Skip to content

chore(deps): Bump the nuget-dependencies group with 4 updates#70

Open
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/nuget/JD.Writer.E2E/nuget-dependencies-c2ed05182a
Open

chore(deps): Bump the nuget-dependencies group with 4 updates#70
dependabot[bot] wants to merge 2 commits into
mainfrom
dependabot/nuget/JD.Writer.E2E/nuget-dependencies-c2ed05182a

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Updated Microsoft.NET.Test.Sdk from 18.6.0 to 18.7.0.

Release notes

Sourced from Microsoft.NET.Test.Sdk's releases.

18.7.0

What's Changed

New Contributors

Full Changelog: microsoft/vstest@v18.6.0...v18.7.0

Commits viewable in compare view.

Updated Microsoft.Playwright.NUnit from 1.60.0 to 1.61.0.

Release notes

Sourced from Microsoft.Playwright.NUnit's releases.

1.61.0

🔑 WebAuthn passkeys

New Credentials virtual authenticator, available via BrowserContext.Credentials, lets tests register passkeys and answer navigator.credentials.create() / navigator.credentials.get() ceremonies in the page — no real hardware key required, works in all browsers:

var context = await browser.NewContextAsync();

// Seed a passkey your backend provisioned for a test user.
await context.Credentials.CreateAsync("example.com", new()
{
    Id = credentialId,
    UserHandle = userHandle,
    PrivateKey = privateKey,
    PublicKey = publicKey,
});
await context.Credentials.InstallAsync();

var page = await context.NewPageAsync();
await page.GotoAsync("https://example.com/login");
// The page's navigator.credentials.get() is answered with the seeded passkey.

You can also let the app register a passkey once in a setup test, read it back with Credentials.GetAsync(), and seed it into later tests — see Credentials for details.

🗃️ Web Storage

New WebStorage API, available via Page.LocalStorage and Page.SessionStorage, reads and writes the page's storage for the current origin:

await page.LocalStorage.SetItemAsync("token", "abc");
var token = await page.LocalStorage.GetItemAsync("token");
var items = await page.SessionStorage.ItemsAsync();

New APIs

🛠️ Other improvements

  • Playwright now supports Ubuntu 26.04.
  • HAR and trace recordings now include WebSocket requests.

Browser Versions

  • Chromium 149.0.7827.55
  • Mozilla Firefox 151.0
  • WebKit 26.5

This version was also tested against the following stable channels:
... (truncated)

Commits viewable in compare view.

Updated OpenTelemetry.Instrumentation.AspNetCore from 1.15.2 to 1.16.0.

Release notes

Sourced from OpenTelemetry.Instrumentation.AspNetCore's releases.

1.16.0

1.16.0-beta.1

1.16.0-alpha.1

Commits viewable in compare view.

Updated OpenTelemetry.Instrumentation.Http from 1.15.1 to 1.16.0.

Release notes

Sourced from OpenTelemetry.Instrumentation.Http's releases.

1.16.0

1.16.0-beta.1

1.16.0-alpha.1

1.15.2

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps Microsoft.NET.Test.Sdk from 18.6.0 to 18.7.0
Bumps Microsoft.Playwright.NUnit from 1.60.0 to 1.61.0
Bumps OpenTelemetry.Instrumentation.AspNetCore from 1.15.2 to 1.16.0
Bumps OpenTelemetry.Instrumentation.Http from 1.15.1 to 1.16.0

---
updated-dependencies:
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-version: 18.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget-dependencies
- dependency-name: Microsoft.Playwright.NUnit
  dependency-version: 1.61.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget-dependencies
- dependency-name: OpenTelemetry.Instrumentation.AspNetCore
  dependency-version: 1.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget-dependencies
- dependency-name: OpenTelemetry.Instrumentation.Http
  dependency-version: 1.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github

dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor Author

Labels

The following labels could not be found: dependencies. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 4 package(s) with unknown licenses.
See the Details below.

License Issues

JD.Writer.E2E/JD.Writer.E2E.csproj

PackageVersionLicenseIssue Type
Microsoft.NET.Test.Sdk18.7.0NullUnknown License
Microsoft.Playwright.NUnit1.61.0NullUnknown License

JD.Writer.ServiceDefaults/JD.Writer.ServiceDefaults.csproj

PackageVersionLicenseIssue Type
OpenTelemetry.Instrumentation.AspNetCore1.16.0NullUnknown License
OpenTelemetry.Instrumentation.Http1.16.0NullUnknown License
Denied Licenses: GPL-2.0, GPL-3.0, AGPL-3.0

OpenSSF Scorecard

PackageVersionScoreDetails
nuget/Microsoft.NET.Test.Sdk 18.7.0 🟢 5.2
Details
CheckScoreReason
Code-Review🟢 9Found 23/25 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 30 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Signed-Releases⚠️ -1no releases found
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts⚠️ 0binaries present in source code
Branch-Protection⚠️ 2branch protection is not maximal on development and all release branches
Fuzzing⚠️ 0project is not fuzzed
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
nuget/Microsoft.Playwright.NUnit 1.61.0 UnknownUnknown
nuget/OpenTelemetry.Instrumentation.AspNetCore 1.16.0 🟢 8.3
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
CII-Best-Practices🟢 5badge detected: Passing
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST🟢 10SAST tool is run on all commits
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Fuzzing⚠️ 0project is not fuzzed
Packaging🟢 10packaging workflow detected
License🟢 10license file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 23 contributing companies or organizations
nuget/OpenTelemetry.Instrumentation.Http 1.16.0 🟢 8.3
Details
CheckScoreReason
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10
Dependency-Update-Tool🟢 10update tool detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 9dependency not pinned by hash detected -- score normalized to 9
CII-Best-Practices🟢 5badge detected: Passing
Vulnerabilities🟢 100 existing vulnerabilities detected
SAST🟢 10SAST tool is run on all commits
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Fuzzing⚠️ 0project is not fuzzed
Packaging🟢 10packaging workflow detected
License🟢 10license file detected
Branch-Protection🟢 5branch protection is not maximal on development and all release branches
Security-Policy🟢 10security policy file detected
CI-Tests🟢 1030 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors🟢 10project has 23 contributing companies or organizations

Scanned Files

  • JD.Writer.E2E/JD.Writer.E2E.csproj
  • JD.Writer.ServiceDefaults/JD.Writer.ServiceDefaults.csproj

@github-actions

github-actions Bot commented Jun 29, 2026

Copy link
Copy Markdown

Test Results

26 tests   26 ✅  1m 43s ⏱️
 1 suites   0 💤
 1 files     0 ❌

Results for commit 87cd026.

♻️ This comment has been updated with latest results.

WriterAiService.TryGenerateWithOllamaAsync only caught
HttpRequestException/TaskCanceledException/JsonException, but the
standard resilience handler (AddStandardResilienceHandler in
ServiceDefaults) wraps a slow/unresponsive Ollama call in
Polly.Timeout.TimeoutRejectedException instead. That type escaped the
catch filter as an unhandled exception, turning what should be a
graceful fallback into an HTTP 500 for /ai/assist/stream,
/ai/continue, and /ai/slash whenever Ollama is slow to respond (e.g.
cold model load) - as reproduced locally for the
"Plugin prompt stream endpoint returns NDJSON chunks" E2E scenario.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant