Skip to content

[grid] Close pre-handshake race in WebSocket proxy#17435

Merged
shs96c merged 3 commits into
SeleniumHQ:trunkfrom
shs96c:grid-websocket-prehandshake-buffer
May 14, 2026
Merged

[grid] Close pre-handshake race in WebSocket proxy#17435
shs96c merged 3 commits into
SeleniumHQ:trunkfrom
shs96c:grid-websocket-prehandshake-buffer

Conversation

@shs96c

@shs96c shs96c commented May 11, 2026

Copy link
Copy Markdown
Member

Summary

Frames received from the upstream WebSocket before the client-side handshake completes used to travel through MessageOutboundConverter via a fallback Consumer<Message>. After onUpgradeComplete rewires the pipeline (removing the Message-layer handlers), a frame in flight on the upstream listener thread could land in a pipeline that no longer had its converter and silently drop.

Move the client Channel reference and a pre-handshake buffer into DirectForwardingListener itself:

  • Pre-handshake onText / onBinary calls queue a WebSocketFrame onto a per-listener deque under a lock.
  • FrameProxyConsumer.onUpgradeComplete invokes listener.onUpgrade(channel), which drains the buffer in arrival order and then publishes the channel as volatile.
  • Post-handshake calls do a lock-free volatile read of the channel and write directly — the fast path is unchanged.
  • onClose / onError pre-handshake release buffered frames and latch a closed flag so any in-flight call doesn't leak ref-counted frames.

A focused EmbeddedChannel-based test pins the buffer-then-drain order; the existing medium ProxyWebsocketTest continues to cover the end-to-end Router→Node path.

Test plan

  • `bazel test --config=rbe //java/test/org/openqa/selenium/grid/router:small-tests`
  • `bazel test --config=rbe //java/test/org/openqa/selenium/grid/router:ProxyWebsocketTest`
  • `bazel test --config=rbe //java/test/org/openqa/selenium/grid/router:TunnelWebsocketTest`

🤖 Generated with Claude Code

Frames received from the upstream WebSocket before the client-side
handshake completes used to traverse MessageOutboundConverter via the
fallback consumer. After onUpgradeComplete strips the converter, an
in-flight frame on the upstream listener thread could land in a
pipeline that no longer had its Message-layer handlers and silently
drop. Move the channel reference and a pre-handshake buffer into the
listener: pre-handshake frames are queued, the buffer drains under a
lock when the channel is handed over, and post-handshake calls take
the lock-free fast path.
@selenium-ci selenium-ci added B-grid Everything grid and server related C-java Java Bindings B-build Includes scripting, bazel and CI integrations labels May 11, 2026
@qodo-code-review

Copy link
Copy Markdown
Contributor

Review Summary by Qodo

Buffer pre-handshake WebSocket frames to prevent race condition

🐞 Bug fix

Grey Divider

Walkthroughs

Description
• Buffer pre-handshake WebSocket frames in DirectForwardingListener to prevent silent drops
• Drain buffered frames in order when client channel becomes available post-handshake
• Replace fallback Message consumer with lock-protected frame queue for deterministic ordering
• Add unit test validating pre-handshake frame buffering and post-handshake fast path
Diagram
flowchart LR
  A["Pre-handshake frames arrive"] -->|enqueue| B["DirectForwardingListener buffer"]
  C["onUpgradeComplete fires"] -->|drain in order| B
  B -->|write to channel| D["Client receives frames"]
  E["Post-handshake frames"] -->|volatile read| F["Fast path direct write"]
  F --> D
Loading

Grey Divider

File Changes

1. java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java 🐞 Bug fix +107/-53

Refactor WebSocket frame handling with pre-handshake buffering

• Moved channel reference and pre-handshake buffer from AtomicReference into
 DirectForwardingListener
• Replaced fallback Message consumer with lock-protected ArrayDeque for frame buffering
• Implemented onUpgrade method to drain buffered frames before publishing volatile channel reference
• Added frame release logic in onClose and onError to prevent ref-counted frame leaks
• Removed TextMessage and BinaryMessage fallback handling in favor of direct WebSocketFrame writes

java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java


2. java/test/org/openqa/selenium/grid/router/DirectForwardingListenerTest.java 🧪 Tests +106/-0

Add unit tests for pre-handshake frame buffering

• New unit test class with EmbeddedChannel-based tests for DirectForwardingListener
• Test validates frames received before upgrade are drained in arrival order
• Test confirms post-upgrade frames bypass buffer and go directly to channel
• Includes NoopHttpClient stub to avoid network dependencies in unit tests

java/test/org/openqa/selenium/grid/router/DirectForwardingListenerTest.java


3. java/src/org/openqa/selenium/grid/router/BUILD.bazel Dependencies +1/-0

Add netty-buffer dependency

• Added netty-buffer artifact dependency to support Unpooled frame creation

java/src/org/openqa/selenium/grid/router/BUILD.bazel


View more (1)
4. java/test/org/openqa/selenium/grid/router/BUILD.bazel ⚙️ Configuration changes +20/-1

Add small-tests suite for DirectForwardingListenerTest

• Created new SMALL_TESTS list containing DirectForwardingListenerTest
• Added small-tests java_test_suite target for focused unit tests
• Updated medium-tests exclusion to skip SMALL_TESTS

java/test/org/openqa/selenium/grid/router/BUILD.bazel


Grey Divider

Qodo Logo

@qodo-code-review

qodo-code-review Bot commented May 11, 2026

Copy link
Copy Markdown
Contributor

Code Review by Qodo

🐞 Bugs (0) 📘 Rule violations (0) 📎 Requirement gaps (0)

Grey Divider


Action required

1. Pre-upgrade close not forwarded ✓ Resolved 🐞 Bug ☼ Reliability
Description
If upstream onClose/onError happens before the client-side upgrade completes, the listener sets a
terminal "closed" state without retaining close details, and onUpgrade later publishes the channel
without closing it—so the client WebSocket can remain open even though upstream is already gone.
This can lead to downstream clients hanging until external timeouts/keepalives rather than receiving
a close handshake promptly.
Code

java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java[R287-306]

    @Override
    public void onClose(int code, String reason) {
      upstreamClosing.set(true);
-      // After onUpgradeComplete the pipeline no longer contains MessageOutboundConverter, so
-      // writing a CloseMessage object via fallbackDownstream would fail to encode. Write the
-      // Netty frame directly once the client channel reference is available.
-      Channel ch = clientChannelRef.get();
+      Channel ch = clientChannel;
+      if (ch == null) {
+        synchronized (lock) {
+          ch = clientChannel;
+          if (ch == null) {
+            // Pre-handshake close: there is no live channel to write a close frame to,
+            // so just release the buffer and stop accepting more frames.
+            discardPendingLocked();
+            closed = true;
+          }
+        }
+      }
      if (ch != null && ch.isActive()) {
        ch.writeAndFlush(new CloseWebSocketFrame(code, reason));
-      } else {
-        fallbackDownstream.accept(new CloseMessage(code, reason));
-      }
-      try {
-        client.close();
-      } catch (Exception e) {
-        LOG.log(Level.FINE, "Failed to close client on upstream WebSocket close", e);
      }
+      closeClient();
    }
Evidence
The upstream socket is opened before the downstream WebSocket handshake completes, so upstream can
close pre-upgrade. In that pre-upgrade case, DirectForwardingListener discards any pending frames
and latches closed=true, but does not buffer a CloseWebSocketFrame nor close any downstream channel
(it doesn’t have one yet). When the downstream handshake later succeeds, onUpgrade drains pending
and publishes clientChannel but does not check the latched closed flag, so there is no subsequent
callback to trigger sending a close frame (the upstream onClose already happened).

java/src/org/openqa/selenium/netty/server/WebSocketUpgradeHandler.java[148-205]
java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java[241-249]
java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java[287-306]
java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java[308-329]
java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java[338-344]

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
When the upstream WebSocket closes/errors before the downstream WebSocket upgrade completes, `DirectForwardingListener` latches `closed=true` but drops the close details and `onUpgrade(Channel)` does not react to the terminal state. If the downstream upgrade completes later, the client channel may be published and left open without a close handshake.

### Issue Context
- Upstream connection is initiated before the Netty handshake completes, so pre-upgrade upstream terminal events are possible.
- `closeClient()` only closes the upstream `HttpClient`, not the downstream Netty channel.

### Fix approach
- Record a terminal state for pre-upgrade close/error (e.g., store `closeCode`/`closeReason`, or store a `CloseWebSocketFrame` to be written post-upgrade).
- In `onUpgrade(Channel ch)`, if a terminal state was observed (`closed==true`), immediately write a close frame (if applicable) and close the channel (or close without sending if protocol requires), instead of publishing the channel for normal forwarding.
- Add a unit test that calls `listener.onClose(...)` (or `onError(...)`) before `listener.onUpgrade(channel)` and asserts the channel is closed and/or a `CloseWebSocketFrame` is emitted.

### Fix Focus Areas
- java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java[241-306]
- java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java[308-345]
- java/test/org/openqa/selenium/grid/router/DirectForwardingListenerTest.java[1-106]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools



Remediation recommended

2. Pending frames leak onClose ✓ Resolved 📘 Rule violation ☼ Reliability
Description
On a pre-handshake upstream onClose, the listener records the close and closes the HttpClient
but intentionally keeps buffered WebSocketFrames for a future onUpgrade drain. If the
client-side upgrade never completes (e.g., client disconnects mid-handshake), those buffered
ref-counted frames are never released, risking a Netty buffer leak.
Code

java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java[R340-345]

+            // Pre-handshake close: record the close so onUpgrade can surface it to the client.
+            // Pending frames are kept so the client receives any data the upstream queued before
+            // closing.
+            closed = true;
+            closeCode = code;
+            closeReason = reason;
Evidence
The onClose pre-handshake path explicitly keeps pending frames for a later onUpgrade drain, but
also closes the client immediately; if onUpgrade never occurs, no code path releases those
buffered frames. Other terminal paths demonstrate these frames require explicit release
(frame.release()), indicating a potential leak when onUpgrade is not reached.

java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java[340-345]
java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java[301-313]
Best Practice: Learned patterns

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

## Issue description
`DirectForwardingListener` keeps pre-handshake buffered `WebSocketFrame`s on upstream `onClose` so they can be drained during `onUpgrade`. If the client-side upgrade never happens, those buffered (ref-counted) frames never get released, creating a potential memory/leak-detector issue.

## Issue Context
The code already treats buffered frames as ref-counted (it calls `frame.release()` on other terminal paths like overflow), but the pre-handshake `onClose` path retains the buffer without any guaranteed later release.

## Fix Focus Areas
- java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java[333-353]
- java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java[295-313]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


3. Unbounded frame buffer ✓ Resolved 🐞 Bug ☼ Reliability
Description
DirectForwardingListener buffers pre-upgrade frames in an unbounded deque with no cap, so if the
client upgrade is delayed/stalled while upstream is producing frames, memory can grow without bound
(including retaining ref-counted frame buffers). This risks router memory pressure or OOM under
pathological conditions.
Code

java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java[R220-226]

+    private final Object lock = new Object();
+    private final Deque<WebSocketFrame> pending = new ArrayDeque<>();
+    // Volatile so the post-handover fast path needs no synchronization.
+    private volatile Channel clientChannel;
+    // Guarded by lock; once true, further frames received while clientChannel is still null
+    // are released rather than enqueued (we know the upstream has already gone away).
+    private boolean closed;
Evidence
The listener maintains a per-connection ArrayDeque<WebSocketFrame> and enqueues frames whenever
clientChannel is null and closed is false; there is no size/bytes limit. Frames are only removed
by draining on upgrade or discarding on close/error, so a delayed upgrade path can accumulate frames
indefinitely.

java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java[220-226]
java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java[271-285]
java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java[331-336]

Agent prompt
The issue below was found during a code review. Follow the provided context and guidance below and implement a solution

### Issue description
`DirectForwardingListener` uses an unbounded `Deque<WebSocketFrame>` to buffer frames arriving before `onUpgrade(Channel)` is called. If the downstream upgrade stalls while upstream continues sending, the deque can grow without limit, retaining ref-counted frames and risking memory exhaustion.

### Issue Context
- Buffering is correct for ordering, but needs a safety valve.

### Fix approach
- Add a hard limit (by frame count and/or total bytes) for `pending`.
- When the limit is exceeded, choose a deterministic policy: drop newest/oldest with `release()`, and/or close the downstream channel once available; also log at WARNING with session context.
- Consider a time-based cutoff (e.g., if upgrade hasn’t completed within N seconds, discard pending and mark closed).

### Fix Focus Areas
- java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java[220-285]
- java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java[331-336]

ⓘ Copy this prompt and use it to remediate the issue with your preferred AI generation tools


Grey Divider

Qodo Logo

Address two issues raised on SeleniumHQ#17435:

- Pre-handshake onClose/onError used to discard the close details and
  publish the channel for normal forwarding when the handshake later
  landed, leaving the client open indefinitely. Record the code/reason
  and, on onUpgrade, drain any frames the upstream had queued and then
  write the close frame followed by closing the channel.
- The pending deque had no cap, so a stalled handshake while the
  upstream keeps producing could grow it without bound. Cap at 128
  frames; on overflow drop the buffer, latch a 1009 terminal state,
  and close the upstream so the channel sees a clean close once the
  upgrade fires.
@shs96c

shs96c commented May 11, 2026

Copy link
Copy Markdown
Member Author

Pushed bf52afc addressing both qodo-bot findings:

  1. Pre-upgrade close not forwardedDirectForwardingListener now records the close code + reason when onClose/onError fires pre-handshake. On onUpgrade it drains any frames the upstream had queued, then writes a CloseWebSocketFrame with the recorded details and closes the channel, instead of publishing it for normal forwarding. New test preHandshakeCloseIsSurfacedAndClosesChannelOnUpgrade pins the behaviour.

  2. Unbounded frame buffer — capped pending at 128 frames. On overflow the buffer is released, the listener latches a 1009 ("buffer overflow") terminal state, and the upstream client is closed; the eventual onUpgrade sees the terminal state and surfaces a clean 1009 close to the client. New test overflowOfPreHandshakeBufferArmsCloseAndDrains.

The Ruby Windows test failure is unrelated — gpg: error retrieving '<key>' via WKD: Try again later during MSYS2 toolchain setup. No Java tests ran on that job before it failed.

@qodo-code-review

qodo-code-review Bot commented May 11, 2026

Copy link
Copy Markdown
Contributor

Persistent review updated to latest commit bf52afc

If pre-handshake onClose kept the buffered ref-counted WebSocketFrames
"for a future onUpgrade drain" and the client-side handshake never
landed (client disconnected mid-handshake, or the upgrade itself
failed and triggered the upstream close), those frames were never
released — a Netty buffer leak.

Make onClose symmetric with onError: drop the buffer on pre-handshake
close, while still recording the code/reason so onUpgrade can surface
a clean close to the client if the handshake does fire later. The
trade-off is small: a client that just received the 101 response
cannot usefully consume frames if we are about to close them
immediately afterward.
@shs96c

shs96c commented May 11, 2026

Copy link
Copy Markdown
Member Author

Good catch — pushed 0cd57dd addressing it.

onClose pre-handshake used to keep the buffered ref-counted frames "for a future onUpgrade drain". If the client-side handshake never lands (client disconnected mid-handshake, or the upgrade itself failed and triggered the upstream close), those frames are never released.

Made onClose symmetric with onError — drop the buffer immediately. The code/reason are still recorded so a late onUpgrade can write a proper close to the client, just without the trailing data. The trade-off is small: a client that has just received the 101 cannot usefully consume frames if we are about to close them immediately afterward.

Existing test updated to reflect the new behaviour (only the close frame on the wire after pre-handshake close + upgrade).

@qodo-code-review

qodo-code-review Bot commented May 11, 2026

Copy link
Copy Markdown
Contributor

Persistent review updated to latest commit 0cd57dd

@asolntsev asolntsev added this to the 4.44.0 milestone May 11, 2026
@shs96c shs96c merged commit 8d8cf64 into SeleniumHQ:trunk May 14, 2026
81 of 82 checks passed
@shs96c shs96c deleted the grid-websocket-prehandshake-buffer branch May 14, 2026 10:27
shs96c added a commit to shs96c/selenium that referenced this pull request May 22, 2026
The Router has had a direct frame-forwarding path between the Netty
pipeline and the upstream JDK WebSocket since db9b07a (2026-03-11,
"[grid] Router WebSocket handle dropped close frames, idle disconnects,
high-latency proxying", SeleniumHQ#17197). Once the client-side handshake
completes, an inbound WebSocketFrameProxy forwards each Netty
WebSocketFrame straight to the upstream WebSocket, and the outbound
DirectForwardingListener writes upstream replies directly to the
client channel. Together those removed the per-frame Message
allocation and the executor hop in WebSocketMessageHandler on the
Router side.

The Node still did the full round-trip through MessageInboundConverter,
WebSocketMessageHandler, the registered Consumer<Message>, and
MessageOutboundConverter in both directions for every frame. Each
frame allocated a TextMessage or BinaryMessage and hopped onto the
channel executor on delivery. For a busy CDP or VNC session that is
measurable allocation and executor-queue pressure on the Node.

Apply the same PostUpgradeHook pattern on the Node side: the consumer
returned from ProxyNodeWebsockets installs a WebSocketFrameProxy after
the handshake so inbound frames forward straight to the browser-side
WebSocket, and a DirectForwardingListener writes outbound frames
directly to the client channel. Frames received before the handshake
are buffered in arrival order and drained on handover, so a frame
cannot land in a pipeline that has already had its Message-layer
handlers removed.

The hardening that the Router-side listener picked up in 8d8cf64
(2026-05-14, "[grid] Close pre-handshake race in WebSocket proxy",
SeleniumHQ#17435) is mirrored on the Node listener: the pre-handshake buffer is
capped at 128 frames with a 1009 close recorded on overflow; the
close code and reason are recorded on pre-handshake close or error so
a late onUpgrade can write a clean close frame to the client and tear
the channel down rather than leaving it open; and the buffer is
released on close so ref-counted frames cannot leak if the handshake
never completes.

The Node-specific behaviour is preserved:

- Session-activity heartbeats (sessionConsumer.accept(sessionId)) fire
  per frame, both pre- and post-handshake.
- The connectionReleased CAS still guards a single
  node.releaseConnection call across the close and error paths,
  including the overflow path introduced here.
- VNC sessions still install a no-op heartbeat consumer so VNC
  traffic does not mark the session as recently active.

The existing ProxyNodeWebsocketsTest continues to exercise the slot
accounting, including the regression from SeleniumHQ#17197 where onError without
a follow-on onClose used to leak the slot. New unit tests in
NodeDirectForwardingListenerTest pin the per-frame heartbeat, the
buffer-then-drain ordering, the surface-and-teardown behaviour on a
pre-handshake close, and the overflow path's clean release of the
session slot.
shs96c added a commit to shs96c/selenium that referenced this pull request May 22, 2026
The Router has had a direct frame-forwarding path between the Netty
pipeline and the upstream JDK WebSocket since db9b07a (2026-03-11,
"[grid] Router WebSocket handle dropped close frames, idle disconnects,
high-latency proxying", SeleniumHQ#17197). Once the client-side handshake
completes, an inbound WebSocketFrameProxy forwards each Netty
WebSocketFrame straight to the upstream WebSocket, and the outbound
DirectForwardingListener writes upstream replies directly to the
client channel. Together those removed the per-frame Message
allocation and the executor hop in WebSocketMessageHandler on the
Router side.

The Node still did the full round-trip through MessageInboundConverter,
WebSocketMessageHandler, the registered Consumer<Message>, and
MessageOutboundConverter in both directions for every frame. Each
frame allocated a TextMessage or BinaryMessage and hopped onto the
channel executor on delivery. For a busy CDP or VNC session that is
measurable allocation and executor-queue pressure on the Node.

Apply the same PostUpgradeHook pattern on the Node side: the consumer
returned from ProxyNodeWebsockets installs a WebSocketFrameProxy after
the handshake so inbound frames forward straight to the browser-side
WebSocket, and a DirectForwardingListener writes outbound frames
directly to the client channel. Frames received before the handshake
are buffered in arrival order and drained on handover, so a frame
cannot land in a pipeline that has already had its Message-layer
handlers removed.

