[deps]: Update nuget minor

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
Azure.Extensions.AspNetCore.DataProtection.Keys (source)	1.3.0 -> 1.6.1
Azure.Identity (source)	1.13.2 -> 1.15.0
Bogus	35.6.1 -> 35.6.3
Fido2	4.0.0-beta.16 -> 4.0.0
Fido2.AspNet	4.0.0-beta.16 -> 4.0.0
Fido2.Models	4.0.0-beta.16 -> 4.0.0
MailKit (source)	4.9.0 -> 4.13.0
MartinCostello.Logging.XUnit	0.5.1 -> 0.6.0
MessagePack	3.1.1 -> 3.1.4
MessagePackAnalyzer	3.1.1 -> 3.1.4
Microsoft.AspNetCore.Cryptography.KeyDerivation (source)	9.0.1 -> 9.0.8
Microsoft.AspNetCore.DataProtection.EntityFrameworkCore (source)	9.0.1 -> 9.0.8
Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore (source)	9.0.1 -> 9.0.8
Microsoft.AspNetCore.Identity.EntityFrameworkCore (source)	9.0.1 -> 9.0.8
Microsoft.AspNetCore.Identity.UI (source)	9.0.1 -> 9.0.8
Microsoft.AspNetCore.Mvc.Testing (source)	9.0.1 -> 9.0.8
Microsoft.AspNetCore.OpenApi (source)	9.0.1 -> 9.0.8
Microsoft.EntityFrameworkCore (source)	9.0.1 -> 9.0.8
Microsoft.EntityFrameworkCore.Design (source)	9.0.1 -> 9.0.8
Microsoft.EntityFrameworkCore.InMemory (source)	9.0.1 -> 9.0.8
Microsoft.EntityFrameworkCore.Relational (source)	9.0.1 -> 9.0.8
Microsoft.EntityFrameworkCore.SqlServer (source)	9.0.1 -> 9.0.8
Microsoft.EntityFrameworkCore.Sqlite (source)	9.0.1 -> 9.0.8
Microsoft.EntityFrameworkCore.Tools (source)	9.0.1 -> 9.0.8
Microsoft.Extensions.Configuration.Abstractions (source)	9.0.1 -> 9.0.8
Microsoft.Extensions.Diagnostics.HealthChecks.EntityFrameworkCore (source)	9.0.1 -> 9.0.8
Microsoft.Extensions.Logging.Abstractions (source)	9.0.1 -> 9.0.8
Microsoft.Extensions.TimeProvider.Testing (source)	9.1.0 -> 9.8.0
Microsoft.FeatureManagement.AspNetCore	4.0.0 -> 4.3.0
Microsoft.NET.Test.Sdk	17.12.0 -> 17.14.1
Selenium.WebDriver (source)	4.28.0 -> 4.35.0
Serilog.Sinks.Datadog.Logs	0.5.4 -> 0.5.6
System.Configuration.ConfigurationManager (source)	9.0.1 -> 9.0.8
Testcontainers.MsSql (source)	4.1.0 -> 4.7.0
bunit (source)	1.38.5 -> 1.40.0
xunit.runner.visualstudio	3.0.1 -> 3.1.4

---

Release Notes

Azure/azure-sdk-for-net (Azure.Extensions.AspNetCore.DataProtection.Keys)

v1.6.1

Compare Source

1.6.1 (2025-06-23)

Acknowledgments

Thank you to our developer community members who helped to make the Event Hubs client libraries better with their contributions to this release:

• Mike Alhayek (GitHub)

Bugs Fixed

• Updated ConfigureKeyManagementKeyVaultEncryptorClientOptions to ensure that its dependencies were resolved in the correct scope to prevent issues due to lifetime drift. Previously, a new scope was created to resolve AzureKeyVaultXmlEncryptor. However, AzureKeyVaultXmlEncryptor is registered as a singleton and should be resolved from the same scope in which the options are being configured. Creating a new scope introduced unnecessary overhead and potential for unexpected behavior due to differences in service lifetime management. (A community contribution, courtesy of danielmarbach)

v1.6.0

Compare Source

1.6.0 (2025-05-19)

Features Added

• Overloads were added to accept a Uri-typed key identifier to all protection methods. (A community contribution, courtesy of MattKotsenas)

v1.5.0

Compare Source

1.5.0 (2025-05-06)

Acknowledgments

Thank you to our developer community members who helped to make the Event Hubs client libraries better with their contributions to this release:

• Matt Kotsenas (GitHub)

Features Added

• An overload was added to ProtectKeysWithAzureKeyVault which allows for resolving the key identifier dynamically using IServiceProvider rather than using a static identifier. (A community contribution, courtesy of MattKotsenas)

v1.4.0

Compare Source

1.4.0 (2024-11-26)

Other Changes

• Updated dependency Microsoft.Extensions.DependencyInjection to version 8.0.11
• Updated dependency Microsoft.Bcl.AsyncInterfaces to version 8.0.0

bchavez/Bogus (Bogus)

v35.6.3

Release Date: 2025-04-12

• Issue 601: Fixes Internet.Avatar() URL generation. Moves from Cloudflare IPFS to IPFS.io.
• Fixed broken checksum calculation test in BelgianExtensionTests.
• .NET SDK 9 now required for builds. Various C# improvements and modernizations. Thanks @​SimonCropp!

v35.6.2

Release Date: 2025-02-20

• PR 584: Pack LICENSE file with NuGet package. Also, use ProjectIcon.
• Issue 581: Fix Randomizer.ULong() arithmetic overflow. Thanks @​reuterma24!
• PR 586: Use .NET 9 SDK build tooling. Thanks @​SimonCropp!
• PR 587: Fix CS1584 incorrect use of cref in XML doc comment. Thanks @​SimonCropp!
• PR 589: Unlock ability to use any .NET SDK build tooling on AppVeyor. Thanks @​SimonCropp!

passwordless-lib/fido2-net-lib (Fido2)

v4.0.0: - At last

Compare Source

I believe it's finally time to ship a new stable version, after shipping 17 betas of the 4.0.0 branch.

4.0 contains lots of breaking changes to the API, but also contains support for modern .net features and a lot of cleanups in terms of the webauthn implementation.

We wanted to include some refreshments to our MDS implementation and use of cache -- but we're punting it to a future release.

Here's a migration guide, authored by claude ai to get you started: https://github.com/passwordless-lib/fido2-net-lib/blob/main/Documentation/migration-guide-4.0.0.md

What's Changed

• Added draft of Vulnerability Disclosure Program by @​abergs in #​315
• Format Tests by @​iamcarbon in #​320
• fix: usernameless demos by @​imqdee in #​324
• Improve exception handling by @​iamcarbon in #​323
• Improve Code Quality by @​iamcarbon in #​326
• Updated sourcelink by @​abergs in #​327
• Fix serialization error in Demo. Fixes #​328 by @​abergs in #​329
• added [DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicFields)] annotations to generic enums by @​filipw in #​330
• Check return value from Base64.DecodeFromUtf8InPlace(), throw if error by @​aseigler in #​331
• Implement support for apple-appattest attestation format by @​aseigler in #​322
• Add Mac and Linux to test pipeline by @​aseigler in #​332
• Pipelines fixes by @​abergs in #​333
• Support ResidentKeyRequirement by @​dIeGoLi in #​311
• Use file scoped namespaces by @​iamcarbon in #​343
• Fix TestAppleAppAttestProd test on macOS & Linux by @​iamcarbon in #​347
• Fixed clientDataJSON name by @​namespacedevbox in #​348
• Improve error handling by @​iamcarbon in #​344
• Update link in Readme by @​mlh758 in #​354
• Update tests to get clean CI by @​aseigler in #​355
• Fixes Fido2Configuration.FullyQualifiedOrigins contains a null entry when configured from a configuration section on .NET 7 in #​360
• Improve Code Quality by @​iamcarbon in #​352
• Fix Conformance Test by @​iamcarbon in #​363
• Strongly type AaGuid by @​iamcarbon in #​362
• SourceLink consolidation by @​Regenhardt in #​384
• WIP: Support device public key and passkeys by @​aseigler in #​356
• Simplify enum mapping & update specification links by @​iamcarbon in #​368
• Make Origins readonly by @​Regenhardt in #​393
• Feature/blazor wasm by @​Regenhardt in #​379
• Use correct Origin in Blazor example by @​abergs in #​408
• Support for PRF Extension by @​kspearrin in #​390
• Improve Code Quality by @​iamcarbon in #​405
• Fix demo project starting exception: change TargetFrameworks to TargetFramework by @​yedidyas in #​403
• Fix AuthenticationExtensionsClientInputs Example json prop name for conformance tests by @​yedidyas in #​404
• [WIP] Make AuthenticatorData immutable and strongly type throughout library by @​iamcarbon in #​412
• Add .bool to Output aswell by @​abergs in #​409
• Added Enterprise attestation by @​abergs in #​410
• Prefer Ed25519 when available by @​abergs in #​413
• Add CredentialPropertiesOuput (RK Support) by @​abergs in #​411
• Enable C# 11 and embed base64 encoded certificates as UTF-8 data by @​iamcarbon in #​414
• Cleanup by @​iamcarbon in #​417
• Improve Code Quality by @​iamcarbon in #​421
• [WIP] Improve Code Quality by @​iamcarbon in #​422
• dotnet format by @​abergs in #​425
• Breakout development services & improve naming by @​iamcarbon in #​427
• Add smart-card and hybrid transports by @​dbeinder in #​430
• Use DateTimeOffset by @​joegoldman2 in #​434
• Remove AuthenticatorSelection extension by @​joegoldman2 in #​435
• Rename Fido2NetLib.cs file to Fido2.cs in order to match with the class name by @​joegoldman2 in #​438
• Update to latest version of FIDO Metadata Service by @​joegoldman2 in #​442
• Fix GitHub repository url by @​joegoldman2 in #​451
• Update System.IdentityModel.Tokens.Jwt and xunit by @​iamcarbon in #​431
• Rename CredentialMakeResult to MakeNewCredentialResult and adjust its namespace by @​joegoldman2 in #​433
• Remove hardcoded Metadata Service BLOB url to allow users to override it by @​joegoldman2 in #​444
• Add some missing comments on public methods by @​joegoldman2 in #​440
• Rename AuthenticatorAttestationRawResponse.ResponseData to AttestationResponse by @​joegoldman2 in #​455
• Rename clientDataJson to clientDataJSON by @​joegoldman2 in #​450
• Align MSBuild properties across all projects by @​joegoldman2 in #​437
• Update timeout data type to ulong by @​joegoldman2 in #​462
• Rename origChallenge parameter in Fido2.MakeNewCredentialAsync by @​joegoldman2 in #​460
• Added github workflow for building, testing and packing by @​abergs in #​464
• Removed publishing step from PRs by @​abergs in #​475
• Use net8.0 SDK by @​iamcarbon in #​468
• Map authenticator transports on server side by @​joegoldman2 in #​453
• List<PublicKeyCredentialDescriptor>/IEnumerable<PublicKeyCredentialDescriptor> to IReadOnlyList<PublicKeyCredentialDescriptor> by @​joegoldman2 in #​447
• Update AttestationVerifier api to Async by @​iamcarbon in #​458
• Remove binary serialization by @​iamcarbon in #​465
• Change List<byte[]> storedDevicePublicKeys to IReadOnlyList<byte[]> by @​joegoldman2 in #​477
• Publish packages to nuget by @​abergs in #​479
• Pubhlish to nuget by @​abergs in #​481
• Pubhlish to nuget by @​abergs in #​483
• Pubhlish to nuget by @​abergs in #​484
• Rename 'extensions' to 'clientExtensionResults' for deserialization by @​jonashendrickx in #​474
• Rename extensions to clientExtensionResults by @​joegoldman2 in #​485
• [Draft] Add credProtect extension to Fido2.Models by @​dbeinder in #​448
• Migrate to Microsoft.IdentityModel.JsonWebTokens by @​iamcarbon in #​476
• Tidy up tests by @​iamcarbon in #​494
• Review lifecycle of services registered in the DI container by @​joegoldman2 in #​459
• Drop assertion-time attestation by @​joegoldman2 in #​499
• Generate XML documentation file by @​joegoldman2 in #​502
• Tidying by @​iamcarbon in #​500
• Update to .NET 8 by @​joegoldman2 in #​503
• Rename Base64Converter.cs to Base64UrlConverter.cs by @​joegoldman2 in #​506
• NuGet.org signatures have been updated - Fix Build by @​jonashendrickx in #​525
• Added authenticatorDisplayName to ClientPropertiesOutput by @​aritma-fredrikef in #​526
• Improve Code Quality by @​iamcarbon in #​509
• Add support for largeBlob extension by @​geel9 in #​508
• Missing nullable enable due to merges by @​abergs in #​527
• Implement PublicKeyCredentialHint for WebAuthn L3 by @​jonashendrickx in #​524
• Resolve StoredCredential.Descriptor at access(?) by @​abergs in #​528
• Remove base-class, Status and ErrorMessage by @​abergs in #​529
• Update MetadataStatement to include friendly names by @​joegoldman2 in #​544
• conformance 1.7.20 4 by @​abergs in #​531
• Fixing demo project makeAssertionOptions.status processing by @​Fasjeit in #​551
• Move Test folder to Tests/Fido2.Tests by @​joegoldman2 in #​549
• Various cleanup by @​joegoldman2 in #​558
• Wrap arguments into classes by @​abergs in #​556
• README.md Medium link fixed by @​jiiggy in #​539
• Supporting attestation formats by @​jonashendrickx in #​530
• Drop support for device public key (dpk) by @​abergs in #​567
• Update Dependencies by @​iamcarbon in #​569
• Change TPM manufacturer sting comparison handling by @​aseigler in #​568
• Move KeyTypeParameter validation from CredentialPublicKey.Verify() into constructors by @​aseigler in #​571
• use coerceToArrayBuffer to post-process assertion options in Demo js by @​dradovic in #​467
• AuthenticatorSelection Default to discourage UV by @​abergs in #​564
• Fix attestationObj camelCase by @​abergs in #​576
• Change AuthenticatorSelection.Default ResidentKey from discouraged to Preferred by @​abergs in #​563
• Use BCL Base64Url implementation by @​iamcarbon in #​575
• Introduce wrapping objects for Options-methods by @​abergs in #​562
• Explain EnableRelaxedDecoding by @​abergs in #​578
• Allow customised pubKeyCredParams by @​abergs in #​579
• [Models] Enable nullable (1 of x) by @​iamcarbon in #​581
• [Models] Enable nullable (2 of 2) by @​iamcarbon in #​585
• Update Github actions by @​Regenhardt in #​590
• Base64Url Id instead of byte[] by @​Regenhardt in #​586
• Update Dependencies by @​ektrah in #​595
• Allow github push to fail while pushing to nuget by @​abergs in #​596
• fix nuget force by @​abergs in #​597
• Conformance fix: Remove trustpath subject-issuer comparison by @​abergs in #​555

New Contributors

• @​imqdee made their first contribution in #​324
• @​filipw made their first contribution in #​330
• @​namespacedevbox made their first contribution in #​348
• @​mlh758 made their first contribution in #​354
• @​Regenhardt made their first contribution in #​384
• @​kspearrin made their first contribution in #​390
• @​yedidyas made their first contribution in #​403
• @​dbeinder made their first contribution in #​430
• @​joegoldman2 made their first contribution in #​434
• @​jonashendrickx made their first contribution in #​474
• @​aritma-fredrikef made their first contribution in #​526
• @​geel9 made their first contribution in #​508
• @​Fasjeit made their first contribution in #​551
• @​jiiggy made their first contribution in #​539
• @​dradovic made their first contribution in #​467
• @​ektrah made their first contribution in #​595

Full Changelog: passwordless-lib/fido2-net-lib@v3.0.1...4.0.0

v4.0.0-beta9

Compare Source

What's Changed

• Rename 'extensions' to 'clientExtensionResults' for deserialization by @​jonashendrickx in #​474

New Contributors

• @​jonashendrickx made their first contribution in #​474

Full Changelog: passwordless-lib/fido2-net-lib@4.0.0-beta8...4.0.0-beta9

v4.0.0-beta8

What's Changed

• Pubhlish to nuget by @​abergs in #​484

Full Changelog: passwordless-lib/fido2-net-lib@4.0.0-beta7...4.0.0-beta8

v4.0.0-beta3: 4.0.0-beta3

https://www.nuget.org/packages/Fido2/4.0.0-beta3

What's Changed

• Make Origins readonly by @​Regenhardt in #​393
• Feature/blazor wasm by @​Regenhardt in #​379
• Use correct Origin in Blazor example by @​abergs in #​408
• Support for PRF Extension by @​kspearrin in #​390
• Improve Code Quality by @​iamcarbon in #​405
• Fix demo project starting exception: change TargetFrameworks to TargetFramework by @​yedidyas in #​403
• Fix AuthenticationExtensionsClientInputs Example json prop name for conformance tests by @​yedidyas in #​404
• [WIP] Make AuthenticatorData immutable and strongly type throughout library by @​iamcarbon in #​412
• Add .bool to Output aswell by @​abergs in #​409
• Added Enterprise attestation by @​abergs in #​410
• Prefer Ed25519 when available by @​abergs in #​413
• Add CredentialPropertiesOuput (RK Support) by @​abergs in #​411

New Contributors

• @​kspearrin made their first contribution in #​390
• @​yedidyas made their first contribution in #​403

Full Changelog: passwordless-lib/fido2-net-lib@v4.0.0-beta2...v4.0.0-beta3

v4.0.0-beta2: v4.0.2 Beta2

https://nuget.org/packages/fido2/4.0.0-beta2

What's Changed

• WIP: Support device public key and passkeys by @​aseigler in #​356
• Simplify enum mapping & update specification links by @​iamcarbon in #​368

Full Changelog: passwordless-lib/fido2-net-lib@4.0.0-beta1...v4.0.0-beta2

v4.0.0-beta10

Compare Source

What's Changed

• Rename extensions to clientExtensionResults by @​joegoldman2 in #​485

Full Changelog: passwordless-lib/fido2-net-lib@4.0.0-beta9...4.0.0-beta10

v4.0.0-beta1: 🌈

Compare Source

Changes

• SourceLink consolidation @​Regenhardt (#​384)
• Fix Conformance Test @​iamcarbon (#​363)
• Improve Code Quality @​iamcarbon (#​352)
• Update link in Readme @​mlh758 (#​354)
• Improve error handling @​iamcarbon (#​344)
• Fix TestAppleAppAttestProd test on macOS & Linux @​iamcarbon (#​347)
• Use file scoped namespaces @​iamcarbon (#​343)
• Support ResidentKeyRequirement @​dIeGoLi (#​311)
• Pipelines fixes @​abergs (#​333)
• Improve Code Quality @​iamcarbon (#​326)

💥 Breaking change

• Strongly type AaGuid @​iamcarbon (#​362)

🚀 Features and enhancements

• Strongly type AaGuid @​iamcarbon (#​362)
• Fixes Fido2Configuration.FullyQualifiedOrigins contains a null entry when configured from a configuration section on .NET 7 @​ghost (#​360)
• Add Mac and Linux to test pipeline @​aseigler (#​332)
• Implement support for apple-appattest attestation format @​aseigler (#​322)
• added [DynamicallyAccessedMembers(DynamicallyAccessedMemberTypes.PublicFields)] annotations to generic enums @​filipw (#​330)

🐛 Bug Fixes

• Check return value from Base64.DecodeFromUtf8InPlace

---

Configuration

📅 Schedule: Branch creation - "every 2nd week starting on the 2 week of the year before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 36.65%. Comparing base (6bbabde) to head (736d1d1).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #802   +/-   ##
=======================================
  Coverage   36.65%   36.65%           
=======================================
  Files         579      579           
  Lines       31293    31293           
  Branches      897      897           
=======================================
  Hits        11472    11472           
  Misses      19678    19678           
  Partials      143      143           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.