Skip to content

[PM-28727] Upgrade to .NET 10#7171

Open
dereknance wants to merge 60 commits intomainfrom
pm-28727-dotnet-10
Open

[PM-28727] Upgrade to .NET 10#7171
dereknance wants to merge 60 commits intomainfrom
pm-28727-dotnet-10

Conversation

@dereknance
Copy link
Copy Markdown
Contributor

@dereknance dereknance commented Mar 7, 2026
edited
Loading

🎟️ Tracking

PM-28727

📔 Objective

This PR upgrades from .NET 8 to 10.

I left most dependencies at their current versions so they can go through the usual Renovate process.

Notable Changes

  • [PM-33499] Permissive base64 decoder #7207 With .NET 9, Base64.IsValid enforces canonical padding.
  • Update to IHostBuilder style #6843 WebHostBuilder is obsolete
  • X509Certificate2 constructors are obsolete
    • ❗ The now-obsolete constructors allowed X.509, PKCS7, or PKCS12/PFX certs to be passed in. I now attempt to detect PKCS12 or X.509 and call the appropriate loader. I would appreciate a close eye on those changes.
  • NuGetAuditLevel defaults to low with .NET 10, resulting in any dependency with a known vulnerability to block when running dotnet restore. I elected to set it to critical to only block builds for vulns at that severity, and let the existing Renovate process take care of the rest. ❗ I can be convinced to disable this entirely.
  • System.Text.Json 8.0.5 pin removed because package pruning emits NU1510
  • Microsoft.Extensions.Caching.Memory 8.0.1 pin removed as Microsoft.Data.SqlClient requires >=9 and was resulting in a package downgrade
  • Microsoft.AspNetCore.HttpOverrides.IPNetwork and KnownNetworks have been marked as obsolete
  • .NET 10's configuration binder now preserves null values instead of coercing them to empty strings, causing NullReferenceException in .Trim() calls. Added null-conditional operators in property setters in GlobalSettings.cs
  • Upgraded SignalR packages, notably MessagePack from 2.x to 3.x. The wire format appears compatible for our use case
  • New lints required, mostly whitespace

justindbaur and others added 21 commits January 13, 2026 20:34
@justindbaur
Add some integration tests for the Server project
fd67255
@justindbaur
Not sure why this project got removed?
c7942d2
@justindbaur
Merge branch 'main' into add-server-integration-tests
6f2c3d6
@justindbaur
Format
6c844ea
@justindbaur
capture debug output
1c9ff89
@justindbaur
Update tests to work with the now legacy WebHostBuilder
2ecdc13 
- I accidentally had the updated Program locally and that was why tests were working for me locally
@justindbaur
Formatting...again
a5f1b3f
@justindbaur
Update to IHostBuilder style
753c702
@justindbaur
Formatting
00cc684
@justindbaur
Merge branch 'main' into update-server-program
3967984
@justindbaur
Merge branch 'main' into update-server-program
877363e
@dereknance
make integration test work on existing databases
cddcfd2
@dereknance
mimekit .net10 support and security patch
39af40e
@dereknance
updated csproj files
932b81a
@dereknance
x509 api upgrade
f53c099
@dereknance
Merge branch 'update-server-program' into dotnet-10
2a100c7
@dereknance
missed an x509 upgrade
43d2afa
@dereknance
nullable fixups
943e15d
@dereknance
fix bugged test
820d5a0
@dereknance
dockerfiles
12dfdcb
@dereknance
pre-net9 b64 decoding support
1471118
@github-actions
Copy link
Copy Markdown
Contributor

github-actions Bot commented Mar 7, 2026
edited
Loading

Logo
Checkmarx One – Scan Summary & Detailsba1d7b85-72f0-4377-b6ed-f4e7d8f7a46c

New Issues (2) Checkmarx found the following issues in this Pull Request
# Severity Issue Source File / Package Checkmarx Insight
1 MEDIUM CSRF src/Api/Vault/Controllers/CiphersController.cs: 1558
detailsMethod at line 1558 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...
Attack Vector
2 MEDIUM CSRF src/Api/Vault/Controllers/CiphersController.cs: 1385
detailsMethod at line 1385 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ...
Attack Vector

mimartin12
mimartin12 previously approved these changes Apr 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@mimartin12 mimartin12 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Dockerfiles LGTM

BTreston
BTreston previously approved these changes Apr 27, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@BTreston BTreston left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good for AC owned files

prograhamming
prograhamming previously approved these changes Apr 28, 2026
View reviewed changes
dani-garcia
dani-garcia previously approved these changes Apr 28, 2026
View reviewed changes
enmande
enmande previously approved these changes Apr 28, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@enmande enmande left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Auth changes LGTM 😻

Comment thread bitwarden_license/src/Sso/Sso.csproj
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 28, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@djsmith85 djsmith85 removed the request for review from cyprain-okeke April 29, 2026 12:50
@coroiu coroiu removed their request for review April 29, 2026 13:36
djsmith85
djsmith85 approved these changes Apr 29, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@djsmith85 djsmith85 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approving for platform

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@claude claude[bot] claude[bot] left review comments

@dani-garcia dani-garcia dani-garcia approved these changes

@djsmith85 djsmith85 djsmith85 approved these changes

@enmande enmande enmande approved these changes

@amorask-bitwarden amorask-bitwarden amorask-bitwarden approved these changes

@BTreston BTreston BTreston approved these changes

@prograhamming prograhamming Awaiting requested review from prograhamming

@mimartin12 mimartin12 Awaiting requested review from mimartin12

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

ai-review Request a Claude code review

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

9 participants

@dereknance @dani-garcia @djsmith85 @enmande @prograhamming @mimartin12 @amorask-bitwarden @BTreston @justindbaur