chore(deps): update nuget

[projectorigin-renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Type	Update	Change
Dapper	nuget	patch	2.1.66 → 2.1.79
Grpc.AspNetCore	nuget	minor	2.71.0 → 2.80.0
MassTransit (source)	nuget	patch	8.5.4 → 8.5.10
MassTransit.RabbitMQ (source)	nuget	patch	8.5.4 → 8.5.10
Microsoft.AspNetCore.Authentication.JwtBearer (source)	nuget	patch	9.0.10 → 9.0.17
Microsoft.AspNetCore.TestHost (source)	nuget	patch	9.0.10 → 9.0.17
Microsoft.Extensions.Diagnostics.HealthChecks (source)	nuget	patch	9.0.10 → 9.0.17
Microsoft.Extensions.Diagnostics.HealthChecks.Abstractions (source)	nuget	patch	9.0.10 → 9.0.17
Microsoft.Extensions.Options (source)	nuget	patch	9.0.10 → 9.0.17
Microsoft.Extensions.Options.ConfigurationExtensions (source)	nuget	patch	9.0.10 → 9.0.17
Microsoft.Identity.Web	nuget	minor	4.0.0 → 4.10.0
Microsoft.NET.Test.Sdk	nuget	minor	18.0.0 → 18.6.0
Npgsql	nuget	patch	9.0.4 → 9.0.5
Npgsql.OpenTelemetry	nuget	patch	9.0.4 → 9.0.5
OpenTelemetry (source)	nuget	minor	1.13.1 → 1.16.0
OpenTelemetry.Exporter.OpenTelemetryProtocol (source)	nuget	minor	1.13.1 → 1.16.0
OpenTelemetry.Extensions.Hosting (source)	nuget	minor	1.13.1 → 1.16.0
OpenTelemetry.Instrumentation.AspNetCore (source)	nuget	minor	1.12.0 → 1.15.2
OpenTelemetry.Instrumentation.Http (source)	nuget	minor	1.12.0 → 1.15.1
OpenTelemetry.Instrumentation.Runtime (source)	nuget	minor	1.12.0 → 1.15.1
Testcontainers.PostgreSql (source)	nuget	minor	4.7.0 → 4.12.0
Testcontainers.RabbitMq (source)	nuget	minor	4.7.0 → 4.12.0
Verify.Xunit	nuget	minor	31.0.2 → 31.12.5
WireMock.Net	nuget	minor	1.14.0 → 1.25.0
dbup-postgresql (source)	nuget	minor	6.0.3 → 6.1.5
dotnet-grpc	nuget	minor	2.71.0 → 2.80.0

---

Release Notes

DapperLib/Dapper (Dapper)

v2.1.79

Compare Source

What's Changed

• fix CI by @​mgravell in #​2196
• Fix segfault when ICustomQueryParameter is a value type (#​2189) by @​andreasblueher in #​2198
• Update dependencies by @​mgravell in #​2202
• Make private & internal classes sealed and less enumeration of lists & LINQ by @​Henr1k80 in #​2197
• Fix/prefer typehandlers for enums by @​andreasblueher in #​2200
• keep deps up to date by @​mgravell in #​2204
• Add ReferenceTrimmer and remove unused references by @​dfederm in #​2191

New Contributors

• @​andreasblueher made their first contribution in #​2198
• @​Henr1k80 made their first contribution in #​2197
• @​dfederm made their first contribution in #​2191

Full Changelog: DapperLib/Dapper@2.1.72...2.1.79

v2.1.72

Compare Source

What's Changed

• TFM packaging for .NET 10 by @​mgravell in #​2195
• Fix and clarify OrWhere caveats in SqlBuilder docs by @​jnoordsij in #​2149
• OutputExpression wasn't working for methods that use QueryRowAsync by @​ri-rgb in #​2156
• CI: use preinstalled sdk by @​kbth in #​2160
• CI: serialize DB-dependent tests by @​kbth in #​2163

New Contributors

• @​jnoordsij made their first contribution in #​2149
• @​ri-rgb made their first contribution in #​2156
• @​kbth made their first contribution in #​2160

Full Changelog: DapperLib/Dapper@2.1.66...2.1.72

grpc/grpc-dotnet (Grpc.AspNetCore)

v2.80.0

What's Changed

• Update .NET 10, System.CommandLine 2.0.0, fix warnings by @​JamesNK in #​2677
• Fix System.CommandLine 2.0.0 Uri parsing in GrpcClient benchmark app by @​ilonatommy in #​2695
• Implement GrpcServiceEndpointConventionBuilder.Finally by @​halter73 in #​2693
• Bump axios from 1.11.0 to 1.12.2 in /testassets/InteropTestsGrpcWebWebsite/Tests by @​dependabot[bot] in #​2669
• Bump webpack from 5.101.0 to 5.105.0 in /examples/Browser/Server/wwwroot by @​dependabot[bot] in #​2689
• Bump lodash from 4.17.21 to 4.17.23 in /testassets/InteropTestsGrpcWebWebsite/Tests by @​dependabot[bot] in #​2687
• Bump glob from 10.4.5 to 10.5.0 in /testassets/InteropTestsGrpcWebWebsite/Tests by @​dependabot[bot] in #​2679
• Bump basic-ftp from 5.0.5 to 5.2.0 in /testassets/InteropTestsGrpcWebWebsite/Tests by @​dependabot[bot] in #​2698
• Bump serialize-javascript and terser-webpack-plugin in /examples/Browser/Server/wwwroot by @​dependabot[bot] in #​2699
• Bump minimatch in /testassets/InteropTestsGrpcWebWebsite/Tests by @​dependabot[bot] in #​2700
• Bump axios from 1.12.2 to 1.13.6 in /testassets/InteropTestsGrpcWebWebsite/Tests by @​dependabot[bot] in #​2701
• Bump js-yaml in /testassets/InteropTestsGrpcWebWebsite/Tests by @​dependabot[bot] in #​2702
• Handle Trailers-Only OK responses in streaming calls without exception handling by @​michaelmccord in #​2697
• Bump picomatch in /testassets/InteropTestsGrpcWebWebsite/Tests by @​dependabot[bot] in #​2703
• Implement v1 reflection service and clean up integration by @​JamesNK in #​2704
• Bump brace-expansion in /testassets/InteropTestsGrpcWebWebsite/Tests by @​dependabot[bot] in #​2706
• Fix flaky PickAsync_UpdateAddressesWhileRequestingConnection_DoesNotDeadlock test by @​JamesNK in #​2705
• Bump Tools Version prep for release v2.80.0 by @​asheshvidyut in #​2707
• [Release v2.80.x] Fix the version number - Step 3 by @​asheshvidyut in #​2711
• Rel (v1.80.0) Prep for stable release by @​asheshvidyut in #​2723

New Contributors

• @​ilonatommy made their first contribution in #​2695
• @​halter73 made their first contribution in #​2693
• @​michaelmccord made their first contribution in #​2697

Full Changelog: grpc/grpc-dotnet@v2.76.0...v2.80.0

v2.76.0

What's Changed

• Remove reference to obsolete property from Readme and mention alternative by @​KnapSac in #​2631
• Migrate from sln to slnx by @​JamesNK in #​2635
• Bump tar-fs from 3.0.8 to 3.0.9 in /testassets/InteropTestsGrpcWebWebsite/Tests by @​dependabot[bot] in #​2636
• MapGrpcService with service definition refactor by @​JamesNK in #​2634
• Bump brace-expansion from 1.1.11 to 1.1.12 in /testassets/InteropTestsGrpcWebWebsite/Tests by @​dependabot[bot] in #​2639
• Fix shared code by @​JamesNK in #​2640
• Bump pbkdf2 from 3.1.2 to 3.1.3 in /examples/Spar/Server/ClientApp by @​dependabot[bot] in #​2642
• Add protobuf-net code-first to README.md by @​weitzhandler in #​2644
• Add more options to perf client by @​JamesNK in #​2648
• Update docs and starvs for slnx by @​MihaZupan in #​2649
• Support reading compressed grpc-web trailing headers by @​JamesNK in #​2650
• Add .NET 10 target by @​JamesNK in #​2653
• Update project.json packages and examples by @​JamesNK in #​2658
• Bump tar-fs from 3.1.0 to 3.1.1 in /testassets/InteropTestsGrpcWebWebsite/Tests by @​dependabot[bot] in #​2668
• Update Grpc.Tools dependency to latest version by @​apolcyn in #​2675
• Update version on v2.76.x to 2.76.0-pre1 by @​apolcyn in #​2676
• Prep for stable release by @​asheshvidyut in #​2682

New Contributors

• @​KnapSac made their first contribution in #​2631
• @​weitzhandler made their first contribution in #​2644
• @​MihaZupan made their first contribution in #​2649
• @​asheshvidyut made their first contribution in #​2682

Full Changelog: grpc/grpc-dotnet@v2.71.0...v2.76.0

AzureAD/microsoft-identity-web (Microsoft.Identity.Web)

v4.10.0

Compare Source

New features

• Add WithExtraBodyParameters fluent API for attaching extra body parameters to token acquisition requests. See #​3819.
• Add IConfidentialClientApplicationProvider extensibility interface and CachePartitionKey support for silent token acquisition. See #​3822.

Bug fixes

• Redirect URI sanitization in authorization scenarios; centralize redirect URI validation in a shared helper. See #​3825.
• Reject dSTS-shaped Authority values with a clearer exception, steering users to use Instance + TenantId instead. See #​3805.
• Improve regex handling and adding length/timeout safeguards for SameSite User Agent. See #​3811.

Behavior changes

• B2C OpenID Connect event handler: LRU cache for issuer address. Issuer address lookups in the B2C OIDC event handler are now cached with an LRU cache, improving performance for repeated lookups. See #​3821.

Dependencies updates

• Update MSAL.NET to 4.84.1. See #​3822.
• Pin Microsoft.Kiota.Abstractions to 1.22.0 for GraphServiceClient. See #​3817.
• Bump uuid and @azure/msal-node in SidecarAdapter TypeScript test app. See #​3826.
• Bump qs in SidecarAdapter TypeScript test app. See #​3829.

v4.9.0

Compare Source

New features

• Sidecar: per-route override gating. New Sidecar:AllowOverrides configuration section provides explicit, per-route control over whether optionsOverride.* query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. optionsOverride.BaseUrl is unconditionally rejected on all routes as a hardening measure. See #​3794.

Bug fixes

• Fix AccountController.Challenge redirect URI validation to reject percent-encoded protocol-relative bypasses (%2F%2F, %5C%2F, etc.) that could be decoded by misconfigured reverse proxies. See #​3792.

Behavior changes

• DownstreamApi: reserved header filtering. Headers supplied via DownstreamApiOptions.ExtraHeaderParameters whose names match reserved HTTP headers (Authorization, Host, Content-Length, Proxy-Authorization, Sec-*, Proxy-*, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (ReservedHeaderIgnored / DuplicateHeaderIgnored) is emitted so operators can spot misconfigurations. No exception is thrown. See #​3793.

Dependencies updates

• Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.* 8.0.x minimum on older TFMs. Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on Microsoft.Extensions.DependencyInjection.Abstractions 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a CS0433 type collision with the previously-pinned Microsoft.Extensions.DependencyInjection 2.1.0. The entire Microsoft.Extensions.* stack on these older TFMs has been bumped to 8.x for consistency. If your application targets net462, net472, or netstandard2.0, your resolved Microsoft.Extensions.* versions will increase (e.g., Extensions.Http 3.1.3 → 8.0.0, Extensions.DependencyInjection 2.1.0 → 8.0.0, Extensions.Caching.Memory 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See #​3787.
• Bump System.Text.Json 8.0.5 → 8.0.6 (CVE-2024-43485). See #​3787.
• Bump Microsoft.AspNetCore.DataProtection to 10.0.7 for CVE fix on net10.0. See #​3796.
• Bump OpenTelemetry.Exporter.OpenTelemetryProtocol 1.14.0 → 1.15.3. See #​3788.

v4.8.0

Compare Source

New features

• Add support for mTLS authentication-only mode for DownstreamApi. When protocol is set to MTLS, the configured certificate is attached to the request without an authorization header. See #​3747.
• Add token binding support to MicrosoftIdentityMessageHandler. See #​3743.

Bug fixes

• Fix race condition in MergedOptions causing sporadic "No ClientId was specified" errors under concurrent GraphServiceClient usage. See #​3760.
• Fix CredentialsProvider DI lifetime mismatch causing startup crash in Development mode when using AddMicrosoftIdentityWebApi(). See #​3783.

Behavior changes

• /MicrosoftIdentity/Account/Challenge — redirect URI validation. The redirectUri query-string parameter is now validated. Accepted values:

  • Local paths (e.g. /home, /counter?tab=1) — unchanged behavior.
  • Same-origin absolute URLs (matching scheme, host, and effective port of the current request). These are coerced to their path-and-query before being stored in AuthenticationProperties.RedirectUri. This preserves the canonical [AuthorizeForScopes] / MsalUiRequiredException step-up consent flow, which goes through MicrosoftIdentityConsentAndConditionalAccessHandler.ChallengeUser() and passes NavigationManager.Uri (always absolute) for Blazor Server, or an absolute request URL for Razor Pages / MVC.
  • Any other value (external host, different scheme, different port, protocol-relative //host, empty, or null) falls back to ~/.
  • UX note: URL fragments (#section) are dropped when a same-origin absolute URL is coerced. If a Blazor Server page depends on a fragment being preserved across step-up consent, pass a relative path explicitly rather than relying on NavigationManager.Uri.
  • Reverse-proxy deployments: apps behind a reverse proxy (Azure App Service, Container Apps, AKS ingress, nginx, etc.) should configure app.UseForwardedHeaders(new ForwardedHeadersOptions { ForwardedHeaders = ForwardedHeaders.XForwardedProto | ForwardedHeaders.XForwardedHost }) before UseAuthentication(). Without it, Request.Scheme / Request.Host reflect the internal container/pod hostname, the same-origin check fails for the external NavigationManager.Uri, and step-up lands the user on / rather than the original page.

• Blazor MapGroup(...).MapLoginAndLogout() — /logout endpoint. The generated POST /logout endpoint now (a) requires authentication (RequireAuthorization()) and (b) requires an antiforgery token (the previous DisableAntiforgery() opt-out has been removed). UX and integration implications:

  • Forms rendered by SignOutLink / LogInOrOut already include the antiforgery token and continue to work without code changes.
  • Custom clients that fetch/XMLHttpRequest to /logout must now include the antiforgery token. Obtain it via IAntiforgery.GetAndStoreTokens(context).RequestToken and send it in the request header configured by AddAntiforgery(options => options.HeaderName = "...") (default RequestVerificationToken) or as the configured form field.
  • The ReturnUrl form value is now treated as strictly local: any non-local value (absolute URL, protocol-relative, /\host, etc.) is coerced to /. Apps that previously passed an absolute URL should switch to a relative path.
  • Edge case: a user whose authentication cookie has already expired and who then clicks the logout button will be redirected to the login page (because of RequireAuthorization()) rather than seeing a silent no-op. This is a minor change from previous behavior; the happy path (authenticated user clicking logout) is unchanged.
  • Blazor WebAssembly clients are unaffected. WASM apps sign out through Microsoft.Authentication.WebAssembly.Msal / the /authentication/logout JS interop path, not by POSTing to the server-side /logout endpoint, so no client code changes are needed.
  • Server-side Blazor using AuthenticationStateProvider / SignOutAsync is unaffected. The new gate only applies to direct HTTP POSTs to /logout. Components that call AuthenticationStateProvider.GetAuthenticationStateAsync() or sign out through the scheme handler continue to work unchanged.
  • Graceful degradation when antiforgery is not configured. The check is performed inside the endpoint handler by explicitly resolving IAntiforgery from request services (not via endpoint metadata / middleware coupling). This means the /logout endpoint works correctly on every pipeline shape: (a) minimal API with both AddAntiforgery() and UseAntiforgery() wired — token is validated by middleware and re-checked by the handler (idempotent); (b) MVC / Razor Pages hosts that call AddControllersWithViews() or AddRazorPages() (which transitively register IAntiforgery) but do not call UseAntiforgery() — the handler validates the token directly; (c) hosts that reuse MapLoginAndLogout without any antiforgery configuration — the handler skips validation and RequireAuthorization() + cookie SameSite=Lax remain the CSRF gate, matching pre-4.8.0 behavior. For scenario (c), a single warning is logged at endpoint map time recommending that AddAntiforgery() be configured.

• /MicrosoftIdentity/Account/Challenge — %2f / %5c defense-in-depth. In addition to the path-and-query re-check for protocol-relative shapes (//host, /\host), redirectUri values whose path begins with /%2f, /%5c, /%2F, or /%5C are now rejected and coerced to ~/. Browsers per RFC 3986 treat these as literal path characters (a direct hit yields a 404), so this change does not affect legitimate deep-links. It guards against misconfigured reverse proxies (NGINX, IIS ARR, F5) that can decode %2f → / while rewriting Location headers, which would otherwise reopen the protocol-relative bypass after the proxy pass.

Dependencies updates

• Upgrade Microsoft Application Insights packages. See #​3763.
• Bump net8/net9/net10 runtime package baselines to patched crypto servicing versions. See #​3779.

Documentation

• Clarify managed identity credential types for containerized vs. VM/App Service deployments. See #​3585.
• Add examples for using PostgreSQL as a distributed token cache. See #​3766.

v4.7.0

Compare Source

Bug fixes

• Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, Certificate extension method in CredentialDescription was reverted to normal property.) See #​3767.

v4.6.0

Compare Source

New features

• Aspire / Blazor helpers and documentation #​3723
• AI Skills and Aspire DevApp demonstrating Blazor authentication components #​3721

Dependencies updates

• Bump MSAL to 4.83.1
• Bump Abstractions to 11.2

v4.5.0

Compare Source

New features

• Add support for certificate store lookup by subject name. See #​3742.

Dependencies updates

• Bump minimatch in /tests/DevApps/SidecarAdapter/typescript. See #​3739.
• Bump rollup from 4.52.3 to 4.59.0 in /tests/DevApps/SidecarAdapter/typescript. See #​3740.

v4.4.0

Compare Source

New features

• Add AOT-compatible web API authentication for .NET 10+. See #​3705 and #​3664.
• Propagate long-running web API session key back to callers in user token acquisition. See #​3728.
• Add OBO event initialization for OBO APIs. See #​3724.
• Add support for calling WithClientClaims flow for token acquisition. See #​3623.
• Add OnBeforeTokenAcquisitionForOnBehalfOf event. See #​3680.

Bug fixes

• Throw InvalidOperationException with actionable message when a custom credential is not registered. See #​3626.
• Fix event firing for InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync. See #​3717.
• Update OnBeforeTokenAcquisitionForOnBehalfOf to construct ClaimsPrincipal from token. See #​3714.
• Add a retry counter for acquire token and updated tests with a fake secret. See #​3682.
• Fix OBO user error handling. See #​3712.
• Fix override merging for app token (and others). See #​3644.
• Fix certificate reload logic to only trigger on certificate-specific errors. See #​3653.
• Update ROPC flow CCA to pass SendX5C to MSAL. See #​3671.

Dependencies updates

• Bump qs in /tests/DevApps/SidecarAdapter/typescript. See #​3725.
• Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See #​3730.
• Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See #​3726.
• Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See #​3699.
• Update to MSAL 4.81.0. See #​3665.

Documentation

• Add documentation for auto-generated session key for long-running OBO session. See #​3729.
• Improve the Aspire doc article and skills. See #​3695.
• Add an article and agent skill to add Entra ID to an Aspire app. See #​3689.
• Fix misleading comment in CertificatelessOptions.ManagedIdentityClientId. See #​3667.
• Add Copilot explore tool functionality. See #​3694.

Fundamentals

• Remove unnecessary warning suppression. See #​3715.
• Migrate labs to Lab.API 2.x (first pass). See #​3710.
• Update Sidecar E2E test constants. See #​3693.
• Fix intermittent failures in CertificatesObserverTests. See #​3687.
• Add validation baseline exclusions. See #​3684.
• Add dSTS integration tests. See #​3677.
• Fix FIC test. See #​3663.
• Update IdentityWeb version, build logic, and validation. See #​3659.

v4.3.0

Compare Source

New features

• Added token binding (mTLS PoP) scenario for confidential client (app-only) token acquisition and downstream API calls. See #​3622.

Dependencies updates

• Bumped qs from 6.14.0 to 6.14.1 in /tests/DevApps/SidecarAdapter/typescript. See #​3660.

Documentation

• Modernized Identity Web documentation, which is now can be found in docs. See #​3566.
• Added token binding (mTLS PoP) documentation. See #​3661.

v4.2.0

Compare Source

New features

• Added CAE claims support for FIC + Managed Identity. See #​3647 for details.
• Added AddMicrosoftIdentityMessageHandler extension methods for IHttpClientBuilder. See #​3649 for details.

Bug fixes

• Fixed tenant not being propagated in credential FIC acquisition. See #​3633 for details.
• Fixed ForAgentIdentity hardcoded 'AzureAd' ConfigurationSection to respect AuthenticationOptionsName. See #​3635 for details.
• Fixed GetTokenAcquirer to propagate MicrosoftEntraApplicationOptions properties. See #​3651 for details.
• Added meaningful error message when identity configuration is missing. See #​3637 for details.

Dependencies updates

• Update Microsoft.Identity.Abstractions to version 10.0.0.
• Bump express from 5.1.0 to 5.2.0 in /tests/DevApps/SidecarAdapter/typescript. #​3636
• Bump jws from 3.2.2 to 3.2.3 in /tests/DevApps/SidecarAdapter/typescript. #​3641

Fundamentals

• Update support policy. #​3656
• Update agent identity coordinates in E2E tests after deauth. #​3640
• Update E2E agent identity configuration to new tenant. #​3646

v4.1.1

Compare Source

Bug fixes

• Authority-only configuration parsing improvements: Early parsing of Authority into Instance/TenantId and defensive fallback in PrepareAuthorityInstanceForMsal. Behavior is backward compatible; Authority is still ignored when Instance/TenantId explicitly provided—now surfaced via a warning. See #​3612.

New features

• Added warning diagnostics for conflicting Authority vs Instance/TenantId: Emitting a single structured warning when both styles are provided. See #​3611.

Fundamentals

• Expanded authority test matrix: Coverage for AAD (v1/v2), B2C (/tfp/ normalization, policy path), CIAM (PreserveAuthority), query parameters, scheme-less forms, and conflict scenarios. See #​3610.

v4.1.0

Compare Source

=========

New features

• Migrate to .NET 10 GA. #​3449 and #​3590

Dependencies updates

• Bump MSAL.NET to version 4.79.2 and handle changes to deprecated WithExtraQueryParameters APIs. #​3583
• Update Microsoft.IdentityModel and Abstractions versions. #​3604
• Update coverlet.collector to 6.0.4. #​3587
• Update package validation baseline version to 4.0.0. #​3589
• Bump js-yaml from 4.1.0 to 4.1.1 in /tests/DevApps/SidecarAdapter/typescript. #​3595

Entra ID SDK sidecar

• Restrict hosts to localhost for sidecar. #​3579
• Update http file to match endpoints. #​3555
• Revise sidecar issue template for Entra ID. #​3577

Documentation

• Update README to include Entra SDK container info. #​3578

Fundamentals

• Include NET 9.0 in template-install-dependencies. #​3593
• Fix CodeQL alerts. #​3591
• Suppression file is needed. #​3592

v4.0.1

Compare Source

=========

Bugs fixes

• Correctly compute Application Key when credential usage fails. #​3487
• Fix bugs where agent user identities didn't work with non-default authentication schemes. #​3487

Fundamentals

• Update .net version to CG compliance #​3487

Entra ID SDK sidecar

• Configure Sidecar to default AllowWebApiToBeAuthorizedByACL to true as the container doesn't do authZ #​3487

microsoft/vstest (Microsoft.NET.Test.Sdk)

v18.6.0

What's Changed

• Revert removal of Video Recorder by @​nohwnd in #​15336
• Speed up blame by filtering non-.NET processes from dump collection by @​nohwnd in #​15518
• Add README.md to NuGet packages by @​nohwnd in #​15550
• Report child process info on connection timeout by @​nohwnd in #​15603

Changes to tests and infra

• Brand as 18.6 by @​nohwnd in #​15423
• Upgrading code coverage version to 18.5.1, by @​fhnaseer in #​15422
• Updating System.Collections.Immutable to 9.0.11 by @​MSLukeWest in #​15425
• Fix attachVS when used for debugging integration tests by @​nohwnd in #​15451
• Replace dotnet.config, with global.json by @​nohwnd in #​15449
• Document debugging integration tests with AttachVS by @​Copilot in #​15452
• Fix stack overflow tests by @​nohwnd in #​15461
• Make TestAssets.sln buildable locally by @​Youssef1313 in #​15466
• Try filtering out tests by @​nohwnd in #​15463
• Build just once when tfms run in parallel by @​nohwnd in #​15465
• Review simplify compatibility sources, deduplicate tests by @​nohwnd in #​15472
• Cleanup dead TRX code by @​Youssef1313 in #​15474
• Update .NET runtimes to 8.0.25, 9.0.14, and 10.0.4 by @​nohwnd in #​15481
• Compat matrix checker by @​nohwnd in #​15480
• Add trx analysis skill by @​nohwnd in #​15486
• Split integration tests to single tfm and multi tfm project by @​nohwnd in #​15484
• Update matrix by @​nohwnd in #​15477
• Break infinite restore loop in VS by @​nohwnd in #​15503
• Use global package cache for build, and local for running integration tests by @​nohwnd in #​15500
• Update contributing by @​nohwnd in #​15505
• Reduce test wall-clock time by increasing minThreads by @​drognanar in #​15502
• Indicator flakiness by @​nohwnd in #​15513
• Fix ci build by @​nohwnd in #​15515
• Fix thread safety issues by @​Evangelink in #​15512
• Optimize DotnetSDKSimulation_PostProcessing test (163s → 61s) by @​nohwnd in #​15516
• Build isolated test assets for single TFM instead of 7 by @​nohwnd in #​15517
• Remove unused dependencies from Library.IntegrationTests by @​nohwnd in #​15527
• Remove printing _attachments content to console by @​nohwnd in #​15520
• Add Linux/macOS test filtering guide to CONTRIBUTING.md by @​nohwnd in #​15521
• Change integration test parallelization from ClassLevel to MethodLevel by @​nohwnd in #​15526
• Unify target framework checks with IsNetFrameworkTarget/IsNetTarget by @​nohwnd in #​15523
• Add unattended work instructions to copilot-instructions.md by @​nohwnd in #​15531
• Reduce code style rule severity from warning to suggestion by @​nohwnd in #​15522
• Remove Debug/Release line number branching from tests by @​nohwnd in #​15519
• Revise unattended work instructions in copilot-instructions.md by @​nohwnd in #​15532
• Improve CompatibilityRowsBuilder error message with diagnostic details by @​nohwnd in #​15529
• docs: add git worktree and upstream sync workflow to copilot-instructions.md by @​nohwnd in #​15538
• Add VSIX runner to smoke tests by @​nohwnd in #​15541
• Remove deprecated WebTest and TMI test methods by @​nohwnd in #​15525
• Fix compatibility test failures for legacy vstest.console and MSTest adapter by @​nohwnd in #​15534
• Convert TestPlatform.sln to slnx format by @​nohwnd in #​15551
• Convert test/TestAssets .sln files to .slnx format by @​nohwnd in #​15557
• Enable parallelization for blame data collector tests by @​nohwnd in #​15552
• Fix CI failure when GeneratedTestAssets directory doesn't exist by @​nohwnd in #​15556
• Set DOTNET_ROOT in test.sh for local Linux usage by @​nohwnd in #​15559
• Use MSTest recommended analyzers by @​Evangelink in #​15539
• Document semicolon handling in RunSettings test parameters by @​nohwnd in #​15561
• Enable CA1067 analyzer and fix violations by @​nohwnd in #​15560
• Fix HTML logger parallel file collision with atomic file creation by @​nohwnd in #​15562
• Deduplicate package extraction between verify-nupkgs and IntegrationTestBuild by @​nohwnd in #​15554
• Fix MSTEST0046: use Assert.MatchesRegex instead of StringAssert.Matches by @​nohwnd in #​15575
• Attach diagnostic logs to acceptance test runs by @​nohwnd in #​15572
• Deprecate EnableShutdownAfterTestRun which is no-op by @​Youssef1313 in #​15576
• Skip VideoRecorder test on CI due to access denied errors by @​nohwnd in #​15587
• Fix integration test build collision with mutex + EventWaitHandle by @​nohwnd in #​15568
• Reduce blame test flakiness: increase hang dump timeout to 10s by @​nohwnd in #​15590
• Fix concurrent modification in MetricsCollection by @​nohwnd in #​15581
• Fix PassingNoArguments test: disable --diag to preserve help output by @​nohwnd in #​15583
• perf: fix dictionary double-lookups, Collection.Contains, and LINQ allocations by @​Evangelink in #​15533
• Replace VSSDK-sourced DLLs with proper package references by @​nohwnd in #​15567
• Add target framework to default TRX file name by @​nohwnd in #​15565
• Update post-build template parameters by @​nohwnd in #​15591
• Fix path for post-build template and adjust validation by @​nohwnd in #​15592
• Add azure-pipelines-official.yml to pipeline files by @​nohwnd in #​15594
• Update comment formatting for signing validation by @​nohwnd in #​15597
• Fix enable-auto-merge for maestro by @​Youssef1313 in #​15595
• Auto-approve maestro PRs by @​Youssef1313 in #​15598
• Update enab

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

[projectorigin-renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.