The hardening that the Router-side listener picked up in 8d8cf64
(2026-05-14, "[grid] Close pre-handshake race in WebSocket proxy",
SeleniumHQ#17435) is mirrored on the Node listener: the pre-handshake buffer is
capped at 128 frames with a 1009 close recorded on overflow; the
close code and reason are recorded on pre-handshake close or error so
a late onUpgrade can write a clean close frame to the client and tear
the channel down rather than leaving it open; and the buffer is
released on close so ref-counted frames cannot leak if the handshake
never completes.

The Node-specific behaviour is preserved:

- Session-activity heartbeats (sessionConsumer.accept(sessionId)) fire
  per frame, both pre- and post-handshake.
- The connectionReleased CAS still guards a single
  node.releaseConnection call across the close and error paths,
  including the overflow path introduced here.
- VNC sessions still install a no-op heartbeat consumer so VNC
  traffic does not mark the session as recently active.

The existing ProxyNodeWebsocketsTest continues to exercise the slot
accounting, including the regression from SeleniumHQ#17197 where onError without
a follow-on onClose used to leak the slot. New unit tests in
NodeDirectForwardingListenerTest pin the per-frame heartbeat, the
buffer-then-drain ordering, the surface-and-teardown behaviour on a
pre-handshake close, and the overflow path's clean release of the
session slot.
shs96c added a commit to shs96c/selenium that referenced this pull request May 22, 2026
The Router has had a direct frame-forwarding path between the Netty
pipeline and the upstream JDK WebSocket since db9b07a (2026-03-11,
"[grid] Router WebSocket handle dropped close frames, idle disconnects,
high-latency proxying", SeleniumHQ#17197). Once the client-side handshake
completes, an inbound WebSocketFrameProxy forwards each Netty
WebSocketFrame straight to the upstream WebSocket, and the outbound
DirectForwardingListener writes upstream replies directly to the
client channel. Together those removed the per-frame Message
allocation and the executor hop in WebSocketMessageHandler on the
Router side.

The Node still did the full round-trip through MessageInboundConverter,
WebSocketMessageHandler, the registered Consumer<Message>, and
MessageOutboundConverter in both directions for every frame. Each
frame allocated a TextMessage or BinaryMessage and hopped onto the
channel executor on delivery. For a busy CDP or VNC session that is
measurable allocation and executor-queue pressure on the Node.

Apply the same PostUpgradeHook pattern on the Node side: the consumer
returned from ProxyNodeWebsockets installs a WebSocketFrameProxy after
the handshake so inbound frames forward straight to the browser-side
WebSocket, and a DirectForwardingListener writes outbound frames
directly to the client channel. Frames received before the handshake
are buffered in arrival order and drained on handover, so a frame
cannot land in a pipeline that has already had its Message-layer
handlers removed.

The hardening that the Router-side listener picked up in 8d8cf64
(2026-05-14, "[grid] Close pre-handshake race in WebSocket proxy",
SeleniumHQ#17435) is mirrored on the Node listener: the pre-handshake buffer is
capped at 128 frames with a 1009 close recorded on overflow; the
close code and reason are recorded on pre-handshake close or error so
a late onUpgrade can write a clean close frame to the client and tear
the channel down rather than leaving it open; and the buffer is
released on close so ref-counted frames cannot leak if the handshake
never completes.

Close-frame reasons coming from the upstream are now truncated to the
123-byte UTF-8 cap that RFC 6455 §5.5.1 imposes. The truncation uses
a CharsetEncoder writing into a 120-byte buffer so it stops at a
clean character boundary on overflow — a naive byte-truncate-then-
decode could split a multi-byte sequence, produce a U+FFFD replacement
on decode, and re-encode back over 123 bytes, breaking the close
frame. The helper lives as a public static on WebSocketFrameProxy
because both DirectForwardingListener classes already depend on that
class. The Router-side listener that landed in SeleniumHQ#17435 had the same
unchecked path; apply the helper there too so both proxies share the
same safe behaviour.

The Node-specific behaviour is preserved:

- Session-activity heartbeats (sessionConsumer.accept(sessionId)) fire
  per frame, both pre- and post-handshake.
- The connectionReleased CAS still guards a single
  node.releaseConnection call across the close and error paths,
  including the overflow path introduced here.
- VNC sessions still install a no-op heartbeat consumer so VNC
  traffic does not mark the session as recently active.

The existing ProxyNodeWebsocketsTest continues to exercise the slot
accounting, including the regression from SeleniumHQ#17197 where onError without
a follow-on onClose used to leak the slot. New unit tests in
NodeDirectForwardingListenerTest pin the per-frame heartbeat, the
buffer-then-drain ordering, the surface-and-teardown behaviour on a
pre-handshake close, the overflow path's clean release of the session
slot, and the safe truncation of an overlong upstream close reason
that contains multi-byte UTF-8 characters. The shared helper has a
focused unit test alongside it in WebSocketFrameProxyTest.
shs96c added a commit to shs96c/selenium that referenced this pull request May 27, 2026
The Router has had a direct frame-forwarding path between the Netty
pipeline and the upstream JDK WebSocket since db9b07a (2026-03-11,
"[grid] Router WebSocket handle dropped close frames, idle disconnects,
high-latency proxying", SeleniumHQ#17197). Once the client-side handshake
completes, an inbound WebSocketFrameProxy forwards each Netty
WebSocketFrame straight to the upstream WebSocket, and the outbound
DirectForwardingListener writes upstream replies directly to the
client channel. Together those removed the per-frame Message
allocation and the executor hop in WebSocketMessageHandler on the
Router side.

The Node still did the full round-trip through MessageInboundConverter,
WebSocketMessageHandler, the registered Consumer<Message>, and
MessageOutboundConverter in both directions for every frame. Each
frame allocated a TextMessage or BinaryMessage and hopped onto the
channel executor on delivery. For a busy CDP or VNC session that is
measurable allocation and executor-queue pressure on the Node.

Apply the same PostUpgradeHook pattern on the Node side: the consumer
returned from ProxyNodeWebsockets installs a WebSocketFrameProxy after
the handshake so inbound frames forward straight to the browser-side
WebSocket, and a DirectForwardingListener writes outbound frames
directly to the client channel. Frames received before the handshake
are buffered in arrival order and drained on handover, so a frame
cannot land in a pipeline that has already had its Message-layer
handlers removed.

The hardening that the Router-side listener picked up in 8d8cf64
(2026-05-14, "[grid] Close pre-handshake race in WebSocket proxy",
SeleniumHQ#17435) is mirrored on the Node listener: the pre-handshake buffer is
capped at 128 frames with a 1009 close recorded on overflow; the
close code and reason are recorded on pre-handshake close or error so
a late onUpgrade can write a clean close frame to the client and tear
the channel down rather than leaving it open; and the buffer is
released on close so ref-counted frames cannot leak if the handshake
never completes.

Close-frame reasons coming from the upstream are now truncated to the
123-byte UTF-8 cap that RFC 6455 §5.5.1 imposes. The truncation uses
a CharsetEncoder writing into a 120-byte buffer so it stops at a
clean character boundary on overflow — a naive byte-truncate-then-
decode could split a multi-byte sequence, produce a U+FFFD replacement
on decode, and re-encode back over 123 bytes, breaking the close
frame. The helper lives as a public static on WebSocketFrameProxy
because both DirectForwardingListener classes already depend on that
class. The Router-side listener that landed in SeleniumHQ#17435 had the same
unchecked path; apply the helper there too so both proxies share the
same safe behaviour.

The Node-specific behaviour is preserved:

- Session-activity heartbeats (sessionConsumer.accept(sessionId)) fire
  per frame, both pre- and post-handshake.
- The connectionReleased CAS still guards a single
  node.releaseConnection call across the close and error paths,
  including the overflow path introduced here.
- VNC sessions still install a no-op heartbeat consumer so VNC
  traffic does not mark the session as recently active.

The existing ProxyNodeWebsocketsTest continues to exercise the slot
accounting, including the regression from SeleniumHQ#17197 where onError without
a follow-on onClose used to leak the slot. New unit tests in
NodeDirectForwardingListenerTest pin the per-frame heartbeat, the
buffer-then-drain ordering, the surface-and-teardown behaviour on a
pre-handshake close, the overflow path's clean release of the session
slot, and the safe truncation of an overlong upstream close reason
that contains multi-byte UTF-8 characters. The shared helper has a
focused unit test alongside it in WebSocketFrameProxyTest.
shs96c added a commit to shs96c/selenium that referenced this pull request May 27, 2026
The Router has had a direct frame-forwarding path between the Netty
pipeline and the upstream JDK WebSocket since db9b07a (2026-03-11,
"[grid] Router WebSocket handle dropped close frames, idle disconnects,
high-latency proxying", SeleniumHQ#17197). Once the client-side handshake
completes, an inbound WebSocketFrameProxy forwards each Netty
WebSocketFrame straight to the upstream WebSocket, and the outbound
DirectForwardingListener writes upstream replies directly to the
client channel. Together those removed the per-frame Message
allocation and the executor hop in WebSocketMessageHandler on the
Router side.

The Node still did the full round-trip through MessageInboundConverter,
WebSocketMessageHandler, the registered Consumer<Message>, and
MessageOutboundConverter in both directions for every frame. Each
frame allocated a TextMessage or BinaryMessage and hopped onto the
channel executor on delivery. For a busy CDP or VNC session that is
measurable allocation and executor-queue pressure on the Node.

Apply the same PostUpgradeHook pattern on the Node side: the consumer
returned from ProxyNodeWebsockets installs a WebSocketFrameProxy after
the handshake so inbound frames forward straight to the browser-side
WebSocket, and a DirectForwardingListener writes outbound frames
directly to the client channel. Frames received before the handshake
are buffered in arrival order and drained on handover, so a frame
cannot land in a pipeline that has already had its Message-layer
handlers removed.

The hardening that the Router-side listener picked up in 8d8cf64
(2026-05-14, "[grid] Close pre-handshake race in WebSocket proxy",
SeleniumHQ#17435) is mirrored on the Node listener: the pre-handshake buffer is
capped at 128 frames with a 1009 close recorded on overflow; the
close code and reason are recorded on pre-handshake close or error so
a late onUpgrade can write a clean close frame to the client and tear
the channel down rather than leaving it open; and the buffer is
released on close so ref-counted frames cannot leak if the handshake
never completes.

Close-frame reasons coming from the upstream are now truncated to the
123-byte UTF-8 cap that RFC 6455 §5.5.1 imposes. The truncation uses
a CharsetEncoder writing into a 120-byte buffer so it stops at a
clean character boundary on overflow — a naive byte-truncate-then-
decode could split a multi-byte sequence, produce a U+FFFD replacement
on decode, and re-encode back over 123 bytes, breaking the close
frame. The helper lives as a public static on WebSocketFrameProxy
because both DirectForwardingListener classes already depend on that
class. The Router-side listener that landed in SeleniumHQ#17435 had the same
unchecked path; apply the helper there too so both proxies share the
same safe behaviour.

The Node-specific behaviour is preserved:

- Session-activity heartbeats (sessionConsumer.accept(sessionId)) fire
  per frame, both pre- and post-handshake.
- The connectionReleased CAS still guards a single
  node.releaseConnection call across the close and error paths,
  including the overflow path introduced here.
- VNC sessions still install a no-op heartbeat consumer so VNC
  traffic does not mark the session as recently active.

The existing ProxyNodeWebsocketsTest continues to exercise the slot
accounting, including the regression from SeleniumHQ#17197 where onError without
a follow-on onClose used to leak the slot. New unit tests in
NodeDirectForwardingListenerTest pin the per-frame heartbeat, the
buffer-then-drain ordering, the surface-and-teardown behaviour on a
pre-handshake close, the overflow path's clean release of the session
slot, and the safe truncation of an overlong upstream close reason
that contains multi-byte UTF-8 characters. The shared helper has a
focused unit test alongside it in WebSocketFrameProxyTest.
shs96c added a commit that referenced this pull request May 27, 2026
The Router has had a direct frame-forwarding path between the Netty
pipeline and the upstream JDK WebSocket since db9b07a (2026-03-11,
"[grid] Router WebSocket handle dropped close frames, idle disconnects,
high-latency proxying", #17197). Once the client-side handshake
completes, an inbound WebSocketFrameProxy forwards each Netty
WebSocketFrame straight to the upstream WebSocket, and the outbound
DirectForwardingListener writes upstream replies directly to the
client channel. Together those removed the per-frame Message
allocation and the executor hop in WebSocketMessageHandler on the
Router side.

The Node still did the full round-trip through MessageInboundConverter,
WebSocketMessageHandler, the registered Consumer<Message>, and
MessageOutboundConverter in both directions for every frame. Each
frame allocated a TextMessage or BinaryMessage and hopped onto the
channel executor on delivery. For a busy CDP or VNC session that is
measurable allocation and executor-queue pressure on the Node.

Apply the same PostUpgradeHook pattern on the Node side: the consumer
returned from ProxyNodeWebsockets installs a WebSocketFrameProxy after
the handshake so inbound frames forward straight to the browser-side
WebSocket, and a DirectForwardingListener writes outbound frames
directly to the client channel. Frames received before the handshake
are buffered in arrival order and drained on handover, so a frame
cannot land in a pipeline that has already had its Message-layer
handlers removed.

The hardening that the Router-side listener picked up in 8d8cf64
(2026-05-14, "[grid] Close pre-handshake race in WebSocket proxy",
#17435) is mirrored on the Node listener: the pre-handshake buffer is
capped at 128 frames with a 1009 close recorded on overflow; the
close code and reason are recorded on pre-handshake close or error so
a late onUpgrade can write a clean close frame to the client and tear
the channel down rather than leaving it open; and the buffer is
released on close so ref-counted frames cannot leak if the handshake
never completes.

Close-frame reasons coming from the upstream are now truncated to the
123-byte UTF-8 cap that RFC 6455 §5.5.1 imposes. The truncation uses
a CharsetEncoder writing into a 120-byte buffer so it stops at a
clean character boundary on overflow — a naive byte-truncate-then-
decode could split a multi-byte sequence, produce a U+FFFD replacement
on decode, and re-encode back over 123 bytes, breaking the close
frame. The helper lives as a public static on WebSocketFrameProxy
because both DirectForwardingListener classes already depend on that
class. The Router-side listener that landed in #17435 had the same
unchecked path; apply the helper there too so both proxies share the
same safe behaviour.

The Node-specific behaviour is preserved:

- Session-activity heartbeats (sessionConsumer.accept(sessionId)) fire
  per frame, both pre- and post-handshake.
- The connectionReleased CAS still guards a single
  node.releaseConnection call across the close and error paths,
  including the overflow path introduced here.
- VNC sessions still install a no-op heartbeat consumer so VNC
  traffic does not mark the session as recently active.

The existing ProxyNodeWebsocketsTest continues to exercise the slot
accounting, including the regression from #17197 where onError without
a follow-on onClose used to leak the slot. New unit tests in
NodeDirectForwardingListenerTest pin the per-frame heartbeat, the
buffer-then-drain ordering, the surface-and-teardown behaviour on a
pre-handshake close, the overflow path's clean release of the session
slot, and the safe truncation of an overlong upstream close reason
that contains multi-byte UTF-8 characters. The shared helper has a
focused unit test alongside it in WebSocketFrameProxyTest.
This was referenced Jun 16, 2026
PhilipWoulfe pushed a commit to PhilipWoulfe/F1Competition that referenced this pull request Jul 5, 2026
Updated
[coverlet.collector](https://github.com/coverlet-coverage/coverlet) from
10.0.0 to 10.0.1.

<details>
<summary>Release notes</summary>

_Sourced from [coverlet.collector's
releases](https://github.com/coverlet-coverage/coverlet/releases)._

## 10.0.1

### Improvements

- Coverlet with MTP 2 doesn't show test coverage statistic in console
[#​1907](https://github.com/coverlet-coverage/coverlet/issues/1907)
- Avoid unnecessary testhost restarts
[#​1912](https://github.com/coverlet-coverage/coverlet/issues/1912) by
<https://github.com/mawosoft>

### Fixed

- Fix inconsistent paths in cobertura reports
[#​1723](https://github.com/coverlet-coverage/coverlet/issues/1723)
- Fix when using "is" with "and" in pattern matching, branch coverage is
lower than normal
[#​1313](https://github.com/coverlet-coverage/coverlet/issues/1313)
- Fix Coverlet flagging a branch for an async functions finally block
where none exists
[#​1337](https://github.com/coverlet-coverage/coverlet/issues/1337)
- Fix Coverlet Tracker Missing CompilerGeneratedAttribute
[#​1828](https://github.com/coverlet-coverage/coverlet/issues/1828)

### Maintenance

- Add architecture docs and diagrams for all integrations
[#​1927](https://github.com/coverlet-coverage/coverlet/pull/1927)
- Update NuGet packages and .NET SDK versions
[#​1933](https://github.com/coverlet-coverage/coverlet/pull/1933)

[Diff between 10.0.0 and
10.0.1](https://github.com/coverlet-coverage/coverlet/compare/v10.0.0...v10.0.1)

Commits viewable in [compare
view](https://github.com/coverlet-coverage/coverlet/compare/v10.0.0...v10.0.1).
</details>

Updated
[coverlet.msbuild](https://github.com/coverlet-coverage/coverlet) from
10.0.0 to 10.0.1.

<details>
<summary>Release notes</summary>

_Sourced from [coverlet.msbuild's
releases](https://github.com/coverlet-coverage/coverlet/releases)._

## 10.0.1

### Improvements

- Coverlet with MTP 2 doesn't show test coverage statistic in console
[#​1907](https://github.com/coverlet-coverage/coverlet/issues/1907)
- Avoid unnecessary testhost restarts
[#​1912](https://github.com/coverlet-coverage/coverlet/issues/1912) by
<https://github.com/mawosoft>

### Fixed

- Fix inconsistent paths in cobertura reports
[#​1723](https://github.com/coverlet-coverage/coverlet/issues/1723)
- Fix when using "is" with "and" in pattern matching, branch coverage is
lower than normal
[#​1313](https://github.com/coverlet-coverage/coverlet/issues/1313)
- Fix Coverlet flagging a branch for an async functions finally block
where none exists
[#​1337](https://github.com/coverlet-coverage/coverlet/issues/1337)
- Fix Coverlet Tracker Missing CompilerGeneratedAttribute
[#​1828](https://github.com/coverlet-coverage/coverlet/issues/1828)

### Maintenance

- Add architecture docs and diagrams for all integrations
[#​1927](https://github.com/coverlet-coverage/coverlet/pull/1927)
- Update NuGet packages and .NET SDK versions
[#​1933](https://github.com/coverlet-coverage/coverlet/pull/1933)

[Diff between 10.0.0 and
10.0.1](https://github.com/coverlet-coverage/coverlet/compare/v10.0.0...v10.0.1)

Commits viewable in [compare
view](https://github.com/coverlet-coverage/coverlet/compare/v10.0.0...v10.0.1).
</details>

Updated
[Microsoft.AspNetCore.Components.Authorization](https://github.com/dotnet/aspnetcore)
from 8.0.27 to 8.0.28.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.AspNetCore.Components.Authorization's
releases](https://github.com/dotnet/aspnetcore/releases)._

## 8.0.28

[Release](https://github.com/dotnet/core/releases/tag/v8.0.28)

## What's Changed
* Update branding to 8.0.28 by @​vseanreesermsft in
https://github.com/dotnet/aspnetcore/pull/66589
* [release/8.0] Update dependencies from dotnet/arcade by
@​dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66556
* [release/8.0] Update dependencies from dotnet/source-build-assets by
@​dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66471
* [release/8.0] Update dependencies from dotnet/source-build-externals
by @​dotnet-maestro[bot] in
https://github.com/dotnet/aspnetcore/pull/66344
* [release/8.0] Strip UTF-8 BOM from template localization files and
remove version override by @​wtgodbe in
https://github.com/dotnet/aspnetcore/pull/66427
* Merging internal commits for release/8.0 by @​vseanreesermsft in
https://github.com/dotnet/aspnetcore/pull/66662


**Full Changelog**:
https://github.com/dotnet/aspnetcore/compare/v8.0.27...v8.0.28

Commits viewable in [compare
view](https://github.com/dotnet/aspnetcore/compare/v8.0.27...v8.0.28).
</details>

Updated
[Microsoft.AspNetCore.Components.WebAssembly](https://github.com/dotnet/aspnetcore)
from 8.0.27 to 8.0.28.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.AspNetCore.Components.WebAssembly's
releases](https://github.com/dotnet/aspnetcore/releases)._

## 8.0.28

[Release](https://github.com/dotnet/core/releases/tag/v8.0.28)

## What's Changed
* Update branding to 8.0.28 by @​vseanreesermsft in
https://github.com/dotnet/aspnetcore/pull/66589
* [release/8.0] Update dependencies from dotnet/arcade by
@​dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66556
* [release/8.0] Update dependencies from dotnet/source-build-assets by
@​dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66471
* [release/8.0] Update dependencies from dotnet/source-build-externals
by @​dotnet-maestro[bot] in
https://github.com/dotnet/aspnetcore/pull/66344
* [release/8.0] Strip UTF-8 BOM from template localization files and
remove version override by @​wtgodbe in
https://github.com/dotnet/aspnetcore/pull/66427
* Merging internal commits for release/8.0 by @​vseanreesermsft in
https://github.com/dotnet/aspnetcore/pull/66662


**Full Changelog**:
https://github.com/dotnet/aspnetcore/compare/v8.0.27...v8.0.28

Commits viewable in [compare
view](https://github.com/dotnet/aspnetcore/compare/v8.0.27...v8.0.28).
</details>

Updated
[Microsoft.AspNetCore.Components.WebAssembly.DevServer](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.AspNetCore.Components.WebAssembly.DevServer's
releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>

Updated
[Microsoft.AspNetCore.Http.Abstractions](https://github.com/dotnet/aspnetcore)
from 2.3.10 to 2.3.11.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.AspNetCore.Http.Abstractions's
releases](https://github.com/dotnet/aspnetcore/releases)._

No release notes found for this version range.

Commits viewable in [compare
view](https://github.com/dotnet/aspnetcore/commits).
</details>

Updated
[Microsoft.AspNetCore.Mvc.Testing](https://github.com/dotnet/aspnetcore)
from 8.0.27 to 8.0.28.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.AspNetCore.Mvc.Testing's
releases](https://github.com/dotnet/aspnetcore/releases)._

## 8.0.28

[Release](https://github.com/dotnet/core/releases/tag/v8.0.28)

## What's Changed
* Update branding to 8.0.28 by @​vseanreesermsft in
https://github.com/dotnet/aspnetcore/pull/66589
* [release/8.0] Update dependencies from dotnet/arcade by
@​dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66556
* [release/8.0] Update dependencies from dotnet/source-build-assets by
@​dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66471
* [release/8.0] Update dependencies from dotnet/source-build-externals
by @​dotnet-maestro[bot] in
https://github.com/dotnet/aspnetcore/pull/66344
* [release/8.0] Strip UTF-8 BOM from template localization files and
remove version override by @​wtgodbe in
https://github.com/dotnet/aspnetcore/pull/66427
* Merging internal commits for release/8.0 by @​vseanreesermsft in
https://github.com/dotnet/aspnetcore/pull/66662


**Full Changelog**:
https://github.com/dotnet/aspnetcore/compare/v8.0.27...v8.0.28

Commits viewable in [compare
view](https://github.com/dotnet/aspnetcore/compare/v8.0.27...v8.0.28).
</details>

Updated
[Microsoft.AspNetCore.OpenApi](https://github.com/dotnet/aspnetcore)
from 8.0.27 to 8.0.28.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.AspNetCore.OpenApi's
releases](https://github.com/dotnet/aspnetcore/releases)._

## 8.0.28

[Release](https://github.com/dotnet/core/releases/tag/v8.0.28)

## What's Changed
* Update branding to 8.0.28 by @​vseanreesermsft in
https://github.com/dotnet/aspnetcore/pull/66589
* [release/8.0] Update dependencies from dotnet/arcade by
@​dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66556
* [release/8.0] Update dependencies from dotnet/source-build-assets by
@​dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66471
* [release/8.0] Update dependencies from dotnet/source-build-externals
by @​dotnet-maestro[bot] in
https://github.com/dotnet/aspnetcore/pull/66344
* [release/8.0] Strip UTF-8 BOM from template localization files and
remove version override by @​wtgodbe in
https://github.com/dotnet/aspnetcore/pull/66427
* Merging internal commits for release/8.0 by @​vseanreesermsft in
https://github.com/dotnet/aspnetcore/pull/66662


**Full Changelog**:
https://github.com/dotnet/aspnetcore/compare/v8.0.27...v8.0.28

Commits viewable in [compare
view](https://github.com/dotnet/aspnetcore/compare/v8.0.27...v8.0.28).
</details>

Updated
[Microsoft.EntityFrameworkCore](https://github.com/dotnet/efcore) from
9.0.16 to 9.0.17.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.EntityFrameworkCore's
releases](https://github.com/dotnet/efcore/releases)._

## 9.0.17

[Release](https://github.com/dotnet/core/releases/tag/v9.0.17)

## What's Changed
* [release/8.0] Update dependencies from dotnet/arcade by
@​dotnet-maestro[bot] in https://github.com/dotnet/efcore/pull/38204
* Update branding to 8.0.28 by @​vseanreesermsft in
https://github.com/dotnet/efcore/pull/38227
* Update branding to 9.0.17 by @​vseanreesermsft in
https://github.com/dotnet/efcore/pull/38228
* [automated] Merge branch 'release/8.0' => 'release/9.0' by
@​github-actions[bot] in https://github.com/dotnet/efcore/pull/38230
* Merging internal commits for release/9.0 by @​vseanreesermsft in
https://github.com/dotnet/efcore/pull/38262
* Merging internal commits for release/8.0 by @​vseanreesermsft in
https://github.com/dotnet/efcore/pull/38263
* [automated] Merge branch 'release/8.0' => 'release/9.0' by
@​github-actions[bot] in https://github.com/dotnet/efcore/pull/38266


**Full Changelog**:
https://github.com/dotnet/efcore/compare/v9.0.16...v9.0.17

Commits viewable in [compare
view](https://github.com/dotnet/efcore/compare/v9.0.16...v9.0.17).
</details>

Updated
[Microsoft.EntityFrameworkCore.Design](https://github.com/dotnet/efcore)
from 9.0.16 to 9.0.17.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.EntityFrameworkCore.Design's
releases](https://github.com/dotnet/efcore/releases)._

## 9.0.17

[Release](https://github.com/dotnet/core/releases/tag/v9.0.17)

## What's Changed
* [release/8.0] Update dependencies from dotnet/arcade by
@​dotnet-maestro[bot] in https://github.com/dotnet/efcore/pull/38204
* Update branding to 8.0.28 by @​vseanreesermsft in
https://github.com/dotnet/efcore/pull/38227
* Update branding to 9.0.17 by @​vseanreesermsft in
https://github.com/dotnet/efcore/pull/38228
* [automated] Merge branch 'release/8.0' => 'release/9.0' by
@​github-actions[bot] in https://github.com/dotnet/efcore/pull/38230
* Merging internal commits for release/9.0 by @​vseanreesermsft in
https://github.com/dotnet/efcore/pull/38262
* Merging internal commits for release/8.0 by @​vseanreesermsft in
https://github.com/dotnet/efcore/pull/38263
* [automated] Merge branch 'release/8.0' => 'release/9.0' by
@​github-actions[bot] in https://github.com/dotnet/efcore/pull/38266


**Full Changelog**:
https://github.com/dotnet/efcore/compare/v9.0.16...v9.0.17

Commits viewable in [compare
view](https://github.com/dotnet/efcore/compare/v9.0.16...v9.0.17).
</details>

Updated
[Microsoft.EntityFrameworkCore.InMemory](https://github.com/dotnet/efcore)
from 9.0.16 to 9.0.17.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.EntityFrameworkCore.InMemory's
releases](https://github.com/dotnet/efcore/releases)._

## 9.0.17

[Release](https://github.com/dotnet/core/releases/tag/v9.0.17)

## What's Changed
* [release/8.0] Update dependencies from dotnet/arcade by
@​dotnet-maestro[bot] in https://github.com/dotnet/efcore/pull/38204
* Update branding to 8.0.28 by @​vseanreesermsft in
https://github.com/dotnet/efcore/pull/38227
* Update branding to 9.0.17 by @​vseanreesermsft in
https://github.com/dotnet/efcore/pull/38228
* [automated] Merge branch 'release/8.0' => 'release/9.0' by
@​github-actions[bot] in https://github.com/dotnet/efcore/pull/38230
* Merging internal commits for release/9.0 by @​vseanreesermsft in
https://github.com/dotnet/efcore/pull/38262
* Merging internal commits for release/8.0 by @​vseanreesermsft in
https://github.com/dotnet/efcore/pull/38263
* [automated] Merge branch 'release/8.0' => 'release/9.0' by
@​github-actions[bot] in https://github.com/dotnet/efcore/pull/38266


**Full Changelog**:
https://github.com/dotnet/efcore/compare/v9.0.16...v9.0.17

Commits viewable in [compare
view](https://github.com/dotnet/efcore/compare/v9.0.16...v9.0.17).
</details>

Updated
[Microsoft.EntityFrameworkCore.Relational](https://github.com/dotnet/efcore)
from 9.0.16 to 9.0.17.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.EntityFrameworkCore.Relational's
releases](https://github.com/dotnet/efcore/releases)._

## 9.0.17

[Release](https://github.com/dotnet/core/releases/tag/v9.0.17)

## What's Changed
* [release/8.0] Update dependencies from dotnet/arcade by
@​dotnet-maestro[bot] in https://github.com/dotnet/efcore/pull/38204
* Update branding to 8.0.28 by @​vseanreesermsft in
https://github.com/dotnet/efcore/pull/38227
* Update branding to 9.0.17 by @​vseanreesermsft in
https://github.com/dotnet/efcore/pull/38228
* [automated] Merge branch 'release/8.0' => 'release/9.0' by
@​github-actions[bot] in https://github.com/dotnet/efcore/pull/38230
* Merging internal commits for release/9.0 by @​vseanreesermsft in
https://github.com/dotnet/efcore/pull/38262
* Merging internal commits for release/8.0 by @​vseanreesermsft in
https://github.com/dotnet/efcore/pull/38263
* [automated] Merge branch 'release/8.0' => 'release/9.0' by
@​github-actions[bot] in https://github.com/dotnet/efcore/pull/38266


**Full Changelog**:
https://github.com/dotnet/efcore/compare/v9.0.16...v9.0.17

Commits viewable in [compare
view](https://github.com/dotnet/efcore/compare/v9.0.16...v9.0.17).
</details>

Updated
[Microsoft.Extensions.Caching.Abstractions](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.Extensions.Caching.Abstractions's
releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>

Updated
[Microsoft.Extensions.Configuration](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.Extensions.Configuration's
releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>

Updated
[Microsoft.Extensions.Configuration.Binder](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.Extensions.Configuration.Binder's
releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>

Updated [Microsoft.Extensions.Hosting](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.Extensions.Hosting's
releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>

Updated [Microsoft.Extensions.Http](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.Extensions.Http's
releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>

Updated
[Microsoft.Extensions.Options.DataAnnotations](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.Extensions.Options.DataAnnotations's
releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>

Updated
[Microsoft.IdentityModel.Tokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet)
from 8.18.0 to 8.19.1.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.IdentityModel.Tokens's
releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._

## 8.19.1

## Bug Fixes
- Update `JwtSecurityTokenHandler` for
`IssuerSigningKeyResolverUsingConfiguration` to take priority over
`IssuerSigningKeyResolver`, matching the documented contract and the
correct behavior already present in `JsonWebTokenHandler`. See [PR
#​3519](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3519).

## 8.19.0

## New Features
- Add ML-DSA (FIPS 204) post-quantum signature support. See [PR
#​3479](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3479).
- Cache custom crypto providers in CryptoProviderFactory. See [PR
#​3489](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3489).

## Bug Fixes
- Disable automatic redirects on default HttpClient for JKU retrieval.
See [PR
#​3494](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3494).
- Adjust rented buffer handling in claim set parsing. See [PR
#​3493](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3493).
- Tidy null handling in SAML conditions validation. See [PR
#​3491](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3491).
- Improve validation of `jku` claim. See [PR
#​3481](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3481).
- Limit telemetry algorithm dimension cardinality. See [PR
#​3490](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3490).
- Add defensive copy of collections in ValidationParameters. See [PR
#​3492](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3492).
- Update TokenValidationParameter copy constructor to make a deep copy.
See [PR
#​3488](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3488).
- Update to fail-closed when replay protection isn't configured and
other DPoP hardening. See [PR
#​3505](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3505).
- Apply RFC 3986 section 6.2.2 normalization to DPoP `htu` comparison.
See [PR
#​3509](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3509).

Commits viewable in [compare
view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.18.0...8.19.1).
</details>

Updated [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest)
from 18.5.1 to 18.7.0.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.NET.Test.Sdk's
releases](https://github.com/microsoft/vstest/releases)._

## 18.7.0

## What's Changed
* Add ARM64 msdia140.dll support to test platform packages by
@​jamesmcroft in https://github.com/microsoft/vstest/pull/15689
* Update System.Memory from 4.5.5 to 4.6.3 by @​nohwnd in
https://github.com/microsoft/vstest/pull/15706

## New Contributors
* @​jamesmcroft made their first contribution in
https://github.com/microsoft/vstest/pull/15689

**Full Changelog**:
https://github.com/microsoft/vstest/compare/v18.6.0...v18.7.0

## 18.6.0

## What's Changed
* Revert removal of Video Recorder by @​nohwnd in
https://github.com/microsoft/vstest/pull/15336
* Speed up blame by filtering non-.NET processes from dump collection by
@​nohwnd in https://github.com/microsoft/vstest/pull/15518
* Add README.md to NuGet packages by @​nohwnd in
https://github.com/microsoft/vstest/pull/15550
* Report child process info on connection timeout by @​nohwnd in
https://github.com/microsoft/vstest/pull/15603


### Changes to tests and infra
* Brand as 18.6 by @​nohwnd in
https://github.com/microsoft/vstest/pull/15423
* Upgrading code coverage version to 18.5.1, by @​fhnaseer in
https://github.com/microsoft/vstest/pull/15422
* Updating System.Collections.Immutable to 9.0.11 by @​MSLukeWest in
https://github.com/microsoft/vstest/pull/15425
* Fix attachVS when used for debugging integration tests by @​nohwnd in
https://github.com/microsoft/vstest/pull/15451
* Replace dotnet.config, with global.json by @​nohwnd in
https://github.com/microsoft/vstest/pull/15449
* Document debugging integration tests with AttachVS by @​Copilot in
https://github.com/microsoft/vstest/pull/15452
* Fix stack overflow tests by @​nohwnd in
https://github.com/microsoft/vstest/pull/15461
* Make TestAssets.sln buildable locally by @​Youssef1313 in
https://github.com/microsoft/vstest/pull/15466
* Try filtering out tests by @​nohwnd in
https://github.com/microsoft/vstest/pull/15463
* Build just once when tfms run in parallel by @​nohwnd in
https://github.com/microsoft/vstest/pull/15465
* Review simplify compatibility sources, deduplicate tests by @​nohwnd
in https://github.com/microsoft/vstest/pull/15472
* Cleanup dead TRX code by @​Youssef1313 in
https://github.com/microsoft/vstest/pull/15474
* Update .NET runtimes to 8.0.25, 9.0.14, and 10.0.4 by @​nohwnd in
https://github.com/microsoft/vstest/pull/15481
* Compat matrix checker by @​nohwnd in
https://github.com/microsoft/vstest/pull/15480
* Add trx analysis skill by @​nohwnd in
https://github.com/microsoft/vstest/pull/15486
* Split integration tests to single tfm and multi tfm project by
@​nohwnd in https://github.com/microsoft/vstest/pull/15484
* Update matrix by @​nohwnd in
https://github.com/microsoft/vstest/pull/15477
* Break infinite restore loop in VS by @​nohwnd in
https://github.com/microsoft/vstest/pull/15503
* Use global package cache for build, and local for running integration
tests by @​nohwnd in https://github.com/microsoft/vstest/pull/15500
* Update contributing by @​nohwnd in
https://github.com/microsoft/vstest/pull/15505
* Reduce test wall-clock time by increasing minThreads by @​drognanar in
https://github.com/microsoft/vstest/pull/15502
* Indicator flakiness by @​nohwnd in
https://github.com/microsoft/vstest/pull/15513
* Fix ci build by @​nohwnd in
https://github.com/microsoft/vstest/pull/15515
* Fix thread safety issues by @​Evangelink in
https://github.com/microsoft/vstest/pull/15512
* Optimize DotnetSDKSimulation_PostProcessing test (163s → 61s) by
@​nohwnd in https://github.com/microsoft/vstest/pull/15516
* Build isolated test assets for single TFM instead of 7 by @​nohwnd in
https://github.com/microsoft/vstest/pull/15517
* Remove unused dependencies from Library.IntegrationTests by @​nohwnd
in https://github.com/microsoft/vstest/pull/15527
* Remove printing _attachments content to console by @​nohwnd in
https://github.com/microsoft/vstest/pull/15520
* Add Linux/macOS test filtering guide to CONTRIBUTING.md by @​nohwnd in
https://github.com/microsoft/vstest/pull/15521
* Change integration test parallelization from ClassLevel to MethodLevel
by @​nohwnd in https://github.com/microsoft/vstest/pull/15526
* Unify target framework checks with IsNetFrameworkTarget/IsNetTarget by
@​nohwnd in https://github.com/microsoft/vstest/pull/15523
* Add unattended work instructions to copilot-instructions.md by
@​nohwnd in https://github.com/microsoft/vstest/pull/15531
* Reduce code style rule severity from warning to suggestion by @​nohwnd
in https://github.com/microsoft/vstest/pull/15522
* Remove Debug/Release line number branching from tests by @​nohwnd in
https://github.com/microsoft/vstest/pull/15519
* Revise unattended work instructions in copilot-instructions.md by
@​nohwnd in https://github.com/microsoft/vstest/pull/15532
* Improve CompatibilityRowsBuilder error message with diagnostic details
by @​nohwnd in https://github.com/microsoft/vstest/pull/15529
* docs: add git worktree and upstream sync workflow to
copilot-instructions.md by @​nohwnd in
https://github.com/microsoft/vstest/pull/15538
* Add VSIX runner to smoke tests by @​nohwnd in
https://github.com/microsoft/vstest/pull/15541
* Remove deprecated WebTest and TMI test methods by @​nohwnd in
https://github.com/microsoft/vstest/pull/15525
* Fix compatibility test failures for legacy vstest.console and MSTest
adapter by @​nohwnd in https://github.com/microsoft/vstest/pull/15534
* Convert TestPlatform.sln to slnx format by @​nohwnd in
https://github.com/microsoft/vstest/pull/15551
* Convert test/TestAssets .sln files to .slnx format by @​nohwnd in
https://github.com/microsoft/vstest/pull/15557
 ... (truncated)

Commits viewable in [compare
view](https://github.com/microsoft/vstest/compare/v18.5.1...v18.7.0).
</details>

Updated [Selenium.Support](https://github.com/SeleniumHQ/selenium) from
4.44.0 to 4.45.0.

<details>
<summary>Release notes</summary>

_Sourced from [Selenium.Support's
releases](https://github.com/SeleniumHQ/selenium/releases)._

## 4.45.0

## Detailed Changelogs by Component

<img src="https://www.selenium.dev/images/programming/java.svg"
width="20" height="20">
**[Java](https://github.com/SeleniumHQ/selenium/blob/trunk/java/CHANGELOG)**
&nbsp;&nbsp;&nbsp; | &nbsp;&nbsp;&nbsp;<img
src="https://www.selenium.dev/images/programming/python.svg" width="20"
height="20">
**[Python](https://github.com/SeleniumHQ/selenium/blob/trunk/py/CHANGES)**
&nbsp;&nbsp;&nbsp; | &nbsp;&nbsp;&nbsp;<img
src="https://www.selenium.dev/images/programming/dotnet.svg" width="20"
height="20">
**[DotNet](https://github.com/SeleniumHQ/selenium/blob/trunk/dotnet/CHANGELOG)**
&nbsp;&nbsp;&nbsp; | &nbsp;&nbsp;&nbsp;<img
src="https://www.selenium.dev/images/programming/ruby.svg" width="20"
height="20">
**[Ruby](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)**
&nbsp;&nbsp;&nbsp; | &nbsp;&nbsp;&nbsp;<img
src="https://www.selenium.dev/images/programming/javascript.svg"
width="20" height="20">
**[JavaScript](https://github.com/SeleniumHQ/selenium/blob/trunk/javascript/selenium-webdriver/CHANGES.md)**
<br>


<!-- Release notes generated using configuration in .github/release.yml
at selenium-4.45.0 -->

## What's Changed
* [build] derive PR diff base from HEAD^1 instead of trunk tip by
@​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17438
* [build] setup trusted publishing from Github to npmrc by
@​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17445
* [build] generate release notes from previous minor release tag by
@​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17449
* [build] fix when to update lock files during the release process by
@​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17450
* [java] remove deprecated logging classes by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17453
* [grid] Close pre-handshake race in WebSocket proxy by @​shs96c in
https://github.com/SeleniumHQ/selenium/pull/17435
* [JavaScript] Correct handling for older browsers and missing casing by
@​AutomatedTester in https://github.com/SeleniumHQ/selenium/pull/17451
* Use pyproject for Python runtime deps lock input by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17452
* [rb] deprecate curb http client support by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17443
* [javascript] Migrate find-elements atom from Closure to TypeScript by
@​AutomatedTester in https://github.com/SeleniumHQ/selenium/pull/17458
* [py] replace rules_python sphinxdocs with local sphinx_docs rule by
@​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17461
* [build] Configure Renovate dashboard approval by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17464
* [js] update vulnerable dependency with a range by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17466
* [build] remove duplicated grid ui tests by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17468
* [build] update java graphpql dependency by filtering out bad reference
by @​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17469
* [rb] upgrade to steep 2.0 by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17470
* [rust] update dependencies by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17472
* [build] update GitHub Actions to latest major versions by
@​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17475
* [dotnet] update dev dependencies by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17474
* [dotnet] fix template caching by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17476
* [dotnet] update system.text.json to 8.0.6 by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17477
* [js] update dev dependencies by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17479
* [dotnet] upgrade paket from v9 to v10 by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17481
* [build] bump bazel version to 9.1 by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17480
* [rust] update zip to v8 by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17485
* [js] update eslint to v10 with fixes by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17482
* [rb] Update ruby to 3.3.9 by @​aguspe in
https://github.com/SeleniumHQ/selenium/pull/17484
* [dotnet] include snupkg files when packaging things up and allow the
use of sourcelink by @​AutomatedTester in
https://github.com/SeleniumHQ/selenium/pull/17467
* [build] update download-artifact to v8 by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17493
* [dotnet] run format against slnx instead of looping csproj by
@​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17483
* [build] bump low-risk Bazel module dependencies by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17494
* [rust] update reqwest to 0.13 by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17488
* [dotnet] [build] Fix remote linkage in SourceLink by @​nvborisenko in
https://github.com/SeleniumHQ/selenium/pull/17495
* [build] remove renovate update requests pending work done in #​17427
by @​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17498
* [dotnet] [build] Support deterministic build output by @​nvborisenko
in https://github.com/SeleniumHQ/selenium/pull/17497
* [build] bump ruby versions to latest patch releases by @​titusfortner
in https://github.com/SeleniumHQ/selenium/pull/17496
* [js] remove npm dependency by using bazel for everything by
@​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17499
* [build] bump rules_jvm_external by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17501
* [build] bump rules_closure version by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17500
* [build] clarify dependency pin and update tasks by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17463
* [build] simplify commit-changes workflow by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17503
 ... (truncated)

Commits viewable in [compare
view](https://github.com/SeleniumHQ/selenium/compare/selenium-4.44.0...selenium-4.45.0).
</details>

Updated [Selenium.WebDriver](https://github.com/SeleniumHQ/selenium)
from 4.44.0 to 4.45.0.

<details>
<summary>Release notes</summary>

_Sourced from [Selenium.WebDriver's
releases](https://github.com/SeleniumHQ/selenium/releases)._

## 4.45.0

## Detailed Changelogs by Component

<img src="https://www.selenium.dev/images/programming/java.svg"
width="20" height="20">
**[Java](https://github.com/SeleniumHQ/selenium/blob/trunk/java/CHANGELOG)**
&nbsp;&nbsp;&nbsp; | &nbsp;&nbsp;&nbsp;<img
src="https://www.selenium.dev/images/programming/python.svg" width="20"
height="20">
**[Python](https://github.com/SeleniumHQ/selenium/blob/trunk/py/CHANGES)**
&nbsp;&nbsp;&nbsp; | &nbsp;&nbsp;&nbsp;<img
src="https://www.selenium.dev/images/programming/dotnet.svg" width="20"
height="20">
**[DotNet](https://github.com/SeleniumHQ/selenium/blob/trunk/dotnet/CHANGELOG)**
&nbsp;&nbsp;&nbsp; | &nbsp;&nbsp;&nbsp;<img
src="https://www.selenium.dev/images/programming/ruby.svg" width="20"
height="20">
**[Ruby](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)**
&nbsp;&nbsp;&nbsp; | &nbsp;&nbsp;&nbsp;<img
src="https://www.selenium.dev/images/programming/javascript.svg"
width="20" height="20">
**[JavaScript](https://github.com/SeleniumHQ/selenium/blob/trunk/javascript/selenium-webdriver/CHANGES.md)**
<br>


<!-- Release notes generated using configuration in .github/release.yml
at selenium-4.45.0 -->

## What's Changed
* [build] derive PR diff base from HEAD^1 instead of trunk tip by
@​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17438
* [build] setup trusted publishing from Github to npmrc by
@​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17445
* [build] generate release notes from previous minor release tag by
@​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17449
* [build] fix when to update lock files during the release process by
@​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17450
* [java] remove deprecated logging classes by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17453
* [grid] Close pre-handshake race in WebSocket proxy by @​shs96c in
https://github.com/SeleniumHQ/selenium/pull/17435
* [JavaScript] Correct handling for older browsers and missing casing by
@​AutomatedTester in https://github.com/SeleniumHQ/selenium/pull/17451
* Use pyproject for Python runtime deps lock input by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17452
* [rb] deprecate curb http client support by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17443
* [javascript] Migrate find-elements atom from Closure to TypeScript by
@​AutomatedTester in https://github.com/SeleniumHQ/selenium/pull/17458
* [py] replace rules_python sphinxdocs with local sphinx_docs rule by
@​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17461
* [build] Configure Renovate dashboard approval by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17464
* [js] update vulnerable dependency with a range by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17466
* [build] remove duplicated grid ui tests by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17468
* [build] update java graphpql dependency by filtering out bad reference
by @​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17469
* [rb] upgrade to steep 2.0 by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17470
* [rust] update dependencies by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17472
* [build] update GitHub Actions to latest major versions by
@​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17475
* [dotnet] update dev dependencies by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17474
* [dotnet] fix template caching by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17476
* [dotnet] update system.text.json to 8.0.6 by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17477
* [js] update dev dependencies by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17479
* [dotnet] upgrade paket from v9 to v10 by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17481
* [build] bump bazel version to 9.1 by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17480
* [rust] update zip to v8 by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17485
* [js] update eslint to v10 with fixes by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17482
* [rb] Update ruby to 3.3.9 by @​aguspe in
https://github.com/SeleniumHQ/selenium/pull/17484
* [dotnet] include snupkg files when packaging things up and allow the
use of sourcelink by @​AutomatedTester in
https://github.com/SeleniumHQ/selenium/pull/17467
* [build] update download-artifact to v8 by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17493
* [dotnet] run format against slnx instead of looping csproj by
@​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17483
* [build] bump low-risk Bazel module dependencies by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17494
* [rust] update reqwest to 0.13 by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17488
* [dotnet] [build] Fix remote linkage in SourceLink by @​nvborisenko in
https://github.com/SeleniumHQ/selenium/pull/17495
* [build] remove renovate update requests pending work done in #​17427
by @​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17498
* [dotnet] [build] Support deterministic build output by @​nvborisenko
in https://github.com/SeleniumHQ/selenium/pull/17497
* [build] bump ruby versions to latest patch releases by @​titusfortner
in https://github.com/SeleniumHQ/selenium/pull/17496
* [js] remove npm dependency by using bazel for everything by
@​titusfortner in https://github.com/SeleniumHQ/selenium/pull/17499
* [build] bump rules_jvm_external by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17501
* [build] bump rules_closure version by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17500
* [build] clarify dependency pin and update tasks by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17463
* [build] simplify commit-changes workflow by @​titusfortner in
https://github.com/SeleniumHQ/selenium/pull/17503
 ... (truncated)

Commits viewable in [compare
view](https://github.com/SeleniumHQ/selenium/compare/selenium-4.44.0...selenium-4.45.0).
</details>

Updated
[Serilog.Settings.Configuration](https://github.com/serilog/serilog-settings-configuration)
from 10.0.0 to 10.0.1.

<details>
<summary>Release notes</summary>

_Sourced from [Serilog.Settings.Configuration's
releases](https://github.com/serilog/serilog-settings-configuration/releases)._

## 10.0.1

## What's Changed
* Support LevelAlias names in configuration parsing by @​mohammed-saalim
in https://github.com/serilog/serilog-settings-configuration/pull/465
* Fix: Update ConditionalSink expression syntax in sample app by
@​gyurebalint in
https://github.com/serilog/serilog-settings-configuration/pull/470
* issue-468: Fix empty/whitespace string converting to array type by
@​gyurebalint-CID in
https://github.com/serilog/serilog-settings-configuration/pull/469
* Add WriteTo.FallbackChain and WriteTo.Fallible support in
configuration by @​ArieGato in
https://github.com/serilog/serilog-settings-configuration/pull/474
* Fix/issue 441 by @​gyurebalint in
https://github.com/serilog/serilog-settings-configuration/pull/471
* Support C# 13 params collections (IEnumerable<T>, List<T>) by
@​gyurebalint in
https://github.com/serilog/serilog-settings-configuration/pull/478

## New Contributors
* @​mohammed-saalim made their first contribution in
https://github.com/serilog/serilog-settings-configuration/pull/465
* @​gyurebalint made their first contribution in
https://github.com/serilog/serilog-settings-configuration/pull/470
* @​gyurebalint-CID made their first contribution in
https://github.com/serilog/serilog-settings-configuration/pull/469
* @​ArieGato made their first contribution in
https://github.com/serilog/serilog-settings-configuration/pull/474

**Full Changelog**:
https://github.com/serilog/serilog-settings-configuration/compare/v10.0.0...v10.0.1

Commits viewable in [compare
view](https://github.com/serilog/serilog-settings-configuration/compare/v10.0.0...v10.0.1).
</details>

Updated
[Swashbuckle.AspNetCore](https://github.com/domaindrivendev/Swashbuckle.AspNetCore)
from 10.1.7 to 10.2.3.

<details>
<summary>Release notes</summary>

_Sourced from [Swashbuckle.AspNetCore's
releases](https://github.com/domaindrivendev/Swashbuckle.AspNetCore/releases)._

## 10.2.3

## What's Changed

* Bump swagger-ui-dist to 5.32.7 by @​dependabot in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/4015

**Full Changelog**:
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/compare/v10.2.2...v10.2.3

## 10.2.2

## What's Changed

* Update NuGet packages by @​martincostello in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3990
* Set `SOURCE_DATE_EPOCH` by @​martincostello in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3997
* Fix `InvalidOperationException` if no route matches by
@​martincostello in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3999
* Fix empty parameter example not generated by @​dldl-cmd in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3932
* Map `[MinLength]`/`[MaxLength]` on dictionary properties to
`minProperties`/`maxProperties` by @​KitKeen in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3922
* Fix conflicting required+nullable schema when only NonNullableReferen…
by @​KitKeen in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3912
* Fix `ExposeSwaggerDocumentUrlsRoute` behaviour by @​martincostello in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/4000
* Use `NUGET_API_KEY` by @​martincostello in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/4006

## New Contributors

* @​KitKeen made their first contribution in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3922

**Full Changelog**:
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/compare/v10.2.1...v10.2.2


## 10.2.1

## What's Changed

* Update Microsoft.OpenApi to 2.7.5 to pick up fix for
GHSA-v5pm-xwqc-g5wc by @​martincostello in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3974

**Full Changelog**:
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/compare/v10.2.0...v10.2.1


## 10.2.0

## What's Changed

* Add `MapSwaggerUI` and `MapReDoc` to support endpoint routing by
@​Strepto in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3822
* Bump version to 10.2.0 by @​martincostello in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3872
* Bump swagger-ui-dist from 5.32.1 to 5.32.2 by @​dependabot in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3883
* Support `HEAD` requests by @​snebjorn in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3887
* Use `IAsyncSwaggerProvider` in CLI `tofile` command by @​bt-Knodel in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3910
* Pin runner images by @​martincostello in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3944
* Disable npm install scripts by @​martincostello in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3946
* Bump redoc from 2.5.2 to 2.5.3 by @​dependabot in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3967

## New Contributors

* @​Strepto made their first contribution in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3822
* @​snebjorn made their first contribution in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3887
* @​bt-Knodel made their first contribution in
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3910

**Full Changelog**:
https://github.com/domaindrivendev/Swashbuckle.AspNetCore/compare/v10.1.7...v10.2.0

Commits viewable in [compare
view](https://github.com/domaindrivendev/Swashbuckle.AspNetCore/compare/v10.1.7...v10.2.3).
</details>

Updated
[System.IdentityModel.Tokens.Jwt](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet)
from 8.18.0 to 8.19.1.

<details>
<summary>Release notes</summary>

_Sourced from [System.IdentityModel.Tokens.Jwt's
releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._

## 8.19.1

## Bug Fixes
- Update `JwtSecurityTokenHandler` for
`IssuerSigningKeyResolverUsingConfiguration` to take priority over
`IssuerSigningKeyResolver`, matching the documented contract and the
correct behavior already present in `JsonWebTokenHandler`. See [PR
#​3519](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3519).

## 8.19.0

## New Features
- Add ML-DSA (FIPS 204) post-quantum signature support. See [PR
#​3479](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3479).
- Cache custom crypto providers in CryptoProviderFactory. See [PR
#​3489](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3489).

## Bug Fixes
- Disable automatic redirects on default HttpClient for JKU retrieval.
See [PR
#​3494](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3494).
- Adjust rented buffer handling in claim set parsing. See [PR
#​3493](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3493).
- Tidy null handling in SAML conditions validation. See [PR
#​3491](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3491).
- Improve validation of `jku` claim. See [PR
#​3481](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3481).
- Limit telemetry algorithm dimension cardinality. See [PR
#​3490](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3490).
- Add defensive copy of collections in ValidationParameters. See [PR
#​3492](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3492).
- Update TokenValidationParameter copy constructor to make a deep copy.
See [PR
#​3488](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3488).
- Update to fail-closed when replay protection isn't configured and
other DPoP hardening. See [PR
#​3505](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3505).
- Apply RFC 3986 section 6.2.2 normalization to DPoP `htu` comparison.
See [PR
#​3509](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3509).

Commits viewable in [compare
view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.18.0...8.19.1).
</details>

Updated
[Testcontainers.PostgreSql](https://github.com/testcontainers/testcontainers-dotnet)
from 4.11.0 to 4.13.0.

<details>
<summary>Release notes</summary>

_Sourced from [Testcontainers.PostgreSql's
releases](https://github.com/testcontainers/testcontainers-dotnet/releases)._

## 4.13.0

# What's Changed

Thank you to everyone who contributed and shared their feedback 🤜🤛.

The NuGet packages for this release have been attested for supply chain
security using [`actions/attest`](https://github.com/actions/attest).
This confirms the integrity and provenance of the artifacts and helps
ensure they can be trusted:
[#​33686956](https://github.com/testcontainers/testcontainers-dotnet/attestations/33686956).

## 🚀 Features

* feat: Add Aspire dashboard module (#​1194) @​NikiforovAll
* feat: Add image name substitution hook (#​1710) @​HofmeisterAn
* feat(CosmosDb): Add get method AccountEndpoint (#​1707) @​srollinet
* feat: Improve image build failure messages (#​1700) @​HofmeisterAn

## 🐛 Bug Fixes

* fix: Restore tar archive write performance regressed by padding trim
(#​1719) @​HofmeisterAn
* chore: Bump Docker.DotNet from 4.3.2 to 4.3.3 (#​1714) @​HofmeisterAn
* chore(AspireDashboard): Cover connection string provider (#​1713)
@​HofmeisterAn

## 📖 Documentation

* docs: Add missing TC languages and reorder docs navigation (#​1711)
@​mdelapenya
* docs: Add note about unsupported BuildKit Dockerfile features (#​1696)
@​HofmeisterAn
* docs: Explain immutable builder behavior (#​1693) @​HofmeisterAn

## 🧹 Housekeeping

* chore: Enable Dependabot cooldown (#​1716) @​HofmeisterAn
* chore: Add nuget.config (#​1715) @​Rob-Hague
* chore(AspireDashboard): Cover connection string provider (#​1713)
@​HofmeisterAn
* chore: Bump Docker.DotNet from 4.2.0 to 4.3.2 (#​1712) @​HofmeisterAn
* chore: Bump sshd-docker image from 1.3.0 to 1.4.0 (#​1709)
@​HofmeisterAn
* chore: Rename runtime label and add buildkit and stale labels (#​1703)
@​HofmeisterAn
* fix: Guard expensive argument evaluation when logging (#​1702)
@​HofmeisterAn
* chore: Defer container ID truncation in logging (#​1701)
@​HofmeisterAn
* chore: Migrate to LoggerMessageAttribute (#​1697) @​HofmeisterAn

## 📦 Dependency Updates

* chore(deps): Bump the actions group with 2 updates (#​1721)
@[dependabot[bot]](https://github.com/apps/dependabot)
* chore(deps): Bump the actions group with 7 updates (#​1717)
@[dependabot[bot]](https://github.com/apps/dependabot)
* chore: Bump Docker.DotNet from 4.3.2 to 4.3.3 (#​1714) @​HofmeisterAn
* chore: Bump Docker.DotNet from 4.2.0 to 4.3.2 (#​1712) @​HofmeisterAn
* chore(deps): Bump the actions group with 4 updates (#​1698)
@[dependabot[bot]](https://github.com/apps/dependabot)


## 4.12.0

# What's Changed

Thanks to all contributors 👏.

The NuGet packages for this release have been attested for supply chain
security using [`actions/attest`](https://github.com/actions/attest).
This confirms the integrity and provenance of the artifacts and helps
ensure they can be trusted:
[#​28009236](https://github.com/testcontainers/testcontainers-dotnet/attestations/28009236).

## ⚠️ Breaking Changes

* chore(deps): Bump Docker.DotNet from 3.131.1 to 4.0.2 (#​1665)
@​HofmeisterAn

## 🚀 Features

* feat: Add Floci module (#​1690) @​object
* feat: Ignore port-forwarding extra host in reuse hash (#​1689)
@​HofmeisterAn
* feat: Allow devs to override the reuse hash calculation (#​1688)
@​HofmeisterAn
* feat: Add connect to network API (#​1672) @​HofmeisterAn
* feat(LocalStack): Require auth token for 4.15 and onwards (#​1667)
@​HofmeisterAn
* chore(deps): Bump Docker.DotNet from 3.131.1 to 4.0.2 (#​1665)
@​HofmeisterAn

## 🐛 Bug Fixes

* fix: Trim tar record padding to avoid broken-pipe failure on Podman
(#​1684) @​artiomchi
* fix(Nats): Use healthz API for readiness probe (#​1679) @​eriblo01
* fix: Remove KeepAlive socket option (#​1671) @​Angelinsky7

## 📖 Documentation

* docs: Extend WithCommand(params string[]) documentation (#​1685)
@​HofmeisterAn

## 🧹 Housekeeping

* feat: Prepare next release cycle (4.12.0) (#​1664) @​HofmeisterAn

## 📦 Dependency Updates

* chore(deps): Bump the actions group with 5 updates (#​1687)
@[dependabot[bot]](https://github.com/apps/dependabot)
* chore(deps): Bump Docker.DotNet from 4.1.0 to 4.2.0 (#​1686)
@​HofmeisterAn
* chore(deps): Bump the actions group with 5 updates (#​1676)
@[dependabot[bot]](https://github.com/apps/dependabot)
* chore(deps): Bump Docker.DotNet from 4.0.2 to 4.1.0 (#​1674)
@​HofmeisterAn
* chore(deps): Bump Docker.DotNet from 3.131.1 to 4.0.2 (#​1665)
@​HofmeisterAn


Commits viewable in [compare
view](https://github.com/testcontainers/testcontainers-dotnet/compare/4.11.0...4.13.0).
</details>

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

B-build Includes scripting, bazel and CI integrations B-grid Everything grid and server related C-java Java Bindings

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants