Update nuget

[projectorigin-renovate]

This PR contains the following updates:

Package	Type	Update	Change
Google.Protobuf	nuget	minor	3.32.1 → 3.33.2
Grpc.AspNetCore	nuget	minor	2.71.0 → 2.76.0
Grpc.Tools	nuget	minor	2.72.0 → 2.76.0
Npgsql	nuget	patch	9.0.3 → 9.0.4
Npgsql.OpenTelemetry	nuget	patch	9.0.3 → 9.0.4
OpenTelemetry (source)	nuget	minor	1.12.0 → 1.14.0
OpenTelemetry.Exporter.Console (source)	nuget	minor	1.12.0 → 1.14.0
OpenTelemetry.Exporter.OpenTelemetryProtocol (source)	nuget	minor	1.12.0 → 1.14.0
OpenTelemetry.Extensions.Hosting (source)	nuget	minor	1.12.0 → 1.14.0
OpenTelemetry.Instrumentation.AspNetCore (source)	nuget	minor	1.12.0 → 1.14.0
OpenTelemetry.Instrumentation.Runtime (source)	nuget	minor	1.12.0 → 1.14.0
RabbitMQ.Client (source)	nuget	minor	7.1.2 → 7.2.0
StackExchange.Redis (source)	nuget	minor	2.9.17 → 2.10.1
Swashbuckle.AspNetCore	nuget	patch	9.0.4 → 9.0.6
System.IdentityModel.Tokens.Jwt	nuget	minor	8.14.0 → 8.15.0
dbup-postgresql (source)	nuget	minor	6.0.3 → 6.1.5
dotnet-grpc	nuget	minor	2.71.0 → 2.76.0
xunit.runner.visualstudio	nuget	patch	3.1.4 → 3.1.5

---

Release Notes

npgsql/npgsql (Npgsql)

v9.0.4

v9.0.4 contains several minor bug fixes.

Milestone issues

Full Changelog: npgsql/npgsql@v9.0.3...v9.0.4

open-telemetry/opentelemetry-dotnet (OpenTelemetry)

v1.14.0

Release details: 1.14.0

• Add support for .NET 10.0.
• Breaking Change When targeting net8.0, the package now depends on version
  8.0.0 of the Microsoft.Extensions.DependencyInjection.Abstractions,
  Microsoft.Extensions.Diagnostics.Abstractions,
  Microsoft.Extensions.Hosting.Abstractions and
  Microsoft.Extensions.Logging.Configuration NuGet packages.
• Update System.Diagnostics.DiagnosticSource dependency to 10.0.0
  for all target frameworks.
• Update Microsoft.Extensions.* dependencies to 10.0.0
  for .NET Framework and .NET Standard.
• Breaking Change NuGet packages now use the Sigstore bundle format
  (.sigstore.json) for digital signatures instead of separate signature
  (.sig) and certificate (.pem) files. This requires cosign 3.0 or later
  for verification. See the Digital signing
  section for updated verification instructions.

v1.13.1

Release details: 1.13.1

• In version 1.13.0, the digital signature (.dll-keyless.sig) and
  certificate (.dll-keyless.pem) files were unintentionally omitted from the
  published NuGet packages.
• This hotfix restores the Sigstore signing artifacts for all target frameworks
  (net462, netstandard2.0, netstandard2.1, net8.0, net9.0), ensuring
  the integrity of DLL verification using Sigstore cosign.

v1.13.0

Release details: 1.13.0

• gRPC calls to export traces, logs, and metrics using OtlpExportProtocol.Grpc
  now set the TE=trailers HTTP request header to improve interoperability.
• EventName is now exported by default as EventName instead of
  logrecord.event.name when specified through ILogger or the experimental
  log bridge API.

rabbitmq/rabbitmq-dotnet-client (RabbitMQ.Client)

v7.2.0

Full Changelog

Implemented enhancements:

• Add support for SslStreamCertificateContext in SslOption #​1864
• Consider including MessageId tag in RabbitMQActivitySource during BasicPublish #​1849
• Consider allowing to set remote span as parent instead of link when propagating context via RabbitMQ #​1666
• Make ConnectionFactory a real Factory pattern #​1844
• Release an abstractions package #​1833
• Replace IReadOnlyBasicProperties, IAmqpHeader generic type constraints in IChannel.BasicPublishAsync() with a single interface constraint. #​1813

Fixed bugs:

• ObjectDisposedException from MaybeHandlePublisherConfirmationTcsOnChannelShutdownAsync closing connection when CloseChannel Continuation is cancelled #​1865
• Possible connection leak when trying to create first connection #​1856
• Semaphore exception when publishing with confirmation #​1818
• Cancellation token not canceled in AsyncEventingBasicConsumer.ReceivedAsync #​1787
• Event handlers for Channel.ChannelShutdownAsync and Consumer.ShutdownAsync are all called on the last registration? #​1837
• Exception details lost when using async API #​1831
• Recovery loop is not cancelled on connection dispose #​1825
• Memory leak in Connection SharedArraypool #​1817
• AutorecoveringConnection Memory Leak #​1808

Closed issues:

• Ship public API changes #​1834
• Update v7 migration guide #​1724
• IConnectionFactory does not contain properties that are present in the class and are needed to correctly configure the connection. #​1836
• Unexpected AMQP close-reason, initiated by Peer, code=504, text='CHANNEL_ERROR - expected 'channel.open' #​1835
• Ship RabbitMQ.Client.OAuth2 2.0.0 #​1727

Merged pull requests:

• Prepare PublicAPI for next release #​1874 (lukebakken)
• Do not handle publisher confirms when disposed #​1873 (lukebakken)
• Bump versions #​1872 (lukebakken)
• Added option to specify ClientCertificateContext in .NET 8+ #​1866 (tyb-dev)
• fix: prevent possible connection leak in AutorecoveringConnection during creation #​1857 (krisz2000)
• Closes#1849: include a message id tag in rabbitmqactivitysource for published messages #​1852 (YayBurritos)
• Ensure Connection and Channel cancellation token properly float into handlers #​1740 (danielmarbach)
• Improve AsyncManualResetEvent implementation to address races #​1843 (danielmarbach)
• Pin .NET SDK versions for CI/CD runs #​1842 (danielmarbach)
• Cancel recovery CTS on connection Dispose #​1839 (AndreReise)
• Prevent downstream dependencies to pickup MinVer as a depencency #​1838 (romerod)
• Add dedicated exception for basic.return messages. #​1832 (lukebakken)
• Investigate & fix SemaphoreFullException #​1819 (lukebakken)
• Allow parent/child relationship in Opentelemetry spans #​1779 (meum)

StackExchange/StackExchange.Redis (StackExchange.Redis)

v2.10.1

Adds support for Redis 8.4 features

• support multi-string-set with expiration MSETEX ...; details controlled via new Expiration API
• support checked string-set SET ... IFEQ/IFNE/IFDEQ/IFDNE digestOrValue; details controlled via new ValueCondition API; also uses Expiration for expiry
• support checked string-delete DELEX ... IFEQ/IFNE/IFDEQ/IFDNE digestOrValue (again via ValueCondition)
• use checked string-set/delete to implement LockExtend[Async]/LockRelease[Async] when possible
• support XREADGROUP ... CLAIM minIdleTime for simplified stream processing

Note that niche StringSet[Async] scenarios may require trivial build changes due to removing default parameter values; this simplify means explicitly specifying keepTtl, or using the new Expiration API. There is no impact to already compiled code (no methods have been removed).

8.4 also includes "hybrid search"; this is not currently exposed in SE.Redis, and will be added to NRedisStack ASAP.

What's Changed

• docker image: use client-libs-test by @​mgravell in #​2976
• Support MSETEX by @​mgravell in #​2977
• propose support for XREADGROUP CLAIM by @​mgravell in #​2972
• Support 8.4 CAS/CAD (IF*) operations by @​mgravell in #​2978
• Combine fixups from 8.4 changes by @​mgravell in #​2979

Full Changelog: StackExchange/StackExchange.Redis@2.9.32...2.10.1

v2.9.32

Compare Source

What's Changed

• Fix sharded pub/sub handling over slot migrations by @​mgravell in #​2969
• (build) "actions": support publishing to MyGet off main branch by @​NickCraver in #​2964
• (build) Update CI badge by @​mgravell in #​2967

Full Changelog: StackExchange/StackExchange.Redis@2.9.25...2.9.32

v2.9.25

Compare Source

IMPORTANT: this release changes the distribution of pub/sub channels when using cluster; see 2.9.24 for more details.

What's Changed

• eng: remove PublicSign windows-only restriction by @​mgravell in #​2963

This change is a critical fix that fixes a packaging failure in 2.9.24; for the relevant feature changes: see 2.9.24.

Full Changelog: StackExchange/StackExchange.Redis@2.9.24...2.9.25

v2.9.24

Compare Source

IMPORTANT: this release changes the distribution of pub/sub channels when using cluster:

(this change is specific to pub/sub with regular SUBSCRIBE channels, not "sharded" SSUBSCRIBE channels)

• pre 2.9.24: all channels would always be routed similarly to key-like routing (and similar to SSUBSCRIBE)
• from 2.9.24: non-SSUBSCRIBE channels are now randomly distributed to nodes by default, but can optionally use key-like routing by calling .WithKeyRouting() on the RedisChannel value

This change represents a safer, "least surprises" default; most people expect their cluster to help distribute load, including pub/sub load, between nodes. This is especially useful when there are few (or even only a single) channel(s) that dominate the pub/sub load, which is surprisingly common. Without this change, all that load would be handled only by a single server, because the channel my_notifications would be treated similarly to a key, via hash-slot sharding, and all clients would connect to the node serving that slot - when in reality, any node can be used for subscription, with the server distributing events horizontally to all nodes.

If you prefer the routed behaviour: use .WithKeyRouting() before subscribing.

---

What's Changed

• Fix 2951 - Sentinel reconnect failure by @​mgravell in #​2956
• Remove supported Envoyproxy commands from exclusions. by @​sshumakov in #​2957
• Convert to Hex only on Encoding.UTF8.GetString possible exceptions by @​jcaspes in #​2954
• eng: prefer Volatile.Read over Thread.VolatileRead by @​mgravell in #​2960
• Channel routing: revert normal (non-SSUBSCRIBE) routing to random, with new WithKeyRouting() API to opt into routed by @​mgravell in #​2958

New Contributors

• @​sshumakov made their first contribution in #​2957
• @​jcaspes made their first contribution in #​2954

Full Changelog: StackExchange/StackExchange.Redis@2.9.17...2.9.24

domaindrivendev/Swashbuckle.AspNetCore (Swashbuckle.AspNetCore)

v9.0.6

What's Changed

• Bump redoc from 2.5.0 to 2.5.1 by @​dependabot in #​3587
• Bump swagger-ui from 5.29.1 to 5.29.2 by @​dependabot in #​3595

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v9.0.5...v9.0.6

v9.0.5

What's Changed

• .NET 10 preparation by @​martincostello in #​3565
• Update NuGet packages by @​martincostello in #​3573
• Fix anchors by @​martincostello in #​3577
• Bump swagger-ui-dist from 5.27.1 to 5.29.1

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v9.0.4...v9.0.5

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (System.IdentityModel.Tokens.Jwt)

v8.15.0

Compare Source

====

New Features

• Add ECDsa support in X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey
  Extended X509SecurityKey and JsonWebKeyConverter.ConvertFromX509SecurityKey to support ECDSA keys.
  See PR #​2377 for details.

Bug Fixes

• Sanitize logs to avoid leaking sensitive data
  Updated logging to sanitize sensitive values, reducing the risk of inadvertently exposing secrets or PII in logs.
  See PR #​3316 for details.
• Optimize log sanitization with SearchValues
  Improved the performance of the log sanitization logic introduced earlier by using SearchValues, making sanitization more efficient in high-throughput scenarios.
  See PR #​3341 for details.
• Update test for IDX10400
  Adjusted the IDX10400 test to align with the current behavior and error messaging.
  See PR #​3314 for details.

Fundamentals

• Add supported algorithm tests
  Added new tests to validate the set of supported cryptographic algorithms, increasing confidence in algorithm coverage and compatibility.
  See PR #​3296 for details.
• Migrate repository agent rules from .clinerules to agents.md
  Moved repository agent/AI-assist rules into markdown documentation to make them more visible and easier to maintain.
  See PR #​3313 for details.
• Migrate Microsoft.IdentityModel.TestExtensions from Newtonsoft.Json to System.Text.Json
  Updated Microsoft.IdentityModel.TestExtensions to use System.Text.Json instead of Newtonsoft.Json, aligning tests with the runtime serialization stack.
  See PR #​3356 for details.
• Disable code coverage comments
  Turned off automated code coverage comments on PRs to reduce noise while retaining coverage data elsewhere.
  See PR #​3349 for details.
• Fix CodeQL alerts
  Addressed CodeQL-reported issues to improve security posture and static analysis cleanliness.
  See PR #​3364 for details.

.NET 10 / SDK and tooling updates

• Building with .NET 10 preview / RC 1
  Updated the repository to build and test against .NET 10.0 preview/RC1, ensuring early compatibility with the upcoming runtime.
  See PRs #​3287, #​3357, and #​3358 for details.
• Fix .NET 10 test execution consistency
  Ensured consistent use of the TargetNetNext parameter across build, test, and pack phases so .NET 10.0 tests execute reliably.
  See PR #​3337 for details.
• Update project files and workflows for .NET 10.0 compatibility
  Adjusted project files and CI workflows to correctly target and run on .NET 10.0, including test and pack scenarios.
  See PR #​3363 for details.
• Update .NET version to meet CG compliance
  Updated the .NET version references to be compliant with corporate governance (CG) requirements.
  See PR #​3353 for details.
• Update Coverlet collector and test SDK
  • Bumped CoverletCollectorVersion to 6.0.4.
    See PR #​3333 for details.
  • Upgraded Microsoft.NET.Test.Sdk to a newer version for improved test reliability and tooling support.
    See PR #​3336 for details.
• Update runTests.ps1 to specify dotnet directory
  Updated runTests.ps1 to accept an explicit dotnet directory, improving test execution robustness in environments with multiple SDK installations.
  See PR #​3368 for details.
• Adjust dotnetcore workflow targeting for .NET 10 SDK
  Iterated on the CI workflow configuration to correctly target the .NET 10 SDK:
  • Temporarily removed targeting of the .NET 10 SDK in dotnetcore.yml.
    See PR #​3335.
  • Reverted that change to restore .NET 10 SDK targeting.
    See PR #​3339 for details.

Documentation

• Update support policy documentation
  Refreshed supportPolicy.md to reflect the latest support policy for IdentityModel.
  See PR #​3367 for details.

DbUp/dbup-postgresql (dbup-postgresql)

v6.1.5

Compare Source

What's Changed

• dbup-core v6.0.15 update by @​droyad in #​39
• Add XML documentation for all public members by @​droyad in #​36
• Update Npgsql from 9.0.3 to 9.0.4 by @​droyad in #​38

Full Changelog: DbUp/dbup-postgresql@6.1.2...6.1.5

v6.1.2

Compare Source

What's Changed

• feat: Multitarget support for Npgsql 8 and 9 for netstandard and net8 by @​shokurov in #​34
• Enhance the behavior of obtaining default schema through database con… by @​tengfei8771 in #​32
• Add drop database support for PostgreSQL by @​aashikgowda in #​35

New Contributors

• @​shokurov made their first contribution in #​34
• @​tengfei8771 made their first contribution in #​32
• @​aashikgowda made their first contribution in #​35

Full Changelog: DbUp/dbup-postgresql@6.0.3...6.1.2

xunit/visualstudio.xunit (xunit.runner.visualstudio)

v3.1.5

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud