Dependencies: Update server dependencies (#20385)

* Bump Azure.Identity from 1.13.2 to 1.16.0 * Bump BenchmarkDotNet from 0.14.0 to 0.15.4 * Bump Bogus from 35.6.3 to 35.6.4 * Bump HtmlAgilityPack from 1.12.1 to 1.12.4 * Bump MailKit from 4.11.0 to 4.14.0 * Bump MessagePack from 3.1.3 to 3.1.4 * Bump Microsoft.AspNetCore.Mvc.Testing from 9.0.4 to 9.0.9 * Bump Microsoft.Data.SqlClient from 6.0.1 to 6.1.1 * Bump Microsoft.Extensions.Caching.Hybrid from 9.8.0 to 9.9.0 * Bump Microsoft.Extensions.Logging.Debug from 9.0.4 to 9.0.9 * Bump Microsoft.NET.Test.Sdk from 17.13.0 to 18.0.0 * Bump ncrontab from 3.3.3 to 3.4.0 * Bump Nerdbank.GitVersioning from 3.7.115 to 3.8.118 * Bump OpenIddict packages from 6.2.1 to 7.1.0 * Bump Serilog from 4.2.0 to 4.3.0 * Bump Serilog.Sinks.File from 6.0.0 to 7.0.0 * Bump Swashbuckle.AspNetCore from 8.1.1 to 9.0.6 * Bump System.Data.Odbc from 9.0.4 to 9.0.9 * Bump System.Data.OleDb from 9.0.4 to 9.0.9 * Bump Microsoft.IdentityModel.JsonWebTokens from 8.8.0 to 8.14.0 * Bump SixLabors.ImageSharp.Web from 3.1.5 to 3.2.0 - Implicit global usings were made opt-in (https://github.com/SixLabors/ImageSharp.Web/pull/391) * Bump NJsonSchema from 11.0.2 to 11.5.1 * Bump Microsoft packages from 10.0.0-preview.7.25380.108 to 10.0.0-rc.1.25451.107 * Remove Azure.Identity package reference as implicitly referenced versions are no longer vulnerable * Remove System.Runtime.Caching package reference as it is not used * Remove System.Net.Http package reference as it is not used * Set 'allowPrerelease' to true Global.json was showing as invalid due to a pre-release version being referenced while 'allowPrerelease' was set to 'false'. This can be set to 'false' again later on. * Remove System.Security.Cryptography.Xml package reference as implicitly referenced versions are no longer vulnerable * Remove System.Text.RegularExpressions package reference as implicitly referenced versions are no longer vulnerable * Remove Microsoft.IdentityModel.JsonWebTokens package reference as implicitly referenced versions are no longer vulnerable * Remove System.Text.Encodings.Web package reference as it is not used * Remove Microsoft.Data.SqlClient package reference as implicitly referenced versions are no longer vulnerable * Remove Lucene.Net.Replicator package reference as implicitly referenced versions are no longer vulnerable * Remove Microsoft.Extensions.Caching.Memory package reference where not used * Add EFCore migration for OpenIddict v7 update * Apply suggestion from @kjac Cosmetic update: Removed blank line as suggested by Copilot --------- Co-authored-by: Kenn Jacobsen <kja@umbraco.dk>
2025-10-07 12:13:14 +02:00
parent e3d2001477
commit 1f351244d4
27 changed files with 689 additions and 129 deletions
--- a/src/Umbraco.Infrastructure/Migrations/EFCoreMigration.cs
+++ b/src/Umbraco.Infrastructure/Migrations/EFCoreMigration.cs
@@ -5,4 +5,5 @@ public enum EFCoreMigration
    InitialCreate = 0,
    AddOpenIddict = 1,
    UpdateOpenIddictToV5 = 2,
+    UpdateOpenIddictToV7 = 3,
 }
--- a/src/Umbraco.Infrastructure/Migrations/Upgrade/UmbracoPremigrationPlan.cs
+++ b/src/Umbraco.Infrastructure/Migrations/Upgrade/UmbracoPremigrationPlan.cs
@@ -73,5 +73,8 @@ public class UmbracoPremigrationPlan : MigrationPlan
        //   called by a migration for 15. By using a pre-migration we ensure the lock record is in place when migrating
        //   through 15 versions to the latest.
        To<V_16_2_0.AddDocumentUrlLock>("{5ECCE7A7-2EFC-47A5-A081-FFD94D9F79AA}");
+
+        // To 17.0.0
+        To<V_17_0_0.UpdateToOpenIddictV7>("{D54EE168-C19D-48D8-9006-C7E719AD61FE}");
    }
 }
--- a/src/Umbraco.Infrastructure/Migrations/Upgrade/V_17_0_0/UpdateToOpenIddictV7.cs
+++ b/src/Umbraco.Infrastructure/Migrations/Upgrade/V_17_0_0/UpdateToOpenIddictV7.cs
@@ -0,0 +1,19 @@
+using Umbraco.Cms.Persistence.EFCore.Migrations;
+
+namespace Umbraco.Cms.Infrastructure.Migrations.Upgrade.V_17_0_0;
+
+public class UpdateToOpenIddictV7 : MigrationBase
+{
+    private readonly IEFCoreMigrationExecutor _efCoreMigrationExecutor;
+
+    public UpdateToOpenIddictV7(IMigrationContext context, IEFCoreMigrationExecutor efCoreMigrationExecutor)
+        : base(context)
+    {
+        _efCoreMigrationExecutor = efCoreMigrationExecutor;
+    }
+
+    protected override void Migrate()
+    {
+        _efCoreMigrationExecutor.ExecuteSingleMigrationAsync(EFCoreMigration.UpdateOpenIddictToV7);
+    }
+}
--- a/src/Umbraco.Infrastructure/Umbraco.Infrastructure.csproj
+++ b/src/Umbraco.Infrastructure/Umbraco.Infrastructure.csproj
@@ -66,11 +66,6 @@
    </PackageReference>
  </ItemGroup>

-  <ItemGroup>
-    <!-- Take top-level depedendency on System.Text.RegularExpressions, because Dazinator.Extensions.FileProviders and MiniProfiler.AspNetCore.Mvc depends on a vulnerable version -->
-    <PackageReference Include="System.Text.RegularExpressions" />
-  </ItemGroup>
-
  <ItemGroup>
    <ProjectReference Include="..\Umbraco.Core\Umbraco.Core.csproj" />
  </ItemGroup>