[grid] Close pre-handshake race in WebSocket proxy#17435
Conversation
Frames received from the upstream WebSocket before the client-side handshake completes used to traverse MessageOutboundConverter via the fallback consumer. After onUpgradeComplete strips the converter, an in-flight frame on the upstream listener thread could land in a pipeline that no longer had its Message-layer handlers and silently drop. Move the channel reference and a pre-handshake buffer into the listener: pre-handshake frames are queued, the buffer drains under a lock when the channel is handed over, and post-handshake calls take the lock-free fast path.
Review Summary by QodoBuffer pre-handshake WebSocket frames to prevent race condition
WalkthroughsDescription• Buffer pre-handshake WebSocket frames in DirectForwardingListener to prevent silent drops • Drain buffered frames in order when client channel becomes available post-handshake • Replace fallback Message consumer with lock-protected frame queue for deterministic ordering • Add unit test validating pre-handshake frame buffering and post-handshake fast path Diagramflowchart LR
A["Pre-handshake frames arrive"] -->|enqueue| B["DirectForwardingListener buffer"]
C["onUpgradeComplete fires"] -->|drain in order| B
B -->|write to channel| D["Client receives frames"]
E["Post-handshake frames"] -->|volatile read| F["Fast path direct write"]
F --> D
File Changes1. java/src/org/openqa/selenium/grid/router/ProxyWebsocketsIntoGrid.java
|
Code Review by Qodo
1.
|
Address two issues raised on SeleniumHQ#17435: - Pre-handshake onClose/onError used to discard the close details and publish the channel for normal forwarding when the handshake later landed, leaving the client open indefinitely. Record the code/reason and, on onUpgrade, drain any frames the upstream had queued and then write the close frame followed by closing the channel. - The pending deque had no cap, so a stalled handshake while the upstream keeps producing could grow it without bound. Cap at 128 frames; on overflow drop the buffer, latch a 1009 terminal state, and close the upstream so the channel sees a clean close once the upgrade fires.
|
Pushed
The Ruby Windows test failure is unrelated — |
|
Persistent review updated to latest commit bf52afc |
If pre-handshake onClose kept the buffered ref-counted WebSocketFrames "for a future onUpgrade drain" and the client-side handshake never landed (client disconnected mid-handshake, or the upgrade itself failed and triggered the upstream close), those frames were never released — a Netty buffer leak. Make onClose symmetric with onError: drop the buffer on pre-handshake close, while still recording the code/reason so onUpgrade can surface a clean close to the client if the handshake does fire later. The trade-off is small: a client that just received the 101 response cannot usefully consume frames if we are about to close them immediately afterward.
|
Good catch — pushed
Made Existing test updated to reflect the new behaviour (only the close frame on the wire after pre-handshake close + upgrade). |
|
Persistent review updated to latest commit 0cd57dd |
The Router has had a direct frame-forwarding path between the Netty pipeline and the upstream JDK WebSocket since db9b07a (2026-03-11, "[grid] Router WebSocket handle dropped close frames, idle disconnects, high-latency proxying", SeleniumHQ#17197). Once the client-side handshake completes, an inbound WebSocketFrameProxy forwards each Netty WebSocketFrame straight to the upstream WebSocket, and the outbound DirectForwardingListener writes upstream replies directly to the client channel. Together those removed the per-frame Message allocation and the executor hop in WebSocketMessageHandler on the Router side. The Node still did the full round-trip through MessageInboundConverter, WebSocketMessageHandler, the registered Consumer<Message>, and MessageOutboundConverter in both directions for every frame. Each frame allocated a TextMessage or BinaryMessage and hopped onto the channel executor on delivery. For a busy CDP or VNC session that is measurable allocation and executor-queue pressure on the Node. Apply the same PostUpgradeHook pattern on the Node side: the consumer returned from ProxyNodeWebsockets installs a WebSocketFrameProxy after the handshake so inbound frames forward straight to the browser-side WebSocket, and a DirectForwardingListener writes outbound frames directly to the client channel. Frames received before the handshake are buffered in arrival order and drained on handover, so a frame cannot land in a pipeline that has already had its Message-layer handlers removed. The hardening that the Router-side listener picked up in 8d8cf64 (2026-05-14, "[grid] Close pre-handshake race in WebSocket proxy", SeleniumHQ#17435) is mirrored on the Node listener: the pre-handshake buffer is capped at 128 frames with a 1009 close recorded on overflow; the close code and reason are recorded on pre-handshake close or error so a late onUpgrade can write a clean close frame to the client and tear the channel down rather than leaving it open; and the buffer is released on close so ref-counted frames cannot leak if the handshake never completes. The Node-specific behaviour is preserved: - Session-activity heartbeats (sessionConsumer.accept(sessionId)) fire per frame, both pre- and post-handshake. - The connectionReleased CAS still guards a single node.releaseConnection call across the close and error paths, including the overflow path introduced here. - VNC sessions still install a no-op heartbeat consumer so VNC traffic does not mark the session as recently active. The existing ProxyNodeWebsocketsTest continues to exercise the slot accounting, including the regression from SeleniumHQ#17197 where onError without a follow-on onClose used to leak the slot. New unit tests in NodeDirectForwardingListenerTest pin the per-frame heartbeat, the buffer-then-drain ordering, the surface-and-teardown behaviour on a pre-handshake close, and the overflow path's clean release of the session slot.
The Router has had a direct frame-forwarding path between the Netty pipeline and the upstream JDK WebSocket since db9b07a (2026-03-11, "[grid] Router WebSocket handle dropped close frames, idle disconnects, high-latency proxying", SeleniumHQ#17197). Once the client-side handshake completes, an inbound WebSocketFrameProxy forwards each Netty WebSocketFrame straight to the upstream WebSocket, and the outbound DirectForwardingListener writes upstream replies directly to the client channel. Together those removed the per-frame Message allocation and the executor hop in WebSocketMessageHandler on the Router side. The Node still did the full round-trip through MessageInboundConverter, WebSocketMessageHandler, the registered Consumer<Message>, and MessageOutboundConverter in both directions for every frame. Each frame allocated a TextMessage or BinaryMessage and hopped onto the channel executor on delivery. For a busy CDP or VNC session that is measurable allocation and executor-queue pressure on the Node. Apply the same PostUpgradeHook pattern on the Node side: the consumer returned from ProxyNodeWebsockets installs a WebSocketFrameProxy after the handshake so inbound frames forward straight to the browser-side WebSocket, and a DirectForwardingListener writes outbound frames directly to the client channel. Frames received before the handshake are buffered in arrival order and drained on handover, so a frame cannot land in a pipeline that has already had its Message-layer handlers removed. The hardening that the Router-side listener picked up in 8d8cf64 (2026-05-14, "[grid] Close pre-handshake race in WebSocket proxy", SeleniumHQ#17435) is mirrored on the Node listener: the pre-handshake buffer is capped at 128 frames with a 1009 close recorded on overflow; the close code and reason are recorded on pre-handshake close or error so a late onUpgrade can write a clean close frame to the client and tear the channel down rather than leaving it open; and the buffer is released on close so ref-counted frames cannot leak if the handshake never completes. The Node-specific behaviour is preserved: - Session-activity heartbeats (sessionConsumer.accept(sessionId)) fire per frame, both pre- and post-handshake. - The connectionReleased CAS still guards a single node.releaseConnection call across the close and error paths, including the overflow path introduced here. - VNC sessions still install a no-op heartbeat consumer so VNC traffic does not mark the session as recently active. The existing ProxyNodeWebsocketsTest continues to exercise the slot accounting, including the regression from SeleniumHQ#17197 where onError without a follow-on onClose used to leak the slot. New unit tests in NodeDirectForwardingListenerTest pin the per-frame heartbeat, the buffer-then-drain ordering, the surface-and-teardown behaviour on a pre-handshake close, and the overflow path's clean release of the session slot.
The Router has had a direct frame-forwarding path between the Netty pipeline and the upstream JDK WebSocket since db9b07a (2026-03-11, "[grid] Router WebSocket handle dropped close frames, idle disconnects, high-latency proxying", SeleniumHQ#17197). Once the client-side handshake completes, an inbound WebSocketFrameProxy forwards each Netty WebSocketFrame straight to the upstream WebSocket, and the outbound DirectForwardingListener writes upstream replies directly to the client channel. Together those removed the per-frame Message allocation and the executor hop in WebSocketMessageHandler on the Router side. The Node still did the full round-trip through MessageInboundConverter, WebSocketMessageHandler, the registered Consumer<Message>, and MessageOutboundConverter in both directions for every frame. Each frame allocated a TextMessage or BinaryMessage and hopped onto the channel executor on delivery. For a busy CDP or VNC session that is measurable allocation and executor-queue pressure on the Node. Apply the same PostUpgradeHook pattern on the Node side: the consumer returned from ProxyNodeWebsockets installs a WebSocketFrameProxy after the handshake so inbound frames forward straight to the browser-side WebSocket, and a DirectForwardingListener writes outbound frames directly to the client channel. Frames received before the handshake are buffered in arrival order and drained on handover, so a frame cannot land in a pipeline that has already had its Message-layer handlers removed. The hardening that the Router-side listener picked up in 8d8cf64 (2026-05-14, "[grid] Close pre-handshake race in WebSocket proxy", SeleniumHQ#17435) is mirrored on the Node listener: the pre-handshake buffer is capped at 128 frames with a 1009 close recorded on overflow; the close code and reason are recorded on pre-handshake close or error so a late onUpgrade can write a clean close frame to the client and tear the channel down rather than leaving it open; and the buffer is released on close so ref-counted frames cannot leak if the handshake never completes. Close-frame reasons coming from the upstream are now truncated to the 123-byte UTF-8 cap that RFC 6455 §5.5.1 imposes. The truncation uses a CharsetEncoder writing into a 120-byte buffer so it stops at a clean character boundary on overflow — a naive byte-truncate-then- decode could split a multi-byte sequence, produce a U+FFFD replacement on decode, and re-encode back over 123 bytes, breaking the close frame. The helper lives as a public static on WebSocketFrameProxy because both DirectForwardingListener classes already depend on that class. The Router-side listener that landed in SeleniumHQ#17435 had the same unchecked path; apply the helper there too so both proxies share the same safe behaviour. The Node-specific behaviour is preserved: - Session-activity heartbeats (sessionConsumer.accept(sessionId)) fire per frame, both pre- and post-handshake. - The connectionReleased CAS still guards a single node.releaseConnection call across the close and error paths, including the overflow path introduced here. - VNC sessions still install a no-op heartbeat consumer so VNC traffic does not mark the session as recently active. The existing ProxyNodeWebsocketsTest continues to exercise the slot accounting, including the regression from SeleniumHQ#17197 where onError without a follow-on onClose used to leak the slot. New unit tests in NodeDirectForwardingListenerTest pin the per-frame heartbeat, the buffer-then-drain ordering, the surface-and-teardown behaviour on a pre-handshake close, the overflow path's clean release of the session slot, and the safe truncation of an overlong upstream close reason that contains multi-byte UTF-8 characters. The shared helper has a focused unit test alongside it in WebSocketFrameProxyTest.
The Router has had a direct frame-forwarding path between the Netty pipeline and the upstream JDK WebSocket since db9b07a (2026-03-11, "[grid] Router WebSocket handle dropped close frames, idle disconnects, high-latency proxying", SeleniumHQ#17197). Once the client-side handshake completes, an inbound WebSocketFrameProxy forwards each Netty WebSocketFrame straight to the upstream WebSocket, and the outbound DirectForwardingListener writes upstream replies directly to the client channel. Together those removed the per-frame Message allocation and the executor hop in WebSocketMessageHandler on the Router side. The Node still did the full round-trip through MessageInboundConverter, WebSocketMessageHandler, the registered Consumer<Message>, and MessageOutboundConverter in both directions for every frame. Each frame allocated a TextMessage or BinaryMessage and hopped onto the channel executor on delivery. For a busy CDP or VNC session that is measurable allocation and executor-queue pressure on the Node. Apply the same PostUpgradeHook pattern on the Node side: the consumer returned from ProxyNodeWebsockets installs a WebSocketFrameProxy after the handshake so inbound frames forward straight to the browser-side WebSocket, and a DirectForwardingListener writes outbound frames directly to the client channel. Frames received before the handshake are buffered in arrival order and drained on handover, so a frame cannot land in a pipeline that has already had its Message-layer handlers removed. The hardening that the Router-side listener picked up in 8d8cf64 (2026-05-14, "[grid] Close pre-handshake race in WebSocket proxy", SeleniumHQ#17435) is mirrored on the Node listener: the pre-handshake buffer is capped at 128 frames with a 1009 close recorded on overflow; the close code and reason are recorded on pre-handshake close or error so a late onUpgrade can write a clean close frame to the client and tear the channel down rather than leaving it open; and the buffer is released on close so ref-counted frames cannot leak if the handshake never completes. Close-frame reasons coming from the upstream are now truncated to the 123-byte UTF-8 cap that RFC 6455 §5.5.1 imposes. The truncation uses a CharsetEncoder writing into a 120-byte buffer so it stops at a clean character boundary on overflow — a naive byte-truncate-then- decode could split a multi-byte sequence, produce a U+FFFD replacement on decode, and re-encode back over 123 bytes, breaking the close frame. The helper lives as a public static on WebSocketFrameProxy because both DirectForwardingListener classes already depend on that class. The Router-side listener that landed in SeleniumHQ#17435 had the same unchecked path; apply the helper there too so both proxies share the same safe behaviour. The Node-specific behaviour is preserved: - Session-activity heartbeats (sessionConsumer.accept(sessionId)) fire per frame, both pre- and post-handshake. - The connectionReleased CAS still guards a single node.releaseConnection call across the close and error paths, including the overflow path introduced here. - VNC sessions still install a no-op heartbeat consumer so VNC traffic does not mark the session as recently active. The existing ProxyNodeWebsocketsTest continues to exercise the slot accounting, including the regression from SeleniumHQ#17197 where onError without a follow-on onClose used to leak the slot. New unit tests in NodeDirectForwardingListenerTest pin the per-frame heartbeat, the buffer-then-drain ordering, the surface-and-teardown behaviour on a pre-handshake close, the overflow path's clean release of the session slot, and the safe truncation of an overlong upstream close reason that contains multi-byte UTF-8 characters. The shared helper has a focused unit test alongside it in WebSocketFrameProxyTest.
The Router has had a direct frame-forwarding path between the Netty pipeline and the upstream JDK WebSocket since db9b07a (2026-03-11, "[grid] Router WebSocket handle dropped close frames, idle disconnects, high-latency proxying", SeleniumHQ#17197). Once the client-side handshake completes, an inbound WebSocketFrameProxy forwards each Netty WebSocketFrame straight to the upstream WebSocket, and the outbound DirectForwardingListener writes upstream replies directly to the client channel. Together those removed the per-frame Message allocation and the executor hop in WebSocketMessageHandler on the Router side. The Node still did the full round-trip through MessageInboundConverter, WebSocketMessageHandler, the registered Consumer<Message>, and MessageOutboundConverter in both directions for every frame. Each frame allocated a TextMessage or BinaryMessage and hopped onto the channel executor on delivery. For a busy CDP or VNC session that is measurable allocation and executor-queue pressure on the Node. Apply the same PostUpgradeHook pattern on the Node side: the consumer returned from ProxyNodeWebsockets installs a WebSocketFrameProxy after the handshake so inbound frames forward straight to the browser-side WebSocket, and a DirectForwardingListener writes outbound frames directly to the client channel. Frames received before the handshake are buffered in arrival order and drained on handover, so a frame cannot land in a pipeline that has already had its Message-layer handlers removed. The hardening that the Router-side listener picked up in 8d8cf64 (2026-05-14, "[grid] Close pre-handshake race in WebSocket proxy", SeleniumHQ#17435) is mirrored on the Node listener: the pre-handshake buffer is capped at 128 frames with a 1009 close recorded on overflow; the close code and reason are recorded on pre-handshake close or error so a late onUpgrade can write a clean close frame to the client and tear the channel down rather than leaving it open; and the buffer is released on close so ref-counted frames cannot leak if the handshake never completes. Close-frame reasons coming from the upstream are now truncated to the 123-byte UTF-8 cap that RFC 6455 §5.5.1 imposes. The truncation uses a CharsetEncoder writing into a 120-byte buffer so it stops at a clean character boundary on overflow — a naive byte-truncate-then- decode could split a multi-byte sequence, produce a U+FFFD replacement on decode, and re-encode back over 123 bytes, breaking the close frame. The helper lives as a public static on WebSocketFrameProxy because both DirectForwardingListener classes already depend on that class. The Router-side listener that landed in SeleniumHQ#17435 had the same unchecked path; apply the helper there too so both proxies share the same safe behaviour. The Node-specific behaviour is preserved: - Session-activity heartbeats (sessionConsumer.accept(sessionId)) fire per frame, both pre- and post-handshake. - The connectionReleased CAS still guards a single node.releaseConnection call across the close and error paths, including the overflow path introduced here. - VNC sessions still install a no-op heartbeat consumer so VNC traffic does not mark the session as recently active. The existing ProxyNodeWebsocketsTest continues to exercise the slot accounting, including the regression from SeleniumHQ#17197 where onError without a follow-on onClose used to leak the slot. New unit tests in NodeDirectForwardingListenerTest pin the per-frame heartbeat, the buffer-then-drain ordering, the surface-and-teardown behaviour on a pre-handshake close, the overflow path's clean release of the session slot, and the safe truncation of an overlong upstream close reason that contains multi-byte UTF-8 characters. The shared helper has a focused unit test alongside it in WebSocketFrameProxyTest.
The Router has had a direct frame-forwarding path between the Netty pipeline and the upstream JDK WebSocket since db9b07a (2026-03-11, "[grid] Router WebSocket handle dropped close frames, idle disconnects, high-latency proxying", #17197). Once the client-side handshake completes, an inbound WebSocketFrameProxy forwards each Netty WebSocketFrame straight to the upstream WebSocket, and the outbound DirectForwardingListener writes upstream replies directly to the client channel. Together those removed the per-frame Message allocation and the executor hop in WebSocketMessageHandler on the Router side. The Node still did the full round-trip through MessageInboundConverter, WebSocketMessageHandler, the registered Consumer<Message>, and MessageOutboundConverter in both directions for every frame. Each frame allocated a TextMessage or BinaryMessage and hopped onto the channel executor on delivery. For a busy CDP or VNC session that is measurable allocation and executor-queue pressure on the Node. Apply the same PostUpgradeHook pattern on the Node side: the consumer returned from ProxyNodeWebsockets installs a WebSocketFrameProxy after the handshake so inbound frames forward straight to the browser-side WebSocket, and a DirectForwardingListener writes outbound frames directly to the client channel. Frames received before the handshake are buffered in arrival order and drained on handover, so a frame cannot land in a pipeline that has already had its Message-layer handlers removed. The hardening that the Router-side listener picked up in 8d8cf64 (2026-05-14, "[grid] Close pre-handshake race in WebSocket proxy", #17435) is mirrored on the Node listener: the pre-handshake buffer is capped at 128 frames with a 1009 close recorded on overflow; the close code and reason are recorded on pre-handshake close or error so a late onUpgrade can write a clean close frame to the client and tear the channel down rather than leaving it open; and the buffer is released on close so ref-counted frames cannot leak if the handshake never completes. Close-frame reasons coming from the upstream are now truncated to the 123-byte UTF-8 cap that RFC 6455 §5.5.1 imposes. The truncation uses a CharsetEncoder writing into a 120-byte buffer so it stops at a clean character boundary on overflow — a naive byte-truncate-then- decode could split a multi-byte sequence, produce a U+FFFD replacement on decode, and re-encode back over 123 bytes, breaking the close frame. The helper lives as a public static on WebSocketFrameProxy because both DirectForwardingListener classes already depend on that class. The Router-side listener that landed in #17435 had the same unchecked path; apply the helper there too so both proxies share the same safe behaviour. The Node-specific behaviour is preserved: - Session-activity heartbeats (sessionConsumer.accept(sessionId)) fire per frame, both pre- and post-handshake. - The connectionReleased CAS still guards a single node.releaseConnection call across the close and error paths, including the overflow path introduced here. - VNC sessions still install a no-op heartbeat consumer so VNC traffic does not mark the session as recently active. The existing ProxyNodeWebsocketsTest continues to exercise the slot accounting, including the regression from #17197 where onError without a follow-on onClose used to leak the slot. New unit tests in NodeDirectForwardingListenerTest pin the per-frame heartbeat, the buffer-then-drain ordering, the surface-and-teardown behaviour on a pre-handshake close, the overflow path's clean release of the session slot, and the safe truncation of an overlong upstream close reason that contains multi-byte UTF-8 characters. The shared helper has a focused unit test alongside it in WebSocketFrameProxyTest.
Updated [coverlet.collector](https://github.com/coverlet-coverage/coverlet) from 10.0.0 to 10.0.1. <details> <summary>Release notes</summary> _Sourced from [coverlet.collector's releases](https://github.com/coverlet-coverage/coverlet/releases)._ ## 10.0.1 ### Improvements - Coverlet with MTP 2 doesn't show test coverage statistic in console [#1907](https://github.com/coverlet-coverage/coverlet/issues/1907) - Avoid unnecessary testhost restarts [#1912](https://github.com/coverlet-coverage/coverlet/issues/1912) by <https://github.com/mawosoft> ### Fixed - Fix inconsistent paths in cobertura reports [#1723](https://github.com/coverlet-coverage/coverlet/issues/1723) - Fix when using "is" with "and" in pattern matching, branch coverage is lower than normal [#1313](https://github.com/coverlet-coverage/coverlet/issues/1313) - Fix Coverlet flagging a branch for an async functions finally block where none exists [#1337](https://github.com/coverlet-coverage/coverlet/issues/1337) - Fix Coverlet Tracker Missing CompilerGeneratedAttribute [#1828](https://github.com/coverlet-coverage/coverlet/issues/1828) ### Maintenance - Add architecture docs and diagrams for all integrations [#1927](https://github.com/coverlet-coverage/coverlet/pull/1927) - Update NuGet packages and .NET SDK versions [#1933](https://github.com/coverlet-coverage/coverlet/pull/1933) [Diff between 10.0.0 and 10.0.1](https://github.com/coverlet-coverage/coverlet/compare/v10.0.0...v10.0.1) Commits viewable in [compare view](https://github.com/coverlet-coverage/coverlet/compare/v10.0.0...v10.0.1). </details> Updated [coverlet.msbuild](https://github.com/coverlet-coverage/coverlet) from 10.0.0 to 10.0.1. <details> <summary>Release notes</summary> _Sourced from [coverlet.msbuild's releases](https://github.com/coverlet-coverage/coverlet/releases)._ ## 10.0.1 ### Improvements - Coverlet with MTP 2 doesn't show test coverage statistic in console [#1907](https://github.com/coverlet-coverage/coverlet/issues/1907) - Avoid unnecessary testhost restarts [#1912](https://github.com/coverlet-coverage/coverlet/issues/1912) by <https://github.com/mawosoft> ### Fixed - Fix inconsistent paths in cobertura reports [#1723](https://github.com/coverlet-coverage/coverlet/issues/1723) - Fix when using "is" with "and" in pattern matching, branch coverage is lower than normal [#1313](https://github.com/coverlet-coverage/coverlet/issues/1313) - Fix Coverlet flagging a branch for an async functions finally block where none exists [#1337](https://github.com/coverlet-coverage/coverlet/issues/1337) - Fix Coverlet Tracker Missing CompilerGeneratedAttribute [#1828](https://github.com/coverlet-coverage/coverlet/issues/1828) ### Maintenance - Add architecture docs and diagrams for all integrations [#1927](https://github.com/coverlet-coverage/coverlet/pull/1927) - Update NuGet packages and .NET SDK versions [#1933](https://github.com/coverlet-coverage/coverlet/pull/1933) [Diff between 10.0.0 and 10.0.1](https://github.com/coverlet-coverage/coverlet/compare/v10.0.0...v10.0.1) Commits viewable in [compare view](https://github.com/coverlet-coverage/coverlet/compare/v10.0.0...v10.0.1). </details> Updated [Microsoft.AspNetCore.Components.Authorization](https://github.com/dotnet/aspnetcore) from 8.0.27 to 8.0.28. <details> <summary>Release notes</summary> _Sourced from [Microsoft.AspNetCore.Components.Authorization's releases](https://github.com/dotnet/aspnetcore/releases)._ ## 8.0.28 [Release](https://github.com/dotnet/core/releases/tag/v8.0.28) ## What's Changed * Update branding to 8.0.28 by @vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/66589 * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66556 * [release/8.0] Update dependencies from dotnet/source-build-assets by @dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66471 * [release/8.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66344 * [release/8.0] Strip UTF-8 BOM from template localization files and remove version override by @wtgodbe in https://github.com/dotnet/aspnetcore/pull/66427 * Merging internal commits for release/8.0 by @vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/66662 **Full Changelog**: https://github.com/dotnet/aspnetcore/compare/v8.0.27...v8.0.28 Commits viewable in [compare view](https://github.com/dotnet/aspnetcore/compare/v8.0.27...v8.0.28). </details> Updated [Microsoft.AspNetCore.Components.WebAssembly](https://github.com/dotnet/aspnetcore) from 8.0.27 to 8.0.28. <details> <summary>Release notes</summary> _Sourced from [Microsoft.AspNetCore.Components.WebAssembly's releases](https://github.com/dotnet/aspnetcore/releases)._ ## 8.0.28 [Release](https://github.com/dotnet/core/releases/tag/v8.0.28) ## What's Changed * Update branding to 8.0.28 by @vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/66589 * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66556 * [release/8.0] Update dependencies from dotnet/source-build-assets by @dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66471 * [release/8.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66344 * [release/8.0] Strip UTF-8 BOM from template localization files and remove version override by @wtgodbe in https://github.com/dotnet/aspnetcore/pull/66427 * Merging internal commits for release/8.0 by @vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/66662 **Full Changelog**: https://github.com/dotnet/aspnetcore/compare/v8.0.27...v8.0.28 Commits viewable in [compare view](https://github.com/dotnet/aspnetcore/compare/v8.0.27...v8.0.28). </details> Updated [Microsoft.AspNetCore.Components.WebAssembly.DevServer](https://github.com/dotnet/dotnet) from 10.0.8 to 10.0.9. <details> <summary>Release notes</summary> _Sourced from [Microsoft.AspNetCore.Components.WebAssembly.DevServer's releases](https://github.com/dotnet/dotnet/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits). </details> Updated [Microsoft.AspNetCore.Http.Abstractions](https://github.com/dotnet/aspnetcore) from 2.3.10 to 2.3.11. <details> <summary>Release notes</summary> _Sourced from [Microsoft.AspNetCore.Http.Abstractions's releases](https://github.com/dotnet/aspnetcore/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/dotnet/aspnetcore/commits). </details> Updated [Microsoft.AspNetCore.Mvc.Testing](https://github.com/dotnet/aspnetcore) from 8.0.27 to 8.0.28. <details> <summary>Release notes</summary> _Sourced from [Microsoft.AspNetCore.Mvc.Testing's releases](https://github.com/dotnet/aspnetcore/releases)._ ## 8.0.28 [Release](https://github.com/dotnet/core/releases/tag/v8.0.28) ## What's Changed * Update branding to 8.0.28 by @vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/66589 * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66556 * [release/8.0] Update dependencies from dotnet/source-build-assets by @dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66471 * [release/8.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66344 * [release/8.0] Strip UTF-8 BOM from template localization files and remove version override by @wtgodbe in https://github.com/dotnet/aspnetcore/pull/66427 * Merging internal commits for release/8.0 by @vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/66662 **Full Changelog**: https://github.com/dotnet/aspnetcore/compare/v8.0.27...v8.0.28 Commits viewable in [compare view](https://github.com/dotnet/aspnetcore/compare/v8.0.27...v8.0.28). </details> Updated [Microsoft.AspNetCore.OpenApi](https://github.com/dotnet/aspnetcore) from 8.0.27 to 8.0.28. <details> <summary>Release notes</summary> _Sourced from [Microsoft.AspNetCore.OpenApi's releases](https://github.com/dotnet/aspnetcore/releases)._ ## 8.0.28 [Release](https://github.com/dotnet/core/releases/tag/v8.0.28) ## What's Changed * Update branding to 8.0.28 by @vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/66589 * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66556 * [release/8.0] Update dependencies from dotnet/source-build-assets by @dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66471 * [release/8.0] Update dependencies from dotnet/source-build-externals by @dotnet-maestro[bot] in https://github.com/dotnet/aspnetcore/pull/66344 * [release/8.0] Strip UTF-8 BOM from template localization files and remove version override by @wtgodbe in https://github.com/dotnet/aspnetcore/pull/66427 * Merging internal commits for release/8.0 by @vseanreesermsft in https://github.com/dotnet/aspnetcore/pull/66662 **Full Changelog**: https://github.com/dotnet/aspnetcore/compare/v8.0.27...v8.0.28 Commits viewable in [compare view](https://github.com/dotnet/aspnetcore/compare/v8.0.27...v8.0.28). </details> Updated [Microsoft.EntityFrameworkCore](https://github.com/dotnet/efcore) from 9.0.16 to 9.0.17. <details> <summary>Release notes</summary> _Sourced from [Microsoft.EntityFrameworkCore's releases](https://github.com/dotnet/efcore/releases)._ ## 9.0.17 [Release](https://github.com/dotnet/core/releases/tag/v9.0.17) ## What's Changed * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in https://github.com/dotnet/efcore/pull/38204 * Update branding to 8.0.28 by @vseanreesermsft in https://github.com/dotnet/efcore/pull/38227 * Update branding to 9.0.17 by @vseanreesermsft in https://github.com/dotnet/efcore/pull/38228 * [automated] Merge branch 'release/8.0' => 'release/9.0' by @github-actions[bot] in https://github.com/dotnet/efcore/pull/38230 * Merging internal commits for release/9.0 by @vseanreesermsft in https://github.com/dotnet/efcore/pull/38262 * Merging internal commits for release/8.0 by @vseanreesermsft in https://github.com/dotnet/efcore/pull/38263 * [automated] Merge branch 'release/8.0' => 'release/9.0' by @github-actions[bot] in https://github.com/dotnet/efcore/pull/38266 **Full Changelog**: https://github.com/dotnet/efcore/compare/v9.0.16...v9.0.17 Commits viewable in [compare view](https://github.com/dotnet/efcore/compare/v9.0.16...v9.0.17). </details> Updated [Microsoft.EntityFrameworkCore.Design](https://github.com/dotnet/efcore) from 9.0.16 to 9.0.17. <details> <summary>Release notes</summary> _Sourced from [Microsoft.EntityFrameworkCore.Design's releases](https://github.com/dotnet/efcore/releases)._ ## 9.0.17 [Release](https://github.com/dotnet/core/releases/tag/v9.0.17) ## What's Changed * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in https://github.com/dotnet/efcore/pull/38204 * Update branding to 8.0.28 by @vseanreesermsft in https://github.com/dotnet/efcore/pull/38227 * Update branding to 9.0.17 by @vseanreesermsft in https://github.com/dotnet/efcore/pull/38228 * [automated] Merge branch 'release/8.0' => 'release/9.0' by @github-actions[bot] in https://github.com/dotnet/efcore/pull/38230 * Merging internal commits for release/9.0 by @vseanreesermsft in https://github.com/dotnet/efcore/pull/38262 * Merging internal commits for release/8.0 by @vseanreesermsft in https://github.com/dotnet/efcore/pull/38263 * [automated] Merge branch 'release/8.0' => 'release/9.0' by @github-actions[bot] in https://github.com/dotnet/efcore/pull/38266 **Full Changelog**: https://github.com/dotnet/efcore/compare/v9.0.16...v9.0.17 Commits viewable in [compare view](https://github.com/dotnet/efcore/compare/v9.0.16...v9.0.17). </details> Updated [Microsoft.EntityFrameworkCore.InMemory](https://github.com/dotnet/efcore) from 9.0.16 to 9.0.17. <details> <summary>Release notes</summary> _Sourced from [Microsoft.EntityFrameworkCore.InMemory's releases](https://github.com/dotnet/efcore/releases)._ ## 9.0.17 [Release](https://github.com/dotnet/core/releases/tag/v9.0.17) ## What's Changed * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in https://github.com/dotnet/efcore/pull/38204 * Update branding to 8.0.28 by @vseanreesermsft in https://github.com/dotnet/efcore/pull/38227 * Update branding to 9.0.17 by @vseanreesermsft in https://github.com/dotnet/efcore/pull/38228 * [automated] Merge branch 'release/8.0' => 'release/9.0' by @github-actions[bot] in https://github.com/dotnet/efcore/pull/38230 * Merging internal commits for release/9.0 by @vseanreesermsft in https://github.com/dotnet/efcore/pull/38262 * Merging internal commits for release/8.0 by @vseanreesermsft in https://github.com/dotnet/efcore/pull/38263 * [automated] Merge branch 'release/8.0' => 'release/9.0' by @github-actions[bot] in https://github.com/dotnet/efcore/pull/38266 **Full Changelog**: https://github.com/dotnet/efcore/compare/v9.0.16...v9.0.17 Commits viewable in [compare view](https://github.com/dotnet/efcore/compare/v9.0.16...v9.0.17). </details> Updated [Microsoft.EntityFrameworkCore.Relational](https://github.com/dotnet/efcore) from 9.0.16 to 9.0.17. <details> <summary>Release notes</summary> _Sourced from [Microsoft.EntityFrameworkCore.Relational's releases](https://github.com/dotnet/efcore/releases)._ ## 9.0.17 [Release](https://github.com/dotnet/core/releases/tag/v9.0.17) ## What's Changed * [release/8.0] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in https://github.com/dotnet/efcore/pull/38204 * Update branding to 8.0.28 by @vseanreesermsft in https://github.com/dotnet/efcore/pull/38227 * Update branding to 9.0.17 by @vseanreesermsft in https://github.com/dotnet/efcore/pull/38228 * [automated] Merge branch 'release/8.0' => 'release/9.0' by @github-actions[bot] in https://github.com/dotnet/efcore/pull/38230 * Merging internal commits for release/9.0 by @vseanreesermsft in https://github.com/dotnet/efcore/pull/38262 * Merging internal commits for release/8.0 by @vseanreesermsft in https://github.com/dotnet/efcore/pull/38263 * [automated] Merge branch 'release/8.0' => 'release/9.0' by @github-actions[bot] in https://github.com/dotnet/efcore/pull/38266 **Full Changelog**: https://github.com/dotnet/efcore/compare/v9.0.16...v9.0.17 Commits viewable in [compare view](https://github.com/dotnet/efcore/compare/v9.0.16...v9.0.17). </details> Updated [Microsoft.Extensions.Caching.Abstractions](https://github.com/dotnet/dotnet) from 10.0.8 to 10.0.9. <details> <summary>Release notes</summary> _Sourced from [Microsoft.Extensions.Caching.Abstractions's releases](https://github.com/dotnet/dotnet/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits). </details> Updated [Microsoft.Extensions.Configuration](https://github.com/dotnet/dotnet) from 10.0.8 to 10.0.9. <details> <summary>Release notes</summary> _Sourced from [Microsoft.Extensions.Configuration's releases](https://github.com/dotnet/dotnet/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits). </details> Updated [Microsoft.Extensions.Configuration.Binder](https://github.com/dotnet/dotnet) from 10.0.8 to 10.0.9. <details> <summary>Release notes</summary> _Sourced from [Microsoft.Extensions.Configuration.Binder's releases](https://github.com/dotnet/dotnet/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits). </details> Updated [Microsoft.Extensions.Hosting](https://github.com/dotnet/dotnet) from 10.0.8 to 10.0.9. <details> <summary>Release notes</summary> _Sourced from [Microsoft.Extensions.Hosting's releases](https://github.com/dotnet/dotnet/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits). </details> Updated [Microsoft.Extensions.Http](https://github.com/dotnet/dotnet) from 10.0.8 to 10.0.9. <details> <summary>Release notes</summary> _Sourced from [Microsoft.Extensions.Http's releases](https://github.com/dotnet/dotnet/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits). </details> Updated [Microsoft.Extensions.Options.DataAnnotations](https://github.com/dotnet/dotnet) from 10.0.8 to 10.0.9. <details> <summary>Release notes</summary> _Sourced from [Microsoft.Extensions.Options.DataAnnotations's releases](https://github.com/dotnet/dotnet/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits). </details> Updated [Microsoft.IdentityModel.Tokens](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.18.0 to 8.19.1. <details> <summary>Release notes</summary> _Sourced from [Microsoft.IdentityModel.Tokens's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._ ## 8.19.1 ## Bug Fixes - Update `JwtSecurityTokenHandler` for `IssuerSigningKeyResolverUsingConfiguration` to take priority over `IssuerSigningKeyResolver`, matching the documented contract and the correct behavior already present in `JsonWebTokenHandler`. See [PR #3519](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3519). ## 8.19.0 ## New Features - Add ML-DSA (FIPS 204) post-quantum signature support. See [PR #3479](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3479). - Cache custom crypto providers in CryptoProviderFactory. See [PR #3489](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3489). ## Bug Fixes - Disable automatic redirects on default HttpClient for JKU retrieval. See [PR #3494](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3494). - Adjust rented buffer handling in claim set parsing. See [PR #3493](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3493). - Tidy null handling in SAML conditions validation. See [PR #3491](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3491). - Improve validation of `jku` claim. See [PR #3481](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3481). - Limit telemetry algorithm dimension cardinality. See [PR #3490](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3490). - Add defensive copy of collections in ValidationParameters. See [PR #3492](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3492). - Update TokenValidationParameter copy constructor to make a deep copy. See [PR #3488](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3488). - Update to fail-closed when replay protection isn't configured and other DPoP hardening. See [PR #3505](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3505). - Apply RFC 3986 section 6.2.2 normalization to DPoP `htu` comparison. See [PR #3509](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3509). Commits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.18.0...8.19.1). </details> Updated [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 18.5.1 to 18.7.0. <details> <summary>Release notes</summary> _Sourced from [Microsoft.NET.Test.Sdk's releases](https://github.com/microsoft/vstest/releases)._ ## 18.7.0 ## What's Changed * Add ARM64 msdia140.dll support to test platform packages by @jamesmcroft in https://github.com/microsoft/vstest/pull/15689 * Update System.Memory from 4.5.5 to 4.6.3 by @nohwnd in https://github.com/microsoft/vstest/pull/15706 ## New Contributors * @jamesmcroft made their first contribution in https://github.com/microsoft/vstest/pull/15689 **Full Changelog**: https://github.com/microsoft/vstest/compare/v18.6.0...v18.7.0 ## 18.6.0 ## What's Changed * Revert removal of Video Recorder by @nohwnd in https://github.com/microsoft/vstest/pull/15336 * Speed up blame by filtering non-.NET processes from dump collection by @nohwnd in https://github.com/microsoft/vstest/pull/15518 * Add README.md to NuGet packages by @nohwnd in https://github.com/microsoft/vstest/pull/15550 * Report child process info on connection timeout by @nohwnd in https://github.com/microsoft/vstest/pull/15603 ### Changes to tests and infra * Brand as 18.6 by @nohwnd in https://github.com/microsoft/vstest/pull/15423 * Upgrading code coverage version to 18.5.1, by @fhnaseer in https://github.com/microsoft/vstest/pull/15422 * Updating System.Collections.Immutable to 9.0.11 by @MSLukeWest in https://github.com/microsoft/vstest/pull/15425 * Fix attachVS when used for debugging integration tests by @nohwnd in https://github.com/microsoft/vstest/pull/15451 * Replace dotnet.config, with global.json by @nohwnd in https://github.com/microsoft/vstest/pull/15449 * Document debugging integration tests with AttachVS by @Copilot in https://github.com/microsoft/vstest/pull/15452 * Fix stack overflow tests by @nohwnd in https://github.com/microsoft/vstest/pull/15461 * Make TestAssets.sln buildable locally by @Youssef1313 in https://github.com/microsoft/vstest/pull/15466 * Try filtering out tests by @nohwnd in https://github.com/microsoft/vstest/pull/15463 * Build just once when tfms run in parallel by @nohwnd in https://github.com/microsoft/vstest/pull/15465 * Review simplify compatibility sources, deduplicate tests by @nohwnd in https://github.com/microsoft/vstest/pull/15472 * Cleanup dead TRX code by @Youssef1313 in https://github.com/microsoft/vstest/pull/15474 * Update .NET runtimes to 8.0.25, 9.0.14, and 10.0.4 by @nohwnd in https://github.com/microsoft/vstest/pull/15481 * Compat matrix checker by @nohwnd in https://github.com/microsoft/vstest/pull/15480 * Add trx analysis skill by @nohwnd in https://github.com/microsoft/vstest/pull/15486 * Split integration tests to single tfm and multi tfm project by @nohwnd in https://github.com/microsoft/vstest/pull/15484 * Update matrix by @nohwnd in https://github.com/microsoft/vstest/pull/15477 * Break infinite restore loop in VS by @nohwnd in https://github.com/microsoft/vstest/pull/15503 * Use global package cache for build, and local for running integration tests by @nohwnd in https://github.com/microsoft/vstest/pull/15500 * Update contributing by @nohwnd in https://github.com/microsoft/vstest/pull/15505 * Reduce test wall-clock time by increasing minThreads by @drognanar in https://github.com/microsoft/vstest/pull/15502 * Indicator flakiness by @nohwnd in https://github.com/microsoft/vstest/pull/15513 * Fix ci build by @nohwnd in https://github.com/microsoft/vstest/pull/15515 * Fix thread safety issues by @Evangelink in https://github.com/microsoft/vstest/pull/15512 * Optimize DotnetSDKSimulation_PostProcessing test (163s → 61s) by @nohwnd in https://github.com/microsoft/vstest/pull/15516 * Build isolated test assets for single TFM instead of 7 by @nohwnd in https://github.com/microsoft/vstest/pull/15517 * Remove unused dependencies from Library.IntegrationTests by @nohwnd in https://github.com/microsoft/vstest/pull/15527 * Remove printing _attachments content to console by @nohwnd in https://github.com/microsoft/vstest/pull/15520 * Add Linux/macOS test filtering guide to CONTRIBUTING.md by @nohwnd in https://github.com/microsoft/vstest/pull/15521 * Change integration test parallelization from ClassLevel to MethodLevel by @nohwnd in https://github.com/microsoft/vstest/pull/15526 * Unify target framework checks with IsNetFrameworkTarget/IsNetTarget by @nohwnd in https://github.com/microsoft/vstest/pull/15523 * Add unattended work instructions to copilot-instructions.md by @nohwnd in https://github.com/microsoft/vstest/pull/15531 * Reduce code style rule severity from warning to suggestion by @nohwnd in https://github.com/microsoft/vstest/pull/15522 * Remove Debug/Release line number branching from tests by @nohwnd in https://github.com/microsoft/vstest/pull/15519 * Revise unattended work instructions in copilot-instructions.md by @nohwnd in https://github.com/microsoft/vstest/pull/15532 * Improve CompatibilityRowsBuilder error message with diagnostic details by @nohwnd in https://github.com/microsoft/vstest/pull/15529 * docs: add git worktree and upstream sync workflow to copilot-instructions.md by @nohwnd in https://github.com/microsoft/vstest/pull/15538 * Add VSIX runner to smoke tests by @nohwnd in https://github.com/microsoft/vstest/pull/15541 * Remove deprecated WebTest and TMI test methods by @nohwnd in https://github.com/microsoft/vstest/pull/15525 * Fix compatibility test failures for legacy vstest.console and MSTest adapter by @nohwnd in https://github.com/microsoft/vstest/pull/15534 * Convert TestPlatform.sln to slnx format by @nohwnd in https://github.com/microsoft/vstest/pull/15551 * Convert test/TestAssets .sln files to .slnx format by @nohwnd in https://github.com/microsoft/vstest/pull/15557 ... (truncated) Commits viewable in [compare view](https://github.com/microsoft/vstest/compare/v18.5.1...v18.7.0). </details> Updated [Selenium.Support](https://github.com/SeleniumHQ/selenium) from 4.44.0 to 4.45.0. <details> <summary>Release notes</summary> _Sourced from [Selenium.Support's releases](https://github.com/SeleniumHQ/selenium/releases)._ ## 4.45.0 ## Detailed Changelogs by Component <img src="https://www.selenium.dev/images/programming/java.svg" width="20" height="20"> **[Java](https://github.com/SeleniumHQ/selenium/blob/trunk/java/CHANGELOG)** | <img src="https://www.selenium.dev/images/programming/python.svg" width="20" height="20"> **[Python](https://github.com/SeleniumHQ/selenium/blob/trunk/py/CHANGES)** | <img src="https://www.selenium.dev/images/programming/dotnet.svg" width="20" height="20"> **[DotNet](https://github.com/SeleniumHQ/selenium/blob/trunk/dotnet/CHANGELOG)** | <img src="https://www.selenium.dev/images/programming/ruby.svg" width="20" height="20"> **[Ruby](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)** | <img src="https://www.selenium.dev/images/programming/javascript.svg" width="20" height="20"> **[JavaScript](https://github.com/SeleniumHQ/selenium/blob/trunk/javascript/selenium-webdriver/CHANGES.md)** <br> <!-- Release notes generated using configuration in .github/release.yml at selenium-4.45.0 --> ## What's Changed * [build] derive PR diff base from HEAD^1 instead of trunk tip by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17438 * [build] setup trusted publishing from Github to npmrc by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17445 * [build] generate release notes from previous minor release tag by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17449 * [build] fix when to update lock files during the release process by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17450 * [java] remove deprecated logging classes by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17453 * [grid] Close pre-handshake race in WebSocket proxy by @shs96c in https://github.com/SeleniumHQ/selenium/pull/17435 * [JavaScript] Correct handling for older browsers and missing casing by @AutomatedTester in https://github.com/SeleniumHQ/selenium/pull/17451 * Use pyproject for Python runtime deps lock input by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17452 * [rb] deprecate curb http client support by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17443 * [javascript] Migrate find-elements atom from Closure to TypeScript by @AutomatedTester in https://github.com/SeleniumHQ/selenium/pull/17458 * [py] replace rules_python sphinxdocs with local sphinx_docs rule by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17461 * [build] Configure Renovate dashboard approval by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17464 * [js] update vulnerable dependency with a range by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17466 * [build] remove duplicated grid ui tests by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17468 * [build] update java graphpql dependency by filtering out bad reference by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17469 * [rb] upgrade to steep 2.0 by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17470 * [rust] update dependencies by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17472 * [build] update GitHub Actions to latest major versions by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17475 * [dotnet] update dev dependencies by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17474 * [dotnet] fix template caching by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17476 * [dotnet] update system.text.json to 8.0.6 by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17477 * [js] update dev dependencies by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17479 * [dotnet] upgrade paket from v9 to v10 by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17481 * [build] bump bazel version to 9.1 by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17480 * [rust] update zip to v8 by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17485 * [js] update eslint to v10 with fixes by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17482 * [rb] Update ruby to 3.3.9 by @aguspe in https://github.com/SeleniumHQ/selenium/pull/17484 * [dotnet] include snupkg files when packaging things up and allow the use of sourcelink by @AutomatedTester in https://github.com/SeleniumHQ/selenium/pull/17467 * [build] update download-artifact to v8 by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17493 * [dotnet] run format against slnx instead of looping csproj by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17483 * [build] bump low-risk Bazel module dependencies by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17494 * [rust] update reqwest to 0.13 by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17488 * [dotnet] [build] Fix remote linkage in SourceLink by @nvborisenko in https://github.com/SeleniumHQ/selenium/pull/17495 * [build] remove renovate update requests pending work done in #17427 by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17498 * [dotnet] [build] Support deterministic build output by @nvborisenko in https://github.com/SeleniumHQ/selenium/pull/17497 * [build] bump ruby versions to latest patch releases by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17496 * [js] remove npm dependency by using bazel for everything by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17499 * [build] bump rules_jvm_external by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17501 * [build] bump rules_closure version by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17500 * [build] clarify dependency pin and update tasks by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17463 * [build] simplify commit-changes workflow by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17503 ... (truncated) Commits viewable in [compare view](https://github.com/SeleniumHQ/selenium/compare/selenium-4.44.0...selenium-4.45.0). </details> Updated [Selenium.WebDriver](https://github.com/SeleniumHQ/selenium) from 4.44.0 to 4.45.0. <details> <summary>Release notes</summary> _Sourced from [Selenium.WebDriver's releases](https://github.com/SeleniumHQ/selenium/releases)._ ## 4.45.0 ## Detailed Changelogs by Component <img src="https://www.selenium.dev/images/programming/java.svg" width="20" height="20"> **[Java](https://github.com/SeleniumHQ/selenium/blob/trunk/java/CHANGELOG)** | <img src="https://www.selenium.dev/images/programming/python.svg" width="20" height="20"> **[Python](https://github.com/SeleniumHQ/selenium/blob/trunk/py/CHANGES)** | <img src="https://www.selenium.dev/images/programming/dotnet.svg" width="20" height="20"> **[DotNet](https://github.com/SeleniumHQ/selenium/blob/trunk/dotnet/CHANGELOG)** | <img src="https://www.selenium.dev/images/programming/ruby.svg" width="20" height="20"> **[Ruby](https://github.com/SeleniumHQ/selenium/blob/trunk/rb/CHANGES)** | <img src="https://www.selenium.dev/images/programming/javascript.svg" width="20" height="20"> **[JavaScript](https://github.com/SeleniumHQ/selenium/blob/trunk/javascript/selenium-webdriver/CHANGES.md)** <br> <!-- Release notes generated using configuration in .github/release.yml at selenium-4.45.0 --> ## What's Changed * [build] derive PR diff base from HEAD^1 instead of trunk tip by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17438 * [build] setup trusted publishing from Github to npmrc by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17445 * [build] generate release notes from previous minor release tag by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17449 * [build] fix when to update lock files during the release process by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17450 * [java] remove deprecated logging classes by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17453 * [grid] Close pre-handshake race in WebSocket proxy by @shs96c in https://github.com/SeleniumHQ/selenium/pull/17435 * [JavaScript] Correct handling for older browsers and missing casing by @AutomatedTester in https://github.com/SeleniumHQ/selenium/pull/17451 * Use pyproject for Python runtime deps lock input by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17452 * [rb] deprecate curb http client support by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17443 * [javascript] Migrate find-elements atom from Closure to TypeScript by @AutomatedTester in https://github.com/SeleniumHQ/selenium/pull/17458 * [py] replace rules_python sphinxdocs with local sphinx_docs rule by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17461 * [build] Configure Renovate dashboard approval by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17464 * [js] update vulnerable dependency with a range by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17466 * [build] remove duplicated grid ui tests by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17468 * [build] update java graphpql dependency by filtering out bad reference by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17469 * [rb] upgrade to steep 2.0 by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17470 * [rust] update dependencies by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17472 * [build] update GitHub Actions to latest major versions by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17475 * [dotnet] update dev dependencies by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17474 * [dotnet] fix template caching by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17476 * [dotnet] update system.text.json to 8.0.6 by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17477 * [js] update dev dependencies by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17479 * [dotnet] upgrade paket from v9 to v10 by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17481 * [build] bump bazel version to 9.1 by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17480 * [rust] update zip to v8 by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17485 * [js] update eslint to v10 with fixes by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17482 * [rb] Update ruby to 3.3.9 by @aguspe in https://github.com/SeleniumHQ/selenium/pull/17484 * [dotnet] include snupkg files when packaging things up and allow the use of sourcelink by @AutomatedTester in https://github.com/SeleniumHQ/selenium/pull/17467 * [build] update download-artifact to v8 by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17493 * [dotnet] run format against slnx instead of looping csproj by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17483 * [build] bump low-risk Bazel module dependencies by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17494 * [rust] update reqwest to 0.13 by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17488 * [dotnet] [build] Fix remote linkage in SourceLink by @nvborisenko in https://github.com/SeleniumHQ/selenium/pull/17495 * [build] remove renovate update requests pending work done in #17427 by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17498 * [dotnet] [build] Support deterministic build output by @nvborisenko in https://github.com/SeleniumHQ/selenium/pull/17497 * [build] bump ruby versions to latest patch releases by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17496 * [js] remove npm dependency by using bazel for everything by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17499 * [build] bump rules_jvm_external by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17501 * [build] bump rules_closure version by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17500 * [build] clarify dependency pin and update tasks by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17463 * [build] simplify commit-changes workflow by @titusfortner in https://github.com/SeleniumHQ/selenium/pull/17503 ... (truncated) Commits viewable in [compare view](https://github.com/SeleniumHQ/selenium/compare/selenium-4.44.0...selenium-4.45.0). </details> Updated [Serilog.Settings.Configuration](https://github.com/serilog/serilog-settings-configuration) from 10.0.0 to 10.0.1. <details> <summary>Release notes</summary> _Sourced from [Serilog.Settings.Configuration's releases](https://github.com/serilog/serilog-settings-configuration/releases)._ ## 10.0.1 ## What's Changed * Support LevelAlias names in configuration parsing by @mohammed-saalim in https://github.com/serilog/serilog-settings-configuration/pull/465 * Fix: Update ConditionalSink expression syntax in sample app by @gyurebalint in https://github.com/serilog/serilog-settings-configuration/pull/470 * issue-468: Fix empty/whitespace string converting to array type by @gyurebalint-CID in https://github.com/serilog/serilog-settings-configuration/pull/469 * Add WriteTo.FallbackChain and WriteTo.Fallible support in configuration by @ArieGato in https://github.com/serilog/serilog-settings-configuration/pull/474 * Fix/issue 441 by @gyurebalint in https://github.com/serilog/serilog-settings-configuration/pull/471 * Support C# 13 params collections (IEnumerable<T>, List<T>) by @gyurebalint in https://github.com/serilog/serilog-settings-configuration/pull/478 ## New Contributors * @mohammed-saalim made their first contribution in https://github.com/serilog/serilog-settings-configuration/pull/465 * @gyurebalint made their first contribution in https://github.com/serilog/serilog-settings-configuration/pull/470 * @gyurebalint-CID made their first contribution in https://github.com/serilog/serilog-settings-configuration/pull/469 * @ArieGato made their first contribution in https://github.com/serilog/serilog-settings-configuration/pull/474 **Full Changelog**: https://github.com/serilog/serilog-settings-configuration/compare/v10.0.0...v10.0.1 Commits viewable in [compare view](https://github.com/serilog/serilog-settings-configuration/compare/v10.0.0...v10.0.1). </details> Updated [Swashbuckle.AspNetCore](https://github.com/domaindrivendev/Swashbuckle.AspNetCore) from 10.1.7 to 10.2.3. <details> <summary>Release notes</summary> _Sourced from [Swashbuckle.AspNetCore's releases](https://github.com/domaindrivendev/Swashbuckle.AspNetCore/releases)._ ## 10.2.3 ## What's Changed * Bump swagger-ui-dist to 5.32.7 by @dependabot in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/4015 **Full Changelog**: https://github.com/domaindrivendev/Swashbuckle.AspNetCore/compare/v10.2.2...v10.2.3 ## 10.2.2 ## What's Changed * Update NuGet packages by @martincostello in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3990 * Set `SOURCE_DATE_EPOCH` by @martincostello in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3997 * Fix `InvalidOperationException` if no route matches by @martincostello in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3999 * Fix empty parameter example not generated by @dldl-cmd in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3932 * Map `[MinLength]`/`[MaxLength]` on dictionary properties to `minProperties`/`maxProperties` by @KitKeen in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3922 * Fix conflicting required+nullable schema when only NonNullableReferen… by @KitKeen in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3912 * Fix `ExposeSwaggerDocumentUrlsRoute` behaviour by @martincostello in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/4000 * Use `NUGET_API_KEY` by @martincostello in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/4006 ## New Contributors * @KitKeen made their first contribution in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3922 **Full Changelog**: https://github.com/domaindrivendev/Swashbuckle.AspNetCore/compare/v10.2.1...v10.2.2 ## 10.2.1 ## What's Changed * Update Microsoft.OpenApi to 2.7.5 to pick up fix for GHSA-v5pm-xwqc-g5wc by @martincostello in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3974 **Full Changelog**: https://github.com/domaindrivendev/Swashbuckle.AspNetCore/compare/v10.2.0...v10.2.1 ## 10.2.0 ## What's Changed * Add `MapSwaggerUI` and `MapReDoc` to support endpoint routing by @Strepto in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3822 * Bump version to 10.2.0 by @martincostello in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3872 * Bump swagger-ui-dist from 5.32.1 to 5.32.2 by @dependabot in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3883 * Support `HEAD` requests by @snebjorn in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3887 * Use `IAsyncSwaggerProvider` in CLI `tofile` command by @bt-Knodel in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3910 * Pin runner images by @martincostello in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3944 * Disable npm install scripts by @martincostello in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3946 * Bump redoc from 2.5.2 to 2.5.3 by @dependabot in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3967 ## New Contributors * @Strepto made their first contribution in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3822 * @snebjorn made their first contribution in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3887 * @bt-Knodel made their first contribution in https://github.com/domaindrivendev/Swashbuckle.AspNetCore/pull/3910 **Full Changelog**: https://github.com/domaindrivendev/Swashbuckle.AspNetCore/compare/v10.1.7...v10.2.0 Commits viewable in [compare view](https://github.com/domaindrivendev/Swashbuckle.AspNetCore/compare/v10.1.7...v10.2.3). </details> Updated [System.IdentityModel.Tokens.Jwt](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet) from 8.18.0 to 8.19.1. <details> <summary>Release notes</summary> _Sourced from [System.IdentityModel.Tokens.Jwt's releases](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/releases)._ ## 8.19.1 ## Bug Fixes - Update `JwtSecurityTokenHandler` for `IssuerSigningKeyResolverUsingConfiguration` to take priority over `IssuerSigningKeyResolver`, matching the documented contract and the correct behavior already present in `JsonWebTokenHandler`. See [PR #3519](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3519). ## 8.19.0 ## New Features - Add ML-DSA (FIPS 204) post-quantum signature support. See [PR #3479](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3479). - Cache custom crypto providers in CryptoProviderFactory. See [PR #3489](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3489). ## Bug Fixes - Disable automatic redirects on default HttpClient for JKU retrieval. See [PR #3494](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3494). - Adjust rented buffer handling in claim set parsing. See [PR #3493](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3493). - Tidy null handling in SAML conditions validation. See [PR #3491](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3491). - Improve validation of `jku` claim. See [PR #3481](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3481). - Limit telemetry algorithm dimension cardinality. See [PR #3490](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3490). - Add defensive copy of collections in ValidationParameters. See [PR #3492](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3492). - Update TokenValidationParameter copy constructor to make a deep copy. See [PR #3488](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3488). - Update to fail-closed when replay protection isn't configured and other DPoP hardening. See [PR #3505](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3505). - Apply RFC 3986 section 6.2.2 normalization to DPoP `htu` comparison. See [PR #3509](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/pull/3509). Commits viewable in [compare view](https://github.com/AzureAD/azure-activedirectory-identitymodel-extensions-for-dotnet/compare/8.18.0...8.19.1). </details> Updated [Testcontainers.PostgreSql](https://github.com/testcontainers/testcontainers-dotnet) from 4.11.0 to 4.13.0. <details> <summary>Release notes</summary> _Sourced from [Testcontainers.PostgreSql's releases](https://github.com/testcontainers/testcontainers-dotnet/releases)._ ## 4.13.0 # What's Changed Thank you to everyone who contributed and shared their feedback 🤜🤛. The NuGet packages for this release have been attested for supply chain security using [`actions/attest`](https://github.com/actions/attest). This confirms the integrity and provenance of the artifacts and helps ensure they can be trusted: [#33686956](https://github.com/testcontainers/testcontainers-dotnet/attestations/33686956). ## 🚀 Features * feat: Add Aspire dashboard module (#1194) @NikiforovAll * feat: Add image name substitution hook (#1710) @HofmeisterAn * feat(CosmosDb): Add get method AccountEndpoint (#1707) @srollinet * feat: Improve image build failure messages (#1700) @HofmeisterAn ## 🐛 Bug Fixes * fix: Restore tar archive write performance regressed by padding trim (#1719) @HofmeisterAn * chore: Bump Docker.DotNet from 4.3.2 to 4.3.3 (#1714) @HofmeisterAn * chore(AspireDashboard): Cover connection string provider (#1713) @HofmeisterAn ## 📖 Documentation * docs: Add missing TC languages and reorder docs navigation (#1711) @mdelapenya * docs: Add note about unsupported BuildKit Dockerfile features (#1696) @HofmeisterAn * docs: Explain immutable builder behavior (#1693) @HofmeisterAn ## 🧹 Housekeeping * chore: Enable Dependabot cooldown (#1716) @HofmeisterAn * chore: Add nuget.config (#1715) @Rob-Hague * chore(AspireDashboard): Cover connection string provider (#1713) @HofmeisterAn * chore: Bump Docker.DotNet from 4.2.0 to 4.3.2 (#1712) @HofmeisterAn * chore: Bump sshd-docker image from 1.3.0 to 1.4.0 (#1709) @HofmeisterAn * chore: Rename runtime label and add buildkit and stale labels (#1703) @HofmeisterAn * fix: Guard expensive argument evaluation when logging (#1702) @HofmeisterAn * chore: Defer container ID truncation in logging (#1701) @HofmeisterAn * chore: Migrate to LoggerMessageAttribute (#1697) @HofmeisterAn ## 📦 Dependency Updates * chore(deps): Bump the actions group with 2 updates (#1721) @[dependabot[bot]](https://github.com/apps/dependabot) * chore(deps): Bump the actions group with 7 updates (#1717) @[dependabot[bot]](https://github.com/apps/dependabot) * chore: Bump Docker.DotNet from 4.3.2 to 4.3.3 (#1714) @HofmeisterAn * chore: Bump Docker.DotNet from 4.2.0 to 4.3.2 (#1712) @HofmeisterAn * chore(deps): Bump the actions group with 4 updates (#1698) @[dependabot[bot]](https://github.com/apps/dependabot) ## 4.12.0 # What's Changed Thanks to all contributors 👏. The NuGet packages for this release have been attested for supply chain security using [`actions/attest`](https://github.com/actions/attest). This confirms the integrity and provenance of the artifacts and helps ensure they can be trusted: [#28009236](https://github.com/testcontainers/testcontainers-dotnet/attestations/28009236). ## ⚠️ Breaking Changes * chore(deps): Bump Docker.DotNet from 3.131.1 to 4.0.2 (#1665) @HofmeisterAn ## 🚀 Features * feat: Add Floci module (#1690) @object * feat: Ignore port-forwarding extra host in reuse hash (#1689) @HofmeisterAn * feat: Allow devs to override the reuse hash calculation (#1688) @HofmeisterAn * feat: Add connect to network API (#1672) @HofmeisterAn * feat(LocalStack): Require auth token for 4.15 and onwards (#1667) @HofmeisterAn * chore(deps): Bump Docker.DotNet from 3.131.1 to 4.0.2 (#1665) @HofmeisterAn ## 🐛 Bug Fixes * fix: Trim tar record padding to avoid broken-pipe failure on Podman (#1684) @artiomchi * fix(Nats): Use healthz API for readiness probe (#1679) @eriblo01 * fix: Remove KeepAlive socket option (#1671) @Angelinsky7 ## 📖 Documentation * docs: Extend WithCommand(params string[]) documentation (#1685) @HofmeisterAn ## 🧹 Housekeeping * feat: Prepare next release cycle (4.12.0) (#1664) @HofmeisterAn ## 📦 Dependency Updates * chore(deps): Bump the actions group with 5 updates (#1687) @[dependabot[bot]](https://github.com/apps/dependabot) * chore(deps): Bump Docker.DotNet from 4.1.0 to 4.2.0 (#1686) @HofmeisterAn * chore(deps): Bump the actions group with 5 updates (#1676) @[dependabot[bot]](https://github.com/apps/dependabot) * chore(deps): Bump Docker.DotNet from 4.0.2 to 4.1.0 (#1674) @HofmeisterAn * chore(deps): Bump Docker.DotNet from 3.131.1 to 4.0.2 (#1665) @HofmeisterAn Commits viewable in [compare view](https://github.com/testcontainers/testcontainers-dotnet/compare/4.11.0...4.13.0). </details> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Summary
Frames received from the upstream WebSocket before the client-side handshake completes used to travel through
MessageOutboundConvertervia a fallbackConsumer<Message>. AfteronUpgradeCompleterewires the pipeline (removing the Message-layer handlers), a frame in flight on the upstream listener thread could land in a pipeline that no longer had its converter and silently drop.Move the client
Channelreference and a pre-handshake buffer intoDirectForwardingListeneritself:onText/onBinarycalls queue aWebSocketFrameonto a per-listener deque under a lock.FrameProxyConsumer.onUpgradeCompleteinvokeslistener.onUpgrade(channel), which drains the buffer in arrival order and then publishes the channel asvolatile.onClose/onErrorpre-handshake release buffered frames and latch aclosedflag so any in-flight call doesn't leak ref-counted frames.A focused
EmbeddedChannel-based test pins the buffer-then-drain order; the existing mediumProxyWebsocketTestcontinues to cover the end-to-end Router→Node path.Test plan
🤖 Generated with Claude Code