Bump FastEndpoints.Testing and 2 others

[dependabot]

Updated FastEndpoints.Testing from 5.31.0 to 8.0.1.

Release notes

Sourced from FastEndpoints.Testing's releases.

8.0.1

---

⚠️ Sponsorship Level Critically Low ⚠️

Due to low financial backing by the community, FastEndpoints will soon be going into "Bugfix Only" mode until the situation improves. Please join the discussion here and help out if you can.

---

New 🎉

Support for Native AOT compilation

FastEndpoints is now Native AOT compatible. Please see the documentation here on how to configure it.

If you'd like to jump in head first, a fresh AOT primed starter project can be scaffolded like so:

dotnet new install FastEndpoints.TemplatePack
dotnet new feaot -n MyProject

If you've not worked with AOT compilation in .NET before, it's highly recommended to read the docs linked above.

Auto generate STJ JsonSerializationContexts

You no longer need to ever see a JsonSerializerContext thanks to the new serializer context generator in FastEndpoints. (Unless you want to that is 😉). See the documentation here on how to enable it for non-AOT projects.

Distributed job processing support

The job queueing functionality now has support for distributed workers that connect to the same underlying database. See the documentation here.

Qualify endpoints in global configurator according to endpoint level metadata

You can now register any object as metadata at the endpoint level like so:

sealed class SomeObject
{
    public int Id { get; set; }
    public bool Yes { get; set; }
}

 ... (truncated)

## 7.2

---

## ⚠️ Sponsorship Level Critically Low ⚠️

Due to low financial backing by the community, FastEndpoints will soon be going into "Bugfix Only" mode until the situation improves. Please [join the discussion here](https://github.com/FastEndpoints/FastEndpoints/issues/1042) and help out if you can.

---

[//]: # (<details><summary>title text</summary></details>)

## New 🎉

<details><summary>Standalone package for Event/Command Bus functionality</summary>

The in-process Event Bus and Command Bus features have been liberated from the clutches of the FastEndpoints main library. A new, independent `FastEndpoints.Messaging` package has been created. This package can be used in any .NET 8+ application, even with Blazor WASM. Simply install the nuget package and register it with the IOC container like so:

```csharp
builder.Services.AddMessaging();
var host = builder.Build();
host.Services.UseMessaging();

There's no setup (nor code changes) needed for projects using FastEndpoints main library. The above is only for when you want to use the messaging functionality in projects that don't have FastEndpoints.

Standalone package for Job Queues functionality

The job queuing functionality has also been extracted out to a separate package FastEndpoints.JobQueues which can be used independently of the main FE library. No code changes are needed for existing FE projects.

Aspire Testing support for routeless test helpers

You can now use the routeless test helpers such as .GETAsync<MyEndpoint>() with Aspire DistributedApplication testing like so:

[Fact]
public async Task Endpoint_Returns_Ok_Response()
{
    // Arrange
    var ct = TestContext.Current.CancellationToken;
    var appHost = await DistributedApplicationTestingBuilder.CreateAsync<Projects.AspireApp_AppHost>(ct);
    await using var app = await appHost.BuildAsync(ct).WaitAsync(_defaultTimeout, ct);
    await app.StartAsync(ct).WaitAsync(_defaultTimeout, ct);
    await app.ResourceNotifications.WaitForResourceHealthyAsync("apiservice", ct).WaitAsync(_defaultTimeout, ct);

    // Act
    var httpClient = app.CreateHttpClient("apiservice");
    var (response, _) = await httpClient.GETAsync<HelloEndpoint, EmptyResponse>();
 ... (truncated)

## 7.1.1

# .NET 10 Support

> We've had .NET 10 preview support for a while and this is just a patch release to update the SDK references to .NET 10 final.

[//]: # (---)

[//]: # ()

[//]: # (## ❇️ Help Keep FastEndpoints Free & Open-Source ❇️)

[//]: # ()

[//]: # (Due to the current [unfortunate state of FOSS]&#​40;https://www.youtube.com/watch?v=H96Va36xbvo&#​41;, please consider [becoming a sponsor]&#​40;https://opencollective.com/fast-endpoints&#​41; and help us beat the odds to keep the project alive and free for everyone.)

[//]: # ()

[//]: # (---)

[//]: # ()

[//]: # ([//]: # &#​40;<details><summary>title text</summary></details>&#​41;)

[//]: # ()

[//]: # (## New 🎉)

[//]: # ()

[//]: # (## Improvements 🚀)

[//]: # ()

[//]: # (## Fixes 🪲)

[//]: # ()

[//]: # (## Breaking Changes ⚠️)

## 7.1

---

## ❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current [unfortunate state of FOSS](https://www.youtube.com/watch?v=H96Va36xbvo), please consider [becoming a sponsor](https://opencollective.com/fast-endpoints) and help us beat the odds to keep the project alive and free for everyone.

---

[//]: # (<details><summary>title text</summary></details>)

## New 🎉

<details><summary>Better conditional sending of responses</summary>

All **Send.\*Async()** methods now return a T**ask\<Void\>** result. If a response needs to be sent conditionally, you can simply change the return type of the handler from **Task** to **Task\<Void\>**  and return the awaited result as shown below in order to stop further execution of endpoint handler logic:

```csharp
public override async Task<Void> HandleAsync(CancellationToken c)
{
    if (id == 0)
        return await Send.NotFoundAsync();

    if (id == 1)
        return await Send.NoContentAsync();

    return await Send.OkAsync();
}

If there's no async work being done in the handler, the Task<Void> can simply be returned as well:

public override Task<Void> HandleAsync(CancellationToken c)
{
    return Send.OkAsync();
}

Specify max request body size per endpoint

Instead of globally increasing the max request body size in Kestrel, you can now set a max body size per endpoint where necessary like so:

public override void Configure()
{
    Post("/file-upload");
    AllowFileUploads();
    MaxRequestBodySize(50 * 1024 * 1024);
 ... (truncated)

## 7.0.1

---

## ❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current [unfortunate state of FOSS](https://www.youtube.com/watch?v=H96Va36xbvo), please consider [becoming a sponsor](https://opencollective.com/fast-endpoints) and help us beat the odds to keep the project alive and free for everyone.

---

## New 🎉

<details><summary>Relocate response sending methods ⚠️</summary>

Response sending methods such as `SendOkAsync()` have been ripped out of the endpoint base class for a better intellisense experience and extensibility.

Going forward, the response sending methods are accessed via the `Send` property of the endpoint as follows:

```cs
public override async Task HandleAsync(CancellationToken c)
{
    await Send.OkAsync("hello world!");
}

In order to add your own custom response sending methods, simply target the IResponseSender interface and write extension methods like so:

static class SendExtensions
{
    public static Task HelloResponse(this IResponseSender sender)
        => sender.HttpContext.Response.SendOkAsync("hello!");
}

This is obviously is a wide-reaching breaking change which can be easily remedied with a quick regex based find & replace. Please see the breaking changes section below for step-by-step instructions on how to migrate. Takes less than a minute.

Send multiple Server-Sent-Event models in a single stream

It is now possible to send different types of data in a single SSE stream with the use of a wrapper type called StreamItem like so:

public override async Task HandleAsync(CancellationToken ct)
{
    await Send.EventStreamAsync(GetMultiDataStream(ct), ct);

    async IAsyncEnumerable<StreamItem> GetMultiDataStream([EnumeratorCancellation] CancellationToken ct)
    {
        long id = 0;

 ... (truncated)

## 6.2

---

## ❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current [unfortunate state of FOSS](https://www.youtube.com/watch?v=H96Va36xbvo), please consider [becoming a sponsor](https://opencollective.com/fast-endpoints) and help us beat the odds to keep the project alive and free for everyone.

---

<!-- <details><summary>title text</summary></details> -->

## New 🎉

<details><summary>Support 'Scope' based access restriction</summary>

Your can now restrict access based on [Scopes](https://oauth.net/2/scope) in tokens (e.g., from OAuth2/OpenID Connect IDPs). Simply specify required scopes using the newly added **Scopes()** method:

```cs
public override void Configure()
{
    Get("/item");
    Scopes("item:read", "item:write");
}

This allows access if the user's "scope" claim includes ANY of the listed values. To require ALL scopes, use ScopesAll() instead.

By default, scopes are read from the "scope" claim, which can be changed like so:

app.UseFastEndpoints(c => c.Security.ScopeClaimType = "scp")

If scope values aren't space-separated, customize parsing like so:

app.UseFastEndpoints(c => c.Security.ScopeParser = input =>
{
    //extract scope values and return a collection of strings
})

Automatic 'Accepts Metadata' for Non-Json requests

In the past, if an endpoint defines a request DTO type, an accepts-metadata of application/json would be automatically added to the endpoint, which would require the user to clear that default metadata if all the properties of the DTO is bound from non-json binding sources such as route/query/header etc.

Now, if the user annotates all the properties of a DTO with the respective non-json binding sources such as the following:

 ... (truncated)

## 6.1

---

## ❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current [unfortunate state of FOSS](https://www.youtube.com/watch?v=H96Va36xbvo), please consider [becoming a sponsor](https://opencollective.com/fast-endpoints) and help us beat the odds to keep the project alive and free for everyone.

---

<!-- <details><summary>title text</summary></details> -->

## New 🎉

<details><summary>Convenience method for retrieving the auto generated endpoint name</summary>

You can now obtain the generated endpoint name like below for the purpose of custom link generation using the `LinkGenerator` class.

```cs
var endpointName = IEndpoint.GetName<SomeEndpoint>();

Auto population of headers in routeless tests

Given a request dto such as the following where a property is decorated with the [FromHeader] attribute:

sealed class Request
{
    [FromHeader]
    public string Title { get; set; }
    public string FirstName { get; set; }
    public string LastName { get; set; }
}

Previously, you had to manually add the header to the request in order for the endpoint to succeed without sending back an error response.
Now you can simply supply the value for the header when making the request as follows, and the header will be automatically added to the request with the value from the property.

var (rsp, res) = await App.Client.POSTAsync<MyEndpoint, Request, string>(
                     new()
                     {
                         Title = "Mrs.",
                         FirstName = "Doubt",
                         LastName = "Fire"
                     });

This automatic behavior can be disabled as follows if you'd like to keep the previous behavior:
... (truncated)

6.0

---

❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current unfortunate state of FOSS, please consider becoming a sponsor and help us beat the odds to keep the project alive and free for everyone.

---

Breaking Changes ⚠️

Support for .NET 6 & 7 has been dropped as those SDKs are no longer supported by Microsoft. In order to use this release of FastEndpoints, you need to be on at least .NET 8.0.4

New 🎉

Support for .NET 10 preview

You can start targeting net10.0 SDK in your FE projects now. Currently preview versions of the dependencies are used.

Generic Pre/Post Processor global registration

Open generic pre/post processors can now be registered globally using the endpoint configurator func like so:

app.UseFastEndpoints(c => c.Endpoints.Configurator = ep => ep.PreProcessors(Order.Before, typeof(MyPreProcessor<>)))

sealed class MyPreProcessor<TRequest> : IPreProcessor<TRequest>
{
    public Task PreProcessAsync(IPreProcessorContext<TRequest> ctx, CancellationToken c)
    {
        ...
    }
}

Middleware pipeline for Command Bus

By popular demand from people moving away from MediatR, a middleware pipeline similar to MediatRs pipeline behaviors has been added to FE's built-in command bus. You just need to write your pipeline/middleware pieces by implementing the interface ICommandMiddleware<TCommand,TResult> and register those pieces to form a middleware pipeline as described in the documentation.

Support 'CONNECT' and 'TRACE' verbs

... (truncated)

5.35

---

❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current unfortunate state of FOSS, please consider becoming a sponsor and help us beat the odds to keep the project alive and free for everyone.

---

New 🎉

Bypass endpoint caching for integration tests

You can now easily test endpoints that have caching enabled, by using a client configured to automatically bypass caching like so:

var antiCacheClient = App.CreateClient(new() { BypassCaching = true });

Mark properties as "bind required"

You can now make the request binder automatically add a validation failure when binding from route params, query params, and form fields by decorating the dto properties if the binding source doesn't provide a value:

sealed class MyRequest
{
    [QueryParam(IsRequired = true)]
    public bool Correct { get; set; }

    [RouteParam(IsRequired = true)]
    public int Count { get; set; }

    [FormField(IsRequired = true)]
    public Guid Id { get; set; }
}

Generic command support for job queues

Closed generic commands can now be registered like so:

app.Services.RegisterGenericCommand<QueueCommand<OrderCreatedEvent>, QueueCommandHandler<OrderCreatedEvent>>();

... (truncated)

5.34

---

❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current unfortunate state of FOSS, please consider becoming a sponsor and help us beat the odds to keep the project alive and free for everyone.

---

New 🎉

Queued job progress tracking

It is now possible to queue a job and track its progress and/or retrieve intermediate results while the command handler executes via the job tracker as documented here.

Global 'JwtCreationOptions' support for refresh token service

If you configure jwt creation options at a global level like so:

bld.Services.Configure<JwtCreationOptions>( o =>  o.SigningKey = "..." ); 

The RefreshTokenService will now take the default values from the global config if you don't specify anything when configuring the token service like below:

sealed class MyTokenService : RefreshTokenService<TokenRequest, TokenResponse>
{
    public MyTokenService
    {
        Setup(o =>
        {         
            //no need to specify token signing key/style/etc. here unless you want to.
            o.Endpoint("/api/refresh-token");
            o.AccessTokenValidity = TimeSpan.FromMinutes(5);
            o.RefreshTokenValidity = TimeSpan.FromHours(4);
        });
    }
}

Global response modifier setting

A new global action has been added which gets triggered right before a response is written to the response stream allowing you to carry out some common logic that should be applied to all endpoints.

... (truncated)

5.33

---

❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current unfortunate state of FOSS, please consider becoming a sponsor and help us beat the odds to keep the project alive and free for everyone.

---

New 🎉

Migrate to xUnit v3 ⚠️

If you're using the FastEndpoints.Testing package in your test projects, take the following steps to migrate your projects:

1. Update all "FastEndpoints" package references in your projects to "5.33.0".
2. In your test project's .csproj file:
   1. Remove the package reference to the xunit v2 package.
   2. Add a package reference to the new xunit.v3 library with version 1.0.0
   3. Change the version of xunit.runner.visualstudio to 3.0.0
3. Build the solution.
4. If there are compilation errors related to the return type of overridden methods in your derived AppFixture<TProgram> classes, such as SetupAsync and TearDownAsync. Change their return type from Task to ValueTask to resolve these errors.
5. If there are any compilation errors related to XUnit.Abstractions namespace not being found, simply delete those "using statements" as that namespace has been removed in xUnit v3.

After doing the above, it should pretty much be smooth sailing, unless your project is affected by the removal of previously deprecated classes as mentioned in the "Breaking Changes" section below.

Eliminate the need for [BindFrom(...)] attribute

Until now, when binding from sources other than JSON body, you had to annotate request DTO properties with the [BindFrom("my_field")] attribute when the incoming field name is different to the DTO property name. A new setting has now been introduced which allows you to use the same property naming policy as the serializer for matching incoming request parameters without having to use any attributes.

app.UseFastEndpoints(c => c.Binding.UsePropertyNamingPolicy = true)

This only applies to properties where you haven't specified the field names manually using an attribute such as [BindFrom(...)], [FromClaim(...)]. [FromHeader(...)] etc.

Control binding sources per DTO property

The default binding order is designed to minimize attribute clutter on DTO models. In most cases, disabling binding sources is unnecessary. However, for rare scenarios where a binding source must be explicitly blocked, you can now do the following:

[DontBind(Source.QueryParam | Source.RouteParam)] 
public string UserID { get; set; } 

... (truncated)

5.32

---

❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current unfortunate state of FOSS, please consider becoming a sponsor and help us beat the odds to keep the project alive and free for everyone.

---

New 🎉

.NET 9.0 Support

Migration to .NET 9.0 SDK is now complete. You can now target net9.0 sdk without any issues.

Support for enforcing antiforgery token checks for non-form requests

The antiforgery middleware can now be configured to check antiforgery tokens for any content-type by configuring it like so:

app.UseAntiforgeryFE(additionalContentTypes: ["application/json"])

User configurable Endpoint Name (Operation Id) generation

The endpoint name generation logic can now be overriden at a global level like so:

app.UseFastEndpoints(
       c => c.Endpoints.NameGenerator =
                ctx =>
                {
                    return ctx.EndpointType.Name.TrimEnd("Endpoint");
                })

Global configuration of 'JwtCreationOptions'

You can now configure JwtCreationOptions once globally like so:

bld.Services.Configure<JwtCreationOptions>(
       o =>
 ... (truncated)

Commits viewable in [compare view](https://github.com/FastEndpoints/FastEndpoints/compare/v5.31...v8.0.1).
</details>

Updated [Microsoft.AspNetCore.Mvc.Testing](https://github.com/dotnet/dotnet) from 10.0.0 to 10.0.3.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.AspNetCore.Mvc.Testing's releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits).
</details>

Updated [Microsoft.AspNetCore.TestHost](https://github.com/dotnet/dotnet) from 10.0.0 to 10.0.3.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.AspNetCore.TestHost's releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits).
</details>

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>