Skip to content

fix: Bump AWSSDK.DynamoDBv2 and 4 others #120

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

fix: Bump AWSSDK.DynamoDBv2 and 4 others #120

wants to merge 1 commit into from

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 13, 2025
edited
Loading

Updated AWSSDK.DynamoDBv2 from 3.7.406.1 to 4.0.7.2.

Release notes

Sourced from AWSSDK.DynamoDBv2's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.DependencyInjection from 9.0.3 to 9.0.9.

Release notes

Sourced from Microsoft.Extensions.DependencyInjection's releases.

9.0.9

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.8...v9.0.9

9.0.8

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.7...v9.0.8

9.0.7

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.6...v9.0.7

9.0.6

Bug Fixes

  • Read messages from binlog if process output is missing build finished message (#​114676)
    Improves reliability of the WebAssembly build process by reading messages from the binlog when the process output does not contain the expected build finished message, preventing build failures in certain scenarios.

  • Fix debugger app hangs related to thread exit (#​114917)
    Resolves an issue where applications could hang during debugging when threads exit, ensuring smoother debugging experiences and preventing deadlocks.

  • [Mono] Workaround MSVC miscompiling sgen_clz (#​114903)
    Addresses a compiler miscompilation issue in MSVC affecting the Mono garbage collector, improving runtime stability and correctness on affected platforms.

  • Do not set the salt or info if they are NULL for OpenSSL HKDF (#​114877)
    Fixes a cryptographic issue by ensuring that the salt or info parameters are not set when they are NULL in OpenSSL HKDF, preventing potential errors or unexpected behavior in key derivation.

  • [Test Only] Fix Idn tests (#​115032)
    Corrects issues in Internationalized Domain Name (Idn) tests, ensuring accurate and reliable test results for domain name handling.

  • JIT: revised fix for fp division issue in profile synthesis (#​115026)
    Provides a more robust fix for floating-point division issues in JIT profile synthesis, improving numerical accuracy and preventing incorrect calculations.

  • Handle OSSL 3.4 change to SAN:othername formatting (#​115361)
    Updates certificate handling to accommodate changes in Subject Alternative Name (SAN) formatting introduced in OpenSSL 3.4, ensuring compatibility and correct parsing of certificates.

  • [Mono] Fix c11 ARM64 atomics to issue full memory barrier (#​115635)
    Fixes atomic operations on ARM64 in Mono to issue a full memory barrier, ensuring correct synchronization and preventing subtle concurrency bugs.

Performance Improvements

  • [WinHTTP] Certificate caching on WinHttpHandler to eliminate extra call to Custom Certificate Validation (#​114678)
    Improves HTTP performance by caching certificates in WinHttpHandler, reducing redundant calls to custom certificate validation and speeding up secure connections.

  • Improve distribute_free_regions (#​115167)
    Optimizes memory management by enhancing the algorithm for distributing free memory regions, leading to better memory utilization and potentially improved application performance.

Technical Improvements

  • Strip trailing slash from source dir for cmake4 (#​114905)
    Refines build scripts by removing trailing slashes from source directories when using CMake 4, preventing potential build path issues and improving build reliability.

  • Don't expose TrustedCertificatesDirectory() and StartNewTlsSessionContext() to NetFx (#​114995)
    Restricts certain internal APIs from being exposed to .NET Framework, reducing surface area and preventing unintended usage.

  • Add support for more libicu versions (#​115376)
    Expands compatibility by supporting additional versions of the International Components for Unicode (ICU) library, enhancing globalization features across more environments.

Infrastructure

  • Run outerloop pipeline only for release branches, not staging/preview (#​115011)
    Optimizes CI/CD resources by limiting the outerloop pipeline to run only on release branches, reducing unnecessary test runs and speeding up development workflows.

... (truncated)

9.0.5

Release

What's Changed

9.0.4

Release

What's Changed

Full Changelog: dotnet/runtime@v9.0.3...v9.0.4

Commits viewable in compare view.

Updated Microsoft.NET.Test.Sdk from 17.13.0 to 18.0.0.

Release notes

Sourced from Microsoft.NET.Test.Sdk's releases.

18.0.0

What's Changed

Internal fixes and updates

17.14.1

What's Changed

Full Changelog: microsoft/vstest@v17.14.0...v17.14.1

17.14.0

What's Changed

.NET versions updated

This version of VS Test upgraded .NET to net8 and net9. All projects targeting net6.0 (or other end-of-life .NET target frameworks) should pin their version of Microsoft.NET.Test.SDK to 17.13.0, or update the projects to net8 or newer. We remain backwards compatible with previous versions of Microsoft.NET.Test.SDK. This change does NOT prevent you from:

  • Updating to the latest VS, and running tests from net6.0 test projects.
  • Updating to the latest .NET SDK, and running tests from net6.0 test projects.

It also has no impact on .NET Framework projects, where we continue targeting .NET Framework 4.6.2.

Changes

Internal version updates and fixes

New Contributors

17.14.0-preview-25107-01

What's Changed

.NET versions updated

This version of VS Test upgraded .NET to net8 and net9. All projects targeting net6.0 (or other end-of-life .NET target frameworks) should pin their version of Microsoft.NET.Test.SDK to 17.13.0, or update the projects to net8 or newer. We remain backwards compatible with previous versions of Microsoft.NET.Test.SDK. This change does NOT prevent you from:

  • Updating to the latest VS, and running tests from net6.0 test projects.
  • Updating to the latest .NET SDK, and running tests from net6.0 test projects.

It also has no impact on .NET Framework projects, where we continue targeting .NET Framework 4.6.2.

Changes

Internal version updates and fixes

Will probably revert before release:

New Contributors

Full Changelog: microsoft/vstest@v17.13.0...v17.14.0-preview-25107-01

Commits viewable in compare view.

Updated OpenIddict.Core from 6.0.0 to 7.1.0.

Release notes

Sourced from OpenIddict.Core's releases.

7.1.0

This release introduces the following changes:

  • The GitHub web provider was updated to enforce OAuth 2.0 Proof Key for Code Exchange for all client registrations.

[!TIP]
No change is required to enable PKCE for a specific client application (whether it is a treated as a public or confidential application): updating OpenIddict to 7.1.0 is enough to automatically enforce this security feature.

For more information, read PKCE support for OAuth and GitHub App authentication on the official GitHub blog.

  • The HeyBoxChat service is now supported by the OpenIddict.Client.WebIntegration package (thanks @​gehongyan! ❤️)

  • New AddGrantTypePermissions()/RemoveGrantTypePermissions() APIs have been added to OpenIddictApplicationDescriptor to simplify adding and removing grant type permissions for custom grants:

var descriptor = new OpenIddictApplicationDescriptor
{
    ClientId = "console",

    // ...
};

descriptor.AddGrantTypePermissions("custom_grant_type");
descriptor.AddScopePermissions("demo_api");
  • All the .NET and third-party dependencies have been updated to the latest versions.

7.0.0

For more information about this release, read OpenIddict 7.0 is out.

7.0.0-preview.4

This release introduces the following changes:

var result = await _service.AuthenticateWithTokenExchangeAsync(new()
{
    ActorToken = actorToken,
    ActorTokenType = actorTokenType,
    CancellationToken = stoppingToken,
    ProviderName = "Local",
    RequestedTokenType = TokenTypeIdentifiers.AccessToken,
    SubjectToken = subjectToken,
    SubjectTokenType = subjectTokenType
});

var token = result.IssuedToken;
var type = result.IssuedTokenType;
[HttpPost("~/connect/token"), IgnoreAntiforgeryToken, Produces("application/json")]
public async Task<IActionResult> Exchange()
{
    var request = HttpContext.GetOpenIddictServerRequest() ??
        throw new InvalidOperationException("The OpenID Connect request cannot be retrieved.");

    if (request.IsAuthorizationCodeGrantType() || request.IsRefreshTokenGrantType())
    {
        // ...
    }

    else if (request.IsTokenExchangeGrantType())
    {
        // Retrieve the claims principal stored in the subject token.
        //
        // Note: the principal may not represent a user (e.g if the token was issued during a client credentials token
        // request and represents a client application): developers are strongly encouraged to ensure that the user
        // and client identifiers are randomly generated so that a malicious client cannot impersonate a legit user.
        //
        // See https://datatracker.ietf.org/doc/html/rfc9068#SecurityConsiderations for more information.
        var result = await HttpContext.AuthenticateAsync(OpenIddictServerAspNetCoreDefaults.AuthenticationScheme);

        // If available, retrieve the claims principal stored in the actor token.
        var actor = result.Properties?.GetParameter<ClaimsPrincipal>(OpenIddictServerAspNetCoreConstants.Properties.ActorTokenPrincipal);

        // Retrieve the user profile corresponding to the subject token.
        var user = await _userManager.FindByIdAsync(result.Principal!.GetClaim(Claims.Subject)!);
        if (user is null)
        {
 ... (truncated)

## 7.0.0-preview.3

This release introduces the following changes:

  - As a preliminary step to the introduction of OAuth 2.0 Token Exchange support in a future 7.0 preview, the entire OpenIddict code base was updated to use new URI-style token type identifiers to represent token types (e.g `urn:ietf:params:oauth:token-type:access_token`). These new identifiers will replace the `token_type_hint`-inspired constants that previous versions of OpenIddict were using in the core, client, server and validation stacks. For more information, read https://github.com/openiddict/openiddict-core/issues/2296.

> [!NOTE]
> While internally massive, this change should be completely transparent for most OpenIddict users. Only advanced users who implement custom handlers for the `GenerateToken`/`ValidateToken` events or use the `ClaimsPrincipal.GetTokenType()`/`ClaimsPrincipal.SetTokenType()` extensions will need to update their code to use the new values.

  - The Discord provider was updated to use the `/users/@​me` endpoint instead of `/oauth2/@​me`, which improves how userinfo claims are represented and returned to the application code (thanks @​egans146 for suggesting this improvement! ❤️).

> [!IMPORTANT]
> This behavior change is breaking: developers are encouraged to review their Discord integration to determine whether their code should be updated to support the new claims representation.

  - New `ClaimsPrincipal.AddClaim()`/`ClaimsPrincipal.AddClaims()`/`ClaimsPrincipal.SetClaim()`/`ClaimsPrincipal.SetClaims()` overloads accepting `System.Text.Json.Nodes.JsonNode` instances have been added to make working with types derived from `JsonNode` easier.

  - An event identifier is now attached to all the logs generated by the OpenIddict core, client, server and validation stacks.

  - A few properties in `OpenIddictClientModels` didn't have an `init` constraint and have been fixed in 7.0.0-preview.3.

> [!TIP]
> Note: this preview also includes all the changes introduced in the OpenIddict 6.3.0 release.

## 7.0.0-preview.2

This release introduces the following changes:

  - All the OpenIddict assemblies have been marked as trimming and Native AOT-compatible (only on .NET 9.0 and higher). For that, several changes had to be made to the OpenIddict core stack:

    - The store resolver interfaces (`IOpenIddict*StoreResolver`) and all their implementations have been removed and the managers have been updated to now directly take an `IOpenIddict*Store<T>` argument instead of an `IOpenIddict*StoreResolver`.

    - All the `OpenIddictCoreOptions.Default*Type` options (e.g `DefaultApplicationType`) have been removed and the untyped managers (`IOpenIddict*Manager`) no longer use options to determine the actual entity type at runtime. Instead, each store integration is now responsible for replacing the `IOpenIddict*Manager` services with a service descriptor pointing to the generic `OpenIddict*Manager<T>` implementation with the correct `T` argument: by default, the default entity types provided by the store are used, but the managers can be re-registered with a different type when the user decides to use different models (e.g via `options.UseEntityFrameworkCore().ReplaceDefaultModels<...>()`).

    - All the managers/store/store resolvers registration APIs offered by `OpenIddictCoreBuilder` have been removed: while they were very powerful and easy-to-use (e.g the `Replace*Manager` methods supported both open and closed generic types and were able to determine the entity type from the base type definition), they weren't AOT-compatible.

    - New AOT-friendly `Replace*Store()` and `Replace*Manager()` APIs have been introduced in `OpenIddictCoreBuilder`. The new `Replace*Manager()` APIs have two overloads that can be used depending on whether you need to register a closed or open generic type:

        ```csharp
        options.ReplaceApplicationManager<
            /* TApplication: */ OpenIddictEntityFrameworkCoreApplication,
            /* TManager: */ CustomApplicationManager<OpenIddictEntityFrameworkCoreApplication>>();
         ```

        ```csharp
        options.ReplaceApplicationManager(typeof(CustomApplicationManager<>));
        ```

    - While they are currently not functional on Native AOT due to EF Core not supporting interpreted LINQ expressions yet, the EF Core stores package has been updated to be ready for AOT: as part of this change, the signature of all the stores has been updated to remove the `TContext` generic argument from the definition. Similarly, the MongoDB C# driver isn't AOT (or even trimming) compatible yet, but the stores have been updated to ensure they only use statically-analyzable patterns.

    - A new `IOpenIddictEntityFrameworkCoreContext` interface containing a single `ValueTask<DbContext> GetDbContextAsync(CancellationToken cancellationToken)` method (similar to what's currently used in the MongoDB integration) has been introduced to allow each to resolve the `DbContext` to use. A default implementation named `OpenIddictEntityFrameworkCoreContext<TContext>` is used by the `OpenIddictEntityFrameworkCoreBuilder.UseDbContext<TContext>()` API to resolve the `TContext` type specified by the user.

    - The `OpenIddictEntityFrameworkCoreBuilder.ReplaceDefaultEntities<...>` API has been preserved - including the overload accepting a single `TKey` parameter but no longer use options internally. Instead, they re-register the untyped `IOpenIddict*Manager` to point to the correct `OpenIddict*Manager<T>` instances depending on the generic types set by the user.

  - For consistency with the Entity Framework Core stores, the `OpenIddictEntityFrameworkBuilder.UseDbContext<TContext>()` API will no longer automatically register the `DbContext` type in the DI container.

  - The authorization endpoint now uses `Cache-Control: no-store` instead of `Cache-Control: no-cache` when generating HTML auto-post form responses (thanks @​matthid! ❤️)

  - OpenIddict 7.0 preview 2 no longer allows dynamically overriding the `prompt` value when using OAuth 2.0 Pushed Authorization Requests.

  > [!IMPORTANT]
  > To prevent login endpoint -> authorization endpoint loops, developers are invited to update their authorization endpoint MVC action to use `TempData` to store a flag indicating whether the user has already been offered to re-authenticate and avoid triggering a new authentication challenge in that case. For instance:
  >
  > ```csharp
  > // Try to retrieve the user principal stored in the authentication cookie and redirect
  > // the user agent to the login page (or to an external provider) in the following cases:
  > //
  > //  - If the user principal can't be extracted or the cookie is too old.
  > //  - If prompt=login was specified by the client application.
  > //  - If max_age=0 was specified by the client application (max_age=0 is equivalent to prompt=login).
  > //  - If a max_age parameter was provided and the authentication cookie is not considered "fresh" enough.
  > //
  > // For scenarios where the default authentication handler configured in the ASP.NET Core
  > // authentication options shouldn't be used, a specific scheme can be specified here.
  > var result = await HttpContext.AuthenticateAsync();
  > if (result is not { Succeeded: true } ||
 ... (truncated)

## 7.0.0-preview.1

This release introduces the following changes:

  - All the ASP.NET Core and Entity Framework Core 2.1 references used for the .NET Framework and .NET Standard TFMs have been replaced by the new 2.3 packages released mid-January (including the .NET Standard 2.1 TFM, that previously referenced unsupported ASP.NET Core 3.1 packages).

> [!IMPORTANT]
> ASP.NET Core 2.3 replaces ASP.NET Core 2.1: as such, it is essential that all ASP.NET Core 2.1 applications running on .NET Framework 4.6.2+ quickly migrate to 2.3 to ensure they keep receiving security patches and critical bug fixes.

> [!CAUTION]
> While it was released as a minor version update, **ASP.NET Core 2.3 is not 100% compatible with ASP.NET Core 2.2**, as none of the changes or APIs introduced in 2.2 - no longer supported since December 2019 - is present in 2.3.
>
> When migrating to OpenIddict 7.0, you'll need to carefully review your dependencies to ensure your application doesn't accidentally depend on any ASP.NET Core 2.2-specific API or package and still runs fine on 2.3.
>
> For more information, read https://devblogs.microsoft.com/dotnet/servicing-release-advisory-aspnetcore-23/ and https://github.com/dotnet/aspnetcore/issues/58598.

  - All the OpenIddict packages now use 8.0 as the minimum .NET Extensions version for the .NET Framework and .NET Standard TFMs, which matches the approach used by the new ASP.NET Core/Entity Framework Core 2.3 packages (that all reference `Microsoft.Extensions.*` 8.0 packages instead of 2.1).

> [!IMPORTANT]
> Initial testing shows that OWIN/Katana or "legacy" ASP.NET 4.6.2+ applications are not negatively impacted by this change: in almost all cases, regenerating (or manually updating the binding redirects if necessary) after migrating to OpenIddict 7.0 should be enough. If you see regressions that may be caused by this change, please post in this thread: https://github.com/openiddict/openiddict-core/issues/2262.

  - As part of the .NET Extensions 2.1 -> 8.0 change, the following improvements have been made:

    - The .NET Framework and .NET Standard TFMs now support `TimeProvider` and the associated properties in `OpenIddictClientOptions`, `OpenIddictCoreOptions`, `OpenIddictQuartzOptions`, `OpenIddictServerOptions` and `OpenIddictValidationOptions` are no longer nullable.
 
    - The .NET Framework and .NET Standard TFMs now support `System.Text.Json.Nodes`, which allows using `JsonNode` with `OpenIddictParameter` on older platforms.

  - Several improvements have been made to the `OpenIddictParameter` primitive:
    - The `OpenIddictParameter` constructors and static operators offering `string?[]?` conversions have been replaced by equivalents taking `ImmutableArray<string?>` or `ImmutableArray<string?>?` parameters, which guarantees that the underlying value wrapped by `OpenIddictParameter` cannot be accidentally mutated after being created.

    - The `OpenIddictRequest.Audiences` and `OpenIddictRequest.Resources` properties have been updated to use `ImmutableArray<string?>?` instead of `string?[]?`, which should prevent unsupported mutations like `context.Request.Audiences[2] = "overridden audience"` (which may or may not work in 6.x depending on the actual CLR type of the parameter value initially wrapped).

    - For similar reasons, `JsonNode` instances are now cloned by `OpenIddictParameter`'s constructor and cloned by the `JsonNode?` conversion operator to prevent accidental mutations. As part of this change, the `OpenIddictRequest.Claims` and `OpenIddictRequest.Registration` properties are now of type `JsonObject` instead of `JsonElement`, which should make these properties easier to use.
 
    - The low-level/untyped `OpenIddictParameter.Value` property has been removed and replaced by a new (hidden) `OpenIddictParameter.GetRawValue()` to encourage users to leverage the built-in conversion operators instead. New `Microsoft.Extensions.Primitives.StringValues` conversion operators have been added to the `OpenIddictParameter` primitive as part of this change.

    - The `ClaimsPrincipal.GetDestinations()`/`ClaimsPrincipal.SetDestinations()` extensions now use `ImmutableDictionary<string, ImmutableArray<string>>` instead of `ImmutableDictionary<string, string[]>` for consistency with the previous changes.

    - The `OpenIddictParameter` structure was updated to use the `JsonNode.DeepEquals()`, `JsonElement.DeepEquals()` or `JsonElement.GetPropertyCount()` APIs when available.

  - The APIs obsoleted in OpenIddict 6.x have been removed.

  - The `net6.0` target framework monikers have been removed.

## 6.4.0

This release introduces the following changes:

  - Support for client authentication - `client_secret_basic`, `client_secret_post` and `private_key_jwt` - was added to the PAR endpoint, which allows rejecting unauthenticated requests without waiting until the token request is processed.
  
  - The `OpenIddict.Client.WebIntegration` package now supports Bungie.net.

  - Parsing of the standard `WWW-Authenticate` HTTP response header by the client and validation stacks was improved.

  - The OpenIddict client OWIN integration was updated to resolve the `IAppBuilder` instance from the DI container: when it is available, the `ICookieManager` attached to the application properties (by the host, typically) is automatically used instead of the default `CookieManager` implementation.

  > [!NOTE]
  > See https://github.com/aspnet/AspNetKatana/pull/486 for more information.

  - The portable, non-OS specific version of the `OpenIddict.Client.SystemIntegration` package can now be used on macOS (in this case, `ASWebAuthenticationSession` is not supported and only the system browser authentication mode can be used).

  - All the .NET and third-party dependencies have been updated to the latest versions.

## 6.3.0

This release introduces the following changes:

  - Two new providers have been added to the list of providers already supported by the `OpenIddict.Client.WebIntegration` package:
    - Contentful (thanks @​jerriep! ❤️)
    - Genesys Cloud (thanks @​MikeAlhayek! ❤️)

  - The web providers source code generator now generates constant strings for the static settings defined by some providers (e.g regions):

```csharp
options.UseWebProviders()
       .AddShopify(options =>
       {
           options.SetClientId("[client identifier]")
                  .SetClientSecret("[client secret]")
                  .SetAccessMode(OpenIddictClientWebIntegrationConstants.Shopify.AccessModes.Online);
       })
       .AddStripeConnect(options =>
       {
           options.SetClientId("[client identifier]")
                  .SetClientSecret("[client secret]")
                  .SetAccountType(OpenIddictClientWebIntegrationConstants.StripeConnect.AccountTypes.Express);
       })
       .AddZoho(options =>
       {
           options.SetClientId("[client identifier]")
                  .SetClientSecret("[client secret]")
                  .SetRegion(OpenIddictClientWebIntegrationConstants.Zoho.Regions.EuropeanUnion);
       });
  • The X/Twitter provider was updated to use the new x.com endpoints, which avoids forcing users to authenticate on twitter.com before being redirected to x.com to continue the authorization process on the new domain.

[!NOTE]
As part of this change, the default display name of the X/Twitter provider was changed to X (Twitter).
Developers who prefer a different display name can override the default one using the dedicated options.SetProviderDisplayName(...) API:

options.UseWebProviders()
       .AddTwitter(options =>
       {
           options.SetClientId("[client identifier]")
                  .SetRedirectUri("callback/login/twitter")
                  .SetProviderDisplayName("Twitter");
       });

  • The Alibaba/Battle.net/Cognito/Lark/Zoho providers now throw an exception when an invalid region is configured instead of using the default value when an unrecognized region is explicitly set.

  • The Zoho provider was updated to support the new United Kingdom region (https://accounts.zoho.uk/).

6.2.1

This release introduces the following changes:

  • An issue preventing server configuration responses from being correctly extracted when a partial mtls_endpoint_aliases node is returned but doesn't include all the supported endpoints (thanks @​pctimhk for reporting it! ❤️).

6.2.0

This release introduces the following changes:

  • The client/server/validation ASP.NET Core/OWIN hosts now use Uri.TryCreate() instead of new Uri() to compute the base and request URIs, which avoids throwing an exception when they can't be computed ; for instance when the length of the internal buffer exceeds the limit allowed by the BCL System.Uri type (thanks to @​tarunmathew12 from the Microsoft Healthcare team for reporting this issue! ❤️)

  • 4 new providers have been added to OpenIddict.Client.WebIntegration:

    • Alibaba Cloud/Aliyun (thanks @​gehongyan! ❤️)
    • Linear (thanks @​jerriep! ❤️)
    • Miro (thanks @​jerriep! ❤️)
    • Webflow (thanks @​jerriep! ❤️)

6.1.1

This release introduces the following changes:

  • An issue causing end session requests missing the optional client_id parameter to be rejected when enabling end session request caching was fixed (thanks @​miegir for reporting it! ❤️)

6.1.0

This release introduces the following changes:

  • Native support for OAuth 2.0 Pushed Authorization Requests (aka PAR) has been implemented in both the OpenIddict client and server stacks. PAR increases the security level of user-interactive grants - like the code flow - by sending the actual authorization request parameters via backchannel communication before redirecting the user agent to the regular authorization endpoint with a unique and random request_uri attached. PAR has recently gained traction and is now supported by some OAuth 2.0 services and libraries (including Keycloak and Microsoft's ASP.NET Core OpenID Connect handler starting in .NET 9.0).

[!TIP]
For more information on how to use OAuth 2.0 Pushed Authorization Requests in OpenIddict, read Pushed Authorization Requests.

  • As part of the PAR introduction, the authorization and end session request caching feature has been completely revamped to use the same code path as pushed authorization requests and the OpenIddict-specific request_id parameter has been replaced by request_uri. While cached requests were persisted using IDistributedCache in previous versions, they are now stored in request tokens and persisted in OpenIddict's tokens table with the other tokens.

[!NOTE]
The EnableAuthorizationRequestCaching and EnableEndSessionRequestCaching options have been moved from OpenIddictServerAspNetCoreOptions and OpenIddictServerOwinOptions to OpenIddictServerOptions (the original options are no longer honored). The corresponding methods in OpenIddictServerAspNetCoreBuilder and OpenIddictServerOwinBuilder are still functional - they internally use the new properties - but are now obsolete.

  • GitCode, VK ID and Yandex are now supported by the OpenIddict.Client.WebIntegration package (thanks @​gehongyan and @​t1moH1ch! ❤️).

[!NOTE]
With these new providers, the OpenIddict client now supports 100 web services! 🎉

  • The InteractiveChallengeRequest and InteractiveSignOutRequest models have been updated to allow easily attaching an identity token or login hint to authorization and end session requests.

  • The OpenIddict*AuthorizationStore.PruneAsync() implementations were updated to a....

Description has been truncated

@dependabot
fix: Bump AWSSDK.DynamoDBv2 and 4 others
f6eba2c 
Bumps AWSSDK.DynamoDBv2 from 3.7.406.1 to 4.0.7.2
Bumps Microsoft.Extensions.DependencyInjection from 9.0.3 to 9.0.9
Bumps Microsoft.NET.Test.Sdk from 17.13.0 to 18.0.0
Bumps OpenIddict.Core from 6.0.0 to 7.1.0
Bumps xunit.runner.visualstudio from 3.0.2 to 3.1.5

---
updated-dependencies:
- dependency-name: AWSSDK.DynamoDBv2
  dependency-version: 4.0.7.2
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: non-major-deps
- dependency-name: Microsoft.Extensions.DependencyInjection
  dependency-version: 9.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: non-major-deps
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-version: 18.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: non-major-deps
- dependency-name: OpenIddict.Core
  dependency-version: 7.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: non-major-deps
- dependency-name: xunit.runner.visualstudio
  dependency-version: 3.1.5
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: non-major-deps
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Oct 13, 2025
@dependabot dependabot bot requested a review from ganhammar as a code owner October 13, 2025 03:16
@dependabot dependabot bot added dependencies Pull requests that update a dependency file .NET Pull requests that update .net code labels Oct 13, 2025
@dependabot @github
Copy link
Contributor Author

dependabot bot commented on behalf of github Oct 20, 2025

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Oct 20, 2025
@dependabot dependabot bot deleted the dependabot/nuget/test/OpenIddict.AmazonDynamoDB.Tests/non-major-deps-b3445f6e98 branch October 20, 2025 03:11
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ganhammar ganhammar Awaiting requested review from ganhammar ganhammar is a code owner

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .net code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant