From 3313f8358ead6ae368b4aeddbb087a6584a5722b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Apr 2025 12:12:22 +0000 Subject: [PATCH 1/6] Bump Scalar.AspNetCore (#3147) Bumps the dotnet group in /docs/fundamentals/snippets/custom-urls/AspireApp.Api with 1 update: [Scalar.AspNetCore](https://github.com/scalar/scalar). Updates `Scalar.AspNetCore` from 2.1.13 to 2.1.18 - [Changelog](https://github.com/scalar/scalar/blob/main/RELEASE.md) - [Commits](https://github.com/scalar/scalar/commits) --- updated-dependencies: - dependency-name: Scalar.AspNetCore dependency-version: 2.1.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .../snippets/custom-urls/AspireApp.Api/AspireApp.Api.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/fundamentals/snippets/custom-urls/AspireApp.Api/AspireApp.Api.csproj b/docs/fundamentals/snippets/custom-urls/AspireApp.Api/AspireApp.Api.csproj index 31051730a2..b585815ee1 100644 --- a/docs/fundamentals/snippets/custom-urls/AspireApp.Api/AspireApp.Api.csproj +++ b/docs/fundamentals/snippets/custom-urls/AspireApp.Api/AspireApp.Api.csproj @@ -8,7 +8,7 @@ - + From 6d0b990d505589a5af67955f933a12a67793e960 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Apr 2025 12:13:30 +0000 Subject: [PATCH 2/6] Bump Scalar.AspNetCore (#3149) Bumps the dotnet group in /docs/fundamentals/snippets/http-commands/AspireApp/AspireApp.Api with 1 update: [Scalar.AspNetCore](https://github.com/scalar/scalar). Updates `Scalar.AspNetCore` from 2.1.13 to 2.1.18 - [Changelog](https://github.com/scalar/scalar/blob/main/RELEASE.md) - [Commits](https://github.com/scalar/scalar/commits) --- updated-dependencies: - dependency-name: Scalar.AspNetCore dependency-version: 2.1.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .../http-commands/AspireApp/AspireApp.Api/AspireApp.Api.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/fundamentals/snippets/http-commands/AspireApp/AspireApp.Api/AspireApp.Api.csproj b/docs/fundamentals/snippets/http-commands/AspireApp/AspireApp.Api/AspireApp.Api.csproj index 26f283fd8f..5d5430166d 100644 --- a/docs/fundamentals/snippets/http-commands/AspireApp/AspireApp.Api/AspireApp.Api.csproj +++ b/docs/fundamentals/snippets/http-commands/AspireApp/AspireApp.Api/AspireApp.Api.csproj @@ -12,7 +12,7 @@ - + From 71dc2f739dc026cc0537e8daab4352605ec3a5ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Apr 2025 12:18:21 +0000 Subject: [PATCH 3/6] Bump step-security/harden-runner from 2.11.1 to 2.12.0 (#3150) Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.11.1 to 2.12.0. - [Release notes](https://github.com/step-security/harden-runner/releases) - [Commits](https://github.com/step-security/harden-runner/compare/c6295a65d1254861815972266d5933fd6e532bdf...0634a2670c59f64b4a01f0f96f84700a4088b9f0) --- updated-dependencies: - dependency-name: step-security/harden-runner dependency-version: 2.12.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/check-for-build-warnings.yml | 2 +- .github/workflows/clean-repo.yml | 2 +- .github/workflows/dependabot-bot.yml | 2 +- .github/workflows/dependency-review.yml | 2 +- .github/workflows/dispatch-merge-main-to-live.yml | 2 +- .github/workflows/do-not-merge-label-check.yml | 2 +- .github/workflows/live-protection.yml | 2 +- .github/workflows/markdownlint.yml | 2 +- .github/workflows/no-response.yml | 2 +- .github/workflows/profanity-filter.yml | 2 +- .github/workflows/quest-bulk.yml | 2 +- .github/workflows/quest.yml | 2 +- .github/workflows/scorecards.yml | 2 +- .github/workflows/snippets5000.yml | 2 +- .github/workflows/stale.yml | 2 +- .github/workflows/version-sweep.yml | 2 +- .github/workflows/whats-new-automation.yml | 2 +- 17 files changed, 17 insertions(+), 17 deletions(-) diff --git a/.github/workflows/check-for-build-warnings.yml b/.github/workflows/check-for-build-warnings.yml index 7f89b7788f..2e21cfbd33 100644 --- a/.github/workflows/check-for-build-warnings.yml +++ b/.github/workflows/check-for-build-warnings.yml @@ -17,7 +17,7 @@ jobs: pull-requests: write steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/clean-repo.yml b/.github/workflows/clean-repo.yml index 0f8c5fc6f8..7bdbc121cf 100644 --- a/.github/workflows/clean-repo.yml +++ b/.github/workflows/clean-repo.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/dependabot-bot.yml b/.github/workflows/dependabot-bot.yml index 37876b6792..635d9da0cc 100644 --- a/.github/workflows/dependabot-bot.yml +++ b/.github/workflows/dependabot-bot.yml @@ -26,7 +26,7 @@ jobs: # Checkout the repo into the workspace within the VM steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 70f08cee36..7ea018b5b2 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -17,7 +17,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/dispatch-merge-main-to-live.yml b/.github/workflows/dispatch-merge-main-to-live.yml index 3c3de49896..c96dc3817a 100644 --- a/.github/workflows/dispatch-merge-main-to-live.yml +++ b/.github/workflows/dispatch-merge-main-to-live.yml @@ -22,7 +22,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/do-not-merge-label-check.yml b/.github/workflows/do-not-merge-label-check.yml index 9b3da8908e..da1e748cef 100644 --- a/.github/workflows/do-not-merge-label-check.yml +++ b/.github/workflows/do-not-merge-label-check.yml @@ -22,7 +22,7 @@ jobs: - 'DO NOT MERGE' steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/live-protection.yml b/.github/workflows/live-protection.yml index ffb937975b..f3f9433c32 100644 --- a/.github/workflows/live-protection.yml +++ b/.github/workflows/live-protection.yml @@ -11,7 +11,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/markdownlint.yml b/.github/workflows/markdownlint.yml index 2ce118f6ec..552faf18bf 100644 --- a/.github/workflows/markdownlint.yml +++ b/.github/workflows/markdownlint.yml @@ -27,7 +27,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/no-response.yml b/.github/workflows/no-response.yml index a896f00c5d..ee1fa8674b 100644 --- a/.github/workflows/no-response.yml +++ b/.github/workflows/no-response.yml @@ -20,7 +20,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/profanity-filter.yml b/.github/workflows/profanity-filter.yml index 7d9fdbdf47..f08bdbe3ce 100644 --- a/.github/workflows/profanity-filter.yml +++ b/.github/workflows/profanity-filter.yml @@ -21,7 +21,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/quest-bulk.yml b/.github/workflows/quest-bulk.yml index 41683d6e83..ff00c21fe5 100644 --- a/.github/workflows/quest-bulk.yml +++ b/.github/workflows/quest-bulk.yml @@ -28,7 +28,7 @@ jobs: if: ${{ github.repository_owner == 'dotnet' }} steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/quest.yml b/.github/workflows/quest.yml index 829501efe7..d6b78fe439 100644 --- a/.github/workflows/quest.yml +++ b/.github/workflows/quest.yml @@ -29,7 +29,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 0f540b2d8d..6c3778e4be 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -31,7 +31,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/snippets5000.yml b/.github/workflows/snippets5000.yml index c568995b2f..ded8bfd79b 100644 --- a/.github/workflows/snippets5000.yml +++ b/.github/workflows/snippets5000.yml @@ -34,7 +34,7 @@ jobs: steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 6268383712..1c75a1f641 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -15,7 +15,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/version-sweep.yml b/.github/workflows/version-sweep.yml index 7f9d9d4f54..adb487d220 100644 --- a/.github/workflows/version-sweep.yml +++ b/.github/workflows/version-sweep.yml @@ -33,7 +33,7 @@ jobs: # Start the .NET version updater action # A composite of the .NET Version Sweeper and the .NET Upgrade Assistant - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit diff --git a/.github/workflows/whats-new-automation.yml b/.github/workflows/whats-new-automation.yml index 1c665ddfef..0b60e785b0 100644 --- a/.github/workflows/whats-new-automation.yml +++ b/.github/workflows/whats-new-automation.yml @@ -23,7 +23,7 @@ jobs: steps: - name: Harden Runner - uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1 + uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 with: egress-policy: audit From e16f91a7af0e6de1b137ab023c4428b2b462342c Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Apr 2025 12:21:08 +0000 Subject: [PATCH 4/6] Bump the dotnet group in /docs/real-time/snippets/signalr with 2 updates (#3152) Bumps the dotnet group in /docs/real-time/snippets/signalr with 2 updates: [Microsoft.Azure.SignalR](https://github.com/azure/azure-signalr) and [Scalar.AspNetCore](https://github.com/scalar/scalar). Updates `Microsoft.Azure.SignalR` from 1.30.2 to 1.30.3 - [Release notes](https://github.com/azure/azure-signalr/releases) - [Commits](https://github.com/azure/azure-signalr/compare/v1.30.2...v1.30.3) Updates `Scalar.AspNetCore` from 2.1.13 to 2.1.18 - [Changelog](https://github.com/scalar/scalar/blob/main/RELEASE.md) - [Commits](https://github.com/scalar/scalar/commits) --- updated-dependencies: - dependency-name: Microsoft.Azure.SignalR dependency-version: 1.30.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet - dependency-name: Scalar.AspNetCore dependency-version: 2.1.18 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: dotnet ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .../signalr/SignalR.ApiService/SignalR.ApiService.csproj | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/real-time/snippets/signalr/SignalR.ApiService/SignalR.ApiService.csproj b/docs/real-time/snippets/signalr/SignalR.ApiService/SignalR.ApiService.csproj index 65a60e74ab..97cdc4e40c 100644 --- a/docs/real-time/snippets/signalr/SignalR.ApiService/SignalR.ApiService.csproj +++ b/docs/real-time/snippets/signalr/SignalR.ApiService/SignalR.ApiService.csproj @@ -8,10 +8,10 @@ - + - + From 4ccfc2b35178056ed4535e784adec0100fbf2f7a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Apr 2025 12:35:45 +0000 Subject: [PATCH 5/6] Bump CommunityToolkit.Aspire.Hosting.Dapr (#3153) Bumps the dotnet group in /docs/frameworks/snippets/Dapr with 1 update: [CommunityToolkit.Aspire.Hosting.Dapr](https://github.com/CommunityToolkit/Aspire). Updates `CommunityToolkit.Aspire.Hosting.Dapr` from 9.3.0 to 9.4.0 - [Release notes](https://github.com/CommunityToolkit/Aspire/releases) - [Commits](https://github.com/CommunityToolkit/Aspire/compare/v9.3.0...v9.4.0) --- updated-dependencies: - dependency-name: CommunityToolkit.Aspire.Hosting.Dapr dependency-version: 9.4.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: dotnet ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- docs/frameworks/snippets/Dapr/Dapr.AppHost/Dapr.AppHost.csproj | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/frameworks/snippets/Dapr/Dapr.AppHost/Dapr.AppHost.csproj b/docs/frameworks/snippets/Dapr/Dapr.AppHost/Dapr.AppHost.csproj index 116761f3cd..ad8cbc4d0a 100644 --- a/docs/frameworks/snippets/Dapr/Dapr.AppHost/Dapr.AppHost.csproj +++ b/docs/frameworks/snippets/Dapr/Dapr.AppHost/Dapr.AppHost.csproj @@ -13,6 +13,6 @@ - + \ No newline at end of file From 60e232adbdfe4f352b727e58234bc6dd41734f79 Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 23 Apr 2025 13:08:33 -0500 Subject: [PATCH 6/6] Bump github/codeql-action from 3.28.15 to 3.28.16 (#3151) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.28.15 to 3.28.16. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/45775bd8235c68ba998cffa5171334d58593da47...28deaeda66b76a05916b6923827895f2b14ab387) --- updated-dependencies: - dependency-name: github/codeql-action dependency-version: 3.28.16 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/scorecards.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index 6c3778e4be..66dcfa3a48 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -71,6 +71,6 @@ jobs: # Upload the results to GitHub's code scanning dashboard. - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15 + uses: github/codeql-action/upload-sarif@28deaeda66b76a05916b6923827895f2b14ab387 # v3.28.16 with: sarif_file: results.sarif