Skip to content

[deps] Auth: Update Duende.IdentityServer to 7.4.6#6323

Open
renovate[bot] wants to merge 6 commits intomainfrom
renovate/duende.identityserver-7.x
Open

[deps] Auth: Update Duende.IdentityServer to 7.4.6#6323
renovate[bot] wants to merge 6 commits intomainfrom
renovate/duende.identityserver-7.x

Conversation

@renovate
Copy link
Contributor

@renovate renovate bot commented Sep 15, 2025
edited
Loading

This PR contains the following updates:

Package Change Age Confidence
Duende.IdentityServer (source) 7.2.47.4.6 age confidence

Configuration

📅 Schedule: Branch creation - "every 2nd week starting on the 2 week of the year before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

@renovate renovate bot requested review from a team and ike-kottlowski September 15, 2025 03:05
@bitwarden-bot bitwarden-bot changed the title [deps] Auth: Update Duende.IdentityServer to 7.3.1 [PM-25801] [deps] Auth: Update Duende.IdentityServer to 7.3.1 Sep 15, 2025
@bitwarden-bot
Copy link

bitwarden-bot commented Sep 15, 2025

Internal tracking:

@renovate renovate bot changed the title [PM-25801] [deps] Auth: Update Duende.IdentityServer to 7.3.1 [deps] Auth: Update Duende.IdentityServer to 7.3.1 Sep 15, 2025
@renovate renovate bot force-pushed the renovate/duende.identityserver-7.x branch from c9b3004 to 28b2729 Compare September 24, 2025 17:54
@renovate renovate bot changed the title [deps] Auth: Update Duende.IdentityServer to 7.3.1 [deps] Auth: Update Duende.IdentityServer to 7.3.2 Sep 24, 2025
@renovate renovate bot force-pushed the renovate/duende.identityserver-7.x branch from 28b2729 to daf34b6 Compare October 21, 2025 13:44
@renovate renovate bot force-pushed the renovate/duende.identityserver-7.x branch from daf34b6 to fa39b42 Compare November 10, 2025 15:31
@renovate renovate bot force-pushed the renovate/duende.identityserver-7.x branch 2 times, most recently from d6068fd to ac355a5 Compare November 21, 2025 19:43
@renovate renovate bot force-pushed the renovate/duende.identityserver-7.x branch from ac355a5 to 248fb94 Compare December 9, 2025 10:24
@renovate renovate bot changed the title [deps] Auth: Update Duende.IdentityServer to 7.3.2 [deps] Auth: Update Duende.IdentityServer to 7.4.0 Dec 9, 2025
@renovate renovate bot force-pushed the renovate/duende.identityserver-7.x branch from 248fb94 to daed4f8 Compare December 10, 2025 15:37
@renovate renovate bot changed the title [deps] Auth: Update Duende.IdentityServer to 7.4.0 [deps] Auth: Update Duende.IdentityServer to 7.3.2 Dec 10, 2025
@renovate renovate bot force-pushed the renovate/duende.identityserver-7.x branch from daed4f8 to 1d5ce3f Compare December 16, 2025 19:22
@renovate renovate bot changed the title [deps] Auth: Update Duende.IdentityServer to 7.3.2 [deps] Auth: Update Duende.IdentityServer to 7.4.3 Dec 16, 2025
@renovate renovate bot force-pushed the renovate/duende.identityserver-7.x branch from 1d5ce3f to 2ee4b2c Compare January 5, 2026 16:55
@renovate renovate bot changed the title [deps] Auth: Update Duende.IdentityServer to 7.4.3 [deps] Auth: Update Duende.IdentityServer to 7.4.4 Jan 5, 2026
@ike-kottlowski ike-kottlowski added the ai-review Request a Claude code review label Jan 16, 2026
@claude
Copy link
Contributor

claude bot commented Jan 16, 2026
edited
Loading

Claude finished @renovate[bot]'s task in 3m 41s —— View job

Review Summary

PR: [deps] Auth: Update Duende.IdentityServer to 7.4.4
Decision: ✅ Approve

Overview

This Renovate bot PR upgrades Duende.IdentityServer from version 7.2.4 to 7.4.4 in src/Core/Core.csproj. This is a minor version upgrade spanning two releases (7.2 -> 7.3 -> 7.4).

Analysis

Scope of change: Single-line version bump in the project file.

Compatibility review: Bitwarden implements several Duende.IdentityServer interfaces:

  • IProfileService - ProfileService.cs
  • IPersistedGrantStore - PersistedGrantStore.cs
  • IClientStore - DynamicClientStore.cs
  • ICorsPolicyService - CustomCorsPolicyService.cs
  • IResourceOwnerPasswordValidator - ResourceOwnerPasswordValidator.cs
  • ICustomTokenRequestValidator - CustomTokenRequestValidator.cs
  • IAuthorizationCodeStore - AuthorizationCodeStore.cs (extends DefaultGrantStore)

These interfaces have remained stable across Duende.IdentityServer 7.x minor versions. The implementations use standard patterns that are expected to remain compatible.

Security: Upgrading to 7.4.4 includes bug fixes and security improvements from the Duende team. This is beneficial for authentication security.

Risk level: Low - minor version upgrades in the 7.x line are designed to be backward compatible.

Recommendation

  • Ensure all CI tests pass before merging
  • Monitor authentication flows after deployment as standard practice for identity provider upgrades

@github-actions
Copy link
Contributor

github-actions bot commented Jan 16, 2026
edited
Loading

Logo
Checkmarx One – Scan Summary & Details96898af2-0340-47a2-aab9-b728ac1a10b4

Fixed Issues (2) Great job! The following issues were fixed in this Pull Request
Severity Issue Source File / Package
MEDIUM CSRF /src/Api/Vault/Controllers/CiphersController.cs: 293
MEDIUM Use_Of_Hardcoded_Password /src/Core/Constants.cs: 212

@ike-kottlowski ike-kottlowski removed the ai-review Request a Claude code review label Feb 17, 2026
@renovate renovate bot force-pushed the renovate/duende.identityserver-7.x branch from 28e2959 to a3bc984 Compare February 19, 2026 18:36
@renovate renovate bot changed the title [deps] Auth: Update Duende.IdentityServer to 7.4.4 [deps] Auth: Update Duende.IdentityServer to 7.4.6 Feb 19, 2026
@renovate renovate bot force-pushed the renovate/duende.identityserver-7.x branch from a3bc984 to 81cc5fa Compare February 20, 2026 14:14
@codecov
Copy link

codecov bot commented Mar 4, 2026
edited
Loading

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 57.64%. Comparing base (c118f23) to head (a397fbc).
⚠️ Report is 8 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6323      +/-   ##
==========================================
+ Coverage   57.53%   57.64%   +0.10%     
==========================================
  Files        2032     2033       +1     
  Lines       89486    89557      +71     
  Branches     7957     7976      +19     
==========================================
+ Hits        51487    51625     +138     
+ Misses      36154    36068      -86     
- Partials     1845     1864      +19

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
  • 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

@renovate
Copy link
Contributor Author

renovate bot commented Mar 4, 2026

Edited/Blocked Notification

Renovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR.

You can manually request rebase by checking the rebase/retry box above.

⚠️ Warning: custom changes will be lost.

ike-kottlowski
ike-kottlowski previously approved these changes Mar 16, 2026
View reviewed changes
@ike-kottlowski ike-kottlowski enabled auto-merge (squash) March 16, 2026 22:00
@ike-kottlowski ike-kottlowski disabled auto-merge March 16, 2026 22:03
JaredSnider-Bitwarden
JaredSnider-Bitwarden reviewed Mar 17, 2026
View reviewed changes
Copy link
Contributor

@JaredSnider-Bitwarden JaredSnider-Bitwarden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A single question below

@sonarqubecloud
Copy link

sonarqubecloud bot commented Mar 17, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

JaredSnider-Bitwarden
JaredSnider-Bitwarden approved these changes Mar 18, 2026
View reviewed changes
Copy link
Contributor

@JaredSnider-Bitwarden JaredSnider-Bitwarden left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@ike-kottlowski ike-kottlowski ike-kottlowski left review comments

@JaredSnider-Bitwarden JaredSnider-Bitwarden JaredSnider-Bitwarden approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@bitwarden-bot @JaredSnider-Bitwarden @ike-kottlowski