Skip to content

fix: Bump AWSSDK.DynamoDBv2 and 5 others #125

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

fix: Bump AWSSDK.DynamoDBv2 and 5 others #125

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 27, 2025

Updated AWSSDK.DynamoDBv2 from 3.7.406.1 to 4.0.9.1.

Release notes

Sourced from AWSSDK.DynamoDBv2's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.DependencyInjection from 9.0.3 to 9.0.10.

Release notes

Sourced from Microsoft.Extensions.DependencyInjection's releases.

9.0.10

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.9...v9.0.10

9.0.9

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.8...v9.0.9

9.0.8

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.7...v9.0.8

9.0.7

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.6...v9.0.7

9.0.6

Bug Fixes

  • Read messages from binlog if process output is missing build finished message (#​114676)
    Improves reliability of the WebAssembly build process by reading messages from the binlog when the process output does not contain the expected build finished message, preventing build failures in certain scenarios.

  • Fix debugger app hangs related to thread exit (#​114917)
    Resolves an issue where applications could hang during debugging when threads exit, ensuring smoother debugging experiences and preventing deadlocks.

  • [Mono] Workaround MSVC miscompiling sgen_clz (#​114903)
    Addresses a compiler miscompilation issue in MSVC affecting the Mono garbage collector, improving runtime stability and correctness on affected platforms.

  • Do not set the salt or info if they are NULL for OpenSSL HKDF (#​114877)
    Fixes a cryptographic issue by ensuring that the salt or info parameters are not set when they are NULL in OpenSSL HKDF, preventing potential errors or unexpected behavior in key derivation.

  • [Test Only] Fix Idn tests (#​115032)
    Corrects issues in Internationalized Domain Name (Idn) tests, ensuring accurate and reliable test results for domain name handling.

  • JIT: revised fix for fp division issue in profile synthesis (#​115026)
    Provides a more robust fix for floating-point division issues in JIT profile synthesis, improving numerical accuracy and preventing incorrect calculations.

  • Handle OSSL 3.4 change to SAN:othername formatting (#​115361)
    Updates certificate handling to accommodate changes in Subject Alternative Name (SAN) formatting introduced in OpenSSL 3.4, ensuring compatibility and correct parsing of certificates.

  • [Mono] Fix c11 ARM64 atomics to issue full memory barrier (#​115635)
    Fixes atomic operations on ARM64 in Mono to issue a full memory barrier, ensuring correct synchronization and preventing subtle concurrency bugs.

Performance Improvements

  • [WinHTTP] Certificate caching on WinHttpHandler to eliminate extra call to Custom Certificate Validation (#​114678)
    Improves HTTP performance by caching certificates in WinHttpHandler, reducing redundant calls to custom certificate validation and speeding up secure connections.

  • Improve distribute_free_regions (#​115167)
    Optimizes memory management by enhancing the algorithm for distributing free memory regions, leading to better memory utilization and potentially improved application performance.

Technical Improvements

  • Strip trailing slash from source dir for cmake4 (#​114905)
    Refines build scripts by removing trailing slashes from source directories when using CMake 4, preventing potential build path issues and improving build reliability.

  • Don't expose TrustedCertificatesDirectory() and StartNewTlsSessionContext() to NetFx (#​114995)
    Restricts certain internal APIs from being exposed to .NET Framework, reducing surface area and preventing unintended usage.

  • Add support for more libicu versions (#​115376)
    Expands compatibility by supporting additional versions of the International Components for Unicode (ICU) library, enhancing globalization features across more environments.

Infrastructure

  • Run outerloop pipeline only for release branches, not staging/preview (#​115011)
    Optimizes CI/CD resources by limiting the outerloop pipeline to run only on release branches, reducing unnecessary test runs and speeding up development workflows.

... (truncated)

9.0.5

Release

What's Changed

9.0.4

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.3...v9.0.4

Commits viewable in compare view.

Updated Microsoft.NET.Test.Sdk from 17.13.0 to 18.0.0.

Release notes

Sourced from Microsoft.NET.Test.Sdk's releases.

18.0.0

What's Changed

Internal fixes and updates

17.14.1

What's Changed

Full Changelog: microsoft/vstest@v17.14.0...v17.14.1

17.14.0

What's Changed

.NET versions updated

This version of VS Test upgraded .NET to net8 and net9. All projects targeting net6.0 (or other end-of-life .NET target frameworks) should pin their version of Microsoft.NET.Test.SDK to 17.13.0, or update the projects to net8 or newer. We remain backwards compatible with previous versions of Microsoft.NET.Test.SDK. This change does NOT prevent you from:

  • Updating to the latest VS, and running tests from net6.0 test projects.
  • Updating to the latest .NET SDK, and running tests from net6.0 test projects.

It also has no impact on .NET Framework projects, where we continue targeting .NET Framework 4.6.2.

Changes

Internal version updates and fixes

New Contributors

17.14.0-preview-25107-01

What's Changed

.NET versions updated

This version of VS Test upgraded .NET to net8 and net9. All projects targeting net6.0 (or other end-of-life .NET target frameworks) should pin their version of Microsoft.NET.Test.SDK to 17.13.0, or update the projects to net8 or newer. We remain backwards compatible with previous versions of Microsoft.NET.Test.SDK. This change does NOT prevent you from:

  • Updating to the latest VS, and running tests from net6.0 test projects.
  • Updating to the latest .NET SDK, and running tests from net6.0 test projects.

It also has no impact on .NET Framework projects, where we continue targeting .NET Framework 4.6.2.

Changes

Internal version updates and fixes

Will probably revert before release:

New Contributors

Full Changelog: microsoft/vstest@v17.13.0...v17.14.0-preview-25107-01

Commits viewable in compare view.

Updated OpenIddict.Abstractions from 6.0.0 to 7.1.0.

Release notes

Sourced from OpenIddict.Abstractions's releases.

7.1.0

This release introduces the following changes:

  • The GitHub web provider was updated to enforce OAuth 2.0 Proof Key for Code Exchange for all client registrations.

[!TIP]
No change is required to enable PKCE for a specific client application (whether it is a treated as a public or confidential application): updating OpenIddict to 7.1.0 is enough to automatically enforce this security feature.

For more information, read PKCE support for OAuth and GitHub App authentication on the official GitHub blog.

  • The HeyBoxChat service is now supported by the OpenIddict.Client.WebIntegration package (thanks @​gehongyan! ❤️)

  • New AddGrantTypePermissions()/RemoveGrantTypePermissions() APIs have been added to OpenIddictApplicationDescriptor to simplify adding and removing grant type permissions for custom grants:

var descriptor = new OpenIddictApplicationDescriptor
{
    ClientId = "console",

    // ...
};

descriptor.AddGrantTypePermissions("custom_grant_type");
descriptor.AddScopePermissions("demo_api");
  • All the .NET and third-party dependencies have been updated to the latest versions.

7.0.0

For more information about this release, read OpenIddict 7.0 is out.

7.0.0-preview.4

This release introduces the following changes:

var result = await _service.AuthenticateWithTokenExchangeAsync(new()
{
    ActorToken = actorToken,
    ActorTokenType = actorTokenType,
    CancellationToken = stoppingToken,
    ProviderName = "Local",
    RequestedTokenType = TokenTypeIdentifiers.AccessToken,
    SubjectToken = subjectToken,
    SubjectTokenType = subjectTokenType
});

var token = result.IssuedToken;
var type = result.IssuedTokenType;
[HttpPost("~/connect/token"), IgnoreAntiforgeryToken, Produces("application/json")]
public async Task<IActionResult> Exchange()
{
    var request = HttpContext.GetOpenIddictServerRequest() ??
        throw new InvalidOperationException("The OpenID Connect request cannot be retrieved.");

    if (request.IsAuthorizationCodeGrantType() || request.IsRefreshTokenGrantType())
    {
        // ...
    }

    else if (request.IsTokenExchangeGrantType())
    {
        // Retrieve the claims principal stored in the subject token.
        //
        // Note: the principal may not represent a user (e.g if the token was issued during a client credentials token
        // request and represents a client application): developers are strongly encouraged to ensure that the user
        // and client identifiers are randomly generated so that a malicious client cannot impersonate a legit user.
        //
        // See https://datatracker.ietf.org/doc/html/rfc9068#SecurityConsiderations for more information.
        var result = await HttpContext.AuthenticateAsync(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);

        // If available, retrieve the claims principal stored in the actor token.
        var actor = result.Properties?.GetParameter<ClaimsPrincipal>(OpenIddictServerAspNetCoreConstants.Properties.ActorTokenPrincipal);

        // Retrieve the user profile corresponding to the subject token.
        var user = await _userManager.FindByIdAsync(result.Principal!.GetClaim(Claims.Subject)!);
        if (user is null)
        {
 ... (truncated)

## 7.0.0-preview.3

This release introduces the following changes:

  - As a preliminary step to the introduction of OAuth 2.0 Token Exchange support in a future 7.0 preview, the entire OpenIddict code base was updated to use new URI-style token type identifiers to represent token types (e.g `urn:ietf:params:oauth:token-type:access_token`). These new identifiers will replace the `token_type_hint`-inspired constants that previous versions of OpenIddict were using in the core, client, server and validation stacks. For more information, read https://github.com/openiddict/openiddict-core/issues/2296.

> [!NOTE]
> While internally massive, this change should be completely transparent for most OpenIddict users. Only advanced users who implement custom handlers for the `GenerateToken`/`ValidateToken` events or use the `ClaimsPrincipal.GetTokenType()`/`ClaimsPrincipal.SetTokenType()` extensions will need to update their code to use the new values.

  - The Discord provider was updated to use the `/users/@​me` endpoint instead of `/oauth2/@​me`, which improves how userinfo claims are represented and returned to the application code (thanks @​egans146 for suggesting this improvement! ❤️).

> [!IMPORTANT]
> This behavior change is breaking: developers are encouraged to review their Discord integration to determine whether their code should be updated to support the new claims representation.

  - New `ClaimsPrincipal.AddClaim()`/`ClaimsPrincipal.AddClaims()`/`ClaimsPrincipal.SetClaim()`/`ClaimsPrincipal.SetClaims()` overloads accepting `System.Text.Json.Nodes.JsonNode` instances have been added to make working with types derived from `JsonNode` easier.

  - An event identifier is now attached to all the logs generated by the OpenIddict core, client, server and validation stacks.

  - A few properties in `OpenIddictClientModels` didn't have an `init` constraint and have been fixed in 7.0.0-preview.3.

> [!TIP]
> Note: this preview also includes all the changes introduced in the OpenIddict 6.3.0 release.

## 7.0.0-preview.2

This release introduces the following changes:

  - All the OpenIddict assemblies have been marked as trimming and Native AOT-compatible (only on .NET 9.0 and higher). For that, several changes had to be made to the OpenIddict core stack:

    - The store resolver interfaces (`IOpenIddict*StoreResolver`) and all their implementations have been removed and the managers have been updated to now directly take an `IOpenIddict*Store<T>` argument instead of an `IOpenIddict*StoreResolver`.

    - All the `OpenIddictCoreOptions.Default*Type` options (e.g `DefaultApplicationType`) have been removed and the untyped managers (`IOpenIddict*Manager`) no longer use options to determine the actual entity type at runtime. Instead, each store integration is now responsible for replacing the `IOpenIddict*Manager` services with a service descriptor pointing to the generic `OpenIddict*Manager<T>` implementation with the correct `T` argument: by default, the default entity types provided by the store are used, but the managers can be re-registered with a different type when the user decides to use different models (e.g via `options.UseEntityFrameworkCore().ReplaceDefaultModels<...>()`).

    - All the managers/store/store resolvers registration APIs offered by `OpenIddictCoreBuilder` have been removed: while they were very powerful and easy-to-use (e.g the `Replace*Manager` methods supported both open and closed generic types and were able to determine the entity type from the base type definition), they weren't AOT-compatible.

    - New AOT-friendly `Replace*Store()` and `Replace*Manager()` APIs have been introduced in `OpenIddictCoreBuilder`. The new `Replace*Manager()` APIs have two overloads that can be used depending on whether you need to register a closed or open generic type:

        ```csharp
        options.ReplaceApplicationManager<
            /* TApplication: */ OpenIddictEntityFrameworkCoreApplication,
            /* TManager: */ CustomApplicationManager<OpenIddictEntityFrameworkCoreApplication>>();
         ```

        ```csharp
        options.ReplaceApplicationManager(typeof(CustomApplicationManager<>));
        ```

    - While they are currently not functional on Native AOT due to EF Core not supporting interpreted LINQ expressions yet, the EF Core stores package has been updated to be ready for AOT: as part of this change, the signature of all the stores has been updated to remove the `TContext` generic argument from the definition. Similarly, the MongoDB C# driver isn't AOT (or even trimming) compatible yet, but the stores have been updated to ensure they only use statically-analyzable patterns.

    - A new `IOpenIddictEntityFrameworkCoreContext` interface containing a single `ValueTask<DbContext> GetDbContextAsync(CancellationToken cancellationToken)` method (similar to what's currently used in the MongoDB integration) has been introduced to allow each to resolve the `DbContext` to use. A default implementation named `OpenIddictEntityFrameworkCoreContext<TContext>` is used by the `OpenIddictEntityFrameworkCoreBuilder.UseDbContext<TContext>()` API to resolve the `TContext` type specified by the user.

    - The `OpenIddictEntityFrameworkCoreBuilder.ReplaceDefaultEntities<...>` API has been preserved - including the overload accepting a single `TKey` parameter but no longer use options internally. Instead, they re-register the untyped `IOpenIddict*Manager` to point to the correct `OpenIddict*Manager<T>` instances depending on the generic types set by the user.

  - For consistency with the Entity Framework Core stores, the `OpenIddictEntityFrameworkBuilder.UseDbContext<TContext>()` API will no longer automatically register the `DbContext` type in the DI container.

  - The authorization endpoint now uses `Cache-Control: no-store` instead of `Cache-Control: no-cache` when generating HTML auto-post form responses (thanks @​matthid! ❤️)

  - OpenIddict 7.0 preview 2 no longer allows dynamically overriding the `prompt` value when using OAuth 2.0 Pushed Authorization Requests.

  > [!IMPORTANT]
  > To prevent login endpoint -> authorization endpoint loops, developers are invited to update their authorization endpoint MVC action to use `TempData` to store a flag indicating whether the user has already been offered to re-authenticate and avoid triggering a new authentication challenge in that case. For instance:
  >
  > ```csharp
  > // Try to retrieve the user principal stored in the authentication cookie and redirect
  > // the user agent to the login page (or to an external provider) in the following cases:
  > //
  > //  - If the user principal can't be extracted or the cookie is too old.
  > //  - If prompt=login was specified by the client application.
  > //  - If max_age=0 was specified by the client application (max_age=0 is equivalent to prompt=login).
  > //  - If a max_age parameter was provided and the authentication cookie is not considered "fresh" enough.
  > //
  > // For scenarios where the default authentication handler configured in the ASP.NET Core
  > // authentication options shouldn't be used, a specific scheme can be specified here.
  > var result = await HttpContext.AuthenticateAsync();
  > if (result is not { Succeeded: true } ||
 ... (truncated)

## 7.0.0-preview.1

This release introduces the following changes:

  - All the ASP.NET Core and Entity Framework Core 2.1 references used for the .NET Framework and .NET Standard TFMs have been replaced by the new 2.3 packages released mid-January (including the .NET Standard 2.1 TFM, that previously referenced unsupported ASP.NET Core 3.1 packages).

> [!IMPORTANT]
> ASP.NET Core 2.3 replaces ASP.NET Core 2.1: as such, it is essential that all ASP.NET Core 2.1 applications running on .NET Framework 4.6.2+ quickly migrate to 2.3 to ensure they keep receiving security patches and critical bug fixes.

> [!CAUTION]
> While it was released as a minor version update, **ASP.NET Core 2.3 is not 100% compatible with ASP.NET Core 2.2**, as none of the changes or APIs introduced in 2.2 - no longer supported since December 2019 - is present in 2.3.
>
> When migrating to OpenIddict 7.0, you'll need to carefully review your dependencies to ensure your application doesn't accidentally depend on any ASP.NET Core 2.2-specific API or package and still runs fine on 2.3.
>
> For more information, read https://devblogs.microsoft.com/dotnet/servicing-release-advisory-aspnetcore-23/ and https://github.com/dotnet/aspnetcore/issues/58598.

  - All the OpenIddict packages now use 8.0 as the minimum .NET Extensions version for the .NET Framework and .NET Standard TFMs, which matches the approach used by the new ASP.NET Core/Entity Framework Core 2.3 packages (that all reference `Microsoft.Extensions.*` 8.0 packages instead of 2.1).

> [!IMPORTANT]
> Initial testing shows that OWIN/Katana or "legacy" ASP.NET 4.6.2+ applications are not negatively impacted by this change: in almost all cases, regenerating (or manually updating the binding redirects if necessary) after migrating to OpenIddict 7.0 should be enough. If you see regressions that may be caused by this change, please post in this thread: https://github.com/openiddict/openiddict-core/issues/2262.

  - As part of the .NET Extensions 2.1 -> 8.0 change, the following improvements have been made:

    - The .NET Framework and .NET Standard TFMs now support `TimeProvider` and the associated properties in `OpenIddictClientOptions`, `OpenIddictCoreOptions`, `OpenIddictQuartzOptions`, `OpenIddictServerOptions` and `OpenIddictValidationOptions` are no longer nullable.
 
    - The .NET Framework and .NET Standard TFMs now support `System.Text.Json.Nodes`, which allows using `JsonNode` with `OpenIddictParameter` on older platforms.

  - Several improvements have been made to the `OpenIddictParameter` primitive:
    - The `OpenIddictParameter` constructors and static operators offering `string?[]?` conversions have been replaced by equivalents taking `ImmutableArray<string?>` or `ImmutableArray<string?>?` parameters, which guarantees that the underlying value wrapped by `OpenIddictParameter` cannot be accidentally mutated after being created.

    - The `OpenIddictRequest.Audiences` and `OpenIddictRequest.Resources` properties have been updated to use `ImmutableArray<string?>?` instead of `string?[]?`, which should prevent unsupported mutations like `context.Request.Audiences[2] = "overridden audience"` (which may or may not work in 6.x depending on the actual CLR type of the parameter value initially wrapped).

    - For similar reasons, `JsonNode` instances are now cloned by `OpenIddictParameter`'s constructor and cloned by the `JsonNode?` conversion operator to prevent accidental mutations. As part of this change, the `OpenIddictRequest.Claims` and `OpenIddictRequest.Registration` properties are now of type `JsonObject` instead of `JsonElement`, which should make these properties easier to use.
 
    - The low-level/untyped `OpenIddictParameter.Value` property has been removed and replaced by a new (hidden) `OpenIddictParameter.GetRawValue()` to encourage users to leverage the built-in conversion operators instead. New `Microsoft.Extensions.Primitives.StringValues` conversion operators have been added to the `OpenIddictParameter` primitive as part of this change.

    - The `ClaimsPrincipal.GetDestinations()`/`ClaimsPrincipal.SetDestinations()` extensions now use `ImmutableDictionary<string, ImmutableArray<string>>` instead of `ImmutableDictionary<string, string[]>` for consistency with the previous changes.

    - The `OpenIddictParameter` structure was updated to use the `JsonNode.DeepEquals()`, `JsonElement.DeepEquals()` or `JsonElement.GetPropertyCount()` APIs when available.

  - The APIs obsoleted in OpenIddict 6.x have been removed.

  - The `net6.0` target framework monikers have been removed.

## 6.4.0

This release introduces the following changes:

  - Support for client authentication - `client_secret_basic`, `client_secret_post` and `private_key_jwt` - was added to the PAR endpoint, which allows rejecting unauthenticated requests without waiting until the token request is processed.
  
  - The `OpenIddict.Client.WebIntegration` package now supports Bungie.net.

  - Parsing of the standard `WWW-Authenticate` HTTP response header by the client and validation stacks was improved.

  - The OpenIddict client OWIN integration was updated to resolve the `IAppBuilder` instance from the DI container: when it is available, the `ICookieManager` attached to the application properties (by the host, typically) is automatically used instead of the default `CookieManager` implementation.

  > [!NOTE]
  > See https://github.com/aspnet/AspNetKatana/pull/486 for more information.

  - The portable, non-OS specific version of the `OpenIddict.Client.SystemIntegration` package can now be used on macOS (in this case, `ASWebAuthenticationSession` is not supported and only the system brows...

_Description has been truncated_

@dependabot
fix: Bump AWSSDK.DynamoDBv2 and 5 others
30da179 
Bumps AWSSDK.DynamoDBv2 from 3.7.406.1 to 4.0.9.1
Bumps Microsoft.Extensions.DependencyInjection from 9.0.3 to 9.0.10
Bumps Microsoft.NET.Test.Sdk from 17.13.0 to 18.0.0
Bumps OpenIddict.Abstractions from 6.0.0 to 7.1.0
Bumps OpenIddict.Core from 6.0.0 to 7.1.0
Bumps xunit.runner.visualstudio from 3.0.2 to 3.1.5

---
updated-dependencies:
- dependency-name: AWSSDK.DynamoDBv2
  dependency-version: 4.0.9.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: non-major-deps
- dependency-name: AWSSDK.DynamoDBv2
  dependency-version: 4.0.9.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: non-major-deps
- dependency-name: Microsoft.Extensions.DependencyInjection
  dependency-version: 9.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: non-major-deps
- dependency-name: Microsoft.Extensions.DependencyInjection
  dependency-version: 9.0.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: non-major-deps
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-version: 18.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: non-major-deps
- dependency-name: OpenIddict.Abstractions
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: non-major-deps
- dependency-name: OpenIddict.Core
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: non-major-deps
- dependency-name: OpenIddict.Core
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: non-major-deps
- dependency-name: xunit.runner.visualstudio
  dependency-version: 3.1.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: non-major-deps
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Oct 27, 2025
@dependabot dependabot bot requested a review from ganhammar as a code owner October 27, 2025 03:19
@dependabot dependabot bot added dependencies Pull requests that update a dependency file .NET Pull requests that update .net code labels Oct 27, 2025
This was referenced Oct 27, 2025
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ganhammar ganhammar Awaiting requested review from ganhammar ganhammar is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .net code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants