chore(deps): Bump the minor-and-patch group with 23 updates#300
Open
dependabot[bot] wants to merge 2 commits into
Open
chore(deps): Bump the minor-and-patch group with 23 updates#300dependabot[bot] wants to merge 2 commits into
dependabot[bot] wants to merge 2 commits into
Conversation
Bumps Marten from 9.14.0 to 9.15.4 Bumps Marten.EntityFrameworkCore from 9.14.0 to 9.15.4 Bumps Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.9 to 10.0.10 Bumps Microsoft.AspNetCore.DataProtection.EntityFrameworkCore from 10.0.9 to 10.0.10 Bumps Microsoft.AspNetCore.Identity.EntityFrameworkCore from 10.0.9 to 10.0.10 Bumps Microsoft.EntityFrameworkCore.Design from 10.0.9 to 10.0.10 Bumps Microsoft.Extensions.AI.Evaluation from 10.7.0 to 10.8.0 Bumps Microsoft.Extensions.AI.Evaluation.Quality from 10.7.0 to 10.8.0 Bumps Microsoft.Extensions.AI.Evaluation.Reporting from 10.7.0 to 10.8.0 Bumps Microsoft.Extensions.Configuration.EnvironmentVariables from 10.0.9 to 10.0.10 Bumps Microsoft.Extensions.Configuration.Json from 10.0.9 to 10.0.10 Bumps Microsoft.Extensions.Configuration.UserSecrets from 10.0.9 to 10.0.10 Bumps Microsoft.Extensions.TimeProvider.Testing from 10.7.0 to 10.8.0 Bumps Npgsql.EntityFrameworkCore.PostgreSQL from 10.0.2 to 10.0.3 Bumps OpenTelemetry from 1.16.0 to 1.17.0 Bumps OpenTelemetry.Api from 1.16.0 to 1.17.0 Bumps OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.16.0 to 1.17.0 Bumps OpenTelemetry.Extensions.Hosting from 1.16.0 to 1.17.0 Bumps SonarAnalyzer.CSharp from 10.28.0.143324 to 10.29.0.143774 Bumps WolverineFx from 6.17.0 to 6.19.0 Bumps WolverineFx.EntityFrameworkCore from 6.17.0 to 6.19.0 Bumps WolverineFx.Marten from 6.17.0 to 6.19.0 Bumps WolverineFx.RuntimeCompilation from 6.17.0 to 6.19.0 --- updated-dependencies: - dependency-name: Marten dependency-version: 9.15.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: Marten.EntityFrameworkCore dependency-version: 9.15.4 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer dependency-version: 10.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: Microsoft.AspNetCore.DataProtection.EntityFrameworkCore dependency-version: 10.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: Microsoft.AspNetCore.Identity.EntityFrameworkCore dependency-version: 10.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: Microsoft.EntityFrameworkCore.Design dependency-version: 10.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: Microsoft.Extensions.AI.Evaluation dependency-version: 10.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: Microsoft.Extensions.AI.Evaluation.Quality dependency-version: 10.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: Microsoft.Extensions.AI.Evaluation.Reporting dependency-version: 10.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: Microsoft.Extensions.Configuration.EnvironmentVariables dependency-version: 10.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: Microsoft.Extensions.Configuration.Json dependency-version: 10.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: Microsoft.Extensions.Configuration.UserSecrets dependency-version: 10.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: Microsoft.Extensions.TimeProvider.Testing dependency-version: 10.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: Npgsql.EntityFrameworkCore.PostgreSQL dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: OpenTelemetry dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: OpenTelemetry.Api dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: OpenTelemetry.Exporter.OpenTelemetryProtocol dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: OpenTelemetry.Extensions.Hosting dependency-version: 1.17.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: SonarAnalyzer.CSharp dependency-version: 10.29.0.143774 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: WolverineFx dependency-version: 6.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: WolverineFx.EntityFrameworkCore dependency-version: 6.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: WolverineFx.Marten dependency-version: 6.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: WolverineFx.RuntimeCompilation dependency-version: 6.19.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>
Dependency ReviewThe following issues were found:
License Issuesbackend/tests/RunCoach.Api.Tests/RunCoach.Api.Tests.csproj
backend/src/RunCoach.Api/RunCoach.Api.csproj
OpenSSF ScorecardScorecard details
Scanned Files
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updated Marten from 9.14.0 to 9.15.4.
Release notes
Sourced from Marten's releases.
9.15.4
What's Changed
New Contributors
Full Changelog: JasperFx/marten@v9.15.3...v9.15.4
9.15.3
This addresses a potential vulnerability from SQL injection via non-string constant in a LINQ Select projection
Not a common usage, but still.
What's Changed
Full Changelog: JasperFx/marten@9.15.2...v9.15.3
9.15.2
Marten 9.15.2
A patch release. Both fixes come out of the same 512-tenant-database production deployment, reported by @erdtsieck, and both turned out to be worse than the reports described.
Bulk event insert ran a full schema apply on every batch
#4946 — fixed in #4949
The batch
BulkInsertEventsAsyncoverloads opened withStorage.ApplyAllConfiguredChangesToDatabaseAsync()on every call.That is not a cheap check. It calls
Tenancy.BuildDatabases()and runs a full schema delta — partition introspection plusinformation_schemasweeps — across every database in the store. So a sharded store paid one apply per database, per batch. On the reporting deployment, each ~1,000-event batch was triggering 512 schema applies.The measured effect: import throughput collapsed to ~17 events/s, against >3,000/s for the streaming overload. A 686k-event tenant projected to roughly 11 hours. The connection pool filled with ~370 backends whose last statement was Weasel's partition-introspection query, which fed directly into the server-wide connection pressure that deployment was already fighting.
That the streaming overload
BulkInsertEventStreamAsynchas no such call and is fine is the tell: the schema apply was never part of the contract. It was a leftover.The apply is now:
AutoCreateisNone— it is a no-op there by contract, so all that remained was the introspection cost; andIMartenDatabase.Identifier.One subtlety worth recording, because it is the kind of thing that bites later: the memoized apply deliberately does not take a caller's
CancellationToken. The first caller to arrive owns the single in-flight task that every concurrent caller for that database awaits — so binding that shared task to one caller's token would let a single cancelled batch fail sibling batches that were never cancelled. Each caller applies its own token at the await site instead. A schema apply is short and idempotent, so letting it run to completion is the cheaper trade.Under
AutoCreate.None, the event storage must already exist before import. That is the documented contract and it matches the streaming overload — but if you were previously relying on the per-call apply to create it for you under a non-Nonestore, note the change.The document bulk-insert path (
BulkInsertAsync/BulkInsertDocumentsAsync) is unaffected. It routes through the ordinary per-featureEnsureStorageExistsAsyncthat Weasel already memoizes, not a full-store delta.Tenant provisioning silently under-provisioned partitions
#4944 — fixed in #4950
AddPartitionToAllTables, and the tenant-provisioning paths built on it, walked the calling store'sStoreOptionsto decide which tables needed a list partition for a new tenant.So any tool or host that provisions tenants from a store which doesn't register every document type silently under-provisioned. Document types unknown to the caller never got their partitions — and the tenant then failed with a Postgres
23514check-constraint violation on first write to the missing partition. Nothing failed at provisioning time; the damage surfaced later, somewhere else.The workaround was "the provisioning tool must register all document types," which re-creates schema knowledge in a second place and drifts as document types are added.
The sweep is now database-driven: it enumerates tenant list-partitioned tables from the Postgres catalog, so a partially-registered store still provisions every partitioned table it finds.
Scoping is enforced inside the catalog query rather than filtered in memory afterward:
AllSchemaNames()only. Foreign partitioned tables in a shared database are never touched.tenant_id. This is the filter that matters most, and it is what keeps the sweep off Marten's own non-tenant list partitioning:UseArchivedStreamPartitioningkeysmt_eventsonis_archived, andByList()keys on its own field. Without it, a "helpful" sweep would start adding tenant partitions to tables partitioned on something else entirely.ByExternallyManagedListPartitions()are subtracted.Opt out with
SweepPartitionedTablesFromDatabase(default on). No Weasel change was required.Known limitation, and it is a real one: a document type registered into a schema the calling store has never heard of stays invisible to the schema filter — a store cannot own a schema it does not know exists. Single-schema stores (the default, and the reporting deployment's shape) are fully covered. Closing this properly would need a persisted table list alongside
mt_tenant_partitions.... (truncated)
9.15.1
Patch release for a silent data-correctness regression. If you use
ForTenant()on an identity-mapped or dirty-tracked session, upgrade.Fixed
#4947 —
ForTenant()on an identity session stopped returning tenancy-neutral documents (reported by @dervagabund, with a repro — thank you). AForTenant()view of an identity- or dirty-tracked session no longer saw global (tenancy-neutral) documents tracked by the parent session. Since a global document has exactly one row per id for the whole database,LoadAsyncthrough theForTenantview missed the identity map, went to the database, and returnednullfor a document that is there. A silent wrong answer, not an error.Affected: 9.13.0, 9.14.x, 9.15.0. Introduced by the fix for #4801, which tenant-scoped the identity map and version tracker for
ForTenantsessions. That was correct for conjoined documents — where the same id means a different document per tenant — but it was applied per session rather than per document type, so it also isolated document types that are tenancy-neutral and must be shared.Sharing is now decided per document type. A nested
ForTenantsession shares the parent's identity-map and version-tracker entry for a type only when the storage is identity-mapped, the type is notConjoined, and the nested session's database is the same instance as the parent's (under database-per-tenant, the same id in another tenant's database is a different document even for a tenancy-neutral type). The isolation introduced by #4801 is preserved exactly — theBug_4801suite still passes, and the new tests include guard rails asserting conjoined documents stay isolated.Full changelog: JasperFx/marten@9.15.0...9.15.1
9.15.0
Closed issues
findOrAssignTenantDatabaseAsyncreturned early on an existing assignment row, skippingcreatePartitionsForTenant+ per-tenant event-sequence provisioning — so a tenant whose provisioning was interrupted (assignment committed, partitions missing) failed every write with23514forever. Both early-return paths (including a second race-window hole under the advisory lock) now run the same idempotent repair the explicitAddTenantToShardAsync(tenantId, databaseId)overload always ran, guarded to once per process per tenant via the resolution cache.Also in this release
JasperFx.Events.SourceGeneratoranalyzer (JasperFx/jasperfx#505) — CS1061 compile break for no-parameterless-ctor aggregates with instanceApplyreturning the aggregate.pg_inherits) for the #4943 provisioning-tool scenario.Verified against Wolverine (full solution + CoreTests/MartenTests/distribution/Http suites, zero failures) and CritterWatch before publishing. Thanks to @erdtsieck for the dump-verified root-cause analysis.
9.14.1
Marten 9.14.1 is a patch release focused on a substantial round of LINQ query-translation improvements, plus event-store partitioning, high-water, and AoT fixes, and refreshed Weasel/JasperFx dependencies.
LINQ query translation
This release significantly expands what the LINQ provider can push down to PostgreSQL instead of falling back to slower strategies or throwing:
Any(predicate)filters now translate to JSONPath and OR-of-containment strategies, and the old explode/ctidfallback has been replaced by a correlatedEXISTSstrategy.All()shapes and duplicated array fields moved onto the sameEXISTSstrategy. The net effect is correct, index-friendlier SQL for nested-collection predicates.Where()clauses is now supported (e.g.x.Children[0].Name == "...").Sum/Min/Max/Average— can now be used insideWhere()clauses.Regex.IsMatch()is translated inWhere()clauses.IComparable.CompareTo()now works for non-string comparables such asGuid(#4920), alongside broaderCompareTo()coverage,stringIsOneOfvia the?|operator, andCollectionIsEmptyviaICollectionAware.GinIndexJsonDataMember()was added for member-scoped expression GIN indexes.#4916 — subclass queries now use duplicated fields and the base id
Querying a document subclass and filtering on a
Duplicate()'d field or the base-class id previously emitted a JSONB filter (CAST(d.data ->> 'FarmId' as uuid)) instead of the real column, missing the duplicated column and the primary-key index:A subclass shares its parent's table, so the parent's column-backed members (duplicated fields, the id, the soft-delete flag) are now inherited by the subclass's query member resolution. Querying the parent type was already correct and is unchanged.
Event store, partitioning & daemon
UseTenantPartitionedEvents. Registering a tenant whose partition suffix contains a-(so every GUID tenant id) madeApplyAllConfiguredChangesToDatabaseAsync()throw42601because the per-tenantCREATE SEQUENCE/DROP SEQUENCEDDL emitted the identifier unquoted. The schema-apply statements are now quoted (matching the quick-append function and the imperative provisioning path), so hyphenated tenants migrate cleanly. Quote — not sanitize — so the append function can still resolve the sequence by its raw suffix.ObjectDisposedExceptionpath latches-and-rethrows so a HotCold cold node's leadership loop terminates instead of re-polling a disposed data source during shutdown.UseTenantPartitionedEventsthe store-global high-water agent was continuously runningselect max(seq_id) from mt_events, an unfiltered scan that fans out across every tenant partition on every poll. That store-global mark is not used to advance tenant projections (they advance per-tenant), so the recurring scan is now skipped under partitioning; tenant high water is driven by the per-tenant coordinator and poll timer.GetProjectionStatusesAsyncnow resolves the correct named database.AoT / trimming
AddEventType/QueryRawEventDataOnlygeneric-constraint tightening was reversed, and event-mapping construction now routes through the cachedGenericFactoryCachewhile preserving the trimming root (#4930).Dependencies
ShardState.DatabaseIdentifier(jasperfx#501).Closed issues
#4913, #4915, #4916, #4917, #4924, and jasperfx#502.
Commits viewable in compare view.
Updated Marten.EntityFrameworkCore from 9.14.0 to 9.15.4.
Release notes
Sourced from Marten.EntityFrameworkCore's releases.
9.15.4
What's Changed
New Contributors
Full Changelog: JasperFx/marten@v9.15.3...v9.15.4
9.15.3
This addresses a potential vulnerability from SQL injection via non-string constant in a LINQ Select projection
Not a common usage, but still.
What's Changed
Full Changelog: JasperFx/marten@9.15.2...v9.15.3
9.15.2
Marten 9.15.2
A patch release. Both fixes come out of the same 512-tenant-database production deployment, reported by @erdtsieck, and both turned out to be worse than the reports described.
Bulk event insert ran a full schema apply on every batch
#4946 — fixed in #4949
The batch
BulkInsertEventsAsyncoverloads opened withStorage.ApplyAllConfiguredChangesToDatabaseAsync()on every call.That is not a cheap check. It calls
Tenancy.BuildDatabases()and runs a full schema delta — partition introspection plusinformation_schemasweeps — across every database in the store. So a sharded store paid one apply per database, per batch. On the reporting deployment, each ~1,000-event batch was triggering 512 schema applies.The measured effect: import throughput collapsed to ~17 events/s, against >3,000/s for the streaming overload. A 686k-event tenant projected to roughly 11 hours. The connection pool filled with ~370 backends whose last statement was Weasel's partition-introspection query, which fed directly into the server-wide connection pressure that deployment was already fighting.
That the streaming overload
BulkInsertEventStreamAsynchas no such call and is fine is the tell: the schema apply was never part of the contract. It was a leftover.The apply is now:
AutoCreateisNone— it is a no-op there by contract, so all that remained was the introspection cost; andIMartenDatabase.Identifier.One subtlety worth recording, because it is the kind of thing that bites later: the memoized apply deliberately does not take a caller's
CancellationToken. The first caller to arrive owns the single in-flight task that every concurrent caller for that database awaits — so binding that shared task to one caller's token would let a single cancelled batch fail sibling batches that were never cancelled. Each caller applies its own token at the await site instead. A schema apply is short and idempotent, so letting it run to completion is the cheaper trade.Under
AutoCreate.None, the event storage must already exist before import. That is the documented contract and it matches the streaming overload — but if you were previously relying on the per-call apply to create it for you under a non-Nonestore, note the change.The document bulk-insert path (
BulkInsertAsync/BulkInsertDocumentsAsync) is unaffected. It routes through the ordinary per-featureEnsureStorageExistsAsyncthat Weasel already memoizes, not a full-store delta.Tenant provisioning silently under-provisioned partitions
#4944 — fixed in #4950
AddPartitionToAllTables, and the tenant-provisioning paths built on it, walked the calling store'sStoreOptionsto decide which tables needed a list partition for a new tenant.So any tool or host that provisions tenants from a store which doesn't register every document type silently under-provisioned. Document types unknown to the caller never got their partitions — and the tenant then failed with a Postgres
23514check-constraint violation on first write to the missing partition. Nothing failed at provisioning time; the damage surfaced later, somewhere else.The workaround was "the provisioning tool must register all document types," which re-creates schema knowledge in a second place and drifts as document types are added.
The sweep is now database-driven: it enumerates tenant list-partitioned tables from the Postgres catalog, so a partially-registered store still provisions every partitioned table it finds.
Scoping is enforced inside the catalog query rather than filtered in memory afterward:
AllSchemaNames()only. Foreign partitioned tables in a shared database are never touched.tenant_id. This is the filter that matters most, and it is what keeps the sweep off Marten's own non-tenant list partitioning:UseArchivedStreamPartitioningkeysmt_eventsonis_archived, andByList()keys on its own field. Without it, a "helpful" sweep would start adding tenant partitions to tables partitioned on something else entirely.ByExternallyManagedListPartitions()are subtracted.Opt out with
SweepPartitionedTablesFromDatabase(default on). No Weasel change was required.Known limitation, and it is a real one: a document type registered into a schema the calling store has never heard of stays invisible to the schema filter — a store cannot own a schema it does not know exists. Single-schema stores (the default, and the reporting deployment's shape) are fully covered. Closing this properly would need a persisted table list alongside
mt_tenant_partitions.... (truncated)
9.15.1
Patch release for a silent data-correctness regression. If you use
ForTenant()on an identity-mapped or dirty-tracked session, upgrade.Fixed
#4947 —
ForTenant()on an identity session stopped returning tenancy-neutral documents (reported by @dervagabund, with a repro — thank you). AForTenant()view of an identity- or dirty-tracked session no longer saw global (tenancy-neutral) documents tracked by the parent session. Since a global document has exactly one row per id for the whole database,LoadAsyncthrough theForTenantview missed the identity map, went to the database, and returnednullfor a document that is there. A silent wrong answer, not an error.Affected: 9.13.0, 9.14.x, 9.15.0. Introduced by the fix for #4801, which tenant-scoped the identity map and version tracker for
ForTenantsessions. That was correct for conjoined documents — where the same id means a different document per tenant — but it was applied per session rather than per document type, so it also isolated document types that are tenancy-neutral and must be shared.Sharing is now decided per document type. A nested
ForTenantsession shares the parent's identity-map and version-tracker entry for a type only when the storage is identity-mapped, the type is notConjoined, and the nested session's database is the same instance as the parent's (under database-per-tenant, the same id in another tenant's database is a different document even for a tenancy-neutral type). The isolation introduced by #4801 is preserved exactly — theBug_4801suite still passes, and the new tests include guard rails asserting conjoined documents stay isolated.Full changelog: JasperFx/marten@9.15.0...9.15.1
9.15.0
Closed issues
findOrAssignTenantDatabaseAsyncreturned early on an existing assignment row, skippingcreatePartitionsForTenant+ per-tenant event-sequence provisioning — so a tenant whose provisioning was interrupted (assignment committed, partitions missing) failed every write with23514forever. Both early-return paths (including a second race-window hole under the advisory lock) now run the same idempotent repair the explicitAddTenantToShardAsync(tenantId, databaseId)overload always ran, guarded to once per process per tenant via the resolution cache.Also in this release
JasperFx.Events.SourceGeneratoranalyzer (JasperFx/jasperfx#505) — CS1061 compile break for no-parameterless-ctor aggregates with instanceApplyreturning the aggregate.pg_inherits) for the #4943 provisioning-tool scenario.Verified against Wolverine (full solution + CoreTests/MartenTests/distribution/Http suites, zero failures) and CritterWatch before publishing. Thanks to @erdtsieck for the dump-verified root-cause analysis.
9.14.1
Marten 9.14.1 is a patch release focused on a substantial round of LINQ query-translation improvements, plus event-store partitioning, high-water, and AoT fixes, and refreshed Weasel/JasperFx dependencies.
LINQ query translation
This release significantly expands what the LINQ provider can push down to PostgreSQL instead of falling back to slower strategies or throwing:
Any(predicate)filters now translate to JSONPath and OR-of-containment strategies, and the old explode/ctidfallback has been replaced by a correlatedEXISTSstrategy.All()shapes and duplicated array fields moved onto the sameEXISTSstrategy. The net effect is correct, index-friendlier SQL for nested-collection predicates.Where()clauses is now supported (e.g.x.Children[0].Name == "...").Sum/Min/Max/Average— can now be used insideWhere()clauses.Regex.IsMatch()is translated inWhere()clauses.IComparable.CompareTo()now works for non-string comparables such asGuid(#4920), alongside broaderCompareTo()coverage,stringIsOneOfvia the?|operator, andCollectionIsEmptyviaICollectionAware.GinIndexJsonDataMember()was added for member-scoped expression GIN indexes.#4916 — subclass queries now use duplicated fields and the base id
Querying a document subclass and filtering on a
Duplicate()'d field or the base-class id previously emitted a JSONB filter (CAST(d.data ->> 'FarmId' as uuid)) instead of the real column, missing the duplicated column and the primary-key index:A subclass shares its parent's table, so the parent's column-backed members (duplicated fields, the id, the soft-delete flag) are now inherited by the subclass's query member resolution. Querying the parent type was already correct and is unchanged.
Event store, partitioning & daemon
UseTenantPartitionedEvents. Registering a tenant whose partition suffix contains a-(so every GUID tenant id) madeApplyAllConfiguredChangesToDatabaseAsync()throw42601because the per-tenantCREATE SEQUENCE/DROP SEQUENCEDDL emitted the identifier unquoted. The schema-apply statements are now quoted (matching the quick-append function and the imperative provisioning path), so hyphenated tenants migrate cleanly. Quote — not sanitize — so the append function can still resolve the sequence by its raw suffix.ObjectDisposedExceptionpath latches-and-rethrows so a HotCold cold node's leadership loop terminates instead of re-polling a disposed data source during shutdown.UseTenantPartitionedEventsthe store-global high-water agent was continuously runningselect max(seq_id) from mt_events, an unfiltered scan that fans out across every tenant partition on every poll. That store-global mark is not used to advance tenant projections (they advance per-tenant), so the recurring scan is now skipped under partitioning; tenant high water is driven by the per-tenant coordinator and poll timer.GetProjectionStatusesAsyncnow resolves the correct named database.AoT / trimming
AddEventType/QueryRawEventDataOnlygeneric-constraint tightening was reversed, and event-mapping construction now routes through the cachedGenericFactoryCachewhile preserving the trimming root (#4930).Dependencies
ShardState.DatabaseIdentifier(jasperfx#501).Closed issues
#4913, #4915, #4916, #4917, #4924, and jasperfx#502.
Commits viewable in compare view.
Updated Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.9 to 10.0.10.
Release notes
Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Microsoft.AspNetCore.DataProtection.EntityFrameworkCore from 10.0.9 to 10.0.10.
Release notes
Sourced from Microsoft.AspNetCore.DataProtection.EntityFrameworkCore's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Microsoft.AspNetCore.Identity.EntityFrameworkCore from 10.0.9 to 10.0.10.
Release notes
Sourced from Microsoft.AspNetCore.Identity.EntityFrameworkCore's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Microsoft.EntityFrameworkCore.Design from 10.0.9 to 10.0.10.
Release notes
Sourced from Microsoft.EntityFrameworkCore.Design's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Microsoft.Extensions.AI.Evaluation from 10.7.0 to 10.8.0.
Release notes
Sourced from Microsoft.Extensions.AI.Evaluation's releases.
10.8.0
This release adds new experimental APIs to Microsoft.Extensions.AI.Abstractions and updates the OpenAI dependency to 2.12.0, alongside documentation, test, and repository maintenance.
Experimental API Changes
New Experimental APIs
AIFunctionNameAttributeandAIParameterNameAttribute#7610 by @jozkee (co-authored by @jeffhandley @Copilot)ToolApprovalRequestContent.RequiresConfirmation(MEAI001) #7549 by @javiercn (co-authored by @Copilot)What's Changed
AI
Vector Data
Documentation Updates
Test Improvements
Repository Infrastructure Updates
... (truncated)
Commits viewable in compare view.
Updated Microsoft.Extensions.AI.Evaluation.Quality from 10.7.0 to 10.8.0.
Release notes
Sourced from Microsoft.Extensions.AI.Evaluation.Quality's releases.
10.8.0
This release adds new experimental APIs to Microsoft.Extensions.AI.Abstractions and updates the OpenAI dependency to 2.12.0, alongside documentation, test, and repository maintenance.
Experimental API Changes
New Experimental APIs
AIFunctionNameAttributeandAIParameterNameAttribute#7610 by @jozkee (co-authored by @jeffhandley @Copilot)ToolApprovalRequestContent.RequiresConfirmation(MEAI001) #7549 by @javiercn (co-authored by @Copilot)What's Changed
AI
Vector Data
Documentation Updates
Test Improvements
Repository Infrastructure Updates
... (truncated)
Commits viewable in compare view.
Updated Microsoft.Extensions.AI.Evaluation.Reporting from 10.7.0 to 10.8.0.
Release notes
Sourced from Microsoft.Extensions.AI.Evaluation.Reporting's releases.
10.8.0
This release adds new experimental APIs to Microsoft.Extensions.AI.Abstractions and updates the OpenAI dependency to 2.12.0, alongside documentation, test, and repository maintenance.
Experimental API Changes
New Experimental APIs
AIFunctionNameAttributeandAIParameterNameAttribute#7610 by @jozkee (co-authored by @jeffhandley @Copilot)ToolApprovalRequestContent.RequiresConfirmation(MEAI001) #7549 by @javiercn (co-authored by @Copilot)What's Changed
AI
Vector Data
Documentation Updates
Test Improvements
Repository Infrastructure Updates
... (truncated)
Commits viewable in compare view.
Updated Microsoft.Extensions.Configuration.EnvironmentVariables from 10.0.9 to 10.0.10.
Release notes
Sourced from Microsoft.Extensions.Configuration.EnvironmentVariables's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Microsoft.Extensions.Configuration.Json from 10.0.9 to 10.0.10.
Release notes
Sourced from Microsoft.Extensions.Configuration.Json's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Microsoft.Extensions.Configuration.UserSecrets from 10.0.9 to 10.0.10.
Release notes
Sourced from Microsoft.Extensions.Configuration.UserSecrets's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Microsoft.Extensions.TimeProvider.Testing from 10.7.0 to 10.8.0.
Release notes
Sourced from Microsoft.Extensions.TimeProvider.Testing's releases.
10.8.0
This release adds new experimental APIs to Microsoft.Extensions.AI.Abstractions and updates the OpenAI dependency to 2.12.0, alongside documentation, test, and repository maintenance.
Experimental API Changes
New Experimental APIs
AIFunctionNameAttributeandAIParameterNameAttribute#7610 by @jozkee (co-authored by @jeffhandley @Copilot)ToolApprovalRequestContent.RequiresConfirmation(MEAI001) #7549 by @javiercn (co-authored by @Copilot)What's Changed
AI
Vector Data
Documentation Updates
Test Improvements
Repository Infrastructure Updates
... (truncated)
Commits viewable in compare view.
Updated Npgsql.EntityFrameworkCore.PostgreSQL from 10.0.2 to 10.0.3.
Release notes
Sourced from Npgsql.EntityFrameworkCore.PostgreSQL's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated OpenTelemetry from 1.16.0 to 1.17.0.
Release notes
Sourced from OpenTelemetry's releases.
1.17.0
For highlights and announcements pertaining to this release see: Release Notes > 1.17.0.
The following changes are from the previous release 1.17.0-rc.1.
NuGet: OpenTelemetry v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Api v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.Console v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.InMemory v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.OpenTelemetryProtocol v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.Zipkin v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Extensions.Hosting v1.17.0
No notable changes.
... (truncated)
1.17.0-rc.1
The following changes are from the previous release 1.16.0.
NuGet: OpenTelemetry v1.17.0-rc.1
Fixed a metric point reclaim data race on CPU ARM architectures.
(#7401)
The library is now marked as trim and AOT compatible.
(#7441)
Replaced the vendored copy of
EnvironmentVariablesConfigurationProviderwith a directMicrosoft.Extensions.Configuration.EnvironmentVariablespackage dependency.Consumers gain automatic pickup of upstream bug fixes and security patches;
no public API or behavioural change.
(#7146)
Added a verbose
OpenTelemetry-Sdkself-diagnostics event that is emittedwhen an activity is dropped because its local (in-process) parent is not
recorded.
(#7427)
Added support for a Schema URL on
Resourceinstances.(#7472)
Fixed a metric storage leak that occurred when meters and instruments were
repeatedly created and disposed.
(#7466)
Added
ExcludedTagKeysproperty toMetricStreamConfigurationto supportexcluding specific tag keys from metric streams.
(#7373)
See CHANGELOG for details.
NuGet: OpenTelemetry.Api v1.17.0-rc.1
Fixed
TraceContextPropagatorto normalize emptytracestateheader valuesto
nullwhen extracting trace context.(#7407,
#7433)
The library is now marked as trim and AOT compatible.
(#7441)
Experimental (pre-release builds only): Updated
EnvironmentVariableCarrier.Getto read only the normalized environment variable name, following the updated
environment variable carrier specification.
Non-normalized carrier keys are no longer matched, even when they would
normalize to the requested key.
... (truncated)
1.17.0-beta.1
The following changes are from the previous release 1.16.0-beta.1.
NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.17.0-beta.1
Added a verbose-level diagnostic event for ignored metrics.
(#7429)
The library is now marked as trim and AOT compatible.
(#7441)
Fix double unit suffixes in metric names when using OpenMetrics.
(#7454)
Fix incorrect handling of leading digits in metric names for OpenMetrics.
(#7454)
Add
PrometheusAspNetCoreOptions.ScopeInfoEnabledproperty to enable ordisable scope labels in Prometheus metrics. Defaults to
true.(#7436)
Added support for the
dotsandvaluesPrometheus UTF-8 name escapingschemes when negotiated via the
Acceptheader.(#7439)
Add
PrometheusAspNetCoreOptions.TargetInfoEnabledproperty to enable ordisable the
target_infometric in Prometheus metrics. Defaults totrue.(#7438)
Added support for the
allow-utf-8Prometheus UTF-8 name escaping schemewhen negotiated via the
Acceptheader.(#7440)
Add
PrometheusAspNetCoreOptions.ResourceConstantLabelsproperty to selectresource attributes to add to each metric as constant labels. Defaults to
null(no resource attributes are added as metric labels).(#7471)
Add
PrometheusAspNetCoreOptions.MaxScrapeResponseSizeBytesto configurethe maximum size of a scrape response. The default is now ~166 MiB.
(#7487)
A scrape whose serialized output exceeds the maximum scrape response size
limit now responds with HTTP 500.
(#7487)
Fixed the Prometheus text exposition format emitting redundant comments.
(#7491)
Made
Acceptheader content negotiation consistent with thePrometheusHttpListenerendpoint.... (truncated)
Commits viewable in compare view.
Updated OpenTelemetry.Api from 1.16.0 to 1.17.0.
Release notes
Sourced from OpenTelemetry.Api's releases.
1.17.0
For highlights and announcements pertaining to this release see: Release Notes > 1.17.0.
The following changes are from the previous release 1.17.0-rc.1.
NuGet: OpenTelemetry v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Api v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.Console v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.InMemory v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.OpenTelemetryProtocol v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.Zipkin v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Extensions.Hosting v1.17.0
No notable changes.
... (truncated)
1.17.0-rc.1
The following changes are from the previous release 1.16.0.
NuGet: OpenTelemetry v1.17.0-rc.1
Fixed a metric point reclaim data race on CPU ARM architectures.
(#7401)
The library is now marked as trim and AOT compatible.
(#7441)
Replaced the vendored copy of
EnvironmentVariablesConfigurationProviderwith a directMicrosoft.Extensions.Configuration.EnvironmentVariablespackage dependency.Consumers gain automatic pickup of upstream bug fixes and security patches;
no public API or behavioural change.
(#7146)
Added a verbose
OpenTelemetry-Sdkself-diagnostics event that is emittedwhen an activity is dropped because its local (in-process) parent is not
recorded.
(#7427)
Added support for a Schema URL on
Resourceinstances.(#7472)
Fixed a metric storage leak that occurred when meters and instruments were
repeatedly created and disposed.
(#7466)
Added
ExcludedTagKeysproperty toMetricStreamConfigurationto supportexcluding specific tag keys from metric streams.
(#7373)
See CHANGELOG for details.
NuGet: OpenTelemetry.Api v1.17.0-rc.1
Fixed
TraceContextPropagatorto normalize emptytracestateheader valuesto
nullwhen extracting trace context.(#7407,
#7433)
The library is now marked as trim and AOT compatible.
(#7441)
Experimental (pre-release builds only): Updated
EnvironmentVariableCarrier.Getto read only the normalized environment variable name, following the updated
environment variable carrier specification.
Non-normalized carrier keys are no longer matched, even when they would
normalize to the requested key.
... (truncated)
1.17.0-beta.1
The following changes are from the previous release 1.16.0-beta.1.
NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.17.0-beta.1
Added a verbose-level diagnostic event for ignored metrics.
(#7429)
The library is now marked as trim and AOT compatible.
(#7441)
Fix double unit suffixes in metric names when using OpenMetrics.
(#7454)
Fix incorrect handling of leading digits in metric names for OpenMetrics.
(#7454)
Add
PrometheusAspNetCoreOptions.ScopeInfoEnabledproperty to enable ordisable scope labels in Prometheus metrics. Defaults to
true.(#7436)
Added support for the
dotsandvaluesPrometheus UTF-8 name escapingschemes when negotiated via the
Acceptheader.(#7439)
Add
PrometheusAspNetCoreOptions.TargetInfoEnabledproperty to enable ordisable the
target_infometric in Prometheus metrics. Defaults totrue.(#7438)
Added support for the
allow-utf-8Prometheus UTF-8 name escaping schemewhen negotiated via the
Acceptheader.(#7440)
Add
PrometheusAspNetCoreOptions.ResourceConstantLabelsproperty to selectresource attributes to add to each metric as constant labels. Defaults to
null(no resource attributes are added as metric labels).(#7471)
Add
PrometheusAspNetCoreOptions.MaxScrapeResponseSizeBytesto configurethe maximum size of a scrape response. The default is now ~166 MiB.
(#7487)
A scrape whose serialized output exceeds the maximum scrape response size
limit now responds with HTTP 500.
(#7487)
Fixed the Prometheus text exposition format emitting redundant comments.
(#7491)
Made
Acceptheader content negotiation consistent with thePrometheusHttpListenerendpoint.... (truncated)
Commits viewable in compare view.
Updated OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.16.0 to 1.17.0.
Release notes
Sourced from OpenTelemetry.Exporter.OpenTelemetryProtocol's releases.
1.17.0
For highlights and announcements pertaining to this release see: Release Notes > 1.17.0.
The following changes are from the previous release 1.17.0-rc.1.
NuGet: OpenTelemetry v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Api v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.Console v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.InMemory v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.OpenTelemetryProtocol v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.Zipkin v1.17.0
No notable changes.
See CHANGELOG for details.
NuGet: [OpenTelemetry.Extensions.Hosting v1.17.0](https://www....
Description has been truncated