Bump FastEndpoints and FastEndpoints.Swagger

[dependabot]

Updated FastEndpoints from 5.32.0 to 7.0.1.

Release notes

Sourced from FastEndpoints's releases.

7.0.1

---

❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current unfortunate state of FOSS, please consider becoming a sponsor and help us beat the odds to keep the project alive and free for everyone.

---

New 🎉

Relocate response sending methods ⚠️

Response sending methods such as SendOkAsync() have been ripped out of the endpoint base class for a better intellisense experience and extensibility.

Going forward, the response sending methods are accessed via the Send property of the endpoint as follows:

public override async Task HandleAsync(CancellationToken c)
{
    await Send.OkAsync("hello world!");
}

In order to add your own custom response sending methods, simply target the IResponseSender interface and write extension methods like so:

static class SendExtensions
{
    public static Task HelloResponse(this IResponseSender sender)
        => sender.HttpContext.Response.SendOkAsync("hello!");
}

This is obviously is a wide-reaching breaking change which can be easily remedied with a quick regex based find & replace. Please see the breaking changes section below for step-by-step instructions on how to migrate. Takes less than a minute.

Send multiple Server-Sent-Event models in a single stream

It is now possible to send different types of data in a single SSE stream with the use of a wrapper type called StreamItem like so:

public override async Task HandleAsync(CancellationToken ct)
{
    await Send.EventStreamAsync(GetMultiDataStream(ct), ct);

    async IAsyncEnumerable<StreamItem> GetMultiDataStream([EnumeratorCancellation] CancellationToken ct)
    {
        long id = 0;

 ... (truncated)

## 6.2

---

## ❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current [unfortunate state of FOSS](https://www.youtube.com/watch?v=H96Va36xbvo), please consider [becoming a sponsor](https://opencollective.com/fast-endpoints) and help us beat the odds to keep the project alive and free for everyone.

---

<!-- <details><summary>title text</summary></details> -->

## New 🎉

<details><summary>Support 'Scope' based access restriction</summary>

Your can now restrict access based on [Scopes](https://oauth.net/2/scope) in tokens (e.g., from OAuth2/OpenID Connect IDPs). Simply specify required scopes using the newly added **Scopes()** method:

```cs
public override void Configure()
{
    Get("/item");
    Scopes("item:read", "item:write");
}

This allows access if the user's "scope" claim includes ANY of the listed values. To require ALL scopes, use ScopesAll() instead.

By default, scopes are read from the "scope" claim, which can be changed like so:

app.UseFastEndpoints(c => c.Security.ScopeClaimType = "scp")

If scope values aren't space-separated, customize parsing like so:

app.UseFastEndpoints(c => c.Security.ScopeParser = input =>
{
    //extract scope values and return a collection of strings
})

Automatic 'Accepts Metadata' for Non-Json requests

In the past, if an endpoint defines a request DTO type, an accepts-metadata of application/json would be automatically added to the endpoint, which would require the user to clear that default metadata if all the properties of the DTO is bound from non-json binding sources such as route/query/header etc.

Now, if the user annotates all the properties of a DTO with the respective non-json binding sources such as the following:

 ... (truncated)

## 6.1

---

## ❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current [unfortunate state of FOSS](https://www.youtube.com/watch?v=H96Va36xbvo), please consider [becoming a sponsor](https://opencollective.com/fast-endpoints) and help us beat the odds to keep the project alive and free for everyone.

---

<!-- <details><summary>title text</summary></details> -->

## New 🎉

<details><summary>Convenience method for retrieving the auto generated endpoint name</summary>

You can now obtain the generated endpoint name like below for the purpose of custom link generation using the `LinkGenerator` class.

```cs
var endpointName = IEndpoint.GetName<SomeEndpoint>();

Auto population of headers in routeless tests

Given a request dto such as the following where a property is decorated with the [FromHeader] attribute:

sealed class Request
{
    [FromHeader]
    public string Title { get; set; }
    public string FirstName { get; set; }
    public string LastName { get; set; }
}

Previously, you had to manually add the header to the request in order for the endpoint to succeed without sending back an error response.
Now you can simply supply the value for the header when making the request as follows, and the header will be automatically added to the request with the value from the property.

var (rsp, res) = await App.Client.POSTAsync<MyEndpoint, Request, string>(
                     new()
                     {
                         Title = "Mrs.",
                         FirstName = "Doubt",
                         LastName = "Fire"
                     });

This automatic behavior can be disabled as follows if you'd like to keep the previous behavior:
... (truncated)

6.0

---

❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current unfortunate state of FOSS, please consider becoming a sponsor and help us beat the odds to keep the project alive and free for everyone.

---

Breaking Changes ⚠️

Support for .NET 6 & 7 has been dropped as those SDKs are no longer supported by Microsoft. In order to use this release of FastEndpoints, you need to be on at least .NET 8.0.4

New 🎉

Support for .NET 10 preview

You can start targeting net10.0 SDK in your FE projects now. Currently preview versions of the dependencies are used.

Generic Pre/Post Processor global registration

Open generic pre/post processors can now be registered globally using the endpoint configurator func like so:

app.UseFastEndpoints(c => c.Endpoints.Configurator = ep => ep.PreProcessors(Order.Before, typeof(MyPreProcessor<>)))

sealed class MyPreProcessor<TRequest> : IPreProcessor<TRequest>
{
    public Task PreProcessAsync(IPreProcessorContext<TRequest> ctx, CancellationToken c)
    {
        ...
    }
}

Middleware pipeline for Command Bus

By popular demand from people moving away from MediatR, a middleware pipeline similar to MediatRs pipeline behaviors has been added to FE's built-in command bus. You just need to write your pipeline/middleware pieces by implementing the interface ICommandMiddleware<TCommand,TResult> and register those pieces to form a middleware pipeline as described in the documentation.

Support 'CONNECT' and 'TRACE' verbs

... (truncated)

5.35

---

❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current unfortunate state of FOSS, please consider becoming a sponsor and help us beat the odds to keep the project alive and free for everyone.

---

New 🎉

Bypass endpoint caching for integration tests

You can now easily test endpoints that have caching enabled, by using a client configured to automatically bypass caching like so:

var antiCacheClient = App.CreateClient(new() { BypassCaching = true });

Mark properties as "bind required"

You can now make the request binder automatically add a validation failure when binding from route params, query params, and form fields by decorating the dto properties if the binding source doesn't provide a value:

sealed class MyRequest
{
    [QueryParam(IsRequired = true)]
    public bool Correct { get; set; }

    [RouteParam(IsRequired = true)]
    public int Count { get; set; }

    [FormField(IsRequired = true)]
    public Guid Id { get; set; }
}

Generic command support for job queues

Closed generic commands can now be registered like so:

app.Services.RegisterGenericCommand<QueueCommand<OrderCreatedEvent>, QueueCommandHandler<OrderCreatedEvent>>();

... (truncated)

5.34

---

❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current unfortunate state of FOSS, please consider becoming a sponsor and help us beat the odds to keep the project alive and free for everyone.

---

New 🎉

Queued job progress tracking

It is now possible to queue a job and track its progress and/or retrieve intermediate results while the command handler executes via the job tracker as documented here.

Global 'JwtCreationOptions' support for refresh token service

If you configure jwt creation options at a global level like so:

bld.Services.Configure<JwtCreationOptions>( o =>  o.SigningKey = "..." ); 

The RefreshTokenService will now take the default values from the global config if you don't specify anything when configuring the token service like below:

sealed class MyTokenService : RefreshTokenService<TokenRequest, TokenResponse>
{
    public MyTokenService
    {
        Setup(o =>
        {         
            //no need to specify token signing key/style/etc. here unless you want to.
            o.Endpoint("/api/refresh-token");
            o.AccessTokenValidity = TimeSpan.FromMinutes(5);
            o.RefreshTokenValidity = TimeSpan.FromHours(4);
        });
    }
}

Global response modifier setting

A new global action has been added which gets triggered right before a response is written to the response stream allowing you to carry out some common logic that should be applied to all endpoints.

... (truncated)

5.33

---

❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current unfortunate state of FOSS, please consider becoming a sponsor and help us beat the odds to keep the project alive and free for everyone.

---

New 🎉

Migrate to xUnit v3 ⚠️

If you're using the FastEndpoints.Testing package in your test projects, take the following steps to migrate your projects:

1. Update all "FastEndpoints" package references in your projects to "5.33.0".
2. In your test project's .csproj file:
   1. Remove the package reference to the xunit v2 package.
   2. Add a package reference to the new xunit.v3 library with version 1.0.0
   3. Change the version of xunit.runner.visualstudio to 3.0.0
3. Build the solution.
4. If there are compilation errors related to the return type of overridden methods in your derived AppFixture<TProgram> classes, such as SetupAsync and TearDownAsync. Change their return type from Task to ValueTask to resolve these errors.
5. If there are any compilation errors related to XUnit.Abstractions namespace not being found, simply delete those "using statements" as that namespace has been removed in xUnit v3.

