Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the nuget group across 1 directory with 4 updates #925

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 25, 2024

Bumps the nuget group with 4 updates in the /ch9_release/src/Tailwind.Traders.Web directory: Azure.Storage.Blobs, Microsoft.AspNetCore.Authentication.JwtBearer, MongoDB.Driver and SixLabors.ImageSharp.

Updates Azure.Storage.Blobs from 12.8.0 to 12.13.0

Release notes

Sourced from Azure.Storage.Blobs's releases.

Azure.Data.Tables_12.8.3

12.8.3 (2024-02-06)

Bugs Fixed

  • TableEntity string properties will correctly handle type coercion from DateTime and DateTimeOffset types. (#40775)
  • Fixed an error handling bug that could result in an ArgumentNullException when calling CreateIfNotExistsAsync. (#41463)
Commits

Updates Microsoft.AspNetCore.Authentication.JwtBearer from 5.0.2 to 5.0.9

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

.NET 5.0.9

Release

.NET 5.0.8

Release

.NET 5.0.7

Release

Commits
  • c663ade Merged PR 15469: Clean up logging
  • 3aeeedc [internal/release/5.0] Update dependencies from dnceng/internal/dotnet-efcore
  • adcf3c4 Merge in 'release/5.0' changes
  • 3f87303 Merge pull request #34308 from vseanreesermsft/internal-merge-5.0-2021-07-13-...
  • 45223e7 [release/5.0] Update package baselines
  • 81b0403 [release/5.0] Bump SiteExtension.3.1 version
  • 518c5b9 [release/5.0] Update to latest SDK and runtime
  • 41f3416 Merge commit 'ae2eabad0e49302d0632a7dde917fdc68d960dc4' into internal-merge-5...
  • b6532d4 [internal/release/5.0] Update dependencies from dnceng/internal/dotnet-runtime
  • 45a120e [internal/release/5.0] Update dependencies from dnceng/internal/dotnet-runtime
  • Additional commits viewable in compare view

Updates MongoDB.Driver from 2.11.6 to 2.19.0

Release notes

Sourced from MongoDB.Driver's releases.

NET Driver Version 2.19.0 Release Notes

.NET Driver Version 2.19.0 Release Notes

This is the general availability release for the 2.19.0 version of the driver.

The main new features in 2.19.0 include:

  • Atlas Search builders
  • Default LinqProvider changed to LINQ3
  • ObjectSerializer allowed types configuration
  • Bucket and BucketAuto stages support in LINQ3
  • Support Azure VM-assigned Managed Identity for Automatic KMS Credentials
  • Native support for AWS IAM Roles

This version addresses CVE-2022-48282.

ObjectSerializer allowed types configuration

The ObjectSerializer has been changed to only allow deserialization of types that are considered safe. What types are considered safe is determined by a new configurable AllowedTypes function (of type Func<Type, bool>). The default AllowedTypes function is ObjectSerializer.DefaultAllowedTypes which returns true for a number of well-known framework types that we have deemed safe. A typical example might be to allow all the default allowed types as well as your own types. This could be accomplished as follows:

var objectSerializer = new ObjectSerializer(type => ObjectSerializer.DefaultAllowedTypes(type) || type.FullName.StartsWith("MyNamespace"));
BsonSerializer.RegisterSerializer(objectSerializer);

More information about the ObjectSerializer is available in our FAQ.

Default LinqProvider changed to LINQ3

Default LinqProvider has been changed to LINQ3. LinqProvider can be changed back to LINQ2 in the following way:

var connectionString = "mongodb://localhost";
var clientSettings = MongoClientSettings.FromConnectionString(connectionString);
clientSettings.LinqProvider = LinqProvider.V2;
var client = new MongoClient(clientSettings);

If you encounter a bug in LINQ3 provider, please report it in CSHARP JIRA project.

An online version of these release notes is available here.

The full list of issues resolved in this release is available at CSHARP JIRA project.

Documentation on the .NET driver can be found here.

.NET Driver Version 2.18.0 Release Notes

... (truncated)

Commits
  • 3db6a36 Release notes for 2.19.0. (#1013)
  • 790f123 CSHARP-4475: Add an AllowedTypes filter to ObjectSerializer.
  • 8993daa CSHARP-4453: Support Bucket and BucketAuto stages in LINQ3.
  • ec46c34 CSHARP-4490: Fix tests related to asserting wildcardProjection output. (#1011)
  • 9ee046b CSHARP-4182: Support for Range Indexes. (#988)
  • 9189a58 CSHARP-4440: Incorporate MongoDB.Labs.Search library (#989)
  • 0bb42fa CSHARP-4255: Fix bug and some tests. (#993)
  • c0c521e CSHARP-4449: Implement Find projections in LINQ3.
  • 396830c CSHARP-4468: LINQ V3 SelectMany + GroupBy results with redundant $push within...
  • 70ed174 CSHARP-4463: Add aws auth connectivity examples. (#1004)
  • Additional commits viewable in compare view

Updates SixLabors.ImageSharp from 1.0.0-beta0006 to 2.1.7

Release notes

Sourced from SixLabors.ImageSharp's releases.

v2.1.7

What's Changed

Full Changelog: SixLabors/ImageSharp@v2.1.6...v2.1.7

v2.1.6

What's Changed

Full Changelog: SixLabors/ImageSharp@v2.1.5...v2.1.6

v2.1.5

What's Changed

Full Changelog: SixLabors/ImageSharp@v2.1.4...v2.1.5

v2.1.4

What's Changed

Full Changelog: SixLabors/ImageSharp@v2.1.3...v2.1.4

v2.1.3

What's Changed

Full Changelog: SixLabors/ImageSharp@v2.1.2...v2.1.3

v2.1.2

What's Changed

Full Changelog: SixLabors/ImageSharp@v2.1.1...v2.1.2

v2.1.1

What's Changed

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the nuget group with 4 updates in the /ch9_release/src/Tailwind.Traders.Web directory: [Azure.Storage.Blobs](https://github.com/Azure/azure-sdk-for-net), [Microsoft.AspNetCore.Authentication.JwtBearer](https://github.com/dotnet/aspnetcore), [MongoDB.Driver](https://github.com/mongodb/mongo-csharp-driver) and [SixLabors.ImageSharp](https://github.com/SixLabors/ImageSharp).


Updates `Azure.Storage.Blobs` from 12.8.0 to 12.13.0
- [Release notes](https://github.com/Azure/azure-sdk-for-net/releases)
- [Commits](Azure/azure-sdk-for-net@Azure.Storage.Blobs_12.8.0...Azure.Storage.Blobs_12.13.0)

Updates `Microsoft.AspNetCore.Authentication.JwtBearer` from 5.0.2 to 5.0.9
- [Release notes](https://github.com/dotnet/aspnetcore/releases)
- [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md)
- [Commits](dotnet/aspnetcore@v5.0.2...v5.0.9)

Updates `MongoDB.Driver` from 2.11.6 to 2.19.0
- [Release notes](https://github.com/mongodb/mongo-csharp-driver/releases)
- [Commits](mongodb/mongo-csharp-driver@v2.11.6...v2.19.0)

Updates `SixLabors.ImageSharp` from 1.0.0-beta0006 to 2.1.7
- [Release notes](https://github.com/SixLabors/ImageSharp/releases)
- [Commits](https://github.com/SixLabors/ImageSharp/commits/v2.1.7)

---
updated-dependencies:
- dependency-name: Azure.Storage.Blobs
  dependency-type: direct:production
  dependency-group: nuget-security-group
- dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer
  dependency-type: direct:production
  dependency-group: nuget-security-group
- dependency-name: MongoDB.Driver
  dependency-type: direct:production
  dependency-group: nuget-security-group
- dependency-name: SixLabors.ImageSharp
  dependency-type: direct:production
  dependency-group: nuget-security-group
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from wulfland as a code owner March 25, 2024 18:45
@dependabot dependabot bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Mar 25, 2024
@wulfland wulfland merged commit 70bb5ec into main Mar 25, 2024
4 of 6 checks passed
@wulfland wulfland deleted the dependabot/nuget/ch9_release/src/Tailwind.Traders.Web/nuget-security-group-4abdc45e26 branch March 25, 2024 19:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file .NET Pull requests that update .net code
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant