Dependencies: Update server dependencies (#20385)

* Bump Azure.Identity from 1.13.2 to 1.16.0

* Bump BenchmarkDotNet from 0.14.0 to 0.15.4

* Bump Bogus from 35.6.3 to 35.6.4

* Bump HtmlAgilityPack from 1.12.1 to 1.12.4

* Bump MailKit from 4.11.0 to 4.14.0

* Bump MessagePack from 3.1.3 to 3.1.4

* Bump Microsoft.AspNetCore.Mvc.Testing from 9.0.4 to 9.0.9

* Bump Microsoft.Data.SqlClient from 6.0.1 to 6.1.1

* Bump Microsoft.Extensions.Caching.Hybrid from 9.8.0 to 9.9.0

* Bump Microsoft.Extensions.Logging.Debug from 9.0.4 to 9.0.9

* Bump Microsoft.NET.Test.Sdk from 17.13.0 to 18.0.0

* Bump ncrontab from 3.3.3 to 3.4.0

* Bump Nerdbank.GitVersioning from 3.7.115 to 3.8.118

* Bump OpenIddict packages from 6.2.1 to 7.1.0

* Bump Serilog from 4.2.0 to 4.3.0

* Bump Serilog.Sinks.File from 6.0.0 to 7.0.0

* Bump Swashbuckle.AspNetCore from 8.1.1 to 9.0.6

* Bump System.Data.Odbc from 9.0.4 to 9.0.9

* Bump System.Data.OleDb from 9.0.4 to 9.0.9

* Bump Microsoft.IdentityModel.JsonWebTokens from 8.8.0 to 8.14.0

* Bump SixLabors.ImageSharp.Web from 3.1.5 to 3.2.0

- Implicit global usings were made opt-in (SixLabors/ImageSharp.Web#391)

* Bump NJsonSchema from 11.0.2 to 11.5.1

* Bump Microsoft packages from 10.0.0-preview.7.25380.108 to 10.0.0-rc.1.25451.107

* Remove Azure.Identity package reference as implicitly referenced versions are no longer vulnerable

* Remove System.Runtime.Caching package reference as it is not used

* Remove System.Net.Http package reference as it is not used

* Set 'allowPrerelease' to true

Global.json was showing as invalid due to a pre-release version being referenced while 'allowPrerelease' was set to 'false'. This can be set to 'false' again later on.

* Remove System.Security.Cryptography.Xml package reference as implicitly referenced versions are no longer vulnerable

* Remove System.Text.RegularExpressions package reference as implicitly referenced versions are no longer vulnerable

* Remove Microsoft.IdentityModel.JsonWebTokens package reference as implicitly referenced versions are no longer vulnerable

* Remove System.Text.Encodings.Web package reference as it is not used

* Remove Microsoft.Data.SqlClient package reference as implicitly referenced versions are no longer vulnerable

* Remove Lucene.Net.Replicator package reference as implicitly referenced versions are no longer vulnerable

* Remove Microsoft.Extensions.Caching.Memory package reference where not used

* Add EFCore migration for OpenIddict v7 update

* Apply suggestion from @kjac

Cosmetic update: Removed blank line as suggested by Copilot

---------

Co-authored-by: Kenn Jacobsen <[email protected]>

Author: lauraneto

Directory.Packages.props

@@ -5,39 +5,39 @@
   </PropertyGroup>
   <!-- Global packages (private, build-time packages for all projects) -->
   <ItemGroup>
-    <GlobalPackageReference Include="Nerdbank.GitVersioning" Version="3.7.115" />
+    <GlobalPackageReference Include="Nerdbank.GitVersioning" Version="3.8.118" />
     <GlobalPackageReference Include="StyleCop.Analyzers" Version="1.2.0-beta.556" />
     <GlobalPackageReference Include="Umbraco.Code" Version="2.4.0" />
     <GlobalPackageReference Include="Umbraco.GitVersioning.Extensions" Version="0.2.0" />
   </ItemGroup>
   <!-- Microsoft packages -->
   <ItemGroup>
-    <PackageVersion Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="10.0.0-preview.7.25380.108" />
+    <PackageVersion Include="Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation" Version="10.0.0-rc.1.25451.107" />
     <PackageVersion Include="Microsoft.CodeAnalysis.CSharp" Version="4.14.0" />
     <PackageVersion Include="Microsoft.CodeAnalysis.Common" Version="4.14.0" />
     <PackageVersion Include="Microsoft.CodeAnalysis.CSharp.Workspaces" Version="4.14.0" />
     <PackageVersion Include="Microsoft.CodeAnalysis.Workspaces.Common" Version="4.14.0" />
     <PackageVersion Include="Microsoft.CodeAnalysis.Workspaces.MSBuild" Version="4.14.0" />
-    <PackageVersion Include="Microsoft.Data.Sqlite" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.Sqlite" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.SqlServer" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.Extensions.Caching.Abstractions" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.Extensions.Caching.Memory" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.Extensions.Configuration.Abstractions" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.Extensions.Configuration.Json" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.Extensions.DependencyInjection" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.Extensions.FileProviders.Embedded" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.Extensions.FileProviders.Physical" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.Extensions.Hosting.Abstractions" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.Extensions.Http" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.Extensions.Identity.Core" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.Extensions.Identity.Stores" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.Extensions.Logging" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.Extensions.Options" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.Extensions.Options.DataAnnotations" Version="10.0.0-preview.7.25380.108" />
-    <PackageVersion Include="Microsoft.Extensions.Caching.Hybrid" Version="9.8.0" />
+    <PackageVersion Include="Microsoft.Data.Sqlite" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Sqlite" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.SqlServer" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.EntityFrameworkCore.Design" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.Extensions.Caching.Abstractions" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.Extensions.Caching.Memory" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.Extensions.Configuration.Abstractions" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.Extensions.Configuration.Json" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.Extensions.DependencyInjection" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.Extensions.FileProviders.Embedded" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.Extensions.FileProviders.Physical" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.Extensions.Hosting.Abstractions" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.Extensions.Http" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.Extensions.Identity.Core" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.Extensions.Identity.Stores" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.Extensions.Logging" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.Extensions.Options" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.Extensions.Options.ConfigurationExtensions" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.Extensions.Options.DataAnnotations" Version="10.0.0-rc.1.25451.107" />
+    <PackageVersion Include="Microsoft.Extensions.Caching.Hybrid" Version="9.9.0" />
     <PackageVersion Include="System.Linq.Async" Version="6.0.3" />
   </ItemGroup>
   <!-- Umbraco packages -->
@@ -51,21 +51,21 @@
     <PackageVersion Include="Dazinator.Extensions.FileProviders" Version="2.0.0" />
     <PackageVersion Include="Examine" Version="3.7.1" />
     <PackageVersion Include="Examine.Core" Version="3.7.1" />
-    <PackageVersion Include="HtmlAgilityPack" Version="1.12.1" />
+    <PackageVersion Include="HtmlAgilityPack" Version="1.12.4" />
     <PackageVersion Include="JsonPatch.Net" Version="3.3.0" />
     <PackageVersion Include="K4os.Compression.LZ4" Version="1.3.8" />
-    <PackageVersion Include="MailKit" Version="4.11.0" />
+    <PackageVersion Include="MailKit" Version="4.14.0" />
     <PackageVersion Include="Markdown" Version="2.2.1" />
-    <PackageVersion Include="MessagePack" Version="3.1.3" />
+    <PackageVersion Include="MessagePack" Version="3.1.4" />
     <PackageVersion Include="MiniProfiler.AspNetCore.Mvc" Version="4.5.4" />
     <PackageVersion Include="MiniProfiler.Shared" Version="4.5.4" />
-    <PackageVersion Include="ncrontab" Version="3.3.3" />
+    <PackageVersion Include="ncrontab" Version="3.4.0" />
     <PackageVersion Include="NPoco" Version="6.1.0" />
     <PackageVersion Include="NPoco.SqlServer" Version="6.1.0" />
-    <PackageVersion Include="OpenIddict.Abstractions" Version="6.2.1" />
-    <PackageVersion Include="OpenIddict.AspNetCore" Version="6.2.1" />
-    <PackageVersion Include="OpenIddict.EntityFrameworkCore" Version="6.2.1" />
-    <PackageVersion Include="Serilog" Version="4.2.0" />
+    <PackageVersion Include="OpenIddict.Abstractions" Version="7.1.0" />
+    <PackageVersion Include="OpenIddict.AspNetCore" Version="7.1.0" />
+    <PackageVersion Include="OpenIddict.EntityFrameworkCore" Version="7.1.0" />
+    <PackageVersion Include="Serilog" Version="4.3.0" />
     <PackageVersion Include="Serilog.AspNetCore" Version="9.0.0" />
     <PackageVersion Include="Serilog.Enrichers.Process" Version="3.0.0" />
     <PackageVersion Include="Serilog.Enrichers.Thread" Version="4.0.0" />
@@ -75,33 +75,13 @@
     <PackageVersion Include="Serilog.Formatting.Compact.Reader" Version="4.0.0" />
     <PackageVersion Include="Serilog.Settings.Configuration" Version="9.0.0" />
     <PackageVersion Include="Serilog.Sinks.Async" Version="2.1.0" />
-    <PackageVersion Include="Serilog.Sinks.File" Version="6.0.0" />
+    <PackageVersion Include="Serilog.Sinks.File" Version="7.0.0" />
     <PackageVersion Include="Serilog.Sinks.Map" Version="2.0.0" />
     <PackageVersion Include="SixLabors.ImageSharp" Version="3.1.11" />
-    <PackageVersion Include="SixLabors.ImageSharp.Web" Version="3.1.5" />
-    <PackageVersion Include="Swashbuckle.AspNetCore" Version="8.1.1" />
+    <PackageVersion Include="SixLabors.ImageSharp.Web" Version="3.2.0" />
+    <PackageVersion Include="Swashbuckle.AspNetCore" Version="9.0.6" />
   </ItemGroup>
   <!-- Transitive pinned versions (only required because our direct dependencies have vulnerable versions of transitive dependencies) -->
   <ItemGroup>
-    <!-- Microsoft.EntityFrameworkCore.SqlServer and NPoco.SqlServer brings in a vulnerable version of Azure.Identity -->
-    <!-- Take top-level depedendency on Azure.Identity, because Microsoft.EntityFrameworkCore.SqlServer depends on a vulnerable version -->
-    <PackageVersion Include="Azure.Identity" Version="1.13.2" />
-    <!-- Microsoft.EntityFrameworkCore.SqlServer brings in a vulnerable version of System.Runtime.Caching -->
-    <PackageVersion Include="System.Runtime.Caching" Version="10.0.0-preview.7.25380.108" />
-    <!-- Dazinator.Extensions.FileProviders brings in a vulnerable version of System.Net.Http -->
-    <PackageVersion Include="System.Net.Http" Version="4.3.4" />
-    <!-- Examine brings in a vulnerable version of System.Security.Cryptography.Xml -->
-    <PackageVersion Include="System.Security.Cryptography.Xml" Version="10.0.0-preview.7.25380.108" />
-    <!-- Dazinator.Extensions.FileProviders and MiniProfiler.AspNetCore.Mvc brings in a vulnerable version of System.Text.RegularExpressions -->
-    <PackageVersion Include="System.Text.RegularExpressions" Version="4.3.1" />
-    <!-- OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer brings in a vulnerable version of Microsoft.IdentityModel.JsonWebTokens -->
-    <!-- Take top-level depedendency on Microsoft.IdentityModel.JsonWebTokens, because OpenIddict.AspNetCore, Npoco.SqlServer and Microsoft.EntityFrameworkCore.SqlServer depends on a vulnerable version -->
-    <PackageVersion Include="Microsoft.IdentityModel.JsonWebTokens" Version="8.8.0" />
-    <!-- Azure.Identity, Microsoft.EntityFrameworkCore.SqlServer and Dazinator.Extensions.FileProviders brings in a legacy version of System.Text.Encodings.Web -->
-    <PackageVersion Include="System.Text.Encodings.Web" Version="10.0.0-preview.7.25380.108" />
-    <!-- NPoco.SqlServer brings in a vulnerable version of Microsoft.Data.SqlClient  -->
-    <PackageVersion Include="Microsoft.Data.SqlClient" Version="6.0.1" />
-    <!-- Examine.Lucene brings in a vulnerable version of Lucene.Net.Replicator -->
-    <PackageVersion Include="Lucene.Net.Replicator" Version="4.8.0-beta00017" />
   </ItemGroup>
 </Project>

global.json

@@ -2,6 +2,6 @@
   "sdk": {
     "version": "10.0.100-rc.1.25451.107",
     "rollForward": "latestFeature",
-    "allowPrerelease": false
+    "allowPrerelease": true
   }
 }

src/Umbraco.Cms.Api.Common/Umbraco.Cms.Api.Common.csproj

@@ -16,11 +16,6 @@
     <PackageReference Include="OpenIddict.AspNetCore" />
   </ItemGroup>
 
-  <ItemGroup>
-    <!-- Take top-level depedendency on OpenIddict.AspNetCore depends on a vulnerable version -->
-    <PackageReference Include="Microsoft.Extensions.Caching.Memory" />
-  </ItemGroup>
-
   <ItemGroup>
     <ProjectReference Include="..\Umbraco.Core\Umbraco.Core.csproj" />
     <ProjectReference Include="..\Umbraco.Web.Common\Umbraco.Web.Common.csproj" />

src/Umbraco.Cms.Imaging.ImageSharp/ConfigureImageSharpMiddlewareOptions.cs

@@ -3,6 +3,7 @@
 using Microsoft.AspNetCore.Http.Headers;
 using Microsoft.Extensions.Options;
 using Microsoft.Net.Http.Headers;
+using SixLabors.ImageSharp;
 using SixLabors.ImageSharp.Formats.Webp;
 using SixLabors.ImageSharp.Web.Commands;
 using SixLabors.ImageSharp.Web.Middleware;

src/Umbraco.Cms.Imaging.ImageSharp/ImageProcessors/CropWebProcessor.cs

@@ -1,7 +1,10 @@
 using System.Globalization;
 using System.Numerics;
 using Microsoft.Extensions.Logging;
+using SixLabors.ImageSharp;
 using SixLabors.ImageSharp.Metadata.Profiles.Exif;
+using SixLabors.ImageSharp.Processing;
+using SixLabors.ImageSharp.Web;
 using SixLabors.ImageSharp.Web.Commands;
 using SixLabors.ImageSharp.Web.Processors;
 

src/Umbraco.Cms.Imaging.ImageSharp/Media/ImageSharpDimensionExtractor.cs

@@ -1,3 +1,4 @@
+using SixLabors.ImageSharp;
 using SixLabors.ImageSharp.Formats;
 using SixLabors.ImageSharp.Metadata.Profiles.Exif;
 using Umbraco.Cms.Core.Media;

src/Umbraco.Cms.Imaging.ImageSharp/Media/ImageSharpImageUrlGenerator.cs

@@ -3,6 +3,8 @@
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
 using Microsoft.Extensions.Primitives;
+using SixLabors.ImageSharp;
+using SixLabors.ImageSharp.Web;
 using SixLabors.ImageSharp.Web.Middleware;
 using SixLabors.ImageSharp.Web.Processors;
 using Umbraco.Cms.Core.DependencyInjection;

src/Umbraco.Cms.Imaging.ImageSharp/UmbracoBuilderExtensions.cs

@@ -1,5 +1,6 @@
 using Microsoft.Extensions.DependencyInjection;
 using Microsoft.Extensions.Options;
+using SixLabors.ImageSharp;
 using SixLabors.ImageSharp.Web.Caching;
 using SixLabors.ImageSharp.Web.DependencyInjection;
 using SixLabors.ImageSharp.Web.Middleware;