search

wulfland / AccelerateDevOps

This is the companion repository for my book Accelerate DevOps with GitHub (2022). You can find all hands-on labs and other examples from the book here. Please reach out to me if something is broken.
https://www.amazon.com/dp/B0B4DW7NSL/ref=cm_sw_r_tw_dp_B4DR80D2BBERYNSQ5V9C
MIT License
40 stars 76 forks source link

Bump the nuget group across 1 directory with 5 updates #940

Closed dependabot[bot] closed 5 months ago

dependabot[bot] commented 5 months ago

Bumps the nuget group with 5 updates in the /ch9_release/src/Tailwind.Traders.Web directory:

Package From To
Azure.Storage.Blobs 12.8.0 12.13.0
Microsoft.AspNetCore.Authentication.JwtBearer 5.0.2 5.0.9
MongoDB.Driver 2.11.6 2.19.0
SixLabors.ImageSharp 1.0.0-beta0006 2.1.7
System.Data.SqlClient 4.8.2 4.8.6

Updates Azure.Storage.Blobs from 12.8.0 to 12.13.0

Commits


Updates Microsoft.AspNetCore.Authentication.JwtBearer from 5.0.2 to 5.0.9

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

.NET 5.0.9

Release

.NET 5.0.8

Release

.NET 5.0.7

Release

Commits
  • c663ade Merged PR 15469: Clean up logging
  • 3aeeedc [internal/release/5.0] Update dependencies from dnceng/internal/dotnet-efcore
  • adcf3c4 Merge in 'release/5.0' changes
  • 3f87303 Merge pull request #34308 from vseanreesermsft/internal-merge-5.0-2021-07-13-...
  • 45223e7 [release/5.0] Update package baselines
  • 81b0403 [release/5.0] Bump SiteExtension.3.1 version
  • 518c5b9 [release/5.0] Update to latest SDK and runtime
  • 41f3416 Merge commit 'ae2eabad0e49302d0632a7dde917fdc68d960dc4' into internal-merge-5...
  • b6532d4 [internal/release/5.0] Update dependencies from dnceng/internal/dotnet-runtime
  • 45a120e [internal/release/5.0] Update dependencies from dnceng/internal/dotnet-runtime
  • Additional commits viewable in compare view


Updates MongoDB.Driver from 2.11.6 to 2.19.0

Release notes

Sourced from MongoDB.Driver's releases.

NET Driver Version 2.19.0 Release Notes

.NET Driver Version 2.19.0 Release Notes

This is the general availability release for the 2.19.0 version of the driver.

The main new features in 2.19.0 include:

  • Atlas Search builders
  • Default LinqProvider changed to LINQ3
  • ObjectSerializer allowed types configuration
  • Bucket and BucketAuto stages support in LINQ3
  • Support Azure VM-assigned Managed Identity for Automatic KMS Credentials
  • Native support for AWS IAM Roles

This version addresses CVE-2022-48282.

ObjectSerializer allowed types configuration

The ObjectSerializer has been changed to only allow deserialization of types that are considered safe. What types are considered safe is determined by a new configurable AllowedTypes function (of type Func<Type, bool>). The default AllowedTypes function is ObjectSerializer.DefaultAllowedTypes which returns true for a number of well-known framework types that we have deemed safe. A typical example might be to allow all the default allowed types as well as your own types. This could be accomplished as follows:

var objectSerializer = new ObjectSerializer(type => ObjectSerializer.DefaultAllowedTypes(type) || type.FullName.StartsWith("MyNamespace"));
BsonSerializer.RegisterSerializer(objectSerializer);

More information about the ObjectSerializer is available in our FAQ.

Default LinqProvider changed to LINQ3

Default LinqProvider has been changed to LINQ3. LinqProvider can be changed back to LINQ2 in the following way:

var connectionString = "mongodb://localhost";
var clientSettings = MongoClientSettings.FromConnectionString(connectionString);
clientSettings.LinqProvider = LinqProvider.V2;
var client = new MongoClient(clientSettings);

If you encounter a bug in LINQ3 provider, please report it in CSHARP JIRA project.

An online version of these release notes is available here.

The full list of issues resolved in this release is available at CSHARP JIRA project.

Documentation on the .NET driver can be found here.

.NET Driver Version 2.18.0 Release Notes

... (truncated)

Commits
  • 3db6a36 Release notes for 2.19.0. (#1013)
  • 790f123 CSHARP-4475: Add an AllowedTypes filter to ObjectSerializer.
  • 8993daa CSHARP-4453: Support Bucket and BucketAuto stages in LINQ3.
  • ec46c34 CSHARP-4490: Fix tests related to asserting wildcardProjection output. (#1011)
  • 9ee046b CSHARP-4182: Support for Range Indexes. (#988)
  • 9189a58 CSHARP-4440: Incorporate MongoDB.Labs.Search library (#989)
  • 0bb42fa CSHARP-4255: Fix bug and some tests. (#993)
  • c0c521e CSHARP-4449: Implement Find projections in LINQ3.
  • 396830c CSHARP-4468: LINQ V3 SelectMany + GroupBy results with redundant $push within...
  • 70ed174 CSHARP-4463: Add aws auth connectivity examples. (#1004)
  • Additional commits viewable in compare view


Updates SixLabors.ImageSharp from 1.0.0-beta0006 to 2.1.7

Release notes

Sourced from SixLabors.ImageSharp's releases.

v2.1.7

What's Changed

Full Changelog: https://github.com/SixLabors/ImageSharp/compare/v2.1.6...v2.1.7

v2.1.6

What's Changed

Full Changelog: https://github.com/SixLabors/ImageSharp/compare/v2.1.5...v2.1.6

v2.1.5

What's Changed

Full Changelog: https://github.com/SixLabors/ImageSharp/compare/v2.1.4...v2.1.5

v2.1.4

What's Changed

Full Changelog: https://github.com/SixLabors/ImageSharp/compare/v2.1.3...v2.1.4

v2.1.3

What's Changed

Full Changelog: https://github.com/SixLabors/ImageSharp/compare/v2.1.2...v2.1.3

v2.1.2

What's Changed

Full Changelog: https://github.com/SixLabors/ImageSharp/compare/v2.1.1...v2.1.2

v2.1.1

What's Changed

... (truncated)

Commits


Updates System.Data.SqlClient from 4.8.2 to 4.8.6

Release notes

Sourced from System.Data.SqlClient's releases.

.NET Core 2.1.0 RC1

Repos

Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/wulfland/AccelerateDevOps/network/alerts).
wulfland commented 5 months ago

@dependabot ignore

dependabot[bot] commented 5 months ago

Sorry, the command you entered is not valid for this pull request. Please check the syntax and try again.

Valid commands: For grouped and multi-dependency PRs, use commands like: @dependabot ignore <dependency name> major version @dependabot ignore <dependency name> minor version @dependabot ignore these dependencies @dependabot ignore <dependency name>

wulfland commented 5 months ago

@dependabot ignore these dependencies

dependabot[bot] commented 5 months ago

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml