chore(deps): update nuget non-major dependencies

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence
Altinn.ApiClients.Dialogporten	1.76.2 → 1.102.4
Blazor.Bootstrap (source)	3.3.1 → 3.5.0
Microsoft.AspNetCore.Authentication.Cookies (source)	2.2.0 → 2.3.9
Microsoft.AspNetCore.Authentication.JwtBearer (source)	8.0.8 → 8.0.23
Microsoft.AspNetCore.Authentication.OpenIdConnect (source)	8.0.8 → 8.0.23
Microsoft.AspNetCore.Cors (source)	2.2.0 → 2.3.9
Microsoft.AspNetCore.OpenApi (source)	8.0.8 → 8.0.23
Microsoft.IdentityModel.Protocols.OpenIdConnect	8.0.2 → 8.15.0
Newtonsoft.Json (source)	13.0.3 → 13.0.4
ScottBrady.IdentityModel	4.0.0 → 4.1.0
ScottBrady.IdentityModel.AspNetCore	2.1.0 → 2.2.0
Swashbuckle.AspNetCore	6.4.0 → 6.9.0

---

Release Notes

altinn/dialogporten (Altinn.ApiClients.Dialogporten)

v1.102.4

Bug Fixes

• auth: Align SI vs SR user determination (#​3365) (43dc0fc)

Miscellaneous Chores

• ci: upgrade az cli to 2.83.0 (#​3380) (3f14b86)

v1.102.1

Bug Fixes

• WebApi: Respect Utf8JsonReader.HasValueSequence (#​3366) (0b048d3)

Miscellaneous Chores

• deps: update dependency asynckeyedlock to 8.0.1 (#​3356) (4c5a862)
• deps: update dependency refitter.sourcegenerator to 1.7.2 (#​3357) (7b39a64)

v1.102.0

Features

• Added idempotentKey for dialog transmission (#​3284) (8996bbd)
• Added minimum length of 3 character for dialog idempotentKey (#​3352) (0257d17)
• app: navigation actions on transmissions (#​3333) (3004ab8)

Miscellaneous Chores

• deps: update actions/setup-node action to v6.2.0 (#​3338) (71a9b36)
• deps: update otel/opentelemetry-collector-contrib docker tag to v0.144.0 (#​3339) (a884816)

v1.99.2

Bug Fixes

• infra: issue with ha typings in bicep for postgresql (0cff821)

Miscellaneous Chores

• deps: update dotnet monorepo (#​3287) (d707fc1)

v1.97.1

Bug Fixes

• perf: Minor optimizations in caching memory locker and UUID generation, cleaning and consolidation of packages (#​3167) (5265302)

Miscellaneous Chores

• deps: Top-level dependency for AsyncKeyedLock (#​3173) (0cd5fb9)
• deps: update dependency refitter.sourcegenerator to 1.7.1 (#​3184) (b1f9671)
• deps: update dependency verify.xunit to 31.9.0 (#​3186) (f1e88ad)
• deps: Update DeterministicGuids package version to 1.0.7 (#​3175) (82d77bd)
• deps: update docker/setup-buildx-action action to v3.12.0 (#​3187) (ed786d5)
• deps: update enricomi/publish-unit-test-result-action action to v2.22.0 (#​3188) (595acc4)
• deps: update fusioncache dependencies to 2.5.0 (#​3191) (871b9ca)
• deps: update grafana/loki docker tag to v3.6.3 (#​3181) (1b9b9cf)
• deps: update mcr.microsoft.com/dotnet/aspnet:9.0.11 docker digest to f872f90 (#​3190) (b708781)
• deps: update nginx docker tag to v1.29.4 (#​3182) (1c799ee)
• deps: update node.js to v24 (#​3192) (7dd44ab)
• deps: update otel/opentelemetry-collector-contrib docker tag to v0.141.0 (#​3169) (895cede)
• deps: update otel/opentelemetry-collector-contrib docker tag to v0.142.0 (#​3189) (2fd3774)
• deps: update postgres docker tag to v16.10 (#​3170) (4411262)
• deps: update prom/prometheus docker tag to v3.8.1 (#​3195) (ae3a61d)
• deps: update serilog dependencies (#​3196) (42b3625)
• deps: update step-security/harden-runner action to v2.14.0 (#​3197) (325a13d)
• deps: Upgraded to refit 9.0.2 (#​3198) (4487fd7)
• performance: fix serviceowner tests (#​3176) (e423c76)
• use IClock for uuid timestamp validator extensions (#​3193) (68ab92d)

v1.92.2

Bug Fixes

• janitor: Fix deletion/internal URL issues (#​3061) (f1627e7)

v1.90.1

Miscellaneous Chores

• app: use IClock for future/past validation extensions (#​3015) (6c162b0)
• webapi: temporary set request size limit to 20Mb (#​3014) (6d4078b)

v1.88.3

Bug Fixes

• api: add missing ExternalReferences (#​2944) (279847c)

v1.87.2

Bug Fixes

• ci: use valid container app job name (#​2904) (29ecb02), closes #​2377

Miscellaneous Chores

• deps: update azure azure-sdk-for-net monorepo (#​2910) (cee086e)
• deps: update dotnet monorepo (#​2909) (d171b1a)
• janitor: Update cost metrics aggregation to use IHostEnvironment, remove deployment to test (#​2911) (2ef77d9)

v1.86.0

Features

• app: add partyid to authorized parties result (#​2836) (e05cd40)

Miscellaneous Chores

• app: Rename PerformerOrg to CallerOrg and add OwnerOrg to feature metrics (#​2833) (dc549ec)
• app: Update OpenTelemetry configurations and dependencies (#​2838) (80c9dd2)

v1.83.1

Bug Fixes

• janitor: Add claims to ConsoleUser (#​2807) (f342a64)

v1.82.0

Features

• web-api: add-stop-nonadapter-mutation-logic (#​2718) (4b82569)

Bug Fixes

• app: add metrics to freeze dialog command (#​2776) (931670b)
• ci: ensure we checkout the proper ref when publishing nuget package (#​2777) (5f1938e)
• e2e: add missing Content-Type params (#​2778) (86302b3)

Miscellaneous Chores

• deps: update actions/github-script action to v8 (#​2773) (5458285)
• deps: update actions/setup-node action to v5 (#​2774) (4799461)
• deps: update dependency altinn.authorization.abac to 0.1.0 (#​2785) (3fe9708)
• deps: update dependency htmlagilitypack to 1.12.3 (#​2769) (f47496c)
• deps: update dependency microsoft.azure.appconfiguration.aspnetcore to 8.4.0 (#​2786) (779583b)
• deps: update dependency refitter.sourcegenerator to 1.6.3 (#​2784) (52aef78)
• deps: update dependency verify.xunit to 30.13.0 (#​2770) (2bca177)
• deps: update jaegertracing/all-in-one docker tag to v1.73.0 (#​2771) (b75613a)
• deps: update otel/opentelemetry-collector-contrib docker tag to v0.135.0 (#​2772) (da93ddf)

v1.79.8

Bug Fixes

• graphql: ContentUpdatedBefore/After missing from search query (#​2690) (5f58832)

Miscellaneous Chores

• deps: update dependency refitter.sourcegenerator to 1.6.2 (#​2684) (8179361)

v1.79.1

Bug Fixes

• api: Validate authorization attribute (#​2645) (22ff75f)

Miscellaneous Chores

• ci: Added explicit permissions to Github workflows (#​2647) (fa6ba60)
• deps: update MassTransit to 8.5.2 (#​2650) (732e8fa)
• webapi: Add Swagger summary for label assignment log endpoint (#​2651) (1f44767)

v1.79.0

Features

• app: Add legacy HTML embeddable content support on transmissions (#​2643) (f103207)

Bug Fixes

• ci: Add missing checkout in 'Restart container apps' GitHub Action (#​2639) (2361d35)
• janitor: Check for duplicates when syncing SubjectResource (#​2585) (fac5e17)

v1.77.0

Features

• webapi: Make Status nullable when creating dialogs (#​2623) (24de98c)

Bug Fixes

• webapi: Use correct URL for create dialog validators in docs (#​2624) (abd4484)

Miscellaneous Chores

• deps: update docker/metadata-action action to v5.8.0 (#​2615) (2072bce)
• deps: update otel/opentelemetry-collector-contrib docker tag to v0.131.1 (#​2616) (fdcd46a)

vikramlearning/blazorbootstrap (Blazor.Bootstrap)

v3.5.0: 3.5.0

✨ New Features & Enhancements

• PdfViewer: Added support for password‑protected PDFs (Issue #​1184, PR #​1185). When a PDF requires a password, the viewer now prompts the user instead of failing silently.
• Enum Input Component (Issue #​1196). Introduces a strongly-typed input for enum values, simplifying binding and reducing boilerplate select markup.
• Documentation: Added Blazor Express sections and updated chart documentation (PR #​1169) to clarify usage patterns and configuration options.

🐞 Bug Fixes

• SortableList: Grabcursor not showing (PR #​1152). Corrected CSS so the expected drag cursor appears, improving usability for sortable interactions.
• Buttons Docs: Corrected the name of enum ButtonSize in buttons.mdx (PR #​1147) ensuring accuracy for developers referencing the docs.

⬆️ Upgrades

• Target Frameworks: Added / upgraded multi-targeting to include .NET 10.0 (PR #​1201). Ensures forward compatibility and access to latest runtime features.
• Configuration: Google Map key handling updates (PR #​1165) to streamline external service setup.

New Contributors

• @​dgaszewski made their first contribution in #​1147

Full Changelog: vikramlearning/blazorbootstrap@v3.4.0...v3.5.0

v3.4.0: 3.4.0

✨ New Features & Enhancements

• Grid: Added support for showing/hiding or adding/removing GridColumn at runtime (#​1027, #​1060)
• Grid: Conditional rendering of GridColumn improvements (#​310)
• Grid: Footer support and ability to add grid footers (#​472, #​921)
• Grid: Column width example added (#​1099)
• Grid: Grid summary and culture updates (#​1071, #​1072, #​1075)
• Grid: Enum filters support (#​1073)
• Grid: FilterTextboxWidth can now use any unit, not just px (#​879, #​1058)
• Grid: Improved pagination, item selection, and items-per-page handling on small screens (#​1019, #​1123)
• Tabs: Setting Tab Class or Style is now functional (#​1035, #​1028)
• Tabs: Removing a Tab now makes the nearest one show (#​1033, #​1029)
• Sidebar: Image display support on sidebar/sidebar2 (#​812, #​1128)
• Icons: Updates and fixes in BootstrapIconUtility (#​1086)
• Demos: Home page improvements (#​1096)
• General: Ability to modify column visibility using IsVisible parameter (#​1060)

🐞 Bug Fixes

• Grid: Responsive="true" was not responsive when Enum Filters enabled (#​1028, #​1124)
• Grid: Removing last item from last page did not navigate to new last page (#​689, #​1059)
• Grid: Conditional rendering of GridColumn issues (#​310)
• Grid: Issue with grid summary updates (#​1072)
• Grid: Items selection, pagination, and display issues on small screens (#​1019, #​1123)
• Grid: How to set Grid page number when current page is empty (#​443)
• Grid: FilterTextboxWidth now consistently applies units (#​879, #​1058)
• Tabs: Setting Tab Class/Style issues fixed (#​1035, #​1028)
• Tabs: Removing a Tab now correctly shows the nearest tab (#​1033, #​1029)

⬆️ Upgrades

• Upgraded to Bootstrap v5.3.7 (#​1118, #​1120)
• Upgraded to Bootstrap Icons v1.13.1 (#​1119, #​1121)

🧩 Other Notable Improvements

• Improved documentation and demo coverage.
• Sidebar image support (area-sidebar, area-sidebar-2).
• Numerous merged PRs and community contributions for feature completion and bug fixes.

New Contributors

• @​rajraku made their first contribution in #​1058
• @​cpettit-proxsysrx made their first contribution in #​1102
• @​shargon made their first contribution in #​1111

Special thanks to all contributors for their efforts and dedication to making BlazorBootstrap more robust and feature-rich!

Full Changelog: vikramlearning/blazorbootstrap@v3.3.1...v3.4.0

dotnet/dotnet (Microsoft.AspNetCore.Authentication.JwtBearer)

v8.0.18: .NET 8.0.18

You can build .NET 8.0 from the repository by cloning the release tag v8.0.18 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

v8.0.17: .NET 8.0.17

You can build .NET 8.0 from the repository by cloning the release tag v8.0.17 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

v8.0.16: .NET 8.0.16

You can build .NET 8.0 from the repository by cloning the release tag v8.0.16 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

v8.0.15: .NET 8.0.15

You can build .NET 8.0 from the repository by cloning the release tag v8.0.15 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

v8.0.14: .NET 8.0.14

You can build .NET 8.0 from the repository by cloning the release tag v8.0.14 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

v8.0.13: .NET 8.0.13

You can build .NET 8.0 from the repository by cloning the release tag v8.0.13 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

v8.0.12: .NET 8.0.12

You can build .NET 8.0 from the repository by cloning the release tag v8.0.12 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

v8.0.11: .NET 8.0.11

You can build .NET 8.0 from the repository by cloning the release tag v8.0.11 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

v8.0.10: .NET 8.0.10

You can build .NET 8.0 from the repository by cloning the release tag v8.0.10 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (Microsoft.IdentityModel.Protocols.OpenIdConnect)

v8.15.0

Compare Source

====

New Features

• Add ECDsa support in X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey
  Extended X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey to support ECDSA keys.
  See PR #​2377 for details.

Bug Fixes

• Sanitize logs to avoid leaking sensitive data
  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.
  See PR #​3316 for details.
• Optimize log sanitization with SearchValues
  Improved the performance of the log sanitization logic introduced earlier by using SearchValues, making sanitization more efficient in high-throughput scenarios.
  See PR #​3341 for details.
• Update test for IDX10400
  Adjusted the IDX10400 test to align with the current behavior and error messaging.
  See PR #​3314 for details.

Fundamentals

• Add supported algorithm tests
  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.
  See PR #​3296 for details.
• Migrate repository agent rules from .clinerules to agents.md
  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.
  See PR #​3313 for details.
• Migrate Microsoft.IdentityModel.TestExtensions from Newtonsoft.Json to System.Text.Json
  Updated Microsoft.IdentityModel.TestExtensions to use System.Text.Json instead of Newtonsoft.Json, aligning tests with the runtime serialization stack.
  See PR #​3356 for details.
• Disable code coverage comments
  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.
  See PR #​3349 for details.
• Fix CodeQL alerts
  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.
  See PR #​3364 for details.

.NET 10 / SDK and tooling updates

• Building with .NET 10 preview / RC 1
  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.
  See PRs #​3287, #​3357, and #​3358 for details.
• Fix .NET 10 test execution consistency
  Ensured consistent use of the TargetNetNext parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.
  See PR #​3337 for details.
• Update project files and workflows for .NET 10.0 compatibility
  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.
  See PR #​3363 for details.
• Update .NET version to meet CG compliance
  Updated the .NET version references to be compliant with corporate governance (CG) requirements.
  See PR #​3353 for details.
• Update Coverlet collector and test SDK
  • Bumped CoverletCollectorVersion to 6.0.4.
    See PR #​3333 for details.
  • Upgraded Microsoft.NET.Test.Sdk to a newer version for improved test reliability and tooling support.
    See PR #​3336 for details.
• Update runTests.ps1 to specify dotnet directory
  Updated runTests.ps1 to accept an explicit dotnet directory, improving test execution robustness in environments with multiple SDK installations.
  See PR #​3368 for details.
• Adjust dotnetcore workflow targeting for .NET 10 SDK
  Iterated on the CI workflow configuration to correctly target the .NET 10 SDK:
  • Temporarily removed targeting of the .NET 10 SDK in dotnetcore.yml.
    See PR #​3335.
  • Reverted that change to restore .NET 10 SDK targeting.
    See PR #​3339 for details.

Documentation

• Update support policy documentation
  Refreshed supportPolicy.md to reflect the latest support policy for IdentityModel.
  See PR #​3367 for details.

v8.14.0

Compare Source

====

Bug Fixes

• Switch back to use ValidationResult instead of OperationResult when validating a token in a new experimental validation flow. Additionally removed the dependency on Microsoft.IdentityModel.Abstractions. See #​3299 for details.

v8.13.1

Compare Source

====

Dependencies

Microsoft.IdentityModel now depends on Microsoft.Identity.Abstractions 9.3.0

Bug Fixes

• Fixed a decompression failure happening for large JWE payloads. See #​3286 for details.

Work related to redesign of IdentityModel's token validation logic #​2711

• Update the validation methods to return Microsoft.Identity.Abstractions.OperationResult. See #​3284 for details.

v8.13.0

Compare Source

====

Fundamentals

• CaseSensitiveClaimsIdentity.SecurityToken setter is now protected internal (was internal). See PR #​3278 for details.
• Update .NET SDK version to 9.0.108 used when building or running the code. See PR #​3274 for details.
• Update RsaSecurityKey.cs to replace the Pkcs1 padding by Pss from HasPrivateKey check. See #​3280 for details.

v8.12.1

Compare Source

====

Fundamentals

• Update .NET SDK version to 9.0.107 used when building or running the code. See #​3385 for details.
• To keep our experimental code separate from production code, all files associated with experimental features have been moved to the Experimental folders. See PR #​3261 for details.
• Experimental code leaked into TokenValidationResult from early prototypes. See PR #​3259 for details.

v8.12.0

Compare Source

====

New Features

• Enhance ConfigurationManager with event handling
  Added event handling capabilities to the ConfigurationManager, enabling consumers to subscribe to configuration change events. This enhancement improves extensibility and allows more responsive applications. For details see #​3253

Bug Fixes

• Add expected Base64UrlEncoder.Decode overload for NET6 and 8
  Introduced the expected overload of Base64UrlEncoder.Decode for .NET 6 and 8, ensuring compatibility and preventing missing method issues on these frameworks.
  For details see #​3249

Fundamentals

• Add AI assist rules
  Incorporated AI assist rules to enhance AI agents effectiveness.
  For details see #​3255
• Update PublicApiAnalyzers and BannedApiAnalyzers to 4.14.0
  Upgraded analyzer packages for improved diagnostics and code consistency (in particular delegates are added).
  For details see #​3256
• Move suppression of RS006 to csproj
  Centralized suppression of RS006 warnings in project files for easier management.
  For details see #​3230

v8.11.0

Compare Source

=====

New Features:

• Microsoft.IdentityModel now exposes the AadIssuerValidator factory method publicly to enable caching functionality for AadIssuerValidator instances. See issue #​3245 for details.
• Added a new public async API: JsonWebTokenHandler.DecryptTokenWithConfigurationAsync, which decrypts a JWE token using keys from either TokenValidationParameters or, if not present, from configuration (such as via a ConfigurationManager). This enhancement improves developer experience by enabling asynchronous, cancellation-aware JWE decryption scenarios, aligning with modern .NET async patterns and making integration with external key/configuration sources more robust and observable. See PR #​3243 for details.

v8.10.0

Compare Source

=====

Bug Fixes

• Corrected casing of the Type attribute in SubjectConfirmationData. See #​3206.
• Removed Microsoft.Bcl.Memory dependency for pre-.NET 9.0 targets. See #​3220 to avoid build warnings with the other target frameworks
• Aligned Microsoft.Extensions.Logging.Abstractions version to 8.0.0 for .NET 9 to match other targets. See #​3226.

Fundamentals

• Introduced Long-Term Support (LTS) policy. See #​3228 and #​3232.

v8.9.0

Compare Source

=====

Bug Fixes

• syncAfter has been updated to preserve UTC information, addressing a bug where GetConfigurationAsync does not refresh configuration in ConfigurationManager. See #​3213.
• Fixed a null reference issue in KeyInfo. See (#​3203)[#​3203].

New Features

• Introduced a new delegate for reading custom token payload values on JsonWebToken. See #​2981.
• Added an overload for ReadJsonWebToken to take a ReadOnlyMemory. See #​3205.

Fundamentals

• Utilized IList to avoid enumerator allocation during audience validation. See #​3204.

v8.8.0

Compare Source

=====

New Features

• Adds the ability for the metadata refresh to be done as a blocking call, as per 8.0.1 behavior. This is done through the Switch.Microsoft.IdentityModel.UpdateConfigAsBlocking switch. If set, configuration calls will be blocking when metadata is updated, otherwise, if token arrive with a new signing keys, validation errors will be returned to the caller. See PR #​3193 for details.
• Identity.Model update

---

Configuration

📅 Schedule: Branch creation - "before 07:00 on Thursday" in timezone Europe/Oslo, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.