Skip to content

Bump the all-nuget group with 21 updates#65

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/Mcp.Benchmark.CLI/all-nuget-1fb7f57bf1
Closed

Bump the all-nuget group with 21 updates#65
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/Mcp.Benchmark.CLI/all-nuget-1fb7f57bf1

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 22, 2026

Copy link
Copy Markdown
Contributor

Updated JsonSchema.Net from 9.2.1 to 9.2.2.

Release notes

Sourced from JsonSchema.Net's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Mvc.Testing from 8.0.27 to 8.0.28.

Release notes

Sourced from Microsoft.AspNetCore.Mvc.Testing's releases.

8.0.28

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.27...v8.0.28

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Configuration's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration.Abstractions from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Configuration.Abstractions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration.CommandLine from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Configuration.CommandLine's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration.Json from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Configuration.Json's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.DependencyInjection from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.DependencyInjection's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.DependencyInjection.Abstractions from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.DependencyInjection.Abstractions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Hosting from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Hosting's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Http from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Http's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Logging from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Logging's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Logging.Abstractions from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Logging.Abstractions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Options.ConfigurationExtensions from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Options.ConfigurationExtensions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Identity.Client from 4.84.0 to 4.85.0.

Release notes

Sourced from Microsoft.Identity.Client's releases.

4.85.0

What's Changed

New Contributors

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@4.84.2...4.85.0

4.84.2

New Features

  • Added ManagedIdentityApplication.GetManagedIdentityCapabilitiesAsync(CancellationToken) returning a ManagedIdentityCapabilities object that reports the detected managed identity Source, the host's MaxSupportedBindingStrength (new MtlsBindingStrength enum: None, Software, KeyGuard), and a derived IsMtlsPopSupportedByHost. Replaces GetManagedIdentitySourceAsync()/ManagedIdentitySourceResult. The public ManagedIdentitySource.ImdsV2 value is folded into Imds (v1/v2 routing remains internal). #​6049
  • Added OID-based user identification to the User Federated Identity Credential (user_fic) flow via AcquireTokenByUserFederatedIdentityCredential(scopes, Guid userObjectId, assertion). #​6050
  • Added WithClaimsFromClient(claimsJson) to forward client-originated claims across managed identity and confidential client flows. #​5999
  • Added mTLS PoP support for WithCertificate(() => x509) (dynamic certificate credential). #​5957
  • Added opt-in token-acquisition metrics covering both successful and failed attempts. #​6004

Changes

  • Extended mTLS bearer transport (CertificateOptions.SendCertificateOverMtls) to the OBO, refresh-token, and authorization-code flows. #​6009
  • General Availability of the Microsoft.Identity.Client.KeyAttestation package. #​6038
  • Managed identity now probes IMDSv2 first and the preview latch was removed. #​6041
  • Updated NativeInterop baseline and corrected devapp version ranges. #​6045
  • Simplified GetTenantedAuthority in CiamAuthority and DstsAuthority. #​6001

Bug Fixes

  • Fixed WithExtraQueryParameters on ManagedIdentityApplicationBuilder bypassing token caching. #​6035
  • Guarded HTTP status codes on discovery endpoints in KnownInstanceMetadataIsUpToDateAsync. #​6048
  • Detect orphaned KeyGuard certificates via public-key modulus comparison. #​6020

4.84.1

What's Changed

New Features

  • Added WithReservedScopes and WithCachePartitionKey public API extensions in #​6014
  • Added IAuthenticationOperation3 interface for CDT + mTLS PoP composition in #​5996
  • Added MsalRemainingTokenLifetime histogram metric for token expiry tracking in #​5920

Changes

  • Removed [Obsolete] attribute from WithExtraBodyParameters extension method in #​6006
  • Replaced ConcurrentHashSet with ConcurrentDictionary<T, byte> in #​5975

Bug Fixes

  • Fixed WithTenantId not honoring MSA tenant GUID when specified at request level in #​5958
  • Fixed OBO cache returning multiple_matching_tokens_detected when attributed tokens share a partition in #​5993

Full Changelog: AzureAD/microsoft-authentication-library-for-dotnet@6ff7075...main (AzureAD/microsoft-authentication-library-for-dotnet@6ff7075...main)

Commits viewable in compare view.

Updated Microsoft.NET.Test.Sdk from 18.5.1 to 18.6.0.

Release notes

Sourced from Microsoft.NET.Test.Sdk's releases.

18.6.0

What's Changed

Changes to tests and infra

Commits viewable in compare view.

Updated ModelContextProtocol from 1.3.0 to 1.4.0.

Release notes

Sourced from ModelContextProtocol's releases.

1.4.0

v1.4.0 introduces support for the Identity Assertion Authorization Grant (ID-JAG) flow via the new IdentityAssertionGrantProvider, enabling enterprise SSO scenarios where users authenticate once via their enterprise Identity Provider and access MCP servers without per-server authorization prompts. The release also adds a new InheritEnvironmentVariables option on StdioClientTransportOptions for controlling the child server's environment, alongside two security hardening fixes: the stdio client transport no longer enumerates child-process environment variables in Trace logs, and DELETE on a Streamable HTTP session now requires the same authenticated user that initiated the session.

What's Changed

  • Stop logging stdio transport environment variables #​1538 by @​halter73 (co-authored by @​Copilot)
  • Add InheritEnvironmentVariables to StdioClientTransportOptions #​1563 by @​halter73 (co-authored by @​Copilot)
  • Validate user on Streamable HTTP session DELETE #​1604 by @​halter73 (co-authored by @​Copilot)
    • HandleDeleteRequestAsync now mirrors the HasSameUserId check already enforced on GET and POST. A DELETE with a valid Mcp-Session-Id but a different authenticated user now returns 403 Forbidden instead of terminating the session — defense-in-depth against a leaked session ID being used to DoS the original owner.
  • Add Enterprise Managed Authorization (SEP-990) support #​1305 by @​aniket-okta (backported in #​1625)
    • Adds IdentityAssertionGrantProvider and supporting option/response types in ModelContextProtocol.Authentication implementing the Identity Assertion Authorization Grant flow: RFC 8693 token exchange at the enterprise IdP (ID Token → JWT Authorization Grant) followed by RFC 7523 JWT bearer grant at the MCP authorization server (JAG → access token). See the new Cross-Application Access section in the transport docs for full usage details.

Documentation Updates

  • Fix broken links to MCP Tasks specification #​1594 by @​tarekgh

Repository Infrastructure Updates

  • Update release processes to support release servicing branches #​1620 by @​jeffhandley (co-authored by @​Copilot)

Acknowledgements

  • @​aniket-okta made their first contribution in #​1305
  • @​felixweinberger submitted issue #​949 (resolved by #​1305)
  • @​eiriktsarpalis @​ericstj @​PranavSenthilnathan reviewed pull requests

Full Changelog: modelcontextprotocol/csharp-sdk@v1.3.0...v1.4.0

Commits viewable in compare view.

Updated ModelContextProtocol.Core from 1.3.0 to 1.4.0.

Release notes

Sourced from ModelContextProtocol.Core's releases.

1.4.0

v1.4.0 introduces support for the Identity Assertion Authorization Grant (ID-JAG) flow via the new IdentityAssertionGrantProvider, enabling enterprise SSO scenarios where users authenticate once via their enterprise Identity Provider and access MCP servers without per-server authorization prompts. The release also adds a new InheritEnvironmentVariables option on StdioClientTransportOptions for controlling the child server's environment, alongside two security hardening fixes: the stdio client transport no longer enumerates child-process environment variables in Trace logs, and DELETE on a Streamable HTTP session now requires the same authenticated user that initiated the session.

What's Changed

  • Stop logging stdio transport environment variables #​1538 by @​halter73 (co-authored by @​Copilot)
  • Add InheritEnvironmentVariables to StdioClientTransportOptions #​1563 by @​halter73 (co-authored by @​Copilot)
  • Validate user on Streamable HTTP session DELETE #​1604 by @​halter73 (co-authored by @​Copilot)
    • HandleDeleteRequestAsync now mirrors the HasSameUserId check already enforced on GET and POST. A DELETE with a valid Mcp-Session-Id but a different authenticated user now returns 403 Forbidden instead of terminating the session — defense-in-depth against a leaked session ID being used to DoS the original owner.
  • Add Enterprise Managed Authorization (SEP-990) support #​1305 by @​aniket-okta (backported in #​1625)
    • Adds IdentityAssertionGrantProvider and supporting option/response types in ModelContextProtocol.Authentication implementing the Identity Assertion Authorization Grant flow: RFC 8693 token exchange at the enterprise IdP (ID Token → JWT Authorization Grant) followed by RFC 7523 JWT bearer grant at the MCP authorization server (JAG → access token). See the new Cross-Application Access section in the transport docs for full usage details.

Documentation Updates

  • Fix broken links to MCP Tasks specification #​1594 by @​tarekgh

Repository Infrastructure Updates

  • Update release processes to support release servicing branches #​1620 by @​jeffhandley (co-authored by @​Copilot)

Acknowledgements

  • @​aniket-okta made their first contribution in #​1305
  • @​felixweinberger submitted issue #​949 (resolved by #​1305)
  • @​eiriktsarpalis @​ericstj @​PranavSenthilnathan reviewed pull requests

Full Changelog: modelcontextprotocol/csharp-sdk@v1.3.0...v1.4.0

Commits viewable in compare view.

Updated System.CommandLine from 2.0.8 to 2.0.9.

Release notes

Sourced from System.CommandLine's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated System.Text.Json from 10.0.8 to 10.0.9.

Release notes

Sourced from System.Text.Json's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Testcontainers from 4.11.0 to 4.12.0.

Release notes

Sourced from Testcontainers's releases.

4.12.0

What's Changed

Thanks to all contributors 👏.

The NuGet packages for this release have been attested for supply chain security using actions/attest. This confirms the integrity and provenance of the artifacts and helps ensure they can be trusted: #​21198535.

⚠️ Breaking Changes

  • chore(deps): Bump Docker.DotNet from 3.131.1 to 4.0.2 (#​1665) @​HofmeisterAn

🚀 Features

  • feat: Add Floci module (#​1690) @​object
  • feat: Ignore port-forwarding extra host in reuse hash (#​1689) @​HofmeisterAn
  • feat: Allow devs to override the reuse hash calculation (#​1688) @​HofmeisterAn
  • feat: Add connect to network API (#​1672) @​HofmeisterAn
  • feat(LocalStack): Require auth token for 4.15 and onwards (#​1667) @​HofmeisterAn
  • chore(deps): Bump Docker.DotNet from 3.131.1 to 4.0.2 (#​1665) @​HofmeisterAn

🐛 Bug Fixes

  • fix: Trim tar record padding to avoid broken-pipe failure on Podman (#​1684) @​artiomchi
  • fix(Nats): Use healthz API for readiness probe (#​1679) @​eriblo01
  • fix: Remove KeepAlive socket option (#​1671) @​Angelinsky7

📖 Documentation

  • docs: Extend WithCommand(params string[]) documentation (#​1685) @​HofmeisterAn

🧹 Housekeeping

  • feat: Prepare next release cycle (4.12.0) (#​1664) @​HofmeisterAn

📦 Dependency Updates

  • chore(deps): Bump the actions group with 5 updates (#​1687) @dependabot[bot]
  • chore(deps): Bump Docker.DotNet from 4.1.0 to 4.2.0 (#​1686) @​HofmeisterAn
  • chore(deps): Bump the actions group with 5 updates (#​1676) @dependabot[bot]
  • chore(deps): Bump Docker.DotNet from 4.0.2 to 4.1.0 (#​1674) @​HofmeisterAn
  • chore(deps): Bump Docker.DotNet from 3.131.1 to 4.0.2 (#​1665) @​HofmeisterAn

Commits viewable in compare view.

Updated WireMock.Net from 2.6.0 to 2.11.0.

Release notes

Sourced from WireMock.Net's releases.

2.10.0

What's Changed

Full Changelog: wiremock/WireMock.Net@2.9.0...2.10.0

2.9.0

What's Changed

Full Changelog: wiremock/WireMock.Net@2.8.0...2.9.0

2.8.0

What's Changed

Full Changelog: wiremock/WireMock.Net@2.7.0...2.8.0

2.7.0

What's Changed

New Contributors

Full Changelog: wiremock/WireMock.Net@2.6.0...2.7.0

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps JsonSchema.Net from 9.2.1 to 9.2.2
Bumps Microsoft.AspNetCore.Mvc.Testing from 8.0.27 to 8.0.28
Bumps Microsoft.Extensions.Configuration from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.Configuration.Abstractions from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.Configuration.CommandLine from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.Configuration.Json from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.DependencyInjection from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.DependencyInjection.Abstractions from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.Hosting from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.Http from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.Logging from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.Logging.Abstractions from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.Options.ConfigurationExtensions from 10.0.8 to 10.0.9
Bumps Microsoft.Identity.Client from 4.84.0 to 4.85.0
Bumps Microsoft.NET.Test.Sdk from 18.5.1 to 18.6.0
Bumps ModelContextProtocol from 1.3.0 to 1.4.0
Bumps ModelContextProtocol.Core from 1.3.0 to 1.4.0
Bumps System.CommandLine from 2.0.8 to 2.0.9
Bumps System.Text.Json from 10.0.8 to 10.0.9
Bumps Testcontainers from 4.11.0 to 4.12.0
Bumps WireMock.Net from 2.6.0 to 2.11.0

---
updated-dependencies:
- dependency-name: JsonSchema.Net
  dependency-version: 9.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.AspNetCore.Mvc.Testing
  dependency-version: 8.0.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Configuration
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Configuration.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Configuration.CommandLine
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Configuration.Json
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.DependencyInjection
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.DependencyInjection.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Hosting
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Http
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Logging
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Logging
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Logging.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Options.ConfigurationExtensions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Identity.Client
  dependency-version: 4.85.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-nuget
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-version: 18.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-nuget
- dependency-name: ModelContextProtocol
  dependency-version: 1.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-nuget
- dependency-name: ModelContextProtocol.Core
  dependency-version: 1.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-nuget
- dependency-name: System.CommandLine
  dependency-version: 2.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: System.Text.Json
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Testcontainers
  dependency-version: 4.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-nuget
- dependency-name: WireMock.Net
  dependency-version: 2.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-nuget
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Jun 22, 2026
@dependabot dependabot Bot requested a review from navalerakesh as a code owner June 22, 2026 11:07
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code labels Jun 22, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #67.

@dependabot dependabot Bot closed this Jun 29, 2026
@dependabot dependabot Bot deleted the dependabot/nuget/Mcp.Benchmark.CLI/all-nuget-1fb7f57bf1 branch June 29, 2026 11:06
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants