Bump DotVVM from 2.1.0 to 2.2.0.2

[dependabot-preview[bot]]

Bumps DotVVM from 2.1.0 to 2.2.0.2.

Release notes

*Sourced from [DotVVM's releases](https://github.com/riganti/dotvvm/releases).* > ## DotVVM 2.2 > TL;DR; There are some new minor features. The most important point is **Validation - EnforceClientFormat**, which may break some existing code if it is using `DateTime` or nullable numberic type in view model. > > # New features > ## Binding Cache > > We have added caching interface `IDotvvmCacheAdapter` that provides access to built-in caching mechanism on Asp.Net Core or OWIN that reflect memory usage on your server. > > `ValueBindingExpression.CreateThisBinding` is now cached, so it's invocation should be quite cheap. > > When you want to create binding at runtime you can now use a helper method `DotvvmBindingCacheHelper.CreateCachedBinding` that makes sure that the binding is not recreated every time. Creation of bindings is usually time-consuming, so it should not be done on every request. (more info in PRs [#672](https://github-redirect.dependabot.com/riganti/dotvvm/issues/672) and [#664](https://github-redirect.dependabot.com/riganti/dotvvm/issues/664)) > > By the way, we have also (hopefully) improved the error messages when something fails with binding. When an error page is displayed for a binding-related exception, there is a new tab **Binding** that shows some information about the binding (data context, type, ...). Let us know what you think about that and what could be improved. > ## Validation > * `ValidationErrorFactory.CreateValidationResult(ValidationContext validationContext, ...)` > Overload that does not require explicit `DotvvmConfiguration` > > ## Session cookies are SameSite > > This was sometimes the case before. It means that postbacks won't work in third-party `iframe`s (so your application should be safe from clickjacking). > > # Fixes > > ## Validation - EnforceClientFormat > This part is a fix and unfortunately a **breaking change** at the same time. In older versions, DotVVM did not validate that DateTime and numeric fields were valid on the client-side and sent null to the server in that case. It could be enabled by `EnforceClientFormatAttribute`, but nobody really did. It is now by default enabled on nullable numeric types, DateTime, and DateTime?, so it enables validation in cases where it was disabled previously. While this has a potential to "fix" existing code as not validating the input is likely a bug, it may also break some code that relied on that behavior. Please make sure that all your views using nullable DateTime and numerics work as expected. (more info in PR [#666](https://github-redirect.dependabot.com/riganti/dotvvm/issues/666)) > For example, suppose you had a `dot:TextBox` bound to a property of type `int?`. The problem is that when you paste value like `"asd"`, it will write a null value into the property because `"asd"` is not a valid numeric value. The solution for this problem was applying `EnforceClientFormatAttribute` to the property in your view model. Now, you don't have to do that anymore. If you use that attribute somewhere, you can safely remove it. > > ## Repeater control initialization > > We have change a bit how the Repeater initialization works. Controls with templates have to initialize the control tree before it is used by command invocation and HTML rendering and when this initialization is dependent on data from view model, it has to be done twice on postbacks - once before command invocation and then before rendering since the command may have changed the data. In older version Repeater have not done that in all cases, because it's quite time-consuming. Unfortunately, in some cases, it broke some code, so we are now re-initializing it two times, but only in case the data is actually changed. (more info in [#653](https://github-redirect.dependabot.com/riganti/dotvvm/issues/653)) > > ## Unique id generation for nested trees > > If you were creating controls at runtime, you may know that before adding more child controls into the newly create control has to be added to the control tree. The reason was, that the mechanism that generates unique ID (for control command and `Postback.Update`) did not work correctly when entire subtree was added at once. From this version, this should work correctly, so you can initialize entire subtrees at once. (more info in [#668](https://github-redirect.dependabot.com/riganti/dotvvm/issues/668)) > > ## `dot:RouteLink` in `Events.Click` container > > It should now get precedence over the `Events.Click` handler. (more info in [#630](https://github-redirect.dependabot.com/riganti/dotvvm/issues/630)) > > ## DotvvmAuthenticationHelper.ApplyRedirectResponse > ***Fixed in DotVVM 2.2.0.2*** > > When you installed `Microsoft.Extensions.DependencyInjection` 2.1.0 or higher in your application and used `DotvvmAuthenticationHelper.ApplyRedirectResponse`, this method was throwing an exception with a message that ServiceProvider had been disposed. > > ## netstandard assembly loading on .NET Framework 4.7.1+ > ***Fixed in DotVVM 2.2.0.2*** > DotVVM View compilation on .NET471+ was not able to load netstandard assembly.

Commits

- [`45209c1`](https://github.com/riganti/dotvvm/commit/45209c129479c27fc9d1ba530c3de43dfcc28145) NuGet package version 2.2.0.2-preview01-final - [`f4ebb99`](https://github.com/riganti/dotvvm/commit/f4ebb99a616c3789a1eb961752dca89da320f024) Changed used services provider in SetRedirectResponse method - [`d804e5c`](https://github.com/riganti/dotvvm/commit/d804e5c3627b1ed387f32027c534a6311d8a95c0) Added error message for DataPager when Visible is set - [`4e7fe57`](https://github.com/riganti/dotvvm/commit/4e7fe57e0dd99449b857406cb8732f77435c50e0) Removed redundant OnPreRender from Literal - [`f1ed65a`](https://github.com/riganti/dotvvm/commit/f1ed65acb909a2d3cf17ec439026ce8a3d454439) Merge pull request [#681](https://github-redirect.dependabot.com/riganti/dotvvm/issues/681) from riganti/feature/cli-global-tool - [`d8b6d32`](https://github.com/riganti/dotvvm/commit/d8b6d32fb70fa6242adcf773c2175b9ba3a12c34) DotVVM CLI supports installation as a global tool - [`27b4595`](https://github.com/riganti/dotvvm/commit/27b4595536d40334a704ca9d93a2f0fdcac1c8c3) Merge branch 'master' of https://github.com/riganti/dotvvm - [`fc7f147`](https://github.com/riganti/dotvvm/commit/fc7f1474fa69dfcbf31fd92f584db376a3c0fb79) Updated csproj template to DotVVM 2.2.0.1 - [`bf51125`](https://github.com/riganti/dotvvm/commit/bf5112555bf245e4d6fcdf9601321c8684ba4a5d) NuGet package version 2.2.0.1 - [`aa40727`](https://github.com/riganti/dotvvm/commit/aa407273987e1272c385c146444f7b2be05ff274) Fixed bug in DotVVM.patch when object is replaced by null - Additional commits viewable in [compare view](https://github.com/riganti/dotvvm/compare/v2.1.0...v2.2.0.2)

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Note: This repo was added to Dependabot recently, so you'll receive a maximum of 5 PRs for your first few update runs. Once an update run creates fewer than 5 PRs we'll remove that limit.

You can always request more updates by clicking Bump now in your Dependabot dashboard.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot ignore this [patch|minor|major] version` will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) - `@dependabot use these labels` will set the current labels as the default for future PRs for this repo and language - `@dependabot use these reviewers` will set the current reviewers as the default for future PRs for this repo and language - `@dependabot use these assignees` will set the current assignees as the default for future PRs for this repo and language - `@dependabot use this milestone` will set the current milestone as the default for future PRs for this repo and language - `@dependabot badge me` will comment on this PR with code to add a "Dependabot enabled" badge to your readme Additionally, you can set the following in your Dependabot [dashboard](https://app.dependabot.com): - Update frequency (including time of day and day of week) - Automerge options (never/patch/minor, and dev/runtime dependencies) - Pull request limits (per update run and/or open at any time) - Out-of-range updates (receive only lockfile updates, if desired) - Security updates (receive only security updates, if desired) Finally, you can contact us by mentioning @dependabot.

[dependabot-preview[bot]]

Superseded by #5.