Skip to content

Bump the infrastructure-packages group with 5 updates#126

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/infrastructure-packages-2084bca67d
Closed

Bump the infrastructure-packages group with 5 updates#126
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/infrastructure-packages-2084bca67d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 16, 2026

Copy link
Copy Markdown
Contributor

Updated Keycloak.AuthServices.Authentication from 2.8.0 to 3.0.0.

Release notes

Sourced from Keycloak.AuthServices.Authentication's releases.

3.0.0

  • feat(aspire): external DB support, issuer pinning, version bumps by @​NikiforovAll (#​253)
  • [KeyBot] fix: propagate RequestAborted in UmaAuthorizationMiddlewareResultHandler by @​github-actions (#​250)
  • [KeyBot] fix: propagate CancellationToken in UmaTokenHandler.CloneRequestAsync by @​github-actions (#​252)
  • [KeyBot] fix: propagate HttpContext.RequestAborted in authorization handlers by @​github-actions (#​249)

👨🏼‍💻 Contributors

@​NikiforovAll, @​github-actions and @​github-actions[bot]

3.0.0-rc.1

  • feat: UMA Support by @​NikiforovAll (#​248)
  • feat!: 3.0.0 release preparation by @​NikiforovAll (#​247)

👨🏼‍💻 Contributors

@​NikiforovAll

2.10.0-rc.1

  • [KeyBot] perf: avoid HashSet allocation in role requirement handlers by @​github-actions (#​221)
  • [KeyBot] docs: improve XML documentation in PoliciesBuilderExtensions and KeycloakAuthorizationServerOptions by @​github-actions (#​237)
  • feat(authorization): add Audience override for per-resource UMA ticket exchange by @​NikiforovAll (#​246)
  • [KeyBot] eng: add startup validators for Keycloak SDK client options by @​github-actions (#​239)
  • feat: add client_secret_jwt sample by @​NikiforovAll (#​245)
  • [KeyBot] test: add WebAppAuthenticationRegistrationTests for OIDC/Cookie options by @​github-actions (#​240)
  • fix: add support cookie-based Web App token retrieval (#​104) by @​github-actions (#​223)
  • chore(docs): update dependencies to fix security vulnerabilities by @​NikiforovAll (#​231)
  • [KeyBot] fix: correct nameof() in requirement handler log messages and add missing XML docs by @​github-actions (#​228)
  • fix(keybot): use correct template variables in status messages by @​NikiforovAll (#​222)
  • fix(keybot): use explicit --repo flag in pre-step gh commands by @​NikiforovAll (#​219)
  • Add agentic workflow repo-assist by @​NikiforovAll (#​217)

🚀 New Features

  • [KeyBot] feat: add AdditionalAudiences to KeycloakAuthenticationOptions by @​github-actions (#​235)

🐛 Bug Fixes

  • [KeyBot] fix: handle non-JSON error bodies in EnsureResponseAsync by @​github-actions (#​244)
  • [KeyBot] fix: robustify RptRequirementHandler JSON parsing by @​github-actions (#​225)
  • [KeyBot] fix: correct nameof() references in DecisionRequirementHandler by @​github-actions (#​241)

🧰 Maintenance

  • [KeyBot] perf: single-pass org claims scan and avoid ToArray in VerificationPlan by @​github-actions (#​238)
  • [KeyBot] fix: robustify RptRequirementHandler JSON parsing by @​github-actions (#​225)
  • [KeyBot] fix: correct nameof() references in DecisionRequirementHandler by @​github-actions (#​241)
  • [KeyBot] refactor: improve VerificationPlan enumerator and clear logic by @​github-actions (#​226)

👨🏼‍💻 Contributors

@​NikiforovAll, @​github-actions and @​github-actions[bot]

2.9.0

  • docs: update keycloak-auth-services skill with missing features by @​NikiforovAll (#​215)
  • chore: update template packages for 2.9.0 release by @​NikiforovAll (#​214)
  • feat: add IKeycloakAccessTokenProvider for dynamic token overriding by @​NikiforovAll (#​213)
  • feat: add token introspection for lightweight access tokens by @​NikiforovAll (#​210)
  • feat: support OAuth 2.0 Server Metadata discovery (RFC 8414) by @​NikiforovAll (#​212)
  • feat: add IProtectedResourcePolicyBuilder for extensible policy construction by @​NikiforovAll (#​209)
  • feat: allow configurable claim type for organization membership parsing by @​NikiforovAll (#​208)
  • feat: add organization-based authorization support by @​NikiforovAll (#​207)
  • feat: add pluggable parameter resolution for protected resource authorization by @​NikiforovAll (#​205)
  • chore: update dependencies by @​NikiforovAll (#​203)
  • docs: revive docs-reference submodule with updated API reference by @​NikiforovAll (#​202)

👨🏼‍💻 Contributors

@​NikiforovAll

2.8.1

  • chore: update Kiota client to Keycloak 26.5.6 by @​NikiforovAll (#​194)

👨🏼‍💻 Contributors

@​NikiforovAll

Commits viewable in compare view.

Updated Keycloak.AuthServices.Authorization from 2.8.0 to 3.0.0.

Release notes

Sourced from Keycloak.AuthServices.Authorization's releases.

3.0.0

  • feat(aspire): external DB support, issuer pinning, version bumps by @​NikiforovAll (#​253)
  • [KeyBot] fix: propagate RequestAborted in UmaAuthorizationMiddlewareResultHandler by @​github-actions (#​250)
  • [KeyBot] fix: propagate CancellationToken in UmaTokenHandler.CloneRequestAsync by @​github-actions (#​252)
  • [KeyBot] fix: propagate HttpContext.RequestAborted in authorization handlers by @​github-actions (#​249)

👨🏼‍💻 Contributors

@​NikiforovAll, @​github-actions and @​github-actions[bot]

3.0.0-rc.1

  • feat: UMA Support by @​NikiforovAll (#​248)
  • feat!: 3.0.0 release preparation by @​NikiforovAll (#​247)

👨🏼‍💻 Contributors

@​NikiforovAll

2.10.0-rc.1

  • [KeyBot] perf: avoid HashSet allocation in role requirement handlers by @​github-actions (#​221)
  • [KeyBot] docs: improve XML documentation in PoliciesBuilderExtensions and KeycloakAuthorizationServerOptions by @​github-actions (#​237)
  • feat(authorization): add Audience override for per-resource UMA ticket exchange by @​NikiforovAll (#​246)
  • [KeyBot] eng: add startup validators for Keycloak SDK client options by @​github-actions (#​239)
  • feat: add client_secret_jwt sample by @​NikiforovAll (#​245)
  • [KeyBot] test: add WebAppAuthenticationRegistrationTests for OIDC/Cookie options by @​github-actions (#​240)
  • fix: add support cookie-based Web App token retrieval (#​104) by @​github-actions (#​223)
  • chore(docs): update dependencies to fix security vulnerabilities by @​NikiforovAll (#​231)
  • [KeyBot] fix: correct nameof() in requirement handler log messages and add missing XML docs by @​github-actions (#​228)
  • fix(keybot): use correct template variables in status messages by @​NikiforovAll (#​222)
  • fix(keybot): use explicit --repo flag in pre-step gh commands by @​NikiforovAll (#​219)
  • Add agentic workflow repo-assist by @​NikiforovAll (#​217)

🚀 New Features

  • [KeyBot] feat: add AdditionalAudiences to KeycloakAuthenticationOptions by @​github-actions (#​235)

🐛 Bug Fixes

  • [KeyBot] fix: handle non-JSON error bodies in EnsureResponseAsync by @​github-actions (#​244)
  • [KeyBot] fix: robustify RptRequirementHandler JSON parsing by @​github-actions (#​225)
  • [KeyBot] fix: correct nameof() references in DecisionRequirementHandler by @​github-actions (#​241)

🧰 Maintenance

  • [KeyBot] perf: single-pass org claims scan and avoid ToArray in VerificationPlan by @​github-actions (#​238)
  • [KeyBot] fix: robustify RptRequirementHandler JSON parsing by @​github-actions (#​225)
  • [KeyBot] fix: correct nameof() references in DecisionRequirementHandler by @​github-actions (#​241)
  • [KeyBot] refactor: improve VerificationPlan enumerator and clear logic by @​github-actions (#​226)

👨🏼‍💻 Contributors

@​NikiforovAll, @​github-actions and @​github-actions[bot]

2.9.0

  • docs: update keycloak-auth-services skill with missing features by @​NikiforovAll (#​215)
  • chore: update template packages for 2.9.0 release by @​NikiforovAll (#​214)
  • feat: add IKeycloakAccessTokenProvider for dynamic token overriding by @​NikiforovAll (#​213)
  • feat: add token introspection for lightweight access tokens by @​NikiforovAll (#​210)
  • feat: support OAuth 2.0 Server Metadata discovery (RFC 8414) by @​NikiforovAll (#​212)
  • feat: add IProtectedResourcePolicyBuilder for extensible policy construction by @​NikiforovAll (#​209)
  • feat: allow configurable claim type for organization membership parsing by @​NikiforovAll (#​208)
  • feat: add organization-based authorization support by @​NikiforovAll (#​207)
  • feat: add pluggable parameter resolution for protected resource authorization by @​NikiforovAll (#​205)
  • chore: update dependencies by @​NikiforovAll (#​203)
  • docs: revive docs-reference submodule with updated API reference by @​NikiforovAll (#​202)

👨🏼‍💻 Contributors

@​NikiforovAll

2.8.1

  • chore: update Kiota client to Keycloak 26.5.6 by @​NikiforovAll (#​194)

👨🏼‍💻 Contributors

@​NikiforovAll

Commits viewable in compare view.

Updated Keycloak.AuthServices.Sdk from 2.8.0 to 3.0.0.

Release notes

Sourced from Keycloak.AuthServices.Sdk's releases.

3.0.0

  • feat(aspire): external DB support, issuer pinning, version bumps by @​NikiforovAll (#​253)
  • [KeyBot] fix: propagate RequestAborted in UmaAuthorizationMiddlewareResultHandler by @​github-actions (#​250)
  • [KeyBot] fix: propagate CancellationToken in UmaTokenHandler.CloneRequestAsync by @​github-actions (#​252)
  • [KeyBot] fix: propagate HttpContext.RequestAborted in authorization handlers by @​github-actions (#​249)

👨🏼‍💻 Contributors

@​NikiforovAll, @​github-actions and @​github-actions[bot]

3.0.0-rc.1

  • feat: UMA Support by @​NikiforovAll (#​248)
  • feat!: 3.0.0 release preparation by @​NikiforovAll (#​247)

👨🏼‍💻 Contributors

@​NikiforovAll

2.10.0-rc.1

  • [KeyBot] perf: avoid HashSet allocation in role requirement handlers by @​github-actions (#​221)
  • [KeyBot] docs: improve XML documentation in PoliciesBuilderExtensions and KeycloakAuthorizationServerOptions by @​github-actions (#​237)
  • feat(authorization): add Audience override for per-resource UMA ticket exchange by @​NikiforovAll (#​246)
  • [KeyBot] eng: add startup validators for Keycloak SDK client options by @​github-actions (#​239)
  • feat: add client_secret_jwt sample by @​NikiforovAll (#​245)
  • [KeyBot] test: add WebAppAuthenticationRegistrationTests for OIDC/Cookie options by @​github-actions (#​240)
  • fix: add support cookie-based Web App token retrieval (#​104) by @​github-actions (#​223)
  • chore(docs): update dependencies to fix security vulnerabilities by @​NikiforovAll (#​231)
  • [KeyBot] fix: correct nameof() in requirement handler log messages and add missing XML docs by @​github-actions (#​228)
  • fix(keybot): use correct template variables in status messages by @​NikiforovAll (#​222)
  • fix(keybot): use explicit --repo flag in pre-step gh commands by @​NikiforovAll (#​219)
  • Add agentic workflow repo-assist by @​NikiforovAll (#​217)

🚀 New Features

  • [KeyBot] feat: add AdditionalAudiences to KeycloakAuthenticationOptions by @​github-actions (#​235)

🐛 Bug Fixes

  • [KeyBot] fix: handle non-JSON error bodies in EnsureResponseAsync by @​github-actions (#​244)
  • [KeyBot] fix: robustify RptRequirementHandler JSON parsing by @​github-actions (#​225)
  • [KeyBot] fix: correct nameof() references in DecisionRequirementHandler by @​github-actions (#​241)

🧰 Maintenance

  • [KeyBot] perf: single-pass org claims scan and avoid ToArray in VerificationPlan by @​github-actions (#​238)
  • [KeyBot] fix: robustify RptRequirementHandler JSON parsing by @​github-actions (#​225)
  • [KeyBot] fix: correct nameof() references in DecisionRequirementHandler by @​github-actions (#​241)
  • [KeyBot] refactor: improve VerificationPlan enumerator and clear logic by @​github-actions (#​226)

👨🏼‍💻 Contributors

@​NikiforovAll, @​github-actions and @​github-actions[bot]

2.9.0

  • docs: update keycloak-auth-services skill with missing features by @​NikiforovAll (#​215)
  • chore: update template packages for 2.9.0 release by @​NikiforovAll (#​214)
  • feat: add IKeycloakAccessTokenProvider for dynamic token overriding by @​NikiforovAll (#​213)
  • feat: add token introspection for lightweight access tokens by @​NikiforovAll (#​210)
  • feat: support OAuth 2.0 Server Metadata discovery (RFC 8414) by @​NikiforovAll (#​212)
  • feat: add IProtectedResourcePolicyBuilder for extensible policy construction by @​NikiforovAll (#​209)
  • feat: allow configurable claim type for organization membership parsing by @​NikiforovAll (#​208)
  • feat: add organization-based authorization support by @​NikiforovAll (#​207)
  • feat: add pluggable parameter resolution for protected resource authorization by @​NikiforovAll (#​205)
  • chore: update dependencies by @​NikiforovAll (#​203)
  • docs: revive docs-reference submodule with updated API reference by @​NikiforovAll (#​202)

👨🏼‍💻 Contributors

@​NikiforovAll

2.8.1

  • chore: update Kiota client to Keycloak 26.5.6 by @​NikiforovAll (#​194)

👨🏼‍💻 Contributors

@​NikiforovAll

Commits viewable in compare view.

Updated MongoDB.Bson from 3.7.1 to 3.8.1.

Release notes

Sourced from MongoDB.Bson's releases.

3.8.1

This is a patch release that addresses a security issue:

Known warning when restoring: SharpCompress NU1902

When restoring a project that references this driver with the .NET 8 SDK or newer, NuGet may emit the NU1902 audit warning for the transitive SharpCompress 0.30.1 dependency (GHSA-6c8g-7p36-r338 — directory traversal via IArchive.WriteToDirectory()). The driver does not use that API; SharpCompress is only used for in-memory ZLib stream compression of MongoDB wire-protocol messages, so the driver's usage does not expose consumers to this advisory. This issue will be addressed in an upcoming release (CSHARP-6037).

Documentation on the .NET driver can be found here.

3.8.0

This is the general availability release for the 3.8.0 version of the driver.

The main new features in 3.8.0 include:

[!IMPORTANT]
Added support for MongoDB ’s Intelligent Workload Management (IWM) and ingress connection rate limiting features. The driver now gracefully handles write-blocking scenarios and optimizes connection establishment during high-load conditions to maintain application availability. More details in CSHARP-5802: Client Backpressure Support

  • CSHARP-5882: Support storedSource in vector search indexes and returnStoredSource in $vectorSearch queries
  • CSHARP-5769: Implement hasAncestor, hasRoot, and returnScope for Atlas Search
  • CSHARP-5646: Implement vector similarity match expressions
  • CSHARP-5762: MongoDB Vector Search now supports vector search against nested embeddings and arrays of embeddings.
  • CSHARP-5884: Add new fields for Auto embedding in Atlas Vector search indexes

MongoDB v8.3 Compatible Features:

  • CSHARP-5852: Expression to determine the subtype of BinData field
  • CSHARP-5713: Allow native conversion from string to BSON object
  • CSHARP-5949: $convert should allow any type to be converted to string
  • CSHARP-5818: Allow users to generate a hash from a UTF-8 string or binary data
  • CSHARP-5950: Support base conversion in $convert
  • CSHARP-5847: Support Select/SelectMany/Where index overloads in LINQ provider
  • CSHARP-5828: Add Rerank stage builder
  • CSHARP-5656: Support Aggregation Operator to generate random object ids
  • CSHARP-5973: Support SkipWhile/TakeWhile index overloads in LINQ provider
  • CSHARP-5825: Support (de)serialization between BSON and EJSON
  • CSHARP-5655: Support regular expressions in $replaceAll search string and $split delimiter

Improvements:

  • CSHARP-5887: Simplify retryable read and writes
  • CSHARP-2593: Add numeric error code to default error message in NativeMethods.CreateException
  • CSHARP-2150: Add check that the serializer's ValueType matches the type when registering the serializer

Fixes:

  • CSHARP-5947: Increase SingleServerReadBinding timeout
  • CSHARP-2862: Check that max pool size is never less than min pool size in connection string
  • CSHARP-5935: Command activities may be skipped when using pooled connection
  • CSHARP-5952: SerializerFinder resolve wrong serializer for BsonDocument members

Maintenance:

The full list of issues resolved in this release is available at CSHARP JIRA project.

Documentation on the .NET driver can be found here.

Commits viewable in compare view.

Updated MongoDB.Driver from 3.7.1 to 3.8.1.

Release notes

Sourced from MongoDB.Driver's releases.

3.8.1

This is a patch release that addresses a security issue:

Known warning when restoring: SharpCompress NU1902

When restoring a project that references this driver with the .NET 8 SDK or newer, NuGet may emit the NU1902 audit warning for the transitive SharpCompress 0.30.1 dependency (GHSA-6c8g-7p36-r338 — directory traversal via IArchive.WriteToDirectory()). The driver does not use that API; SharpCompress is only used for in-memory ZLib stream compression of MongoDB wire-protocol messages, so the driver's usage does not expose consumers to this advisory. This issue will be addressed in an upcoming release (CSHARP-6037).

Documentation on the .NET driver can be found here.

3.8.0

This is the general availability release for the 3.8.0 version of the driver.

The main new features in 3.8.0 include:

[!IMPORTANT]
Added support for MongoDB ’s Intelligent Workload Management (IWM) and ingress connection rate limiting features. The driver now gracefully handles write-blocking scenarios and optimizes connection establishment during high-load conditions to maintain application availability. More details in CSHARP-5802: Client Backpressure Support

  • CSHARP-5882: Support storedSource in vector search indexes and returnStoredSource in $vectorSearch queries
  • CSHARP-5769: Implement hasAncestor, hasRoot, and returnScope for Atlas Search
  • CSHARP-5646: Implement vector similarity match expressions
  • CSHARP-5762: MongoDB Vector Search now supports vector search against nested embeddings and arrays of embeddings.
  • CSHARP-5884: Add new fields for Auto embedding in Atlas Vector search indexes

MongoDB v8.3 Compatible Features:

  • CSHARP-5852: Expression to determine the subtype of BinData field
  • CSHARP-5713: Allow native conversion from string to BSON object
  • CSHARP-5949: $convert should allow any type to be converted to string
  • CSHARP-5818: Allow users to generate a hash from a UTF-8 string or binary data
  • CSHARP-5950: Support base conversion in $convert
  • CSHARP-5847: Support Select/SelectMany/Where index overloads in LINQ provider
  • CSHARP-5828: Add Rerank stage builder
  • CSHARP-5656: Support Aggregation Operator to generate random object ids
  • CSHARP-5973: Support SkipWhile/TakeWhile index overloads in LINQ provider
  • CSHARP-5825: Support (de)serialization between BSON and EJSON
  • CSHARP-5655: Support regular expressions in $replaceAll search string and $split delimiter

Improvements:

  • CSHARP-5887: Simplify retryable read and writes
  • CSHARP-2593: Add numeric error code to default error message in NativeMethods.CreateException
  • CSHARP-2150: Add check that the serializer's ValueType matches the type when registering the serializer

Fixes:

  • CSHARP-5947: Increase SingleServerReadBinding timeout
  • CSHARP-2862: Check that max pool size is never less than min pool size in connection string
  • CSHARP-5935: Command activities may be skipped when using pooled connection
  • CSHARP-5952: SerializerFinder resolve wrong serializer for BsonDocument members

Maintenance:

The full list of issues resolved in this release is available at CSHARP JIRA project.

Documentation on the .NET driver can be found here.

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the infrastructure-packages group with 5 updates
a5d6275 
Bumps Keycloak.AuthServices.Authentication from 2.8.0 to 3.0.0
Bumps Keycloak.AuthServices.Authorization from 2.8.0 to 3.0.0
Bumps Keycloak.AuthServices.Sdk from 2.8.0 to 3.0.0
Bumps MongoDB.Bson from 3.7.1 to 3.8.1
Bumps MongoDB.Driver from 3.7.1 to 3.8.1

---
updated-dependencies:
- dependency-name: Keycloak.AuthServices.Authentication
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: infrastructure-packages
- dependency-name: Keycloak.AuthServices.Authorization
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: infrastructure-packages
- dependency-name: Keycloak.AuthServices.Sdk
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: infrastructure-packages
- dependency-name: MongoDB.Bson
  dependency-version: 3.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: infrastructure-packages
- dependency-name: MongoDB.Driver
  dependency-version: 3.8.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: infrastructure-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels May 16, 2026
@dependabot @github

dependabot Bot commented on behalf of github May 16, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #127.

@dependabot dependabot Bot closed this May 16, 2026
@dependabot dependabot Bot deleted the dependabot/nuget/infrastructure-packages-2084bca67d branch May 16, 2026 11:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants