Update nuget non-major dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
Altinn.Authorization.ServiceDefaults	5.2.2 → 5.5.0
Altinn.Authorization.ServiceDefaults.Npgsql	5.2.2 → 5.5.0
Altinn.Authorization.ServiceDefaults.Npgsql.Yuniql	5.2.2 → 5.5.0
Altinn.Common.AccessToken	5.1.0 → 5.1.9
Altinn.Common.AccessTokenClient	3.2.0 → 3.2.8
Altinn.Common.PEP	4.2.2 → 4.2.3
Azure.Extensions.AspNetCore.Configuration.Secrets (source)	1.4.0 → 1.5.1
Azure.Identity (source)	1.17.1 → 1.21.0
Azure.Security.KeyVault.Certificates (source)	4.8.0 → 4.9.0
Azure.Security.KeyVault.Secrets (source)	4.8.0 → 4.11.0
Azure.Storage.Queues (source)	12.26.0 → 12.27.0
Microsoft.AspNetCore.Antiforgery (source)	2.3.10 → 2.3.11
Microsoft.AspNetCore.Mvc.Testing (source)	10.0.8 → 10.0.9
Microsoft.Extensions.FileProviders.Embedded (source)	10.0.8 → 10.0.9
Microsoft.Extensions.TimeProvider.Testing (source)	10.6.0 → 10.7.0
Microsoft.IdentityModel.Protocols.OpenIdConnect	8.18.0 → 8.19.1
Microsoft.IdentityModel.Protocols.OpenIdConnect	8.15.0 → 8.19.1
Microsoft.IdentityModel.Tokens	8.18.0 → 8.19.1
Microsoft.NET.Test.Sdk	17.12.0 → 17.14.1
Microsoft.VisualStudio.Web.CodeGeneration.Design	9.0.0 → 9.0.12
Swashbuckle.AspNetCore	10.1.7 → 10.2.1
Swashbuckle.AspNetCore.Annotations	10.1.7 → 10.2.1
System.IdentityModel.Tokens.Jwt	8.18.0 → 8.19.1
System.IdentityModel.Tokens.Jwt	8.15.0 → 8.19.1
System.Linq.AsyncEnumerable (source)	10.0.8 → 10.0.9
coverlet.collector	6.0.2 → 6.0.4
dotnet-ef (source)	5.0.7 → 5.0.17
xunit	2.9.2 → 2.9.3

---

Release Notes

Altinn/altinn-authorization-utils (Altinn.Authorization.ServiceDefaults)

v5.5.0: Altinn.Authorization.ServiceDefaults: v5.5.0

Compare Source

Features

• add app-configuration feature flags support (#​565) (089d5a9)

v5.4.0: Altinn.Authorization.ProblemDetails: v5.4.0

Compare Source

Features

• allow smuggeling an exception in a ProblemInstance (#​557) (e0d9635)

v5.3.1: Altinn.Authorization.ServiceDefaults: v5.3.1

Compare Source

Bug Fixes

• downgrade AccessTokenClient library (#​551) (9e139ba)

v5.3.0: Altinn.Authorization.ProblemDetails: v5.3.0

Compare Source

Features

• add list validation (#​549) (2951df7)

v5.2.6: Altinn.Authorization.ServiceDefaults: v5.2.6

Compare Source

Bug Fixes

• otel log resource name (#​529) (140bd83)

v5.2.5: Altinn.Authorization.ServiceDefaults: v5.2.5

Compare Source

Bug Fixes

• use unified pipeline for otel logging (#​524) (c61fac1)

v5.2.4: Altinn.Authorization.ServiceDefaults: v5.2.4

Compare Source

Bug Fixes

• resource detector ordering (#​522) (bde72f2)

v5.2.3: Altinn.Authorization.ServiceDefaults: v5.2.3

Compare Source

Bug Fixes

• log some otel settings (#​520) (16518f4)

Altinn/altinn-accesstoken (Altinn.Common.AccessToken)

v5.1.9

Compare Source

What's Changed

• chore(deps): update dependency microsoft.sourcelink.github to 10.0.300 by @​renovate[bot] in #​240
• chore(deps): update github/codeql-action action to v4.35.5 - autoclosed by @​renovate[bot] in #​241
• chore(deps): update github/codeql-action action to v4.36.0 by @​renovate[bot] in #​243
• chore(deps): update dependency coverlet.collector to 10.0.1 by @​renovate[bot] in #​242
• chore(deps): update github-actions non-major dependencies to v5.3.0 by @​renovate[bot] in #​244
• chore(deps): update github-actions non-major dependencies by @​renovate[bot] in #​245
• chore(deps): update nuget non-major dependencies by @​renovate[bot] in #​246

Full Changelog: Altinn/altinn-accesstoken@Altinn.Common.AccessToken-5.1.8...Altinn.Common.AccessToken-5.1.9

v5.1.8

Compare Source

What's Changed

• chore(deps): update dependency azure.security.keyvault.secrets to 4.11.0 by @​renovate[bot] in #​239

Full Changelog: Altinn/altinn-accesstoken@Altinn.Common.AccessToken-5.1.7...Altinn.Common.AccessToken-5.1.8

v5.1.7

Compare Source

What's Changed

• chore(deps): update nuget non-major dependencies by @​renovate[bot] in #​235

Full Changelog: Altinn/altinn-accesstoken@Altinn.Common.AccessToken-5.1.6...Altinn.Common.AccessToken-5.1.7

v5.1.6

Compare Source

What's Changed

• chore(deps): update actions/upload-artifact action to v7.0.1 by @​renovate[bot] in #​224
• Chore/rollback overzealous patching by @​SandGrainOne in #​225
• chore(deps): update github/codeql-action action to v4.35.2 by @​renovate[bot] in #​226
• chore(deps): update nuget non-major dependencies by @​renovate[bot] in #​227
• chore(deps): update dependency coverlet.collector to v10 by @​renovate[bot] in #​228
• chore(deps): update dependency microsoft.sourcelink.github to 10.0.203 by @​renovate[bot] in #​231

Full Changelog: Altinn/altinn-accesstoken@Altinn.Common.AccessToken-5.1.5...Altinn.Common.AccessToken-5.1.6

v5.1.5

Compare Source

What's Changed

• chore(deps): update nuget non-major dependencies by @​renovate[bot] in #​221

Full Changelog: Altinn/altinn-accesstoken@Altinn.Common.AccessToken-5.1.4...Altinn.Common.AccessToken-5.1.5

v5.1.3

Compare Source

What's Changed

• chore(deps): update github-actions non-major dependencies by @​renovate[bot] in #​215
• chore(deps): update nuget non-major dependencies by @​renovate[bot] in #​216

Full Changelog: Altinn/altinn-accesstoken@Altinn.Common.AccessToken-5.1.2...Altinn.Common.AccessToken-5.1.3

v5.1.2

Compare Source

What's Changed

• chore(deps): update actions/upload-artifact action to v7 by @​renovate[bot] in #​214
• chore(deps): update nuget non-major dependencies by @​renovate[bot] in #​213

Full Changelog: Altinn/altinn-accesstoken@Altinn.Common.AccessToken-5.1.1...Altinn.Common.AccessToken-5.1.2

v5.1.1

Compare Source

What's Changed

• chore: reduce verbose logging for missing access token by @​olebhansen in #​201
• Long list of dependency updates. See Full Changelog for details.

New Contributors

• @​olebhansen made their first contribution in #​201

Full Changelog: Altinn/altinn-accesstoken@Altinn.Common.AccessTokenClient-3.2.0...Altinn.Common.AccessToken-5.1.1

Azure/azure-sdk-for-net (Azure.Extensions.AspNetCore.Configuration.Secrets)

v1.5.1

Compare Source

1.5.1 (2026-04-29)

Other Changes

• Adopted the new Azure.Core version that includes the identity types moved from Azure.Identity.

v1.5.0

Compare Source

1.5.0 (2025-02-11)

Other Changes

• Updated dependencies to ensure they are up-to-date with the latest targets and trimming from built-in dependencies.

dotnet/dotnet (Microsoft.AspNetCore.Mvc.Testing)

v10.0.9

dotnet/extensions (Microsoft.Extensions.TimeProvider.Testing)

v10.7.0

v10.7.0 graduates the Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes package to stable. The package registers a Kubernetes-aware ResourceQuotaProvider that reads the pod's CPU and memory requests and limits and exposes them to Microsoft.Extensions.Diagnostics.ResourceMonitoring as baseline and maximum quotas, which then feed the request and limit dimensions of the published resource utilization metrics. The companion ResourceQuota and ResourceQuotaProvider types in Microsoft.Extensions.Diagnostics.ResourceMonitoring graduate to stable in the same change so that consumers can implement custom quota providers without taking an experimental dependency.

On the AI side, Microsoft.Extensions.AI.OpenAI moves to OpenAI 2.11.0 and fixes a deserialization bug in ToolJson.AdditionalProperties so that JSON Schema additionalProperties values shaped as sub-schema objects (for example {"type":"string"}) are preserved instead of throwing during deserialization. HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt graduate to stable since both values are consistently available across hosted-file providers, while Purpose and Scope remain experimental as provider-shaped vocabulary. FunctionInvokingChatClient drops a backward-compat path that auto-marked ToolApprovalResponseContent entries with InformationalOnly: true; consumers that need to continue accepting sessions serialized before #​7468 can use the sample ApprovalHistoryNormalizingChatClient middleware added in the test project.

Experimental API Changes

Now Stable

• Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes package is now stable #​7253
• Resource Monitoring ResourceQuota and ResourceQuotaProvider APIs are now stable (previously EXTEXP0008) #​7253
• HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt are now stable (previously MEAI001) #​7513

What's Changed

AI

• Graduate HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt #​7513 by @​jozkee (co-authored by @​Copilot)
• Remove backward-compat InformationalOnly case from FICC; suggest middleware workaround #​7538 by @​jozkee (co-authored by @​Copilot)
• Upgrade OpenAI package from 2.10.0 to 2.11.0 #​7544 by @​jozkee (co-authored by @​Copilot)
• Fix ToolJson.AdditionalProperties to accept sub-schema objects #​7546 by @​jozkee (co-authored by @​Copilot)

Diagnostics, Health Checks, and Resource Monitoring

• Move Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes to stable #​7253 by @​amadeuszl (co-authored by @​Copilot)

Repository Infrastructure Updates

• [main] Update dependencies from dotnet/arcade #​7521
• Bump dotnet-reportgenerator-globaltool from 5.5.9 to 5.5.10 #​7522
• Bump dotnet-coverage from 18.6.2 to 18.7.0 #​7530
• Bump PowerShell from 7.6.1 to 7.6.2 #​7531
• Bump qs from 6.15.1 to 6.15.2 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7532
• [main] Update dependencies from dotnet/arcade #​7534
• Bump tmp from 0.2.5 to 0.2.6 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7537

Acknowledgements

• @​ericstj submitted issue #​7509 (resolved by #​7544)
• @​scottt732 submitted issue #​7540 (resolved by #​7546)
• @​DeagleGross @​wtgodbe @​dariusclay @​evgenyfedorov2 @​peterwald @​PranavSenthilnathan @​shyamnamboodiripad @​stephentoub @​tarekgh reviewed pull requests

Full Changelog: dotnet/extensions@v10.6.0...v10.7.0

AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet (Microsoft.IdentityModel.Protocols.OpenIdConnect)

v8.19.1

Compare Source

====

Bug Fixes

• Update JwtSecurityTokenHandler for IssuerSigningKeyResolverUsingConfiguration to take priority over IssuerSigningKeyResolver, matching the documented contract and the correct behavior already present in JsonWebTokenHandler. See PR #​3519.

v8.19.0

Compare Source

====

New Features

• Add ML-DSA (FIPS 204) post-quantum signature support. See PR #​3479.
• Cache custom crypto providers in CryptoProviderFactory. See PR #​3489.

Bug Fixes

• Disable automatic redirects on default HttpClient for JKU retrieval. See PR #​3494.
• Adjust rented buffer handling in claim set parsing. See PR #​3493.
• Tidy null handling in SAML conditions validation. See PR #​3491.
• Improve validation of jku claim. See PR #​3481.
• Limit telemetry algorithm dimension cardinality. See PR #​3490.
• Add defensive copy of collections in ValidationParameters. See PR #​3492.
• Update TokenValidationParameter copy constructor to make a deep copy. See PR #​3488.
• Update to fail-closed when replay protection isn't configured and other DPoP hardening. See PR #​3505.
• Apply RFC 3986 section 6.2.2 normalization to DPoP htu comparison. See PR #​3509.

microsoft/vstest (Microsoft.NET.Test.Sdk)

v17.14.1

What's Changed

• Error on unsupported target frameworks to prevent silently not running tests by @​nohwnd in #​15072 and #​15078
• Revert writing additional properties to TRX by @​nohwnd in 47eb51b

Full Changelog: microsoft/vstest@v17.14.0...v17.14.1

v17.14.0

What's Changed

.NET versions updated

This version of VS Test upgraded .NET to net8 and net9. All projects targeting net6.0 (or other end-of-life .NET target frameworks) should pin their version of Microsoft.NET.Test.SDK to 17.13.0, or update the projects to net8 or newer. We remain backwards compatible with previous versions of Microsoft.NET.Test.SDK. This change does NOT prevent you from:

• Updating to the latest VS, and running tests from net6.0 test projects.
• Updating to the latest .NET SDK, and running tests from net6.0 test projects.

It also has no impact on .NET Framework projects, where we continue targeting .NET Framework 4.6.2.

• Drop unsupported frameworks by @​nohwnd in #​10565

Changes

• Adding Process Query Flag For UWP .NET 9 Support by @​adstep in #​15003
• Fix builds on WinUI and UWP .NET 9 projects by @​Sergio0694 in #​15004
• don't report communication error on discovery abort by @​nohwnd in #​14992
• Add dump minitool to vsix by @​nohwnd in #​14707
• Make test runners long-path aware (#​5179) by @​peetw in #​15014
• Fix trace in DataCollectionRequestSender.cs by @​stan-sz in #​15025
• Fix/readme grammar parallelism by @​dellch in #​15030
• Add binding redirects by @​nohwnd in #​15041
• Write props of tests into trx by @​nohwnd in #​14905

Internal version updates and fixes

• Update io.redist by @​nohwnd in #​13872
• Use preview image for public build by @​nohwnd in #​13888
• Remove xcopy-msbuild by @​nohwnd in #​14138
• Move to macos14 by @​nohwnd in #​14137
• Update diagnose.md by @​nohwnd in #​14776
• hash with sha2 for mutex lock by @​nohwnd in #​14777
• Update test projects for vmr by @​nohwnd in #​14894
• 17.14 branding by @​nohwnd in #​14903
• Update filter.md for NUnit by @​OsirisTerje in #​14987
• Flag netstandard1.x dependencies in source-build by @​ViktorHofer in #​14986
• Use VS dependencies versions from release VS to have archived symbols by @​nohwnd in #​14991
• Remove extra ; by @​nohwnd in #​14995
• Use dependencymodel 6.0.2 by @​nohwnd in #​14996
• Make Testhost packable only on Windows by @​mmitche in #​15001
• Add system text json to vsix by @​nohwnd in #​15034
• Add more files to vsix by @​nohwnd in #​15038
• Remove unnecessary CA2022 suppressions by @​Winniexu01 in #​15035
• Update package project url by @​mmitche in #​15040

New Contributors

• @​OsirisTerje made their first contribution in #​14987
• @​adstep made their first contribution in #​15003
• @​Sergio0694 made their first contribution in #​15004
• @​peetw made their first contribution in #​15014
• @​dellch made their first contribution in #​15030
• @​Winniexu01 made their first contribution in #​15035

Full Changelog: microsoft/vstest@v17.13.0...v17.14.0

v17.13.0

What's Changed

• Add letter number among valid identifiers in class name by @​nohwnd in #​13868

• Fix formatting in Runner by @​mthalman in #​13871

• Downgrade xunit skip warning to info by @​nohwnd in #​10381

• Add msdia for arm64 into nuget by @​nohwnd in #​10382

• Enable native debugging for vstest.console by @​ocitrev in #​10401

• Fix RFCs links by @​Youssef1313 in #​10424

• Convert to auto property by @​nohwnd in #​10365

• Update Versions.props by @​nohwnd in #​10378

• Enable TSA by @​jakubch1 in #​10385

• Arm64 dia by @​nohwnd in #​10390

• Update source-build team references by @​MichaelSimons in #​10388

• Exclude .signature.p7s from nupkg file count by @​ellahathaway in #​10418

• Set NetCurrent so that it doesn't roll forward automatically by @​ViktorHofer in #​10622

New Contributors

• @​ocitrev made their first contribution in #​10401
• @​Youssef1313 made their first contribution in #​10424

Full Changelog: microsoft/vstest@v17.12.0...v17.13.0

domaindrivendev/Swashbuckle.AspNetCore (Swashbuckle.AspNetCore)

v10.2.1

What's Changed

• Update Microsoft.OpenApi to 2.7.5 to pick up fix for GHSA-v5pm-xwqc-g5wc by @​martincostello in #​3974

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.2.0...v10.2.1

v10.2.0

What's Changed

• Add MapSwaggerUI and MapReDoc to support endpoint routing by @​Strepto in #​3822
• Bump version to 10.2.0 by @​martincostello in #​3872
• Bump swagger-ui-dist from 5.32.1 to 5.32.2 by @​dependabot in #​3883
• Support HEAD requests by @​snebjorn in #​3887
• Use IAsyncSwaggerProvider in CLI tofile command by @​bt-Knodel in #​3910
• Pin runner images by @​martincostello in #​3944
• Disable npm install scripts by @​martincostello in #​3946
• Bump redoc from 2.5.2 to 2.5.3 by @​dependabot in #​3967

New Contributors

• @​Strepto made their first contribution in #​3822
• @​snebjorn made their first contribution in #​3887
• @​bt-Knodel made their first contribution in #​3910

Full Changelog: domaindrivendev/Swashbuckle.AspNetCore@v10.1.7...v10.2.0

coverlet-coverage/coverlet (coverlet.collector)

v6.0.4

Fixed

• Fix empty coverage report when using include and exclude filters #​1726

Diff between 6.0.3 and 6.0.4

v6.0.3

Fixed

• Fix RuntimeConfigurationReader to support self-contained builds #​1705 by https://github.com/pfeigl
• Fix inconsistent filenames with UseSourceLink after .NET 8 #​1679
• Fix hanging tests #​989
• Fix coverlet instrumentation becomes slow after installing dotnet sdk 8.0.200 #​1620
• Fix upgrading v6.0.1 to v6.0.2 increases instrumentation time #​1649
• Fix Unable to instrument module - NET 8 #​1631
• Fix slow modules filtering process #​1646 by https://github.com/BlackGad
• Fix incorrect coverage await using in generic method #​1490

Improvements

• Cache the regex used in InstrumentationHelper #​1693
• Enable dotnetTool integration tests for linux #​660

Diff between 6.0.2 and 6.0.3

---

Configuration

📅 Schedule: (in timezone Europe/Oslo)

• Branch creation
  • "before 07:00 on Thursday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.