chore: Bump the microsoft-packages group with 5 updates#106
Merged
jeffcumpsty-tpx merged 2 commits intostagingfrom Feb 13, 2026
Merged
Conversation
* Implement schema caching (#101) * Add support for bypassing Vercel protection in JSON schema fetching * Add conditional check for Docker image build on pull requests targeting main branch * Remove unused database collections from configuration files * Code cleanup and authentication (#99) * Refactor JSON Schema Handling and Validation Services - Introduced DataSourceAuthentication class to manage API authentication configurations in OpenApiValidationRequest. - Removed JsonSchemaResolverService and integrated its functionality into SchemaResolverService for better cohesion. - Updated OpenApiValidationService and JsonValidatorService to use the new ISchemaResolverService interface. - Enhanced schema resolution methods to support both System.Text.Json and Newtonsoft.Json.Schema. - Updated unit tests to reflect changes in schema resolution and validation logic. - Bumped Swashbuckle.AspNetCore package version to 10.1.2 for improved OpenAPI support. * Update DataSourceAuthentication properties to use empty string as default value and rename JsonSchemaResolverService to SchemaResolverService in README * Enhance OpenApiValidationService with authentication support and update README for authentication methods * chore: Bump Swashbuckle.AspNetCore from 10.1.1 to 10.1.2 (#98) --- updated-dependencies: - dependency-name: Swashbuckle.AspNetCore dependency-version: 10.1.2 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Jeff Cumpsty <jeff.cumpsty@tpximpact.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add authentication support to OpenAPI schema configuration and update related services (#100) * Add GitHub workflows for CodeQL analysis, SBOM generation, and Trivy security scan * Update upload-artifact action version in SBOM workflow * Update GitHub Actions to use latest action versions and remove Docker scan steps * Update upload-artifact action version to v6 in CI workflow * Add caching functionality for schema resolution - Introduced CacheOptions class to configure caching behavior. - Updated SchemaResolverService to utilize IMemoryCache for caching remote schemas. - Implemented caching logic in LoadRemoteSchemaAsync method, including support for sliding expiration. - Added unit tests to verify caching behavior with enabled and disabled options. - Updated Program.cs to configure memory cache with size limit from appsettings. - Modified appsettings.json and appsettings.Production.json to include cache configuration options. - Added Microsoft.Extensions.Caching.Abstractions and Microsoft.Extensions.Options package references. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Ci modifications (#102) * Refactor CI/CD workflows: streamline deployment to Heroku and enforce staging branch for main PRs * Enhance CI/CD workflows: update Dependabot configuration, add auto-merge for safe updates, and upgrade checkout action version * Refactor CI/CD workflows: enhance CodeQL analysis and OWASP ZAP scan steps, improve Docker handling, and streamline application readiness checks * Enhance CI/CD workflow: add .NET setup and build step for CodeQL analysis * Refactor CI/CD workflow: replace manual CodeQL build steps with GitHub's autobuild action * Refactor CodeQL analysis step: switch to manual build process for improved control * Ci modifications (#104) * Refactor CI/CD workflows: streamline deployment to Heroku and enforce staging branch for main PRs * Enhance CI/CD workflows: update Dependabot configuration, add auto-merge for safe updates, and upgrade checkout action version * Refactor CI/CD workflows: enhance CodeQL analysis and OWASP ZAP scan steps, improve Docker handling, and streamline application readiness checks * Enhance CI/CD workflow: add .NET setup and build step for CodeQL analysis * Refactor CI/CD workflow: replace manual CodeQL build steps with GitHub's autobuild action * Refactor CodeQL analysis step: switch to manual build process for improved control * Enhance Trivy scans: update action version, add diagnostic checks for missing SARIF, and improve output handling * Remove redundant permissions section from CI configuration * Sanitize URLs in logging for improved security and clarity * Potential fix for code scanning alert no. 209: Log entries created from user input Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> * Add image reference output to Docker build and update Trivy scan steps * Potential fix for code scanning alert no. 211: Log entries created from user input Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Bumps Microsoft.AspNetCore.OpenApi from 10.0.2 to 10.0.3 Bumps Microsoft.Extensions.Caching.Abstractions from 10.0.2 to 10.0.3 Bumps Microsoft.Extensions.Http from 10.0.2 to 10.0.3 Bumps Microsoft.Extensions.Logging.Abstractions from 10.0.2 to 10.0.3 Bumps Microsoft.Extensions.Options from 10.0.2 to 10.0.3 --- updated-dependencies: - dependency-name: Microsoft.AspNetCore.OpenApi dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: microsoft-packages - dependency-name: Microsoft.Extensions.Caching.Abstractions dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: microsoft-packages - dependency-name: Microsoft.Extensions.Http dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: microsoft-packages - dependency-name: Microsoft.Extensions.Logging.Abstractions dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: microsoft-packages - dependency-name: Microsoft.Extensions.Options dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: microsoft-packages ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
Author
LabelsThe following labels could not be found: Please fix the above issues or remove invalid values from |
|
🚫 Merge blocked Pull requests targeting Current source branch: dependabot/nuget/OpenReferralApi.Core/microsoft-packages-c8e45eb484 |
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
jeffcumpsty-tpx
deleted the
dependabot/nuget/OpenReferralApi.Core/microsoft-packages-c8e45eb484
branch
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updated Microsoft.AspNetCore.OpenApi from 10.0.2 to 10.0.3.
Release notes
Sourced from Microsoft.AspNetCore.OpenApi's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Microsoft.Extensions.Caching.Abstractions from 10.0.2 to 10.0.3.
Release notes
Sourced from Microsoft.Extensions.Caching.Abstractions's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Microsoft.Extensions.Http from 10.0.2 to 10.0.3.
Release notes
Sourced from Microsoft.Extensions.Http's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Microsoft.Extensions.Logging.Abstractions from 10.0.2 to 10.0.3.
Release notes
Sourced from Microsoft.Extensions.Logging.Abstractions's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Microsoft.Extensions.Options from 10.0.2 to 10.0.3.
Release notes
Sourced from Microsoft.Extensions.Options's releases.
No release notes found for this version range.
Commits viewable in compare view.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions