deps(nuget): Bump Microsoft.AspNetCore.Authentication.JwtBearer and 10 others

[dependabot]

Updated Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.3 to 10.0.5.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Mvc.Testing from 10.0.3 to 10.0.5.

Release notes

Sourced from Microsoft.AspNetCore.Mvc.Testing's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.OpenApi from 10.0.3 to 10.0.5.

Release notes

Sourced from Microsoft.AspNetCore.OpenApi's releases.

No release notes found for this version range.

Commits viewable in compare view.

Pinned Microsoft.Extensions.Http at 10.0.5.

Release notes

Sourced from Microsoft.Extensions.Http's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Logging.Abstractions from 10.0.3 to 10.0.5.

Release notes

Sourced from Microsoft.Extensions.Logging.Abstractions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Options from 10.0.3 to 10.0.5.

Release notes

Sourced from Microsoft.Extensions.Options's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Identity.Web from 4.4.0 to 4.7.0.

Release notes

Sourced from Microsoft.Identity.Web's releases.

4.7.0

4.7.0

Bug fixes

• Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, Certificate extension method in CredentialDescription was reverted to normal property.) See #​3767.

4.6.0

What's Changed

• Move boilerplate code skills to IdWeb, and add Aspire DevApp demonstrating Blazor authentication components by @​Copilot in Move boilerplate code skills to IdWeb, and add Aspire DevApp demonstrating Blazor authentication components AzureAD/microsoft-identity-web#3721
• Bump MSAL to 4.83.1 and re-enable Managed Identity CAE tests by @​Copilot in Bump MSAL to 4.83.1 and re-enable Managed Identity CAE tests AzureAD/microsoft-identity-web#3746
• Bump Abstractions to 11.2 by @​bgavrilMS in Bump Abstractions to 11.2 AzureAD/microsoft-identity-web#3749
• Update documentation to reference Blazor helpers from Microsoft.Identity.Web package by @​Copilot in Update documentation to reference Blazor helpers from Microsoft.Identity.Web package AzureAD/microsoft-identity-web#3723

Full Changelog: AzureAD/microsoft-identity-web@4.5.0...4.6.0

4.5.0

New features

• Add support for certificate store lookup by subject name. See #​3742.

Dependencies updates

• Bump minimatch in /tests/DevApps/SidecarAdapter/typescript. See #​3739.
• Bump rollup from 4.52.3 to 4.59.0 in /tests/DevApps/SidecarAdapter/typescript. See #​3740.

Commits viewable in compare view.

Updated Microsoft.IdentityModel.Protocols.OpenIdConnect from 8.16.0 to 8.17.0.

Release notes

Sourced from Microsoft.IdentityModel.Protocols.OpenIdConnect's releases.

8.17.0

Dependencies

• Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See PR #​3435.

Commits viewable in compare view.

Updated Microsoft.IdentityModel.Tokens from 8.16.0 to 8.17.0.

Release notes

Sourced from Microsoft.IdentityModel.Tokens's releases.

8.17.0

Dependencies

• Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See PR #​3435.

Commits viewable in compare view.

Pinned Microsoft.ML.OnnxRuntime at 1.24.4.

Release notes

Sourced from Microsoft.ML.OnnxRuntime's releases.

1.24.4

This is a patch release for ONNX Runtime 1.24, containing bug fixes and execution provider updates.

Bug Fixes

• Core: Added PCI bus fallback for Linux GPU device discovery in containerized environments (e.g., AKS/Kubernetes) where nvidia-drm is not loaded but GPU PCI devices are still exposed via sysfs. (#​27591)
• Plugin EP: Fixed null pointer dereference when iterating output spans in GetOutputIndex. (#​27644)
• Plugin EP: Fixed bug that incorrectly assigned duplicate MetaDef IDs to fused nodes in different GraphViews (e.g., then/else branches of an If node), causing session creation to fail with a conflicting kernel error. (#​27666)

Execution Provider Updates

• QNN EP: Enabled offline x64 compilation with memhandle IO type by deferring rpcmem library loading to inference time. (#​27479)
• QNN EP: Reverted QNN SDK logging verbosity changes that caused segmentation faults on backend destruction. (#​27650)

Build and Infrastructure

• Python: Updated python_requires from >=3.10 to >=3.11 to reflect dropped Python 3.10 support. (#​27354)
• Build: Replaced __builtin_ia32_tpause with the compiler-portable _tpause intrinsic to fix cross-compiler portability issues between GCC and LLVM. (#​27607)

Full Changelog: v1.24.3...v1.24.4

Contributors

@​derdeljan-msft, @​adrianlizarraga, @​apwojcik, @​baijumeswani, @​edgchen1, @​mocknen, @​tianleiwu, @​XXXXRT666

1.24.3

This is a patch release for ONNX Runtime 1.24, containing bug fixes, security improvements, performance enhancements, and execution provider updates.

Security Fixes

• Core: Fixed GatherCopyData integer truncation leading to heap out-of-bounds read/write. (#​27444)
• Core: Fixed RoiAlign heap out-of-bounds read via unchecked batch_indices. (#​27543)
• Core: Prevent heap OOB from maliciously crafted Lora Adapters. (#​27518)
• Core: Fixed out-of-bounds access for Resize operation. (#​27419)

Bug Fixes

• Core: Fixed GatherND division by zero when batch dimensions mismatch. (#​27090)
• Core: Fixed validation for external data paths for models loaded from bytes. (#​27430)
• Core: Fixed SkipLayerNorm fusion incorrectly applied when gamma/beta are not 1D. (#​27459)
• Core: Fixed double-free in TRT EP custom op domain Release functions. (#​27471)
• Core: Fixed QMoE CPU Operator. (#​27360)
• Core: Fixed MatmulNBits prepacking scales. (#​27412)
• Python: Fixed refcount bug in map input conversion that caused shutdown segfault. (#​27413)
• NuGet: Fixed DllImportResolver. (#​27397)
• NuGet: Added OrtEnv.DisableDllImportResolver to prevent fatal error on resolver conflict. (#​27535)

Performance Improvements

• Core: QMoE CPU performance update (up to 4x on 4-bit). (#​27364)
• Core: Fixed O(n²) model load time for TreeEnsemble with categorical feature chains. (#​27391)

Execution Provider Updates

• NvTensorRtRtx EP:
  • Avoid repetitive creation of fp4/fp8 native-custom-op domains. (#​27192)
  • Added missing override specifiers to suppress warnings. (#​27288)
  • DQ→MatMulNBits fusion transformer. (#​27466)
• WebGPU:
  • Used embedded WASM module in Blob URL workers when wasmBinary is provided. (#​27318)
  • Fixed usage of wasmBinary together with a blob URL for .mjs. (#​27411)
  • Removed the unhelpful "Unknown CPU vendor" warning. (#​27399)
  • Allows new memory info name for WebGPU. (#​27475)
• MLAS:
  • Added DynamicQGemm function pointers and ukernel interface. (#​27403)
  • Fixed error where bytes is not assigned for dynamic qgemm pack b size. (#​27421)
• VitisAI EP: Removed s_kernel_registry_vitisaiep.reset() in deinitialize_vitisai_ep(). (#​27295)
• Plugin EPs: Added "library_path" metadata entry to OrtEpDevice instances for plugin and provider bridge EPs. (#​27522)

Build and Infrastructure

• Pipelines:
  • Build Windows ARM64X binaries as part of packaging pipeline. (#​27316)
  • Moved JAR testing pipelines to canonical pipeline template. (#​27480)
• Python: Enabled Python 3.14 CI and upgraded dependencies. (#​27401)
• Build: Suppressed spurious Array Out of Bounds warnings produced by GCC 14.2 compiler on Linux builds. (#​27454)
• Build: Fixed -Warray-bounds build error in MLAS on clang 17+. (#​27499)
• Telemetry: Added/Updated telemetry events. (#​27356)
• Config: Increased kMaxValueLength to 8192. (#​27521)

... (truncated)

Commits viewable in compare view.

Updated System.IdentityModel.Tokens.Jwt from 8.16.0 to 8.17.0.

Release notes

Sourced from System.IdentityModel.Tokens.Jwt's releases.

8.17.0

Dependencies

• Downgrade MicrosoftExtensionsLoggingAbstractionsVersion to 8.0.0 on .NET 10. See PR #​3435.

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions