Skip to content

Bump the safe-api-dependencies group with 9 updates #424

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the safe-api-dependencies group with 9 updates #424

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 1, 2026

Updated Google.Cloud.Firestore from 3.11.0 to 3.13.0.

Release notes

Sourced from Google.Cloud.Firestore's releases.

3.13.0

New features

  • Update documentation with .NET 10 compatibility workaround

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Authentication.OpenIdConnect from 9.0.10 to 9.0.11.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.OpenIdConnect's releases.

9.0.11

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.10...v9.0.11

Commits viewable in compare view.

Updated Microsoft.AspNetCore.DataProtection.StackExchangeRedis from 9.0.10 to 9.0.11.

Release notes

Sourced from Microsoft.AspNetCore.DataProtection.StackExchangeRedis's releases.

9.0.11

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.10...v9.0.11

Commits viewable in compare view.

Updated Microsoft.AspNetCore.SpaProxy from 9.0.10 to 9.0.11.

Release notes

Sourced from Microsoft.AspNetCore.SpaProxy's releases.

9.0.11

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.10...v9.0.11

Commits viewable in compare view.

Updated Microsoft.Data.SqlClient from 6.1.2 to 6.1.3.

Release notes

Sourced from Microsoft.Data.SqlClient's releases.

6.1.3

This update includes the following changes since the 6.1.2 release:

Added

App Context Switch for Ignoring Server-Provided Failover Partner

What Changed:

  • A new app context switch Switch.Microsoft.Data.SqlClient.IgnoreServerProvidedFailoverPartner was introduced to let the client ignore server-provided failover partner info in Basic Availability Groups (BAGs). When the switch is enabled, only the failover partner specified in the connection string is used; server-supplied partner values are skipped. This context switch was introduced in PR #​3702.

Who Benefits:

  • Applications connecting to SQL Server BAGs using TCP and custom ports, especially where the server's provided partner name lacks the protocol, host, or port. This avoids connection failures when the server-provided partner is incompatible or incomplete.
  • Teams who manage availability groups and rely on client-side control of failover behavior in heterogeneous networking environments.

Impact:

  • If your environment might be affected (i.e., you operate a BAG with custom ports, or have experienced failures after failover), you can enable the new switch in your application:
AppContext.SetSwitch("Switch.Microsoft.Data.SqlClient.IgnoreServerProvidedFailoverPartner", true);
  • Then, ensure your connection string includes your preferred failover partner (with correct tcp:host,port) so that the client uses that instead of the server's suggestion.
  • Without enabling this, by default, the client continues to prefer the server-provided partner, maintaining backwards compatibility.

Fixed

  • Fixed an issue to ensure reliable metrics initialization during startup, preventing missed telemetry when EventSource is enabled early. (#​3718)

Target Platform Support

  • .NET Framework 4.6.2+ (Windows ARM64, Windows x86, Windows x64)
  • .NET 8.0+ (Windows x86, Windows x64, Windows ARM64, Windows ARM, Linux, macOS)

Dependencies

.NET Framework 4.6.2+

  • Azure.Core 1.47.1
  • Azure.Identity 1.14.2
  • Microsoft.Bcl.Cryptography 8.0.0
  • Microsoft.Data.SqlClient.SNI 6.0.2
  • Microsoft.Extensions.Caching.Memory 8.0.1
  • Microsoft.IdentityModel.JsonWebTokens 7.7.1
  • Microsoft.IdentityModel.Protocols.OpenIdConnect 7.7.1
  • System.Buffers 4.5.1
  • System.Data.Common 4.3.0
  • System.Security.Cryptography.Pkcs 8.0.1
  • System.Text.Encodings.Web 8.0.0
    ... (truncated)

Commits viewable in compare view.

Updated Microsoft.Extensions.Caching.StackExchangeRedis from 9.0.10 to 9.0.11.

Release notes

Sourced from Microsoft.Extensions.Caching.StackExchangeRedis's releases.

9.0.11

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.10...v9.0.11

Commits viewable in compare view.

Updated Microsoft.Extensions.Http.Polly from 9.0.10 to 9.0.11.

Release notes

Sourced from Microsoft.Extensions.Http.Polly's releases.

9.0.11

Release

What's Changed

Full Changelog: dotnet/aspnetcore@v9.0.10...v9.0.11

Commits viewable in compare view.

Updated Serilog.Sinks.Console from 6.0.0 to 6.1.1.

Release notes

Sourced from Serilog.Sinks.Console's releases.

6.1.1

What's Changed

Full Changelog: serilog/serilog-sinks-console@v6.1.0...v6.1.1

6.1.0

  • #​165 - support for {UtcTimestamp} in output templates (@​ManuelRin)
  • #​172, #​173 - switch build to Serilog org standard (@​nblumhardt)

Commits viewable in compare view.

Updated System.Net.Http.Json from 9.0.10 to 9.0.11.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the safe-api-dependencies group with 9 updates
ee268bf 
Bumps Google.Cloud.Firestore from 3.11.0 to 3.13.0
Bumps Microsoft.AspNetCore.Authentication.OpenIdConnect from 9.0.10 to 9.0.11
Bumps Microsoft.AspNetCore.DataProtection.StackExchangeRedis from 9.0.10 to 9.0.11
Bumps Microsoft.AspNetCore.SpaProxy from 9.0.10 to 9.0.11
Bumps Microsoft.Data.SqlClient from 6.1.2 to 6.1.3
Bumps Microsoft.Extensions.Caching.StackExchangeRedis from 9.0.10 to 9.0.11
Bumps Microsoft.Extensions.Http.Polly from 9.0.10 to 9.0.11
Bumps Serilog.Sinks.Console from 6.0.0 to 6.1.1
Bumps System.Net.Http.Json from 9.0.10 to 9.0.11

---
updated-dependencies:
- dependency-name: Google.Cloud.Firestore
  dependency-version: 3.13.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe-api-dependencies
- dependency-name: Microsoft.AspNetCore.Authentication.OpenIdConnect
  dependency-version: 9.0.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: safe-api-dependencies
- dependency-name: Microsoft.AspNetCore.DataProtection.StackExchangeRedis
  dependency-version: 9.0.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: safe-api-dependencies
- dependency-name: Microsoft.AspNetCore.SpaProxy
  dependency-version: 9.0.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: safe-api-dependencies
- dependency-name: Microsoft.Data.SqlClient
  dependency-version: 6.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: safe-api-dependencies
- dependency-name: Microsoft.Extensions.Caching.StackExchangeRedis
  dependency-version: 9.0.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: safe-api-dependencies
- dependency-name: Microsoft.Extensions.Http.Polly
  dependency-version: 9.0.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: safe-api-dependencies
- dependency-name: Serilog.Sinks.Console
  dependency-version: 6.1.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: safe-api-dependencies
- dependency-name: System.Net.Http.Json
  dependency-version: 9.0.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: safe-api-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Jan 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .net code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant