Skip to content

Bump the nuget group with 5 updates#40

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/src/MX.TravelItinerary.Web/nuget-4cced950cd
Open

Bump the nuget group with 5 updates#40
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/src/MX.TravelItinerary.Web/nuget-4cced950cd

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 1, 2026

Updated Azure.Data.Tables from 12.9.1 to 12.11.0.

Release notes

Sourced from Azure.Data.Tables's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Azure.Identity from 1.12.0 to 1.18.0.

Release notes

Sourced from Azure.Identity's releases.

1.18.0

1.18.0 (2026-02-25)

Features Added

  • Added experimental Microsoft.Extensions.Configuration and Microsoft.Extensions.DependencyInjection integration for Azure SDK clients. For details, see the Configuration and Dependency Injection documentation.

  • The WorkloadIdentityCredentialOptions.IsAzureProxyEnabled property, which enables Azure Kubernetes token proxy mode, is only available in beta releases of this package.

  • AzureDeveloperCliCredential now parses JSON error output from azd auth token to extract clean error messages instead of including raw JSON in exceptions. Error messages like {"type":"consoleMessage","data":{"message":"ERROR: fetching token: ..."}} are now displayed as ERROR: fetching token: ....

1.18.0-beta.3

1.18.0-beta.3 (2026-02-20)

Breaking Changes

  • Renamed WorkloadIdentityCredentialOptions.IsAzureKubernetesTokenProxyEnabled to IsAzureProxyEnabled to follow .NET naming conventions for boolean properties.

Bugs Fixed

  • Fixed a NullReferenceException that occurred during X509Chain validation on Linux when using the Identity Bindings feature.

  • Disabled MSAL's internal retry logic for ConfidentialClientApplication and PublicClientApplication to prevent double retries when combined with Azure SDK's retry policy. Only the configured Azure SDK retry policy is applied, avoiding unexpected additional retry attempts.

1.15.0

1.15.0 (2026-02-02)

Features Added

  • Upgraded api-version to 2025-05-01.

1.14.0

1.14.0 (2026-01-16)

Features Added

  • Added new resource type GalleryScript.
  • Added StorageAccountStrategy property to GalleryArtifactPublishingProfileBase class.

Commits viewable in compare view.

Updated Microsoft.ApplicationInsights.AspNetCore from 2.22.0 to 3.0.0.

Release notes

Sourced from Microsoft.ApplicationInsights.AspNetCore's releases.

3.0.0

3.0.0-rc1

3.0.0-beta2

Added

  • Automatic configuration binding from "ApplicationInsights" section in appsettings.json for both AspNetCore and WorkerService packages with configuration precedence: environment variables > explicit configuration > appsettings.json
  • Added support for Entra ID (Azure Active Directory) authentication using Azure.Core.TokenCredential
  • Added Self Diagnostics feature
  • Updated the default sampler from Fixed Rate to Rate-Limited Sampling.
  • Update Azure Monitor Exporter to 1.6.0-beta.2
  • Add comprehensive applicationinsights.config support
  • Add properties in TelemetryConfiguration to configure underlying exporter

Bug fix

  • Fix TrackMetric(MetricTelemetry) unsupported telemetry type error

3.0.0-beta1

  • The following Application Insights packages in this repo now use OpenTelemetry internally. OpenTelemetry is the industry standard for telemetry collection and provides better interoperability with other observability tools.
    • Microsoft.ApplicationInsights
    • Microsoft.ApplicationInsights.AspNetCore
    • Microsoft.ApplicationInsights.WorkerService
    • Microsoft.ApplicationInsights.Web
    • Microsoft.ApplicationInsights.NLogTarget
  • Classic APIs of the above packages are preserved; calls are translated to OpenTelemetry telemetry.
  • Other packages not listed above (such as certain auto-collectors and logging adapters that were published from this repo previously) will not have future versions published. See BreakingChanges.md for details.

2.23.0

  • no changes since beta.

2.23.0-beta1

Commits viewable in compare view.

Updated Microsoft.Identity.Web from 4.3.0 to 4.4.0.

Release notes

Sourced from Microsoft.Identity.Web's releases.

4.4.0

New features

  • Add AOT-compatible web API authentication for .NET 10+. See #​3705 and #​3664.
  • Propagate long-running web API session key back to callers in user token acquisition. See #​3728.
  • Add OBO event initialization for OBO APIs. See #​3724.
  • Add support for calling WithClientClaims flow for token acquisition. See #​3623.
  • Add OnBeforeTokenAcquisitionForOnBehalfOf event. See #​3680.

Bug fixes

  • Throw InvalidOperationException with actionable message when a custom credential is not registered. See #​3626.
  • Fix event firing for InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync. See #​3717.
  • Update OnBeforeTokenAcquisitionForOnBehalfOf to construct ClaimsPrincipal from token. See #​3714.
  • Add a retry counter for acquire token and updated tests with a fake secret. See #​3682.
  • Fix OBO user error handling. See #​3712.
  • Fix override merging for app token (and others). See #​3644.
  • Fix certificate reload logic to only trigger on certificate-specific errors. See #​3653.
  • Update ROPC flow CCA to pass SendX5C to MSAL. See #​3671.

Dependencies updates

  • Bump qs in /tests/DevApps/SidecarAdapter/typescript. See #​3725.
  • Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See #​3730.
  • Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See #​3726.
  • Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See #​3699.
  • Update to MSAL 4.81.0. See #​3665.

Documentation

  • Add documentation for auto-generated session key for long-running OBO session. See #​3729.
  • Improve the Aspire doc article and skills. See #​3695.
  • Add an article and agent skill to add Entra ID to an Aspire app. See #​3689.
  • Fix misleading comment in CertificatelessOptions.ManagedIdentityClientId. See #​3667.
  • Add Copilot explore tool functionality. See #​3694.

Fundamentals

  • Remove unnecessary warning suppression. See #​3715.
  • Migrate labs to Lab.API 2.x (first pass). See #​3710.
  • Update Sidecar E2E test constants. See #​3693.
  • Fix intermittent failures in CertificatesObserverTests. See #​3687.
  • Add validation baseline exclusions. See #​3684.
  • Add dSTS integration tests. See #​3677.
  • Fix FIC test. See #​3663.
  • Update IdentityWeb version, build logic, and validation. See #​3659.

New Contributors

Commits viewable in compare view.

Updated Microsoft.Identity.Web.UI from 4.3.0 to 4.4.0.

Release notes

Sourced from Microsoft.Identity.Web.UI's releases.

4.4.0

New features

  • Add AOT-compatible web API authentication for .NET 10+. See #​3705 and #​3664.
  • Propagate long-running web API session key back to callers in user token acquisition. See #​3728.
  • Add OBO event initialization for OBO APIs. See #​3724.
  • Add support for calling WithClientClaims flow for token acquisition. See #​3623.
  • Add OnBeforeTokenAcquisitionForOnBehalfOf event. See #​3680.

Bug fixes

  • Throw InvalidOperationException with actionable message when a custom credential is not registered. See #​3626.
  • Fix event firing for InvokeOnBeforeTokenAcquisitionForOnBehalfOfAsync. See #​3717.
  • Update OnBeforeTokenAcquisitionForOnBehalfOf to construct ClaimsPrincipal from token. See #​3714.
  • Add a retry counter for acquire token and updated tests with a fake secret. See #​3682.
  • Fix OBO user error handling. See #​3712.
  • Fix override merging for app token (and others). See #​3644.
  • Fix certificate reload logic to only trigger on certificate-specific errors. See #​3653.
  • Update ROPC flow CCA to pass SendX5C to MSAL. See #​3671.

Dependencies updates

  • Bump qs in /tests/DevApps/SidecarAdapter/typescript. See #​3725.
  • Downgrade Microsoft.Extensions.Configuration.Binder to 2.1.0 on .NET Framework. See #​3730.
  • Update .NET SDK to 10.0.103 to address DOTNET-Security-10.0 vulnerability. See #​3726.
  • Upgrade to Microsoft.Identity.Abstractions 11 for AoT compatibility. See #​3699.
  • Update to MSAL 4.81.0. See #​3665.

Documentation

  • Add documentation for auto-generated session key for long-running OBO session. See #​3729.
  • Improve the Aspire doc article and skills. See #​3695.
  • Add an article and agent skill to add Entra ID to an Aspire app. See #​3689.
  • Fix misleading comment in CertificatelessOptions.ManagedIdentityClientId. See #​3667.
  • Add Copilot explore tool functionality. See #​3694.

Fundamentals

  • Remove unnecessary warning suppression. See #​3715.
  • Migrate labs to Lab.API 2.x (first pass). See #​3710.
  • Update Sidecar E2E test constants. See #​3693.
  • Fix intermittent failures in CertificatesObserverTests. See #​3687.
  • Add validation baseline exclusions. See #​3684.
  • Add dSTS integration tests. See #​3677.
  • Fix FIC test. See #​3663.
  • Update IdentityWeb version, build logic, and validation. See #​3659.

New Contributors

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the nuget group with 5 updates
b387fe4 
Bumps Azure.Data.Tables from 12.9.1 to 12.11.0
Bumps Azure.Identity from 1.12.0 to 1.18.0
Bumps Microsoft.ApplicationInsights.AspNetCore from 2.22.0 to 3.0.0
Bumps Microsoft.Identity.Web from 4.3.0 to 4.4.0
Bumps Microsoft.Identity.Web.UI from 4.3.0 to 4.4.0

---
updated-dependencies:
- dependency-name: Azure.Data.Tables
  dependency-version: 12.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget
- dependency-name: Azure.Identity
  dependency-version: 1.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget
- dependency-name: Microsoft.ApplicationInsights.AspNetCore
  dependency-version: 3.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: nuget
- dependency-name: Microsoft.Identity.Web
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget
- dependency-name: Microsoft.Identity.Web.UI
  dependency-version: 4.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Mar 1, 2026
@github-actions github-actions bot enabled auto-merge (squash) March 1, 2026 03:51
@github-actions
Copy link

github-actions bot commented Mar 1, 2026

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 4 package(s) with unknown licenses.
See the Details below.

License Issues

src/MX.TravelItinerary.Web/MX.TravelItinerary.Web.csproj

PackageVersionLicenseIssue Type
Azure.Identity1.18.0NullUnknown License
Microsoft.ApplicationInsights.AspNetCore3.0.0NullUnknown License
Microsoft.Identity.Web4.4.0NullUnknown License
Microsoft.Identity.Web.UI4.4.0NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
nuget/Azure.Data.Tables 12.11.0 🟢 6.9
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Code-Review🟢 10all changesets reviewed
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
Binary-Artifacts🟢 9binaries present in source code
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
nuget/Azure.Identity 1.18.0 UnknownUnknown
nuget/Microsoft.ApplicationInsights.AspNetCore 3.0.0 UnknownUnknown
nuget/Microsoft.Identity.Web 4.4.0 UnknownUnknown
nuget/Microsoft.Identity.Web.UI 4.4.0 UnknownUnknown

Scanned Files

  • src/MX.TravelItinerary.Web/MX.TravelItinerary.Web.csproj

@github-actions
Copy link

github-actions bot commented Mar 1, 2026
edited
Loading

Superseded — A newer run has replaced this result.

🏗️ Terraform Plan

🌍 Environment: dev

✅ Validate — Passed

❌ Plan — Failed. Check the workflow logs for details.

@github-actions
Copy link

github-actions bot commented Mar 1, 2026

🏗️ Terraform Plan

🌍 Environment: dev

✅ Validate — Passed

❌ Plan — Failed. Check the workflow logs for details.

@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 1, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@frasermolyneux frasermolyneux

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@frasermolyneux