Skip to content

Bump the duende group with 1 update#8

Closed
dependabot[bot] wants to merge 344 commits into
feature/devops-pipelinefrom
dependabot/nuget/duende-c60b40c744
Closed

Bump the duende group with 1 update#8
dependabot[bot] wants to merge 344 commits into
feature/devops-pipelinefrom
dependabot/nuget/duende-c60b40c744

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Updated Duende.IdentityServer.Storage from 7.3.2 to 8.0.1.

Release notes

Sourced from Duende.IdentityServer.Storage's releases.

8.0.1

What's changed

  • Fixed session duplication issue in IdentityServer 8.0 where concurrent requests could create duplicate server-side sessions.
  • Fixed nullable annotation on ITokenValidator.ValidateAccessTokenAsync — the expectedScope parameter is now correctly annotated as string? to match its intended usage.

8.0.0

Duende IdentityServer 8.0

Duende IdentityServer 8.0 targets .NET 10 and marks a significant milestone for the product.

SAML 2.0 is now a first-class protocol alongside OpenID Connect and OAuth 2.0, enabling enterprise and legacy applications to authenticate against your server without requiring separate infrastructure.

This release also introduces a FAPI 2.0/OAuth 2.1 conformance report to help you verify high-security deployments, and delivers substantial internal modernization - including adoption of .NET 10's HybridCache, TimeProvider, nullable reference types, and pervasive cancellation token support - resulting in a cleaner, more maintainable foundation going forward.

New Features

SAML 2.0 Identity Provider
IdentityServer can now act as a full SAML 2.0 Identity Provider, allowing enterprise and legacy applications that require SAML to authenticate against your server alongside OpenID Connect clients.

It supports:

  • SP-initiated SSO via HTTP-Redirect and HTTP-POST bindings
  • Single Logout (SLO) with front-channel notifications
  • Per-SP assertion signing
  • NameID format support
  • AuthnContext class mapping, per-SP claim mappings
  • Metadata endpoint

Your existing login UI requires only a small update to the cancellation path. See the SAML 2.0 documentation.

SAML 2.0 External Authentication
IdentityServer can now federate with external SAML 2.0 Identity Providers, letting you use a third-party SAML IdP as an upstream identity source - the same way you'd add Google or Microsoft Entra ID as an external provider. Configure SAML external providers statically or dynamically using the existing dynamic providers mechanism. See Configuring a SAML external provider.

Financial-Grade Security & Conformance Report
A new Duende.IdentityServer.ConformanceReport package assesses your IdentityServer deployment against OAuth 2.1 and FAPI 2.0 Security Profile specifications and generates an HTML report at a protected endpoint (/_duende/conformance-report). Use it to verify your server is correctly configured for high-security API scenarios. See the Conformance Report documentation.

User Management
IdentityServer 8 integrates with Duende User Management which adds user registration, password management, MFA (TOTP, passkeys), account recovery, and more. See the User Management documentation.

Improvements

  • Token Cleanup Performance - The token cleanup service now uses a more efficient bulk delete strategy when IOperationalStoreNotification is not registered, reducing database load in high-throughput deployments. MySQL EF Core provider compatibility for PAR entry cleanup is also restored.

  • Orphaned Grants Revoked on Session Overwrite - When a server-side session is overwritten (for example, when a user signs in again without signing out first), refresh tokens belonging to the prior session are now automatically revoked. This prevents stale grants from accumulating and remaining valid after re-authentication.

  • Quieter Secret Validation Logging - Expected-failure log entries in client and API secret validation have been downgraded from Error to Debug. This reduces noise in production logs where failed secret lookups are a normal part of the secret hashing comparison process.

  • Relaxed Audience Validation - Audience validation for private key JWT authentication in strict mode now accepts single-element JSON arrays in addition to scalar string values, improving compatibility with tokens from issuers that always serialize audiences as arrays.

  • HTTP 303 Redirects - All redirects from IdentityServer's authorization endpoint now unconditionally use HTTP 303 See Other, aligning with the OAuth 2.0 and OpenID Connect specifications and avoiding issues with intermediaries that treat 302 redirects differently.

  • Unified Authorization Context - SAML and OpenID Connect flows now share the same IAuthenticationContext abstraction. Your login page can access protocol-specific context - including SAML-specific details such as RequestedAuthnContext - through a single consistent interface.

... (truncated)

7.4.7

  • Update Duende.IdentityModel dependency to 8.0.1

7.4.6

This is a patch release that fixes two issues in IdentityServer.

What's Changed

7.4.5

This is bugfix release that fixes an issue where + characters are not treated correctly in URL queries.

What's Changed

Full Changelog: DuendeSoftware/products@is-7.4.4...is-7.4.5

7.4.4

This is bugfix release that fixes an issue where specific service registration scenarios would fail due to constructor ambiguity.

What's Changed

Full Changelog: DuendeSoftware/products@is-7.4.3...is-7.4.4

7.4.3

This is bugfix release that fixes an issue where claims in a session would be duplicated.

What's Changed

Full Changelog: DuendeSoftware/products@is-7.4.2...is-7.4.3

7.4.2

This is a patch release that fixes a bug in license verification.

What's Changed

7.4.1

This is a patch release that fixes a bug related to CSP hashes.

What's Changed

7.4.0

IdentityServer 7.4.0 is a significant release that includes:

  • Support for .NET 10
  • Support for OAuth 2.0 Authorization Server Metadata (RFC 8414)
  • New Callback option for path detection in Dynamic Providers
  • Improved UI locales support
  • Support for custom parameters in the Authorize Redirect Uri
  • Identity package now persists session claims based on an interface
  • Skipping front-channel logout iframe when unnecessary
  • Set HTTP activity name on routing

Since the 7.4.0 release candidate, there have been a few minor changes, including:

  • Add service for diagnostic data by @​josephdecock in #​2252
  • Trigger Back Channel Logout Earlier in Pipeline by @​bhazen in #​2258
  • Enable Customizing ErrorMessage on Redirect to Error Page by @​bhazen in #​2263
  • Better DCR Support for Public Clientsby @​bhazen in #​2264
  • Update .NET 10 from Release Candidate to GA by @​pgermishuys in #​2267

Note that Duende.IdentityServer.EntityFramework.Storage now depends on Entity Framework Core 9.x in the net8.0 target framework, which should be fully supported on both .NET 8 and .NET 9. .NET 10 projects will use Entity Framework Core 10.x.

Breaking Changes

There are no schema changes needed for IdentityServer 7.4.0. Small code changes maybe be required for some users to upgrade.

  • Removed the unused Duende.IdentityServer.Models.DiscoveryDocument class which was public
  • Marked static properties referring to counters in Telemetry.cs as readonly

Removed the unused Duende.IdentityServer.Models.DiscoveryDocument class which was public

  • Address CA1707 violations by @​bhazen in #​2128
    In the process of internal code cleanup, this unused and unreferenced file was removed. If code was referencing this file, see the linked PR to create a local copy in the code base needing it.

Marked static properties referring to counters in Telemetry.cs as readonly

  • Address CA2211 Violations by @​bhazen in #​2170
    In the process of internal code cleanup, these properties were updated to be marked as readonly. Code should not have been updating these properties as it would likely change the behavior of the telemetry emitted by IdentityServer. Any code which was updating these properties should instead create its own counters for its specific scenario.

Enhancements

  • Set HTTP activity name on routing by @​josephdecock in #​2049
    • Set the DisplayName of the activity associated with the incoming HttpRequest when IdentityServer routes are matched. This makes the IdentityServer route names appear in OTel traces.
  • Skip front-channel logout iframe when unnecessary by @​bhazen in #​2109
    • Enables the UI to skip rendering the front channel logout iframe when it is not needed.
  • Callback Option for Path Detection in Dynamic Providers by @​bhazen in #​2126
    • Adds a new option for Dynamic Providers to increase flexibility when routing to dynamic providers. The new PathMatchingCallback setting can be used as an alternative to the previously existing PathPrefix option.
  • Improved UI locales support by @​bhazen in #​2158
    • Improves support for the ui_locales parameter in protocol request which support it to allow for better localization.
    • The default implementation, DefaultUiLocalsService.cs, delegates to the CookieRequestCultureProvider if it is present and any of the values passed in the ui_locales parameter match a supported UI culture.
    • If the default implementation does not meet your needs, IUiLocalesService can be implemented and registered with DI.
  • RFC 8414 support by @​bhazen in #​2189
    • Adds out of box support for OAuth 2.0 Authorization Server Metadata as defined in RFC 8414
  • Support for custom parameters in authorize response by @​bhazen in #​2206
    • Adds a new CustomParameters property to AuthorizeResponse to support adding custom query parameters to the redirect uri. This will typically be used in conjunction with a custom IAuthorizeResponseGenerator.
  • Use Customizable Filter to Persist Session Claims in ASP.NET Identity by @​bhazen in #​2213
    • The ASP.NET Identity integration package now persists session claims based on ISessionClaimsFilter.FilterToSessionClaimsAsync which comes with a default implementation.
      ... (truncated)

7.4.0-rc.1

This is the first release candidate of IdentityServer 7.4.0. The changes since the last preview release are:

  • Add service for diagnostic data by @​josephdecock in #​2252
  • Trigger Back Channel Logout Earlier in Pipeline by @​bhazen in #​2258
  • Enable Customizing ErrorMessage on Redirect to Error Page by @​bhazen in #​2263
  • Better DCR Support for Public Clientsby @​bhazen in #​2264
  • Update .NET 10 from Release Candidate to GA by @​pgermishuys in #​2267

IdentityServer 7.4.0 is a significant release that includes:

  • Support for .NET 10 (this preview targets .NET10 RC2)
  • Support for OAuth 2.0 Authorization Server Metadata (RFC 8414)
  • New Callback option for path detection in Dynamic Providers
  • Improved UI locales support
  • Support for custom parameters in the Authorize Redirect Uri
  • Identity package now persists session claims based on an interface
  • Skipping front-channel logout iframe when unnecessary
  • Set HTTP activity name on routing

Breaking Changes

There are no schema changes needed for IdentityServer 7.4.0. Small code changes maybe be required for some users to upgrade.

  • Removed the unused Duende.IdentityServer.Models.DiscoveryDocument class which was public
  • Marked static properties referring to counters in Telemetry.cs as readonly

Removed the unused Duende.IdentityServer.Models.DiscoveryDocument class which was public

  • Address CA1707 violations by @​bhazen in #​2128
    In the process of internal code cleanup, this unused and unreferenced file was removed. If code was referencing this file, see the linked PR to create a local copy in the code base needing it.

Marked static properties referring to counters in Telemetry.cs as readonly

  • Address CA2211 Violations by @​bhazen in #​2170
    In the process of internal code cleanup, these properties were updated to be marked as readonly. Code should not have been updating these properties as it would likely change the behavior of the telemetry emitted by IdentityServer. Any code which was updating these properties should instead create its own counters for its specific scenario.

Enhancements

  • Set HTTP activity name on routing by @​josephdecock in #​2049
    • Set the DisplayName of the activity associated with the incoming HttpRequest when IdentityServer routes are matched. This makes the IdentityServer route names appear in OTel traces.
  • Skip front-channel logout iframe when unnecessary by @​bhazen in #​2109
    • Enables the UI to skip rendering the front channel logout iframe when it is not needed.
  • Callback Option for Path Detection in Dynamic Providers by @​bhazen in #​2126
    • Adds a new option for Dynamic Providers to increase flexibility when routing to dynamic providers. The new PathMatchingCallback setting can be used as an alternative to the previously existing PathPrefix option.
  • Improved UI locales support by @​bhazen in #​2158
    • Improves support for the ui_locales parameter in protocol request which support it to allow for better localization.
    • The default implementation, DefaultUiLocalsService.cs, delegates to the CookieRequestCultureProvider if it is present and any of the values passed in the ui_locales parameter match a supported UI culture.
    • If the default implementation does not meet your needs, IUiLocalesService can be implemented and registered with DI.
  • RFC 8414 support by @​bhazen in #​2189
    • Adds out of box support for OAuth 2.0 Authorization Server Metadata as defined in RFC 8414
  • Support for custom parameters in authorize response by @​bhazen in #​2206
    • Adds a new CustomParameters property to AuthorizeResponse to support adding custom query parameters to the redirect uri. This will typically be used in conjunction with a custom IAuthorizeResponseGenerator.
  • Use Customizable Filter to Persist Session Claims in ASP.NET Identity by @​bhazen in #​2213
    • The ASP.NET Identity integration package now persists session claims based on ISessionClaimsFilter.FilterToSessionClaimsAsync which comes with a default implementation.
    • The new interface can be implemented to customize which session claims are persisted in non-default scenarios.
  • .NET 10 Support (Simplified) by @​josephdecock in #​2216
    ... (truncated)

7.4.0-preview.2

IdentityServer 7.4.0 is a significant release that includes:

  • Support for .NET 10 (this preview targets .NET10 RC2)
  • Support for OAuth 2.0 Authorization Server Metadata (RFC 8414)
  • New Callback option for path detection in Dynamic Providers
  • Improved UI locales support
  • Support for custom parameters in the Authorize Redirect Uri
  • Identity package now persists session claims based on an interface
  • Skipping front-channel logout iframe when unnecessary
  • Set HTTP activity name on routing

Breaking Changes

There are no schema changes needed for IdentityServer 7.4.0. Small code changes maybe be required for some users to upgrade.

  • Removed the unused Duende.IdentityServer.Models.DiscoveryDocument class which was public
  • Marked static properties referring to counters in Telemetry.cs as readonly

Removed the unused Duende.IdentityServer.Models.DiscoveryDocument class which was public

  • Address CA1707 violations by @​bhazen in #​2128
    In the process of internal code cleanup, this unused and unreferenced file was removed. If code was referencing this file, see the linked PR to create a local copy in the code base needing it.

Marked static properties referring to counters in Telemetry.cs as readonly

  • Address CA2211 Violations by @​bhazen in #​2170
    In the process of internal code cleanup, these properties were updated to be marked as readonly. Code should not have been updating these properties as it would likely change the behavior of the telemetry emitted by IdentityServer. Any code which was updating these properties should instead create its own counters for its specific scenario.

Enhancements

  • Set HTTP activity name on routing by @​josephdecock in #​2049
    • Set the DisplayName of the activity associated with the incoming HttpRequest when IdentityServer routes are matched. This makes the IdentityServer route names appear in OTel traces.
  • Skip front-channel logout iframe when unnecessary by @​bhazen in #​2109
    • Enables the UI to skip rendering the front channel logout iframe when it is not needed.
  • Callback Option for Path Detection in Dynamic Providers by @​bhazen in #​2126
    • Adds a new option for Dynamic Providers to increase flexibility when routing to dynamic providers. The new PathMatchingCallback setting can be used as an alternative to the previously existing PathPrefix option.
  • Improved UI locales support by @​bhazen in #​2158
    • Improves support for the ui_locales parameter in protocol request which support it to allow for better localization.
    • The default implementation, DefaultUiLocalsService.cs, delegates to the CookieRequestCultureProvider if it is present and any of the values passed in the ui_locales parameter match a supported UI culture.
    • If the default implementation does not meet your needs, IUiLocalesService can be implemented and registered with DI.
  • RFC 8414 support by @​bhazen in #​2189
    • Adds out of box support for OAuth 2.0 Authorization Server Metadata as defined in RFC 8414
  • Support for custom parameters in authorize response by @​bhazen in #​2206
    • Adds a new CustomParameters property to AuthorizeResponse to support adding custom query parameters to the redirect uri. This will typically be used in conjunction with a custom IAuthorizeResponseGenerator.
  • Use Customizable Filter to Persist Session Claims in ASP.NET Identity by @​bhazen in #​2213
    • The ASP.NET Identity integration package now persists session claims based on ISessionClaimsFilter.FilterToSessionClaimsAsync which comes with a default implementation.
    • The new interface can be implemented to customize which session claims are persisted in non-default scenarios.
  • .NET 10 Support (Simplified) by @​josephdecock in #​2216
    • Added initial support for .NET 10.
  • Updated IS and BFF to IM 8.0.0 Preview 1 and ATM Previews in #​2247

Bug Fixes

  • Reject Pushed Authorization Requests with parameters duplicated in a JAR by @​wcabus in #​2073
    • Fixes a bug where when posting a PAR containing the "request" request parameter other requests parameters were being allowed.
    • Such as request will now correctly return an invalid request.
      ... (truncated)

7.4.0-preview.1

NOTE: There were minor issues with this release. There is a Preview 2 package available which should be used instead.

IdentityServer 7.4.0 is a significant release that includes:

  • Support for .NET 10 (this preview targets .NET10 RC2)
  • Support for OAuth 2.0 Authorization Server Metadata (RFC 8414)
  • New Callback option for path detection in Dynamic Providers
  • Improved UI locales support
  • Support for custom parameters in the Authorize Redirect Uri
  • Identity package now persists session claims based on an interface
  • Skipping front-channel logout iframe when unnecessary
  • Set HTTP activity name on routing

Breaking Changes

There are no schema changes needed for IdentityServer 7.4.0. Small code changes maybe be required for some users to upgrade.

  • Removed the unused Duende.IdentityServer.Models.DiscoveryDocument class which was public
  • Marked static properties referring to counters in Telemetry.cs as readonly

Removed the unused Duende.IdentityServer.Models.DiscoveryDocument class which was public

  • Address CA1707 violations by @​bhazen in #​2128
    In the process of internal code cleanup, this unused and unreferenced file was used. If code was referencing this file, see the linked PR to create a local copy in the code base needing it.

Marked static properties referring to counters in Telemetry.cs as readonly

  • Address CA2211 Violations by @​bhazen in #​2170
    In the process of internal code cleanup, these properties were updated to be marked as readonly. Code should not have been updating these properties as it would likely change the behavior of the telemetry emitted by IdentityServer. Any code which was updating these properties should instead create its own counters for its specific scenario.

Enhancements

  • Set HTTP activity name on routing by @​josephdecock in #​2049
    • Set the DisplayName of the activity associated with the incoming HttpRequest when IdentityServer routes are matched. This makes the IdentityServer route names appear in OTel traces.
  • Skip front-channel logout iframe when unnecessary by @​bhazen in #​2109
    • Enables the UI to skip rendering the front channel logout iframe when it is not needed.
  • Callback Option for Path Detection in Dynamic Providers by @​bhazen in #​2126
    • Adds a new option for Dynamic Providers to increase flexibility when routing to dynamic providers. The new PathMatchingCallback setting can be used as an alternative to the previously existing PathPrefix option.
  • Improved UI locales support by @​bhazen in #​2158
    • Improves support for the ui_locales parameter in protocol request which support it to allow for better localization.
    • The default implementation, DefaultUiLocalsService.cs, delegates to the CookieRequestCultureProvider if it is present and any of the values passed in the ui_locales parameter match a supported UI culture.
    • If the default implementation does not meet your needs, IUiLocalesService can be implemented and registered with DI.
  • RFC 8414 support by @​bhazen in #​2189
    • Adds out of box support for OAuth 2.0 Authorization Server Metadata as defined in RFC 8414
  • Support for custom parameters in authorize response by @​bhazen in #​2206
    • Adds a new CustomParameters property to AuthorizeResponse to support adding custom query parameters to the redirect uri. This will typically be used in conjunction with a custom IAuthorizeResponseGenerator.
  • Use Customizable Filter to Persist Session Claims in ASP.NET Identity by @​bhazen in #​2213
    • The ASP.NET Identity integration package now persists session claims based on ISessionClaimsFilter.FilterToSessionClaimsAsync which comes with a default implementation.
    • The new interface can be implemented to customize which session claims are persisted in non-default scenarios.
  • .NET 10 Support (Simplified) by @​josephdecock in #​2216
    • Added initial support for .NET 10.

Bug Fixes

  • Reject Pushed Authorization Requests with parameters duplicated in a JAR by @​wcabus in #​2073
    • Fixes a bug where when posting a PAR containing the "request" request parameter other requests parameters were being allowed.
      ... (truncated)

7.3.4

This is bugfix release that fixes an issue where specific service registration scenarios would fail due to constructor ambiguity.

What's Changed

Full Changelog: DuendeSoftware/products@is-7.3.3...is-7.3.4

7.3.3

This is a minor release which changes how a CSP hash is calculated to prevent future issues and updates the version of Duende.IdentityModel used to 8.0.0.

What's Changed

  • Resolve CSP by moving it to a not dotnet formattable file by @​pgermishuys in #​2295
  • Updated to IdentityModel 8.0.0 by @​bhazen in #​2302

Breaking Changes

The update to Duende.IdentityModel can cause breaking changes as it is a major version. Refer to the Duende.IdentityModel 8.0.0 release notes for upgrade instructions.

Commits viewable in compare view.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

dependabot Bot and others added 30 commits February 26, 2024 18:18
@dependabot
Bump Polly from 8.2.0 to 8.3.0 (#214)
f12ce54 
Bumps [Polly](https://github.com/App-vNext/Polly) from 8.2.0 to 8.3.0.
- [Release notes](https://github.com/App-vNext/Polly/releases)
- [Changelog](https://github.com/App-vNext/Polly/blob/main/CHANGELOG.md)
- [Commits](App-vNext/Polly@8.2.0...8.3.0)

---
updated-dependencies:
- dependency-name: Polly
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump Duende.IdentityServer.EntityFramework, Duende.IdentityServer.Ent…
1086d1c 
…ityFramework.Storage, Duende.IdentityServer.Storage and Duende.IdentityServer (#208)

Bumps [Duende.IdentityServer.EntityFramework](https://github.com/DuendeSoftware/IdentityServer), [Duende.IdentityServer.EntityFramework.Storage](https://github.com/DuendeSoftware/IdentityServer), [Duende.IdentityServer.Storage](https://github.com/DuendeSoftware/IdentityServer) and [Duende.IdentityServer](https://github.com/DuendeSoftware/IdentityServer). These dependencies needed to be updated together.

Updates `Duende.IdentityServer.EntityFramework` from 6.3.5 to 7.0.1
- [Release notes](https://github.com/DuendeSoftware/IdentityServer/releases)
- [Commits](DuendeSoftware/products@6.3.5...7.0.1)

Updates `Duende.IdentityServer.EntityFramework.Storage` from 6.3.5 to 7.0.1
- [Release notes](https://github.com/DuendeSoftware/IdentityServer/releases)
- [Commits](DuendeSoftware/products@6.3.5...7.0.1)

Updates `Duende.IdentityServer.Storage` from 6.3.5 to 7.0.1
- [Release notes](https://github.com/DuendeSoftware/IdentityServer/releases)
- [Commits](DuendeSoftware/products@6.3.5...7.0.1)

Updates `Duende.IdentityServer` from 6.3.5 to 7.0.1
- [Release notes](https://github.com/DuendeSoftware/IdentityServer/releases)
- [Commits](DuendeSoftware/products@6.3.5...7.0.1)

---
updated-dependencies:
- dependency-name: Duende.IdentityServer.EntityFramework
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: Duende.IdentityServer.EntityFramework.Storage
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: Duende.IdentityServer.Storage
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: Duende.IdentityServer
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @danmoseley
Bump Duende.IdentityServer.AspNetIdentity, Duende.IdentityServer and …
ca10e8e 
…Duende.IdentityServer.Storage (#215)

Bumps [Duende.IdentityServer.AspNetIdentity](https://github.com/DuendeSoftware/IdentityServer), [Duende.IdentityServer](https://github.com/DuendeSoftware/IdentityServer) and [Duende.IdentityServer.Storage](https://github.com/DuendeSoftware/IdentityServer). These dependencies needed to be updated together.

Updates `Duende.IdentityServer.AspNetIdentity` from 6.3.5 to 7.0.1
- [Release notes](https://github.com/DuendeSoftware/IdentityServer/releases)
- [Commits](DuendeSoftware/products@6.3.5...7.0.1)

Updates `Duende.IdentityServer` from 6.3.5 to 7.0.1
- [Release notes](https://github.com/DuendeSoftware/IdentityServer/releases)
- [Commits](DuendeSoftware/products@6.3.5...7.0.1)

Updates `Duende.IdentityServer.Storage` from 6.3.5 to 7.0.1
- [Release notes](https://github.com/DuendeSoftware/IdentityServer/releases)
- [Commits](DuendeSoftware/products@6.3.5...7.0.1)

---
updated-dependencies:
- dependency-name: Duende.IdentityServer.AspNetIdentity
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: Duende.IdentityServer
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: Duende.IdentityServer.Storage
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dan Moseley <danmose@microsoft.com>
@dependabot @danmoseley
Bump GrpcVersion from 2.59.0 to 2.61.0 (#212)
d1c9134 
* Bump GrpcVersion from 2.59.0 to 2.61.0

Bumps `GrpcVersion` from 2.59.0 to 2.61.0.

Updates `Grpc.AspNetCore` from 2.59.0 to 2.61.0
- [Release notes](https://github.com/grpc/grpc-dotnet/releases)
- [Changelog](https://github.com/grpc/grpc-dotnet/blob/master/doc/release_process.md)
- [Commits](grpc/grpc-dotnet@v2.59.0...v2.61.0)

Updates `Grpc.AspNetCore.Server.ClientFactory` from 2.59.0 to 2.61.0
- [Release notes](https://github.com/grpc/grpc-dotnet/releases)
- [Changelog](https://github.com/grpc/grpc-dotnet/blob/master/doc/release_process.md)
- [Commits](grpc/grpc-dotnet@v2.59.0...v2.61.0)

Updates `Grpc.Tools` from 2.59.0 to 2.61.0
- [Release notes](https://github.com/grpc/grpc/releases)
- [Changelog](https://github.com/grpc/grpc/blob/master/doc/grpc_release_schedule.md)
- [Commits](https://github.com/grpc/grpc/commits)

---
updated-dependencies:
- dependency-name: Grpc.AspNetCore
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: Grpc.AspNetCore.Server.ClientFactory
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: Grpc.Tools
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* fix

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dan Moseley <danmose@microsoft.com>
@dependabot
Bump Automapper from 12.0.1 to 13.0.1 (#217)
9e76b15
@iem365-michael
Deserialize message once (#201)
6369091 
Move deserialization of event bus message outside of for each loop
@SrushtiPasari94 @jamesmontemagno
Replaced Map forwarder with Yarp reverse Proxy for mobile BFF (#218)
bafd891 
* Replaced Map forwarder with Yarp reverse Proxy for mobile BFF

* Update YARP config

* Update port

---------

Co-authored-by: Srushti Pasari94 <pasarisrushti@gmail.con>
Co-authored-by: James Montemagno <jamont@microsoft.com>
@SrushtiPasari94
Updated CSS for good readability of the item number of shopping bags …
28540c5 
…and AI chat window size fixed (#236)

* Updated CSS for good readability of the item number of shopping bags

* fixed the partially obscured AI chat window

---------

Co-authored-by: Srushti Pasari94 <pasarisrushti@gmail.con>
@DamianEdwards
Update to Aspire preview.4 (#227)
d661e89
@dependabot
Bump Dapper from 2.1.28 to 2.1.35 (#247)
fe686a5 
Bumps [Dapper](https://github.com/DapperLib/Dapper) from 2.1.28 to 2.1.35.
- [Release notes](https://github.com/DapperLib/Dapper/releases)
- [Commits](DapperLib/Dapper@2.1.28...2.1.35)

---
updated-dependencies:
- dependency-name: Dapper
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump Microsoft.SemanticKernel from 1.4.0 to 1.6.2 (#245)
a2c0b16 
Bumps [Microsoft.SemanticKernel](https://github.com/microsoft/semantic-kernel) from 1.4.0 to 1.6.2.
- [Release notes](https://github.com/microsoft/semantic-kernel/releases)
- [Commits](microsoft/semantic-kernel@dotnet-1.4.0...dotnet-1.6.2)

---
updated-dependencies:
- dependency-name: Microsoft.SemanticKernel
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump Polly from 8.3.0 to 8.3.1 (#243)
d2998b4 
Bumps [Polly](https://github.com/App-vNext/Polly) from 8.3.0 to 8.3.1.
- [Release notes](https://github.com/App-vNext/Polly/releases)
- [Changelog](https://github.com/App-vNext/Polly/blob/main/CHANGELOG.md)
- [Commits](App-vNext/Polly@8.3.0...8.3.1)

---
updated-dependencies:
- dependency-name: Polly
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump MicrosoftExtensionsVersion from 8.2.0 to 8.3.0 (#242)
695130e 
Bumps `MicrosoftExtensionsVersion` from 8.2.0 to 8.3.0.

Updates `Microsoft.Extensions.Http.Resilience` from 8.2.0 to 8.3.0
- [Release notes](https://github.com/dotnet/extensions/releases)
- [Commits](dotnet/extensions@v8.2.0...v8.3.0)

Updates `Microsoft.Extensions.DependencyInjection.Abstractions` from 8.0.0 to 8.0.1
- [Release notes](https://github.com/dotnet/runtime/releases)
- [Commits](dotnet/runtime@v8.0.0...v8.0.1)

---
updated-dependencies:
- dependency-name: Microsoft.Extensions.Http.Resilience
  dependency-type: direct:production
  update-type: version-update:semver-minor
- dependency-name: Microsoft.Extensions.DependencyInjection.Abstractions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump AspnetVersion from 8.0.2 to 8.0.3 (#248)
d193235 
Bumps `AspnetVersion` from 8.0.2 to 8.0.3.

Updates `Microsoft.AspNetCore.OpenApi` from 8.0.2 to 8.0.3
- [Release notes](https://github.com/dotnet/aspnetcore/releases)
- [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md)
- [Commits](dotnet/aspnetcore@v8.0.2...v8.0.3)

Updates `Microsoft.AspNetCore.Authentication.JwtBearer` from 8.0.2 to 8.0.3
- [Release notes](https://github.com/dotnet/aspnetcore/releases)
- [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md)
- [Commits](dotnet/aspnetcore@v8.0.2...v8.0.3)

Updates `Microsoft.AspNetCore.Identity.EntityFrameworkCore` from 8.0.2 to 8.0.3
- [Release notes](https://github.com/dotnet/aspnetcore/releases)
- [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md)
- [Commits](dotnet/aspnetcore@v8.0.2...v8.0.3)

Updates `Microsoft.Extensions.Identity.Stores` from 8.0.2 to 8.0.3
- [Release notes](https://github.com/dotnet/aspnetcore/releases)
- [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md)
- [Commits](dotnet/aspnetcore@v8.0.2...v8.0.3)

Updates `Microsoft.AspNetCore.Identity.UI` from 8.0.2 to 8.0.3
- [Release notes](https://github.com/dotnet/aspnetcore/releases)
- [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md)
- [Commits](dotnet/aspnetcore@v8.0.2...v8.0.3)

Updates `Microsoft.AspNetCore.Authentication.OpenIdConnect` from 8.0.2 to 8.0.3
- [Release notes](https://github.com/dotnet/aspnetcore/releases)
- [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md)
- [Commits](dotnet/aspnetcore@v8.0.2...v8.0.3)

Updates `Microsoft.AspNetCore.Components.Web` from 8.0.2 to 8.0.3
- [Release notes](https://github.com/dotnet/aspnetcore/releases)
- [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md)
- [Commits](dotnet/aspnetcore@v8.0.2...v8.0.3)

Updates `Microsoft.AspNetCore.Components.QuickGrid` from 8.0.2 to 8.0.3
- [Release notes](https://github.com/dotnet/aspnetcore/releases)
- [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md)
- [Commits](dotnet/aspnetcore@v8.0.2...v8.0.3)

Updates `Microsoft.AspNetCore.Mvc.Testing` from 8.0.2 to 8.0.3
- [Release notes](https://github.com/dotnet/aspnetcore/releases)
- [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md)
- [Commits](dotnet/aspnetcore@v8.0.2...v8.0.3)

Updates `Microsoft.AspNetCore.TestHost` from 8.0.2 to 8.0.3
- [Release notes](https://github.com/dotnet/aspnetcore/releases)
- [Changelog](https://github.com/dotnet/aspnetcore/blob/main/docs/ReleasePlanning.md)
- [Commits](dotnet/aspnetcore@v8.0.2...v8.0.3)

---
updated-dependencies:
- dependency-name: Microsoft.AspNetCore.OpenApi
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: Microsoft.AspNetCore.Identity.EntityFrameworkCore
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: Microsoft.Extensions.Identity.Stores
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: Microsoft.AspNetCore.Identity.UI
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: Microsoft.AspNetCore.Authentication.OpenIdConnect
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: Microsoft.AspNetCore.Components.Web
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: Microsoft.AspNetCore.Components.QuickGrid
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: Microsoft.AspNetCore.Mvc.Testing
  dependency-type: direct:production
  update-type: version-update:semver-patch
- dependency-name: Microsoft.AspNetCore.TestHost
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump Microsoft.Extensions.DependencyInjection.Abstractions (#246)
4ea30a4 
Bumps [Microsoft.Extensions.DependencyInjection.Abstractions](https://github.com/dotnet/runtime) from 8.0.0 to 8.0.1.
- [Release notes](https://github.com/dotnet/runtime/releases)
- [Commits](dotnet/runtime@v8.0.0...v8.0.1)

---
updated-dependencies:
- dependency-name: Microsoft.Extensions.DependencyInjection.Abstractions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump Microsoft.EntityFrameworkCore.Tools from 8.0.2 to 8.0.3 (#244)
72445fd 
Bumps [Microsoft.EntityFrameworkCore.Tools](https://github.com/dotnet/efcore) from 8.0.2 to 8.0.3.
- [Release notes](https://github.com/dotnet/efcore/releases)
- [Commits](dotnet/efcore@v8.0.2...v8.0.3)

---
updated-dependencies:
- dependency-name: Microsoft.EntityFrameworkCore.Tools
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@SrushtiPasari94
Updated global using file namespace to have only core dependencies. (…
5c20c45 
…#253)

Co-authored-by: Srushti Pasari94 <pasarisrushti@gmail.con>
@SrushtiPasari94 @mxschmitt @jamesmontemagno
Playwright E2E test cases (#235)
bd6f0d2 
* Playwright test cases

* Resolved comments

* Added env variable for credentials

* Added condtion to ignore github workflow for playwright test as of now

* reverted the playwright Workflow disable condition

* Used dependency setup for login in test

* Resolved comments

* fix: Playwright end-to-end tests (#258)

* fix: Playwright end-to-end tests

* nits

* test

* test

* test

* Apply suggestions from code review

* test: fix Playwright tests (#259)

---------

Co-authored-by: Srushti Pasari94 <pasarisrushti@gmail.con>
Co-authored-by: Max Schmitt <max@schmitt.mx>
Co-authored-by: James Montemagno <james.montemagno@gmail.com>
@dependabot
Bump Microsoft.SemanticKernel from 1.6.2 to 1.6.3 (#256)
300a4cd 
Bumps [Microsoft.SemanticKernel](https://github.com/microsoft/semantic-kernel) from 1.6.2 to 1.6.3.
- [Release notes](https://github.com/microsoft/semantic-kernel/releases)
- [Commits](microsoft/semantic-kernel@dotnet-1.6.2...dotnet-1.6.3)

---
updated-dependencies:
- dependency-name: Microsoft.SemanticKernel
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@vhvb1989
Readme notes for deploying to Azure with the AzureDeveloper cli (#177)
0ee9077 
* azd instructions

* lint

* lint
@dependabot @jamesmontemagno
Bump NSubstitute.Analyzers.CSharp from 1.0.15 to 1.0.17 (#193)
15be262 
* Bump NSubstitute.Analyzers.CSharp from 1.0.15 to 1.0.17

Bumps [NSubstitute.Analyzers.CSharp](https://github.com/nsubstitute/NSubstitute.Analyzers) from 1.0.15 to 1.0.17.
- [Changelog](https://github.com/nsubstitute/NSubstitute.Analyzers/blob/1.0.17/ReleaseNotes.md)
- [Commits](nsubstitute/NSubstitute.Analyzers@1.0.15...1.0.17)

---
updated-dependencies:
- dependency-name: NSubstitute.Analyzers.CSharp
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

* cleanup test

* try fix test

* task again with order

* from docs

* typo

* disable warning for now

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: James Montemagno <james.montemagno@gmail.com>
@jamesmontemagno
Add .NET MAUI CI (#260)
05b9ae0 
* Add .NET MAUI CI

* cleanup

* add ignores

* updae installes

* add no warn
Only enable Swagger UI under development mode (#267)
17c76c7
@dependabot
Bump Duende.IdentityServer.Storage from 7.0.1 to 7.0.3 (#271)
0a3e501
@dependabot
Bump Grpc.AspNetCore.Server.ClientFactory from 2.61.0 to 2.62.0 (#270)
7b9fa47
@eerhardt
Fix WebApps OpenAI usage (#269)
2bb450f 
The Kernel was never registered in DI, so it wasn't possible to use the AI services.
@stephentoub
Fix product image urls in chat responses (#275)
57b73de
@dependabot
Bump xunit from 2.5.3 to 2.7.0 (#291)
6ec190a
@dependabot
Bump OpenTelemetry.Instrumentation.Http from 1.7.1 to 1.8.0 (#289)
c3f2e37
@dependabot
Bump coverlet.collector from 3.2.0 to 6.0.2 (#292)
7338372
danmoseley and others added 23 commits March 10, 2025 08:49
@danmoseley
onboard labeler (#766)
3fb18db
@dependabot
Bump the opentelemetry group with 6 updates (#767)
c6c9cc0 
Bumps the opentelemetry group with 6 updates:

| Package | From | To |
| --- | --- | --- |
| [OpenTelemetry.Exporter.OpenTelemetryProtocol](https://github.com/open-telemetry/opentelemetry-dotnet) | `1.11.1` | `1.11.2` |
| [Microsoft.Extensions.Options.ConfigurationExtensions](https://github.com/dotnet/runtime) | `9.0.2` | `9.0.0` |
| [OpenTelemetry.Extensions.Hosting](https://github.com/open-telemetry/opentelemetry-dotnet) | `1.11.1` | `1.11.2` |
| [OpenTelemetry.Instrumentation.AspNetCore](https://github.com/open-telemetry/opentelemetry-dotnet-contrib) | `1.11.0` | `1.11.1` |
| [OpenTelemetry.Instrumentation.Http](https://github.com/open-telemetry/opentelemetry-dotnet-contrib) | `1.11.0` | `1.11.1` |
| [OpenTelemetry.Instrumentation.Runtime](https://github.com/open-telemetry/opentelemetry-dotnet-contrib) | `1.11.0` | `1.11.1` |


Updates `OpenTelemetry.Exporter.OpenTelemetryProtocol` from 1.11.1 to 1.11.2
- [Release notes](https://github.com/open-telemetry/opentelemetry-dotnet/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-dotnet/blob/main/RELEASENOTES.md)
- [Commits](open-telemetry/opentelemetry-dotnet@core-1.11.1...core-1.11.2)

Updates `Microsoft.Extensions.Options.ConfigurationExtensions` from 9.0.2 to 9.0.0
- [Release notes](https://github.com/dotnet/runtime/releases)
- [Commits](dotnet/runtime@v9.0.2...v9.0.0)

Updates `OpenTelemetry.Extensions.Hosting` from 1.11.1 to 1.11.2
- [Release notes](https://github.com/open-telemetry/opentelemetry-dotnet/releases)
- [Changelog](https://github.com/open-telemetry/opentelemetry-dotnet/blob/main/RELEASENOTES.md)
- [Commits](open-telemetry/opentelemetry-dotnet@core-1.11.1...core-1.11.2)

Updates `OpenTelemetry.Instrumentation.AspNetCore` from 1.11.0 to 1.11.1
- [Release notes](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/releases)
- [Commits](open-telemetry/opentelemetry-dotnet-contrib@Resources.AWS-1.11.0...Resources.AWS-1.11.1)

Updates `OpenTelemetry.Instrumentation.Http` from 1.11.0 to 1.11.1
- [Release notes](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/releases)
- [Commits](open-telemetry/opentelemetry-dotnet-contrib@Resources.AWS-1.11.0...Resources.AWS-1.11.1)

Updates `OpenTelemetry.Instrumentation.Runtime` from 1.11.0 to 1.11.1
- [Release notes](https://github.com/open-telemetry/opentelemetry-dotnet-contrib/releases)
- [Commits](open-telemetry/opentelemetry-dotnet-contrib@Resources.AWS-1.11.0...Resources.AWS-1.11.1)

---
updated-dependencies:
- dependency-name: OpenTelemetry.Exporter.OpenTelemetryProtocol
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: opentelemetry
- dependency-name: Microsoft.Extensions.Options.ConfigurationExtensions
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: opentelemetry
- dependency-name: OpenTelemetry.Extensions.Hosting
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: opentelemetry
- dependency-name: OpenTelemetry.Instrumentation.AspNetCore
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: opentelemetry
- dependency-name: OpenTelemetry.Instrumentation.Http
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: opentelemetry
- dependency-name: OpenTelemetry.Instrumentation.Runtime
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: opentelemetry
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot @danmoseley
Bump the duende group with 2 updates (#770)
59f1a6c 
* Bump the duende group with 2 updates

Bumps the duende group with 2 updates: [Duende.IdentityServer](https://github.com/DuendeSoftware/products) and [Duende.IdentityServer.Storage](https://github.com/DuendeSoftware/products).


Updates `Duende.IdentityServer` from 7.0.8 to 7.1.1
- [Release notes](https://github.com/DuendeSoftware/products/releases)
- [Commits](DuendeSoftware/products@is/7.0.8...is-7.1.1)

Updates `Duende.IdentityServer.Storage` from 7.0.8 to 7.1.1
- [Release notes](https://github.com/DuendeSoftware/products/releases)
- [Commits](DuendeSoftware/products@is/7.0.8...is-7.1.1)

---
updated-dependencies:
- dependency-name: Duende.IdentityServer
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: duende
- dependency-name: Duende.IdentityServer.Storage
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: duende
...

Signed-off-by: dependabot[bot] <support@github.com>

* rename

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dan Moseley <danmose@microsoft.com>
@stephentoub @danmoseley
Update to M.E.AI 9.3.0-preview.1.25161.3 (#779)
ed4f50e 
* Update to M.E.AI 9.3.0-preview.1.25161.3

* remove labeler

---------

Co-authored-by: Dan Moseley <danmose@microsoft.com>
@mdanish-kh
Updates to WinGet configuration files (#811)
97928f7
@toyzoz
Optimize user creation for asynchronous calls (#744)
a0eef0a 
* Optimize user creation for asynchronous calls

* Optimize user creation for asynchronous calls

---------

Co-authored-by: galio <yangkun>
@joperezr @eerhardt
Update eshop to Aspire 9.2 (#813)
12bbb6f 
* Update eshop to Aspire 9.2

* Fix tests

* Fix issue with bootstrap causing the build to break.

* Simplify OpenAI code and configuration

* Remove nuget.config changes now that 9.2 is live.

Use AspnetVersion property

---------

Co-authored-by: Eric Erhardt <eric.erhardt@microsoft.com>
@eerhardt
Update to Aspire 9.3 (#837)
4fa8e42 
* Update to Aspire 9.3.0

* - Upgrade to MEAI 9.5.0 stable.
- Enable OpenAI telemetry
- Upgrade to the gpt-4.1-mini model and increase the token rate limit

* Update to latest CommunityToolkit Ollama packages

* - Remove Microsoft.Extensions.AI.Ollama as it is no longer necessary
- Update OpenTelemetry to 1.12

* Bump versions

- AspireUnstablePackagesVersion to shipping version
- Ollama to latest released

* Update Microsoft.Extensions.Http.Resilience to 9.5.0
@danmoseley
remove automapper (#852)
826ab84 
* remove automapper

* dead ref

* update mediatr

* line
@eerhardt @joperezr
Update eshop to Aspire 9.4 (#858)
1c90ec9 
* Update eshop to Aspire 9.4

Take advantage of the new Aspire.Hosting.Yarp integration and remove the Mobile.Bff.Shopping service.
Remove unnecessary package references and versions

* Fix product images when https is enabled.

* Update to .slnx

* Refactor OpenAI configuration to use parameters

* Apply suggestions from code review

* Remove Mobile.Bff.Shopping project from solution file

* Update Aspire.AppHost.Sdk version to 9.4.0 in project files

---------

Co-authored-by: Jose Perez Rodriguez <joperezr@microsoft.com>
@wtgodbe
Extend Unofficial 1ES template in CI (#884)
a57603a
@danmoseley
new suppressions (#885)
a13002f
@mikekistler
Enable nullable in Catalog.API project (#882)
0ac6101 
* Enable nullable in Catalog.API project
* Address comments from PR review
@wtgodbe
Inventory drift (#896)
94e2643 
Co-authored-by: GitOps <gitops@microsoft.com>
@joperezr @captainsafia
Upgrading eshop to .NET 10 and Aspire 9.4.2 (#890)
318e037 
* WIP

* Update package versions and improve nullability handling in Catalog API

* Migrate from deprecated FluentValidation.AspNetCore to core FluentValidation

- Remove deprecated FluentValidation.AspNetCore package
- Add FluentValidation and FluentValidation.DependencyInjectionExtensions packages
- Update ValidatorBehavior to use async validation (ValidateAsync)
- Replace manual validator registrations with assembly scanning
- Maintain existing validation functionality and error handling

Resolves deprecated package warnings while following official FluentValidation guidance for manual validation approach.

* Update OpenAPI options and add .aspire directory

* Fixing trimming issues with ClientApp project

* Update .NET setup in Playwright workflow to specify dotnet version and quality

* Update package versions and SDK to latest release candidates

* Trying to fix playwright tests by using our native tool for installing the certificate.

* Update openapi docs

---------

Co-authored-by: Safia Abdalla <safia@safia.rocks>
@eerhardt @joperezr
Update to Aspire 9.5 (#900)
1b2698c 
* Update to Aspire 9.5

* Remove obsolete Aspire package sources from nuget.config

* Update Aspire unstable packages version to 9.5.0-preview.1.25474.7

---------

Co-authored-by: Jose Perez Rodriguez <joperezr@microsoft.com>
@eerhardt
Update to Aspire 13 (#916)
74f15b1 
* Update to official versions and fix the build

* Update to v7 RabbitMQ

Remove some native AOT workarounds
Convert to use artifacts output so the src directory isn't litered with bin/obj folders

* Update to latest patch, including Aspire.Npgsql.EntityFrameworkCore.PostgreSQL
@Evangelink
Use latest xUnit, MSTest + move to MTP (#924)
b832741 
* Use latest xUnit, MSTest + move to MTP

* Add no progress and detailed output

* Fix test

* Fix dotnet test call for maui
@joperezr
Upgrade to Aspire 13.1 (#939)
5624ad5
@eerhardt
Update to Aspire 13.2 (#975)
b81ad95 
* Initial update to Aspire 13.2

* Update to latest versions

* Update to stable versions

* Refactor Directory.Packages.props

* Fix the playwright tests by waiting for the identityApi from the webapp.

* Update markdownlint workflow to Node.js 20

markdownlint-cli 0.48.0 requires Node.js >= 20. The v regex flag
used by its string-width dependency is not supported in Node.js 16.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

* Add health check to Identity API in AppHost

Without a health check, WaitFor(identityApi) only waits for the
process to start, not for the HTTP server to be fully initialized.
This caused Playwright login tests to fail on CI because the WebApp
would start before the Identity API was ready to handle requests.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

---------

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
@mikekistler
Update to Asp.Versioning to v10-preview2 (#980)
9b4f943
@WASIF-DEVOPS
add dockerfiles and pipeline
a4afba7
@dependabot
Bump the duende group with 1 update
c35ea03 
Bumps Duende.IdentityServer.Storage from 7.3.2 to 8.0.1

---
updated-dependencies:
- dependency-name: Duende.IdentityServer.Storage
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: duende
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Jun 15, 2026
@WASIF-DEVOPS WASIF-DEVOPS force-pushed the feature/devops-pipeline branch from a4afba7 to dbe227a Compare June 15, 2026 20:53
@dependabot @github

dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/nuget/duende-c60b40c744 branch June 15, 2026 20:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.