chore: Bump Ocelot from 23.3.3 to 23.4.3

[dependabot]

Updated Ocelot from 23.3.3 to 23.4.3.

Release notes

Sourced from Ocelot's releases.

23.4.3

🔥 Hot fixing #​2246 issue (version 23.4.3) aka v23.4.2 patch 📦

Read the Docs: Ocelot 23.4 with PDF
Hot fixed version: 23.4.2
Milestone: November'24

ℹ️ About

🔥 Hot fixed issue: #​2246
❤️ A sincere and heartfelt "Thank You" to Donny Tian, @​donnytian for reporting the bug.

⚠️ Warning

1. Consider this patch as the last one supporting .NET 6 and 7 frameworks. For more details, refer to the previous version notes.
2. No further patches for this minor version are expected. The next major release will be .NET 9, version 24.0.

❗ Breaking Changes

Upgrading from 23.4.0-23.4.2 to 23.4.3 introduces no breaking changes. However, some internal interfaces have been updated, which should not introduce IBC for 99.99% of projects. For further information, refer to the source code.

What's Changed

• #​2246 Review Core cache and redesign Regex caching by @​raman-m in #2246 Review Core cache and redesign Regex caching ThreeMammals/Ocelot#2251
• Release 23.4.3 | Hot fixing #​2246 | November'24 release | +semver: patch by @​raman-m in Release 23.4.3 | Hot fixing #2246 | November'24 release | +semver: patch ThreeMammals/Ocelot#2252

Full Changelog: ThreeMammals/Ocelot@23.4.2...23.4.3

23.4.2

📦 End of .NET 6, 7 Support (version 23.4.2)

Read the Docs: Ocelot 23.4 with PDF
Hot fixed version: 23.4.1
Milestone: November'24

This is the last patched version for .NET 6 and 7 frameworks. The upcoming major release, version 24.0, will target .NET 9 alongside the LTS .NET 8. Projects targeting .NET 6 or 7 should update to this version while considering an upgrade to .NET 8 or 9 in the future.

ℹ️ About

• All package versions have been updated to latest versions targeting the net6.0 and net7.0 frameworks, along with the LTS net8.0.
• Dependabot alerts concerning reported vulnerabilities related to IdentityServer4 have not yet been addressed; these will be resolved in the next major release (refer to Warnings further information).

❗ Warning

1. Releasing a patched 23.4.* is possible.
2. In the next major version, the Ocelot team will remove references to the IdentityServer4 package from testing projects due to its "Public Archive" status; the version, 4.1.2, was released on July 7, 2021.
3. The main Ocelot package is not integrated with IdentityServer4, allowing Ocelot users to utilize any authentication provider, as Ocelot's Authentication feature is provider-agnostic.
4. Our plans to utilize the ASP.NET Core Identity framework in testing projects due to industry standards, instead the IdentityServer4 library.
5. Following the release of .NET 9, the team will begin the deprecation of the Ocelot extension-packages: Ocelot.Cache.CacheManager, Ocelot.Tracing.Butterfly, and Ocelot.Tracing.OpenTracing.

What's Changed

• Review Dependabot alerts for net6.0 and net7.0 target frameworks and bump all packages by @​raman-m in Review Dependabot alerts for net6.0 and net7.0 target frameworks and bump all packages ThreeMammals/Ocelot#2220
• Release 23.4.2 | End of .NET 6, 7 Support | November'24 release | +semver: patch by @​raman-m in Release 23.4.2 | End of .NET 6, 7 Support | November'24 release | +semver: patch ThreeMammals/Ocelot#2221

Full Changelog: ThreeMammals/Ocelot@23.4.1...23.4.2

23.4.1

📦 Routing patch (version 23.4.1)

Read the Docs: Ocelot 23.4 with PDF
Hot fixed version: 23.4.0
Milestone: November'24

❤️ A heartfelt "Thank You" to Guillaume Gnaegi (@​ggnaegi)

ℹ️ About

🔥 Hot fixed issues: #​2165 #​2209 #​2212

What's Changed

• #​2165 Global configuration SecurityOptions by @​Fabman08 in #2165 Global configuration SecurityOptions ThreeMammals/Ocelot#2170
• #​2209 Placeholders matching must work if RouteIsCaseSensitive = false by @​ggnaegi in #2209 Placeholders matching must work if RouteIsCaseSensitive = false ThreeMammals/Ocelot#2210
• File-scoped namespaces everywhere by @​raman-m in File-scoped namespaces everywhere ThreeMammals/Ocelot#2211
• #​2212 Incorrect calculation of placeholders, only the last placeholder should be allowed to match several segments by @​ggnaegi in #2212 Incorrect calculation of placeholders, only the last placeholder should be allowed to match several segments ThreeMammals/Ocelot#2213
• Release 23.4.1 | Routing patch | November'24 release | +semver: patch by @​raman-m in Release 23.4.1 | Routing patch | November'24 release | +semver: patch ThreeMammals/Ocelot#2215

Full Changelog: ThreeMammals/Ocelot@23.4.0...23.4.1

23.4.0

🔀 Routing Update (version 23.4.0) aka McDonald's release

Codenamed: McDonald's
Read the Docs: Ocelot 23.4.0

ℹ️ About

This minor release significantly upgrades the Routing feature by supporting embedded placeholders within path segments (between slashes). Additionally, the team has focused on enhancing the performance of Regex objects.

🆕 What's new?

• Routing: Introducing the new "Embedded Placeholders" feature by @​ggnaegi.
  As of November 2024, Ocelot was unable to process multiple placeholders embedded between two forward slashes. It was also challenging to differentiate the placeholder from other elements within the slashes. For example, /{url}-2/ for /y-2/ would yield {url} = y-2. We are excited to introduce an enhanced method for evaluating placeholders that allows for the resolution of placeholders within complex URLs.
  For additional information, refer to PR #​2200.

🆙 Focus On

Features: Routing, Core, Rate Limiting, Middleware Injection

• Routing: The new feature is "Embedded Placeholders" by @​ggnaegi.
• Core: All Regex logic has been refactored by @​EngRajabi.
  The Ocelot Core now boasts improved performance of Regex objects, striving to adhere to the Best Practices for Regular Expressions in .NET. It is estimated that each request could save from 1 to over 10 microseconds in processing time (though no benchmarks have been developed to measure this).
• Rate Limiting: The persistent issue with Rate Limiting headers has been resolved by @​jlukawska.
  The problem was the absence of unofficial X-Rate-Limit-* headers (found in the RateLimitingHeaders class) in the RateLimitingMiddleware's response. For more details, see PR #​1307.
  Note that these unofficial headers have not yet been documented, so they may be subject to change since Ocelot's RateLimiting headers do not align with industry standards.
• Middleware Injection: The OcelotPipelineConfiguration.ClaimsToHeadersMiddleware property has been introduced by @​kesskalli.
  This new property enables the overriding of the ClaimsToHeadersMiddleware. For additional information, refer to PR #​1403.

Documentation for v23.4.0

• Routing: Introducing a new section on Embedded Placeholders
• Middleware Injection: Documentation now includes the ClaimsToHeadersMiddleware feature

Honoring 🏅 aka Top Contributors 👏

1^st 🥇 goes to Mohsen Rajabi for delivering 1 feature in 12 files changed
2^nd 🥈 goes to Jolanta Łukawska for delivering 1 feature in 8 files changed
3^rd 🥉 goes to Karim Esskalli for delivering 1 feature in 6 files changed

Starring ⭐ aka Release Influencers

⭐ Mohsen Rajabi, @​EngRajabi
⭐ Jolanta Łukawska, @​jlukawska
⭐ Raman Maksimchuk, @​raman-m
⭐ Karim Esskalli, @​kesskalli
⭐ Guillaume Gnaegi, @​ggnaegi

Features in Release 23.4.0

Logbook

• _{41fc9bd5 by Raman Maksimchuk on Monday, November 18 at 23:40 →}
  ... (truncated)

23.3.6

🔥 Hot fixing v23.3.4 (version 23.3.6) aka October'24 release

Read the Docs: Ocelot 23.3
Hot fixed version: 23.3.4
Milestone: October'24

❤️ A heartfelt "Thank You" to Nikolai Masson (@​Niksson) and Nikolay Kuksov (@​kick2nick) for their contributions!

ℹ️ About

This release provides minor bug fixes from the previous 23.3.4 release. All bugs have been addressed in the October'24 milestone.

📓 For projects utilizing the Service Discovery feature, it is recommended to update to this version to benefit from the unstable release 23.3.4, which includes fixes for both Consul and Kube discovery providers.

🧑‍💻 Technical Information

The Ocelot solution encountered a significant issue with the disabled scope validation of services in the DI-container, affecting both testing projects and the core library. Initially, this was not problematic when services were designed as singletons by previous contributors and our team. However, with the introduction of more scoped services by the Ocelot team, it became clear that our testing projects could not adequately handle them.
This patch introduces scope validation across all domains: unit tests, acceptance tests, and the core library itself. We advise always enabling scope validation in your custom Ocelot solutions, especially when dealing with numerous C# overridden classes in the DI-container and any attached custom functionality.

The patch enhances functionality for two primary Service Discovery providers:

• The Ocelot.Provider.Consul provider. The addressed bug is issue #​2178, reported on October 17, 2024.
  The System.InvalidOperationException error stating "Cannot resolve scoped service 'Ocelot.Provider.Consul.Interfaces.IConsulServiceBuilder' from root provider" has been resolved.
  To clarify, the IConsulServiceBuilder service is a scoped service in DI, injected via the AddConsul() or AddConsul<T>() methods. Therefore, the DefaultConsulServiceBuilder should also be a scoped service, with HttpContext injected to meet your development requirements.
• The Ocelot.Provider.Kubernetes provider had an issue reported as #​977 on August 1, 2019.
  It involved a System.InvalidOperationException with the message: "Cannot resolve scoped service 'KubeClient.IKubeApiClient' from root provider." This "invalid scopes" error occurred only in development mode, as release mode DLLs do not validate scopes. However, the KubeApiClient is designed to have a scoped lifetime. Acceptance tests passed because scope validation was disabled, and the KubeClient was replaced with a singleton. This inconsistency was identified and reproduced by the old 977 issue. As a temporary solution, the IKubeApiClient was registered as a singleton.
  Looking ahead, our team intends to redesign the Kubernetes provider to have a default service builder that is scoped, similar to the Consul provider.

❗ Breaking Changes

Upgrading from 23.3.4 to 23.3.6 introduces no breaking changes. However, upgrading from 23.3.0 or earlier versions may result in some incompatibilities. For further information, please refer to the release notes of v23.3.4.

Starring ⭐ aka Release Influencers

⭐⭐ Raman Maksimchuk, @​raman-m
⭐ Henrique Holtz, @​henriqueholtz
⭐ Nikolay, @​kick2nick
⭐ Nikolai Masson, @​Niksson
⭐ Emmanuel Ferdman, @​emmanuel-ferdman
⭐ dependabot[bot], @​dependabot

What's Changed

• Bump everything | Hot fixing Microsoft.Extensions.Caching.Memory | Microsoft Security Advisory CVE-2024-43483 by @​dependabot in Bump everything | Hot fixing Microsoft.Extensions.Caching.Memory | Microsoft Security Advisory CVE-2024-43483 ThreeMammals/Ocelot#2175
• Coding best practices: async vs await improvements by @​henriqueholtz in Coding best practices: async vs await improvements ThreeMammals/Ocelot#2156
• #​2178 DI service resolution from scoped HttpContext request services for the IConsulServiceBuilder service by @​Niksson in #2178 DI service resolution from scoped HttpContext request services for the IConsulServiceBuilder service ThreeMammals/Ocelot#2179
• #​977 Enable validation of DI scopes in Kube and PollKube discovery providers by @​kick2nick in #977 Enable validation of DI scopes in Kube and PollKube discovery providers ThreeMammals/Ocelot#2180
• Follow up #2178 DI service resolution from scoped HttpContext request services for the IConsulServiceBuilder service ThreeMammals/Ocelot#2179 #977 Enable validation of DI scopes in Kube and PollKube discovery providers ThreeMammals/Ocelot#2180 : Enable validation of DI scopes everywhere, in commit ThreeMammals/Ocelot@e4bc9ff by @​raman-m
• Correct broken references in servicediscovery.rst by @​emmanuel-ferdman in Correct broken references in servicediscovery.rst ThreeMammals/Ocelot#2187
• Release 23.3.6 | v23.3.4 Hotfixes | October'24 release | +semver: patch by @​raman-m in Release 23.3.6 | v23.3.4 Hotfixes | October'24 release | +semver: patch ThreeMammals/Ocelot#2185

New Contributors

• @​henriqueholtz made their first contribution in Coding best practices: async vs await improvements ThreeMammals/Ocelot#2156
• @​Niksson made their first contribution in #2178 DI service resolution from scoped HttpContext request services for the IConsulServiceBuilder service ThreeMammals/Ocelot#2179
• @​kick2nick made their first contribution in #977 Enable validation of DI scopes in Kube and PollKube discovery providers ThreeMammals/Ocelot#2180

Full Changelog: ThreeMammals/Ocelot@23.3.5...23.3.6

23.3.5

📦 Documentation patch (version 23.3.5), technical release

Read the Docs: Ocelot 23.3
PDF Doc: Ocelot 23.3
Hot fixed version: 23.3.4

ℹ️ About

This documentation patch pertains to HTML and PDF document layouts.
No NuGet packages have been uploaded.

23.3.4

🔥 Hot fixing v23.3 (version 23.3.4) aka Blue Olympic Balumbes release

Codenamed: Blue Olympic Fiend
Read the Docs: Ocelot 23.3
Hot fixed versions: 23.3.0, 23.3.3
Milestone: v23.3 Hotfixes

❤️ A heartfelt "Thank You" to Roman Shevchik and Massimiliano Innocenti for their contributions in testing and reporting the Service Discovery issues, #​2110 and #​2119, respectively!

ℹ️ About

This release delivers a number of bug fixes for the predecessor's 23.3.0 release, which is full of new features but was not tested well. All bugs were combined into the v23.3 Hotfixes milestone.

Following the substantial refactoring of Service Discovery providers in the 23.3.0 release, the community identified and we have acknowledged several critical service discovery defects with providers such as Kube and Consul. The Kube provider, while somewhat unstable, remained operational; however, the Consul provider was entirely non-functional.

📓 If your projects rely on the Service Discovery feature and cannot function without it, please upgrade to this version to utilize the full list of features of version 23.3.0.

🧑‍💻 Technical Information

A comprehensive explanation of the technical details would span several pages; therefore, it is advisable for fans of Ocelot to review all pertinent technical information within the issue descriptions associated with the milestone.
Our team has implemented some Breaking Changes which we urge you to review carefully (details follow).

⚠️ Breaking Changes

Listed by priority:

• ILoadBalancer interface alteration: Method Lease is now LeaseAsync.
  Interface FQN: Ocelot.LoadBalancer.LoadBalancers.ILoadBalancer
  Method FQN: Ocelot.LoadBalancer.LoadBalancers.ILoadBalancer.LeaseAsync
• DefaultConsulServiceBuilder constructor modification: The first parameter's type has been changed from Func<ConsulRegistryConfiguration> to IHttpContextAccessor.
  Class FQN: Ocelot.Provider.Consul.DefaultConsulServiceBuilder
  Constructor signature: public DefaultConsulServiceBuilder(IHttpContextAccessor contextAccessor, IConsulClientFactory clientFactory, IOcelotLoggerFactory loggerFactory)
• Adjustments to Lease type: The Lease has been restructured from a class to a structure and elevated in the namespace hierarchy.
  Struct FQN: Ocelot.LoadBalancer.Lease

📓 Should your custom solutions involve overriding default Ocelot classes and their behavior, redevelopment or at least recompilation of the solution, followed by deployment, will be necessary.

Honoring 🏅 aka Top Contributors 👏

1^st 🥇 goes to Roman Shevchik for delivering 1 feature in 25 files changed
2^nd 🥈 goes to Ben Bartholomew for delivering 1 feature in 7 files changed
3^rd 🥉 goes to Paul Roy for delivering 1 feature in 5 files changed

Starring ⭐ aka Release Influencers

⭐⭐ Raman Maksimchuk, @​raman-m
⭐ Roman Shevchik, @​antikorol
⭐ Ben Bartholomew, @​ben-bartholomew
⭐ Paul Roy, @​PaulARoy
⭐ Finn Fiedler, @​int0x81
⭐ Emmanuel Ferdman, @​emmanuel-ferdman
⭐ dependabot[bot], @​dependabot

Features in Release 23.3.4

Milestone: v23.3 Hotfixes

Details

... (truncated)

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[github-actions]

CI Pipeline Results

✅ All checks passed!

Job Results:

✅ code-quality: success
✅ docker-build: success

Check the Actions tab for details.

[github-actions]

🎉 This PR is included in version 0.11.0 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