After doing the above, it should pretty much be smooth sailing, unless your project is affected by the removal of previously deprecated classes as mentioned in the "Breaking Changes" section below.

Eliminate the need for [BindFrom(...)] attribute

Until now, when binding from sources other than JSON body, you had to annotate request DTO properties with the [BindFrom("my_field")] attribute when the incoming field name is different to the DTO property name. A new setting has now been introduced which allows you to use the same property naming policy as the serializer for matching incoming request parameters without having to use any attributes.

app.UseFastEndpoints(c => c.Binding.UsePropertyNamingPolicy = true)

This only applies to properties where you haven't specified the field names manually using an attribute such as [BindFrom(...)], [FromClaim(...)]. [FromHeader(...)] etc.

Control binding sources per DTO property

The default binding order is designed to minimize attribute clutter on DTO models. In most cases, disabling binding sources is unnecessary. However, for rare scenarios where a binding source must be explicitly blocked, you can now do the following:

[DontBind(Source.QueryParam | Source.RouteParam)] 
public string UserID { get; set; } 

... (truncated)

Commits viewable in compare view.

Updated FastEndpoints.Swagger from 5.31.0 to 7.0.1.

Release notes

Sourced from FastEndpoints.Swagger's releases.

7.0.1

---

❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current unfortunate state of FOSS, please consider becoming a sponsor and help us beat the odds to keep the project alive and free for everyone.

---

New 🎉

Relocate response sending methods ⚠️

Response sending methods such as SendOkAsync() have been ripped out of the endpoint base class for a better intellisense experience and extensibility.

Going forward, the response sending methods are accessed via the Send property of the endpoint as follows:

public override async Task HandleAsync(CancellationToken c)
{
    await Send.OkAsync("hello world!");
}

In order to add your own custom response sending methods, simply target the IResponseSender interface and write extension methods like so:

static class SendExtensions
{
    public static Task HelloResponse(this IResponseSender sender)
        => sender.HttpContext.Response.SendOkAsync("hello!");
}

This is obviously is a wide-reaching breaking change which can be easily remedied with a quick regex based find & replace. Please see the breaking changes section below for step-by-step instructions on how to migrate. Takes less than a minute.

Send multiple Server-Sent-Event models in a single stream

It is now possible to send different types of data in a single SSE stream with the use of a wrapper type called StreamItem like so:

public override async Task HandleAsync(CancellationToken ct)
{
    await Send.EventStreamAsync(GetMultiDataStream(ct), ct);

    async IAsyncEnumerable<StreamItem> GetMultiDataStream([EnumeratorCancellation] CancellationToken ct)
    {
        long id = 0;

 ... (truncated)

## 6.2

---

## ❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current [unfortunate state of FOSS](https://www.youtube.com/watch?v=H96Va36xbvo), please consider [becoming a sponsor](https://opencollective.com/fast-endpoints) and help us beat the odds to keep the project alive and free for everyone.

---

<!-- <details><summary>title text</summary></details> -->

## New 🎉

<details><summary>Support 'Scope' based access restriction</summary>

Your can now restrict access based on [Scopes](https://oauth.net/2/scope) in tokens (e.g., from OAuth2/OpenID Connect IDPs). Simply specify required scopes using the newly added **Scopes()** method:

```cs
public override void Configure()
{
    Get("/item");
    Scopes("item:read", "item:write");
}

This allows access if the user's "scope" claim includes ANY of the listed values. To require ALL scopes, use ScopesAll() instead.

By default, scopes are read from the "scope" claim, which can be changed like so:

app.UseFastEndpoints(c => c.Security.ScopeClaimType = "scp")

If scope values aren't space-separated, customize parsing like so:

app.UseFastEndpoints(c => c.Security.ScopeParser = input =>
{
    //extract scope values and return a collection of strings
})

Automatic 'Accepts Metadata' for Non-Json requests

In the past, if an endpoint defines a request DTO type, an accepts-metadata of application/json would be automatically added to the endpoint, which would require the user to clear that default metadata if all the properties of the DTO is bound from non-json binding sources such as route/query/header etc.

Now, if the user annotates all the properties of a DTO with the respective non-json binding sources such as the following:

 ... (truncated)

## 6.1

---

## ❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current [unfortunate state of FOSS](https://www.youtube.com/watch?v=H96Va36xbvo), please consider [becoming a sponsor](https://opencollective.com/fast-endpoints) and help us beat the odds to keep the project alive and free for everyone.

---

<!-- <details><summary>title text</summary></details> -->

## New 🎉

<details><summary>Convenience method for retrieving the auto generated endpoint name</summary>

You can now obtain the generated endpoint name like below for the purpose of custom link generation using the `LinkGenerator` class.

```cs
var endpointName = IEndpoint.GetName<SomeEndpoint>();

Auto population of headers in routeless tests

Given a request dto such as the following where a property is decorated with the [FromHeader] attribute:

sealed class Request
{
    [FromHeader]
    public string Title { get; set; }
    public string FirstName { get; set; }
    public string LastName { get; set; }
}

Previously, you had to manually add the header to the request in order for the endpoint to succeed without sending back an error response.
Now you can simply supply the value for the header when making the request as follows, and the header will be automatically added to the request with the value from the property.

var (rsp, res) = await App.Client.POSTAsync<MyEndpoint, Request, string>(
                     new()
                     {
                         Title = "Mrs.",
                         FirstName = "Doubt",
                         LastName = "Fire"
                     });

This automatic behavior can be disabled as follows if you'd like to keep the previous behavior:
... (truncated)

6.0

---

❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current unfortunate state of FOSS, please consider becoming a sponsor and help us beat the odds to keep the project alive and free for everyone.

---

Breaking Changes ⚠️

Support for .NET 6 & 7 has been dropped as those SDKs are no longer supported by Microsoft. In order to use this release of FastEndpoints, you need to be on at least .NET 8.0.4

New 🎉

Support for .NET 10 preview

You can start targeting net10.0 SDK in your FE projects now. Currently preview versions of the dependencies are used.

Generic Pre/Post Processor global registration

Open generic pre/post processors can now be registered globally using the endpoint configurator func like so:

app.UseFastEndpoints(c => c.Endpoints.Configurator = ep => ep.PreProcessors(Order.Before, typeof(MyPreProcessor<>)))

sealed class MyPreProcessor<TRequest> : IPreProcessor<TRequest>
{
    public Task PreProcessAsync(IPreProcessorContext<TRequest> ctx, CancellationToken c)
    {
        ...
    }
}

Middleware pipeline for Command Bus

By popular demand from people moving away from MediatR, a middleware pipeline similar to MediatRs pipeline behaviors has been added to FE's built-in command bus. You just need to write your pipeline/middleware pieces by implementing the interface ICommandMiddleware<TCommand,TResult> and register those pieces to form a middleware pipeline as described in the documentation.

Support 'CONNECT' and 'TRACE' verbs

... (truncated)

5.35

---

❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current unfortunate state of FOSS, please consider becoming a sponsor and help us beat the odds to keep the project alive and free for everyone.

---

New 🎉

Bypass endpoint caching for integration tests

You can now easily test endpoints that have caching enabled, by using a client configured to automatically bypass caching like so:

var antiCacheClient = App.CreateClient(new() { BypassCaching = true });

Mark properties as "bind required"

You can now make the request binder automatically add a validation failure when binding from route params, query params, and form fields by decorating the dto properties if the binding source doesn't provide a value:

sealed class MyRequest
{
    [QueryParam(IsRequired = true)]
    public bool Correct { get; set; }

    [RouteParam(IsRequired = true)]
    public int Count { get; set; }

    [FormField(IsRequired = true)]
    public Guid Id { get; set; }
}

Generic command support for job queues

Closed generic commands can now be registered like so:

app.Services.RegisterGenericCommand<QueueCommand<OrderCreatedEvent>, QueueCommandHandler<OrderCreatedEvent>>();

... (truncated)

5.34

---

❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current unfortunate state of FOSS, please consider becoming a sponsor and help us beat the odds to keep the project alive and free for everyone.

---

New 🎉

Queued job progress tracking

It is now possible to queue a job and track its progress and/or retrieve intermediate results while the command handler executes via the job tracker as documented here.

Global 'JwtCreationOptions' support for refresh token service

If you configure jwt creation options at a global level like so:

bld.Services.Configure<JwtCreationOptions>( o =>  o.SigningKey = "..." ); 

The RefreshTokenService will now take the default values from the global config if you don't specify anything when configuring the token service like below:

sealed class MyTokenService : RefreshTokenService<TokenRequest, TokenResponse>
{
    public MyTokenService
    {
        Setup(o =>
        {         
            //no need to specify token signing key/style/etc. here unless you want to.
            o.Endpoint("/api/refresh-token");
            o.AccessTokenValidity = TimeSpan.FromMinutes(5);
            o.RefreshTokenValidity = TimeSpan.FromHours(4);
        });
    }
}

Global response modifier setting

A new global action has been added which gets triggered right before a response is written to the response stream allowing you to carry out some common logic that should be applied to all endpoints.

... (truncated)

5.33

---

❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current unfortunate state of FOSS, please consider becoming a sponsor and help us beat the odds to keep the project alive and free for everyone.

---

New 🎉

Migrate to xUnit v3 ⚠️

If you're using the FastEndpoints.Testing package in your test projects, take the following steps to migrate your projects:

1. Update all "FastEndpoints" package references in your projects to "5.33.0".
2. In your test project's .csproj file:
   1. Remove the package reference to the xunit v2 package.
   2. Add a package reference to the new xunit.v3 library with version 1.0.0
   3. Change the version of xunit.runner.visualstudio to 3.0.0
3. Build the solution.
4. If there are compilation errors related to the return type of overridden methods in your derived AppFixture<TProgram> classes, such as SetupAsync and TearDownAsync. Change their return type from Task to ValueTask to resolve these errors.
5. If there are any compilation errors related to XUnit.Abstractions namespace not being found, simply delete those "using statements" as that namespace has been removed in xUnit v3.

After doing the above, it should pretty much be smooth sailing, unless your project is affected by the removal of previously deprecated classes as mentioned in the "Breaking Changes" section below.

Eliminate the need for [BindFrom(...)] attribute

Until now, when binding from sources other than JSON body, you had to annotate request DTO properties with the [BindFrom("my_field")] attribute when the incoming field name is different to the DTO property name. A new setting has now been introduced which allows you to use the same property naming policy as the serializer for matching incoming request parameters without having to use any attributes.

app.UseFastEndpoints(c => c.Binding.UsePropertyNamingPolicy = true)

This only applies to properties where you haven't specified the field names manually using an attribute such as [BindFrom(...)], [FromClaim(...)]. [FromHeader(...)] etc.

Control binding sources per DTO property

The default binding order is designed to minimize attribute clutter on DTO models. In most cases, disabling binding sources is unnecessary. However, for rare scenarios where a binding source must be explicitly blocked, you can now do the following:

[DontBind(Source.QueryParam | Source.RouteParam)] 
public string UserID { get; set; } 

... (truncated)

5.32

---

❇️ Help Keep FastEndpoints Free & Open-Source ❇️

Due to the current unfortunate state of FOSS, please consider becoming a sponsor and help us beat the odds to keep the project alive and free for everyone.

---

New 🎉

.NET 9.0 Support

Migration to .NET 9.0 SDK is now complete. You can now target net9.0 sdk without any issues.

Support for enforcing antiforgery token checks for non-form requests

The antiforgery middleware can now be configured to check antiforgery tokens for any content-type by configuring it like so:

app.UseAntiforgeryFE(additionalContentTypes: ["application/json"])

User configurable Endpoint Name (Operation Id) generation

The endpoint name generation logic can now be overriden at a global level like so:

app.UseFastEndpoints(
       c => c.Endpoints.NameGenerator =
                ctx =>
                {
                    return ctx.EndpointType.Name.TrimEnd("Endpoint");
                })

Global configuration of 'JwtCreationOptions'

You can now configure JwtCreationOptions once globally like so:

bld.Services.Configure<JwtCreationOptions>(
       o =>
 ... (truncated)

Commits viewable in [compare view](https://github.com/FastEndpoints/FastEndpoints/compare/v5.31...v7.0.1).
</details>

You can trigger a rebase of this PR by commenting `@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it
- `@dependabot merge` will merge this PR after your CI passes on it
- `@dependabot squash and merge` will squash and merge this PR after your CI passes on it
- `@dependabot cancel merge` will cancel a previously requested merge and block automerging
- `@dependabot reopen` will reopen this PR if it is closed
- `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
- `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)


</details>

> **Note**
> Automatic rebases have been disabled on this pull request as it has been open for over 30 days.