Skip to content

Bump the production-minor-patch group with 19 updates#87

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/src/comissions.app.api/production-minor-patch-a24ac17a65
Open

Bump the production-minor-patch group with 19 updates#87
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/src/comissions.app.api/production-minor-patch-a24ac17a65

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown

Updated Auth0.AspNetCore.Authentication from 1.4.1 to 1.8.0.

Release notes

Sourced from Auth0.AspNetCore.Authentication's releases.

1.8.0

Added

  • Multi-Resource Refresh Token (MRRT) support #​249, #​251 (kailash-b) - applications can now obtain access tokens for additional audiences and scopes on demand by exchanging the session's refresh token, without forcing the user through another interactive login.
    • New HttpContext.GetAccessTokenAsync(AccessTokenRequest) extension returns an access token for a requested audience and/or scope, served from the session cache when possible and otherwise via a refresh-token exchange.
    • Configure default scopes per audience with Auth0WebAppWithAccessTokenOptions.ScopeByAudience.
    • The new OnAccessTokenRefreshFailed event surfaces refresh failures, letting callers distinguish terminal failures (warranting re-login) from transient ones.
    • MFA challenge handling - when a refresh requires MFA, a new MfaRequiredException surfaces the challenge, and IAuthenticationApiClient (registered via WithAuthenticationApiClient()) lets the application complete OTP, OOB, or recovery-code grants and manage authenticators.
  • Configurable access-token expiration leeway #​247 (kailash-b) - new Auth0WebAppWithAccessTokenOptions.AccessTokenExpirationLeeway (TimeSpan, default 60s) controls how far ahead of expiry the SDK proactively refreshes the access token. Previously hard-coded to 60 seconds; the default preserves prior behavior. Applies to both primary and additional (MRRT) cached tokens, and only takes effect when UseRefreshTokens is enabled.
  • Configurable server-side session store #​246 (kailash-b) - new WithSessionStore method on Auth0WebAppAuthenticationBuilder stores the authentication session server-side (via ITicketStore) instead of in the cookie. It attaches the store to the SDK's own resolved cookie scheme, so it works even with a custom CookieAuthenticationScheme. Two overloads are provided: WithSessionStore<TStore>() (resolved from DI) and WithSessionStore(ITicketStore instance). Opt-in and additive; the default stateless cookie session is unchanged.

Fixed

  • Remove duplicate trailing slash from client_assertion audience #​236 (samjetski) - fixes a regression introduced in 1.7.0 (#​206) where the Private Key JWT client assertion aud claim was built as https://{tenant}// (double slash), causing Auth0's /oauth/token endpoint to reject the assertion with 401 invalid_client and leaving affected apps (any using ClientAssertionSecurityKey) in a callback loop.
  • Wire OnValidatePrincipal to the configured cookie scheme #​248 (kailash-b) - fixes a scheme mismatch where the access-token refresh hook was registered against the default "Cookies" scheme rather than the configured CookieAuthenticationScheme.

Security

  • Bump dependencies #​250 (kailash-b) - consolidates several Dependabot bumps (supersedes #​240, #​242, #​243, #​244): Microsoft.IdentityModel.Protocols.OpenIdConnect 8.18.0 → 8.19.1, Microsoft.AspNetCore.Mvc.Testing 10.0.8 → 10.0.9, Microsoft.AspNetCore.Mvc.ViewFeatures 2.3.10 → 2.3.11, System.Text.Encodings.Web 10.0.8 → 10.0.9.
  • Pin GitHub Actions to commit SHAs #​241 (jcchavezs) - pins all third-party actions in the workflow files to commit SHAs for improved supply-chain security and reproducibility.

1.7.1

Security

1.7.0

Added

Security

1.6.1

Security

1.6.0

Added

Fixed

  • Remove refresh_token from cookie instead of setting to NULL #​193 (kailash-b)

1.5.1

Description

Full Changelog

Fixed

Fix issue with using custom scheme with BackchannelLogout auth0/auth0-aspnetcore-authentication#185 (kailash-b)
Security

chore(deps): Bump Microsoft.IdentityModel.Protocols.OpenIdConnect from 8.13.1 to 8.14.0 auth0/auth0-aspnetcore-authentication#172 (dependabot[bot])
chore(deps): Bump Microsoft.IdentityModel.Protocols.OpenIdConnect from 8.12.1 to 8.13.1 auth0/auth0-aspnetcore-authentication#168 (dependabot[bot])

Checklist

  • I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used, if not main

1.5.0

Description

  • Update release.yml to use .NET 8

References

N/A

Testing

N/A

Checklist

  • I have added documentation for new/changed functionality in this PR or in auth0.com/docs
  • All active GitHub checks for tests, formatting, and security are passing
  • The correct base branch is being used, if not main

Commits viewable in compare view.

Updated coverlet.collector from 6.0.0 to 6.0.4.

Release notes

Sourced from coverlet.collector's releases.

6.0.4

Fixed

  • Fix empty coverage report when using include and exclude filters #​1726

Diff between 6.0.3 and 6.0.4

6.0.3

Fixed

Improvements

  • Cache the regex used in InstrumentationHelper #​1693
  • Enable dotnetTool integration tests for linux #​660

Diff between 6.0.2 and 6.0.3

6.0.2

Fixed

  • Threshold-stat triggers error #​1634
  • Fixed coverlet collector 6.0.1 requires dotnet sdk 8 #​1625
  • Type initializer errors after updating from 6.0.0 to 6.0.1 #​1629
  • Exception when multiple exclude-by-attribute filters specified #​1624

Improvements

  • More concise options to specify multiple parameters in coverlet.console #​1624

Diff between 6.0.1 and 6.0.2

6.0.1

Fixed

  • Uncovered lines in .NET 8 for inheriting records #​1555
  • Fix record constructors not covered when SkipAutoProps is true #​1561
  • Fix .NET 7 Method Group branch coverage issue #​1447
  • Fix ExcludeFromCodeCoverage does not exclude method in a partial class #​1548
  • Fix ExcludeFromCodeCoverage does not exclude F# task #​1547
  • Fix issues where ExcludeFromCodeCoverage ignored #​1431
  • Fix issues with ExcludeFromCodeCoverage attribute #​1484
  • Fix broken links in documentation #​1514
  • Fix problem with coverage for .net5 WPF application #​1221 by https://github.com/lg2de
  • Fix unable to instrument module for Microsoft.AspNetCore.Mvc.Razor #​1459 by https://github.com/lg2de

Improvements

Diff between 6.0.0 and 6.0.1

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.1 to 8.0.28.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

8.0.28

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.27...v8.0.28

8.0.27

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.26...v8.0.27

8.0.26

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.25...v8.0.26

8.0.25

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.24...v8.0.25

8.0.24

Release

8.0.23

Release

What's Changed

https://devblogs.microsoft.com/dotnet/dotnet-and-dotnet-framework-january-2026-servicing-updates/#release-changelogs

8.0.22

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.21...v8.0.22

8.0.21

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.20...v8.0.21

8.0.20

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.19...v8.0.20

8.0.18

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.17...v8.0.18

8.0.17

Bug Fixes

  • Forwarded Headers Middleware: Ignore X-Forwarded-Headers from Unknown Proxy (#​61623)
    The Forwarded Headers Middleware now ignores X-Forwarded-Headers sent from unknown proxies. This change improves security by ensuring that only trusted proxies can influence the forwarded headers, preventing potential spoofing or misrouting of requests.

Dependency Updates

  • Update dependencies from dotnet/arcade (#​61832)
    This update brings in the latest changes from the dotnet/arcade repository, ensuring that ASP.NET Core benefits from recent improvements, bug fixes, and security patches in the shared build infrastructure.

  • Bump src/submodules/googletest from 52204f7 to 04ee1b4 (#​61761)
    The GoogleTest submodule has been updated to a newer commit, providing the latest testing features, bug fixes, and performance improvements for the project's C++ test components.

Miscellaneous

  • Update branding to 8.0.17 (#​61830)
    The project version branding has been updated to reflect the new 8.0.17 release, ensuring consistency across build outputs and documentation.

  • Merging internal commits for release/8.0 (#​61924)
    This change merges various internal commits into the release/8.0 branch, incorporating minor fixes, documentation updates, and other non-user-facing improvements to keep the release branch up to date.


This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests.

Full Changelog: dotnet/aspnetcore@v8.0.16...v8.0.17

8.0.16

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.15...v8.0.16

8.0.15

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.14...v8.0.15

8.0.14

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.13...v8.0.14

8.0.13

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.12...v8.0.13

8.0.12

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.11...v8.0.12

8.0.11

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.10...v8.0.11

8.0.10

Release

8.0.8

Release

8.0.7

Release

8.0.6

Release

8.0.5

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.4...v8.0.5

8.0.4

Release

8.0.3

Release

8.0.2

Release

Commits viewable in compare view.

Updated Microsoft.AspNetCore.OpenApi from 8.0.1 to 8.0.28.

Release notes

Sourced from Microsoft.AspNetCore.OpenApi's releases.

8.0.28

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.27...v8.0.28

8.0.27

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.26...v8.0.27

8.0.26

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.25...v8.0.26

8.0.25

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.24...v8.0.25

8.0.24

Release

8.0.23

Release

What's Changed

https://devblogs.microsoft.com/dotnet/dotnet-and-dotnet-framework-january-2026-servicing-updates/#release-changelogs

8.0.22

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.21...v8.0.22

8.0.21

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.20...v8.0.21

8.0.20

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.19...v8.0.20

8.0.18

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.17...v8.0.18

8.0.17

Bug Fixes

  • Forwarded Headers Middleware: Ignore X-Forwarded-Headers from Unknown Proxy (#​61623)
    The Forwarded Headers Middleware now ignores X-Forwarded-Headers sent from unknown proxies. This change improves security by ensuring that only trusted proxies can influence the forwarded headers, preventing potential spoofing or misrouting of requests.

Dependency Updates

  • Update dependencies from dotnet/arcade (#​61832)
    This update brings in the latest changes from the dotnet/arcade repository, ensuring that ASP.NET Core benefits from recent improvements, bug fixes, and security patches in the shared build infrastructure.

  • Bump src/submodules/googletest from 52204f7 to 04ee1b4 (#​61761)
    The GoogleTest submodule has been updated to a newer commit, providing the latest testing features, bug fixes, and performance improvements for the project's C++ test components.

Miscellaneous

  • Update branding to 8.0.17 (#​61830)
    The project version branding has been updated to reflect the new 8.0.17 release, ensuring consistency across build outputs and documentation.

  • Merging internal commits for release/8.0 (#​61924)
    This change merges various internal commits into the release/8.0 branch, incorporating minor fixes, documentation updates, and other non-user-facing improvements to keep the release branch up to date.


This summary is generated and may contain inaccuracies. For complete details, please review the linked pull requests.

Full Changelog: dotnet/aspnetcore@v8.0.16...v8.0.17

8.0.16

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.15...v8.0.16

8.0.15

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.14...v8.0.15

8.0.14

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.13...v8.0.14

8.0.13

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.12...v8.0.13

8.0.12

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v8.0.11...v8.0.12

8.0.11

Release

What's Changed

Description has been truncated

Bumps Auth0.AspNetCore.Authentication from 1.4.1 to 1.8.0
Bumps coverlet.collector from 6.0.0 to 6.0.4
Bumps Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.1 to 8.0.28
Bumps Microsoft.AspNetCore.OpenApi from 8.0.1 to 8.0.28
Bumps Microsoft.EntityFrameworkCore from 8.0.1 to 8.0.28
Bumps Microsoft.EntityFrameworkCore.Design from 8.0.1 to 8.0.28
Bumps Microsoft.EntityFrameworkCore.Relational from 8.0.1 to 8.0.28
Bumps Microsoft.NET.Test.Sdk from 17.8.0 to 17.14.1
Bumps Newtonsoft.Json from 13.0.3 to 13.0.4
Bumps Novu from 0.3.3 to 0.6.1
Bumps Novu.Extensions from 0.3.3 to 0.6.1
Bumps Novu.Sync from 0.3.3 to 0.6.1
Bumps Npgsql from 8.0.3 to 8.0.9
Bumps Npgsql.EntityFrameworkCore.PostgreSQL from 8.0.0 to 8.0.11
Bumps NUnit.Analyzers from 3.9.0 to 3.10.0
Bumps NUnit3TestAdapter from 4.5.0 to 4.6.0
Bumps Refit from 7.2.22 to 8.0.0
Bumps Stripe.net from 43.12.0 to 43.23.0
Bumps Swashbuckle.AspNetCore from 6.4.0 to 6.9.0

---
updated-dependencies:
- dependency-name: Auth0.AspNetCore.Authentication
  dependency-version: 1.8.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: coverlet.collector
  dependency-version: 6.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer
  dependency-version: 8.0.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: Microsoft.AspNetCore.OpenApi
  dependency-version: 8.0.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: Microsoft.EntityFrameworkCore
  dependency-version: 8.0.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: Microsoft.EntityFrameworkCore.Design
  dependency-version: 8.0.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: Microsoft.EntityFrameworkCore.Relational
  dependency-version: 8.0.28
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-version: 17.14.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: Newtonsoft.Json
  dependency-version: 13.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: Novu
  dependency-version: 0.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: Refit
  dependency-version: 8.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: production-minor-patch
- dependency-name: Novu.Extensions
  dependency-version: 0.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: Novu.Sync
  dependency-version: 0.6.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: Npgsql
  dependency-version: 8.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: Npgsql.EntityFrameworkCore.PostgreSQL
  dependency-version: 8.0.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-minor-patch
- dependency-name: NUnit.Analyzers
  dependency-version: 3.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: NUnit3TestAdapter
  dependency-version: 4.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: Stripe.net
  dependency-version: 43.23.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
- dependency-name: Swashbuckle.AspNetCore
  dependency-version: 6.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Dependency updates

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants