1.0
Bumps Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.20 to 8.0.25
Bumps Microsoft.Data.SqlClient from 6.1.3 to 7.0.0
Bumps Serilog.AspNetCore from 9.0.0 to 10.0.0
Bumps Swashbuckle.AspNetCore from 9.0.5 to 10.1.7

---
updated-dependencies:
- dependency-name: BCrypt.Net-Next
  dependency-version: 4.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget-dependencies
- dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer
  dependency-version: 8.0.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: nuget-dependencies
- dependency-name: Microsoft.Data.SqlClient
  dependency-version: 7.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: nuget-dependencies
- dependency-name: Serilog.AspNetCore
  dependency-version: 10.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: nuget-dependencies
- dependency-name: Swashbuckle.AspNetCore
  dependency-version: 10.1.7
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: nuget-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Apr 1, 2026
@dependabot dependabot bot mentioned this pull request Apr 1, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .net code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants