[deps]: Update nuget minor

[renovate]

Coming soon: The Renovate bot (GitHub App) will be renamed to Mend. PRs from Renovate will soon appear from 'Mend'. Learn more here.

This PR contains the following updates:

Package	Change	Age	Confidence
Azure.Extensions.AspNetCore.DataProtection.Keys (source)	1.3.0 -> 1.6.1
Azure.Identity (source)	1.13.2 -> 1.15.0
Bogus	35.6.1 -> 35.6.3
Fido2	4.0.0-beta.16 -> 4.0.0
Fido2.AspNet	4.0.0-beta.16 -> 4.0.0
Fido2.Models	4.0.0-beta.16 -> 4.0.0
MailKit (source)	4.9.0 -> 4.13.0
MartinCostello.Logging.XUnit	0.5.1 -> 0.6.0
MessagePack	3.1.1 -> 3.1.4
MessagePackAnalyzer	3.1.1 -> 3.1.4
Microsoft.AspNetCore.Cryptography.KeyDerivation (source)	9.0.1 -> 9.0.9
Microsoft.AspNetCore.DataProtection.EntityFrameworkCore (source)	9.0.1 -> 9.0.9
Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore (source)	9.0.1 -> 9.0.9
Microsoft.AspNetCore.Identity.EntityFrameworkCore (source)	9.0.1 -> 9.0.9
Microsoft.AspNetCore.Identity.UI (source)	9.0.1 -> 9.0.9
Microsoft.AspNetCore.Mvc.Testing (source)	9.0.1 -> 9.0.9
Microsoft.AspNetCore.OpenApi (source)	9.0.1 -> 9.0.9
Microsoft.EntityFrameworkCore (source)	9.0.1 -> 9.0.9
Microsoft.EntityFrameworkCore.Design (source)	9.0.1 -> 9.0.9
Microsoft.EntityFrameworkCore.InMemory (source)	9.0.1 -> 9.0.9
Microsoft.EntityFrameworkCore.Relational (source)	9.0.1 -> 9.0.9
Microsoft.EntityFrameworkCore.SqlServer (source)	9.0.1 -> 9.0.9
Microsoft.EntityFrameworkCore.Sqlite (source)	9.0.1 -> 9.0.9
Microsoft.EntityFrameworkCore.Tools (source)	9.0.1 -> 9.0.9
Microsoft.Extensions.Configuration.Abstractions (source)	9.0.1 -> 9.0.9
Microsoft.Extensions.Diagnostics.HealthChecks.EntityFrameworkCore (source)	9.0.1 -> 9.0.9
Microsoft.Extensions.Logging.Abstractions (source)	9.0.1 -> 9.0.9
Microsoft.Extensions.TimeProvider.Testing (source)	9.1.0 -> 9.8.0
Microsoft.FeatureManagement.AspNetCore	4.0.0 -> 4.3.0
Microsoft.NET.Test.Sdk	17.12.0 -> 17.14.1
Selenium.WebDriver (source)	4.28.0 -> 4.35.0
Serilog.Sinks.Datadog.Logs	0.5.4 -> 0.5.6
System.Configuration.ConfigurationManager (source)	9.0.1 -> 9.0.9
Testcontainers.MsSql (source)	4.1.0 -> 4.7.0
bunit (source)	1.38.5 -> 1.40.0
xunit.runner.visualstudio	3.0.1 -> 3.1.4

---

Release Notes

Azure/azure-sdk-for-net (Azure.Extensions.AspNetCore.DataProtection.Keys)

v1.6.1

Compare Source

1.6.1 (2025-06-23)

Acknowledgments

Thank you to our developer community members who helped to make the Event Hubs client libraries better with their contributions to this release:

• Mike Alhayek (GitHub)

Bugs Fixed

• Updated ConfigureKeyManagementKeyVaultEncryptorClientOptions to ensure that its dependencies were resolved in the correct scope to prevent issues due to lifetime drift. Previously, a new scope was created to resolve AzureKeyVaultXmlEncryptor. However, AzureKeyVaultXmlEncryptor is registered as a singleton and should be resolved from the same scope in which the options are being configured. Creating a new scope introduced unnecessary overhead and potential for unexpected behavior due to differences in service lifetime management. (A community contribution, courtesy of danielmarbach)

v1.6.0

Compare Source

1.6.0 (2025-06-10)

Features Added

• Updated service API version to use API version 2023-10-31 by default.

Breaking changes

• Renamed tags reported on DigitalTwinsClient activities to follow OpenTelemetry attribute naming conventions:
  • digitalTwinId to az.digitaltwins.twin.id
  • componentName to az.digitaltwins.component.name
  • relationshipName to az.digitaltwins.relationship.name
  • modelId to az.digitaltwins.model.id
  • jobId to az.digitaltwins.job.id
  • query to az.digitaltwins.query
  • eventRouteId to az.digitaltwins.event_route.id
  • messageId to az.digitaltwins.message.id

v1.5.0

Compare Source

1.5.0 (2025-02-11)

Other Changes

• Updated dependencies to ensure they are up-to-date with the latest targets and trimming from built-in dependencies.

v1.4.0

Compare Source

1.4.0 (2024-11-26)

Other Changes

• Updated dependency Microsoft.Extensions.DependencyInjection to version 8.0.11
• Updated dependency Microsoft.Bcl.AsyncInterfaces to version 8.0.0

bchavez/Bogus (Bogus)

v35.6.3

Release Date: 2025-04-12

• Issue 601: Fixes Internet.Avatar() URL generation. Moves from Cloudflare IPFS to IPFS.io.
• Fixed broken checksum calculation test in BelgianExtensionTests.
• .NET SDK 9 now required for builds. Various C# improvements and modernizations. Thanks @​SimonCropp!

v35.6.2

Release Date: 2025-02-20

• PR 584: Pack LICENSE file with NuGet package. Also, use ProjectIcon.
• Issue 581: Fix Randomizer.ULong() arithmetic overflow. Thanks @​reuterma24!
• PR 586: Use .NET 9 SDK build tooling. Thanks @​SimonCropp!
• PR 587: Fix CS1584 incorrect use of cref in XML doc comment. Thanks @​SimonCropp!
• PR 589: Unlock ability to use any .NET SDK build tooling on AppVeyor. Thanks @​SimonCropp!

passwordless-lib/fido2-net-lib (Fido2)

v4.0.0: - At last

Compare Source

I believe it's finally time to ship a new stable version, after shipping 17 betas of the 4.0.0 branch.

4.0 contains lots of breaking changes to the API, but also contains support for modern .net features and a lot of cleanups in terms of the webauthn implementation.

We wanted to include some refreshments to our MDS implementation and use of cache -- but we're punting it to a future release.

Here's a migration guide, authored by claude ai to get you started: https://github.com/passwordless-lib/fido2-net-lib/blob/main/Documentation/migration-guide-4.0.0.md

What's Changed

• Added draft of Vulnerability Disclosure Program by @​abergs in #​315
• Format Tests by @​iamcarbon in #​320
• fix: usernameless demos by @​imqdee in #​324
• Improve exception handling by @​iamcarbon in #​323
• Improve Code Quality by @​iamcarbon in #​326
• Updated sourcelink by @​abergs in #​327
• Fix serialization error in Demo. Fixes #​328 by @​abergs in #​329
• added [DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicFields)] annotations to generic enums by @​filipw in #​330
• Check return value from Base64.DecodeFromUtf8InPlace(), throw if error by @​aseigler in #​331
• Implement support for apple-appattest attestation format by @​aseigler in #​322
• Add Mac and Linux to test pipeline by @​aseigler in #​332
• Pipelines fixes by @​abergs in #​333
• Support ResidentKeyRequirement by @​dIeGoLi in #​311
• Use file scoped namespaces by @​iamcarbon in #​343
• Fix TestAppleAppAttestProd test on macOS & Linux by @​iamcarbon in #​347
• Fixed clientDataJSON name by @​namespacedevbox in #​348
• Improve error handling by @​iamcarbon in #​344
• Update link in Readme by @​mlh758 in #​354
• Update tests to get clean CI by @​aseigler in #​355
• Fixes Fido2Configuration.FullyQualifiedOrigins contains a null entry when configured from a configuration section on .NET 7 in #​360
• Improve Code Quality by @​iamcarbon in #​352
• Fix Conformance Test by @​iamcarbon in #​363
• Strongly type AaGuid by @​iamcarbon in #​362
• SourceLink consolidation by @​Regenhardt in #​384
• WIP: Support device public key and passkeys by @​aseigler in #​356
• Simplify enum mapping & update specification links by @​iamcarbon in #​368
• Make Origins readonly by @​Regenhardt in #​393
• Feature/blazor wasm by @​Regenhardt in #​379
• Use correct Origin in Blazor example by @​abergs in #​408
• Support for PRF Extension by @​kspearrin in #​390
• Improve Code Quality by @​iamcarbon in #​405
• Fix demo project starting exception: change TargetFrameworks to TargetFramework by @​yedidyas in #​403
• Fix AuthenticationExtensionsClientInputs Example json prop name for conformance tests by @​yedidyas in #​404
• [WIP] Make AuthenticatorData immutable and strongly type throughout library by @​iamcarbon in #​412
• Add .bool to Output aswell by @​abergs in #​409
• Added Enterprise attestation by @​abergs in #​410
• Prefer Ed25519 when available by @​abergs in #​413
• Add CredentialPropertiesOuput (RK Support) by @​abergs in #​411
• Enable C# 11 and embed base64 encoded certificates as UTF-8 data by @​iamcarbon in #​414
• Cleanup by @​iamcarbon in #​417
• Improve Code Quality by @​iamcarbon in #​421
• [WIP] Improve Code Quality by @​iamcarbon in #​422
• dotnet format by @​abergs in #​425
• Breakout development services & improve naming by @​iamcarbon in #​427
• Add smart-card and hybrid transports by @​dbeinder in #​430
• Use DateTimeOffset by @​joegoldman2 in #​434
• Remove AuthenticatorSelection extension by @​joegoldman2 in #​435
• Rename Fido2NetLib.cs file to Fido2.cs in order to match with the class name by @​joegoldman2 in #​438
• Update to latest version of FIDO Metadata Service by @​joegoldman2 in #​442
• Fix GitHub repository url by @​joegoldman2 in #​451
• Update System.IdentityModel.Tokens.Jwt and xunit by @​iamcarbon in #​431
• Rename CredentialMakeResult to MakeNewCredentialResult and adjust its namespace by @​joegoldman2 in #​433
• Remove hardcoded Metadata Service BLOB url to allow users to override it by @​joegoldman2 in #​444
• Add some missing comments on public methods by @​joegoldman2 in #​440
• Rename AuthenticatorAttestationRawResponse.ResponseData to AttestationResponse by @​joegoldman2 in #​455
• Rename clientDataJson to clientDataJSON by @​joegoldman2 in #​450
• Align MSBuild properties across all projects by @​joegoldman2 in #​437
• Update timeout data type to ulong by @​joegoldman2 in #​462
• Rename origChallenge parameter in Fido2.MakeNewCredentialAsync by @​joegoldman2 in #​460
• Added github workflow for building, testing and packing by @​abergs in #​464
• Removed publishing step from PRs by @​abergs in #​475
• Use net8.0 SDK by @​iamcarbon in #​468
• Map authenticator transports on server side by @​joegoldman2 in #​453
• List<PublicKeyCredentialDescriptor>/IEnumerable<PublicKeyCredentialDescriptor> to IReadOnlyList<PublicKeyCredentialDescriptor> by @​joegoldman2 in #​447
• Update AttestationVerifier api to Async by @​iamcarbon in #​458
• Remove binary serialization by @​iamcarbon in #​465
• Change List<byte[]> storedDevicePublicKeys to IReadOnlyList<byte[]> by @​joegoldman2 in #​477
• Publish packages to nuget by @​abergs in #​479
• Pubhlish to nuget by @​abergs in #​481
• Pubhlish to nuget by @​abergs in #​483
• Pubhlish to nuget by @​abergs in #​484
• Rename 'extensions' to 'clientExtensionResults' for deserialization by @​jonashendrickx in #​474
• Rename extensions to clientExtensionResults by @​joegoldman2 in #​485
• [Draft] Add credProtect extension to Fido2.Models by @​dbeinder in #​448
• Migrate to Microsoft.IdentityModel.JsonWebTokens by @​iamcarbon in #​476
• Tidy up tests by @​iamcarbon in #​494
• Review lifecycle of services registered in the DI container by @​joegoldman2 in #​459
• Drop assertion-time attestation by @​joegoldman2 in #​499
• Generate XML documentation file by @​joegoldman2 in #​502
• Tidying by @​iamcarbon in #​500
• Update to .NET 8 by @​joegoldman2 in #​503
• Rename Base64Converter.cs to Base64UrlConverter.cs by @​joegoldman2 in #​506
• NuGet.org signatures have been updated - Fix Build by @​jonashendrickx in #​525
• Added authenticatorDisplayName to ClientPropertiesOutput by @​aritma-fredrikef in #​526
• Improve Code Quality by @​iamcarbon in #​509
• Add support for largeBlob extension by @​geel9 in #​508
• Missing nullable enable due to merges by @​abergs in #​527
• Implement PublicKeyCredentialHint for WebAuthn L3 by @​jonashendrickx in #​524
• Resolve StoredCredential.Descriptor at access(?) by @​abergs in #​528
• Remove base-class, Status and ErrorMessage by @​abergs in #​529
• Update MetadataStatement to include friendly names by @​joegoldman2 in #​544
• conformance 1.7.20 4 by @​abergs in #​531
• Fixing demo project makeAssertionOptions.status processing by @​Fasjeit in #​551
• Move Test folder to Tests/Fido2.Tests by @​joegoldman2 in #​549
• Various cleanup by @​joegoldman2 in #​558
• Wrap arguments into classes by @​abergs in #​556
• README.md Medium link fixed by @​jiiggy in #​539
• Supporting attestation formats by @​jonashendrickx in #​530
• Drop support for device public key (dpk) by @​abergs in #​567
• Update Dependencies by @​iamcarbon in #​569
• Change TPM manufacturer sting comparison handling by @​aseigler in #​568
• Move KeyTypeParameter validation from CredentialPublicKey.Verify() into constructors by @​aseigler in #​571
• use coerceToArrayBuffer to post-process assertion options in Demo js by @​dradovic in #​467
• AuthenticatorSelection Default to discourage UV by @​abergs in #​564
• Fix attestationObj camelCase by @​abergs in #​576
• Change AuthenticatorSelection.Default ResidentKey from discouraged to Preferred by @​abergs in #​563
• Use BCL Base64Url implementation by @​iamcarbon in #​575
• Introduce wrapping objects for Options-methods by @​abergs in #​562
• Explain EnableRelaxedDecoding by @​abergs in #​578
• Allow customised pubKeyCredParams by @​abergs in #​579
• [Models] Enable nullable (1 of x) by @​iamcarbon in #​581
• [Models] Enable nullable (2 of 2) by @​iamcarbon in #​585
• Update Github actions by @​Regenhardt in #​590
• Base64Url Id instead of byte[] by @​Regenhardt in #​586
• Update Dependencies by @​ektrah in #​595
• Allow github push to fail while pushing to nuget by @​abergs in #​596
• fix nuget force by @​abergs in #​597
• Conformance fix: Remove trustpath subject-issuer comparison by @​abergs in #​555

New Contributors

• @​imqdee made their first contribution in #​324
• @​filipw made their first contribution in #​330
• @​namespacedevbox made their first contribution in #​348
• @​mlh758 made their first contribution in #​354
• @​Regenhardt made their first contribution in #​384
• @​kspearrin made their first contribution in #​390
• @​yedidyas made their first contribution in #​403
• @​dbeinder made their first contribution in #​430
• @​joegoldman2 made their first contribution in #​434
• @​jonashendrickx made their first contribution in #​474
• @​aritma-fredrikef made their first contribution in #​526
• @​geel9 made their first contribution in #​508
• @​Fasjeit made their first contribution in #​551
• @​jiiggy made their first contribution in #​539
• @​dradovic made their first contribution in #​467
• @​ektrah made their first contribution in #​595

Full Changelog: passwordless-lib/fido2-net-lib@v3.0.1...4.0.0

v4.0.0-beta9

Compare Source

What's Changed

• Rename 'extensions' to 'clientExtensionResults' for deserialization by @​jonashendrickx in #​474

New Contributors

• @​jonashendrickx made their first contribution in #​474

Full Changelog: passwordless-lib/fido2-net-lib@4.0.0-beta8...4.0.0-beta9

v4.0.0-beta8

What's Changed

• Pubhlish to nuget by @​abergs in #​484

Full Changelog: passwordless-lib/fido2-net-lib@4.0.0-beta7...4.0.0-beta8

v4.0.0-beta3: 4.0.0-beta3

https://www.nuget.org/packages/Fido2/4.0.0-beta3

What's Changed

• Make Origins readonly by @​Regenhardt in #​393
• Feature/blazor wasm by @​Regenhardt in #​379
• Use correct Origin in Blazor example by @​abergs in #​408
• Support for PRF Extension by @​kspearrin in #​390
• Improve Code Quality by @​iamcarbon in #​405
• Fix demo project starting exception: change TargetFrameworks to TargetFramework by @​yedidyas in #​403
• Fix AuthenticationExtensionsClientInputs Example json prop name for conformance tests by @​yedidyas in #​404
• [WIP] Make AuthenticatorData immutable and strongly type throughout library by @​iamcarbon in #​412
• Add .bool to Output aswell by @​abergs in #​409
• Added Enterprise attestation by @​abergs in #​410
• Prefer Ed25519 when available by @​abergs in #​413
• Add CredentialPropertiesOuput (RK Support) by @​abergs in #​411

New Contributors

• @​kspearrin made their first contribution in #​390
• @​yedidyas made their first contribution in #​403

Full Changelog: passwordless-lib/fido2-net-lib@v4.0.0-beta2...v4.0.0-beta3

v4.0.0-beta2: v4.0.2 Beta2

https://nuget.org/packages/fido2/4.0.0-beta2

What's Changed

• WIP: Support device public key and passkeys by @​aseigler in #​356
• Simplify enum mapping & update specification links by @​iamcarbon in #​368

Full Changelog: passwordless-lib/fido2-net-lib@4.0.0-beta1...v4.0.0-beta2

v4.0.0-beta10

Compare Source

What's Changed

• Rename extensions to clientExtensionResults by @​joegoldman2 in #​485

Full Changelog: passwordless-lib/fido2-net-lib@4.0.0-beta9...4.0.0-beta10

v4.0.0-beta1: 🌈

Compare Source

Changes

• SourceLink consolidation @​Regenhardt (#​384)
• Fix Conformance Test @​iamcarbon (#​363)
• Improve Code Quality @​iamcarbon (#​352)
• Update link in Readme @​mlh758 (#​354)
• Improve error handling @​iamcarbon (#​344)
• Fix TestAppleAppAttestProd test on macOS & Linux @​iamcarbon (#​347)
• Use file scoped namespaces @​iamcarbon (#​343)
• Support ResidentKeyRequirement @​dIeGoLi (#​311)
• Pipelines fixes @​abergs (#​333)
• Improve Code Quality @​iamcarbon (#​326)

💥 Breaking change

• Strongly type AaGuid @​iamcarbon (#​362)

🚀 Features and enhancements

• Strongly type AaGuid @​iamcarbon (#​362)
• Fixes Fido2Configuration.FullyQualifiedOrigins contains a null entry when configured from a configuration section on .NET 7 @​ghost (#​360)
• Add Mac and Linux to test pipeline @​aseigler (#​332)
• Implement support for apple-appattest attestation format @​aseigler (#​322)
• added [DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicFields)] annotations to generic enums [@​filipw](https://r

---

Configuration

📅 Schedule: Branch creation - "every 2nd week starting on the 2 week of the year before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 36.76%. Comparing base (e530e86) to head (7fb82cd).
⚠️ Report is 2 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #802   +/-   ##
=======================================
  Coverage   36.76%   36.76%           
=======================================
  Files         584      584           
  Lines       31447    31447           
  Branches      901      901           
=======================================
  Hits        11560    11560           
  Misses      19742    19742           
  Partials      145      145           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[renovate]

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.