Bump backend deps

[imnasnainaec]

Resolves a CVE with OpenTelemetry.
Updates SIL libpalaso deps, which should resolve #880. The fix was in v17, though we're moving to the latest v18 beta to also get updated net8.0 coverage.
Updates license report.
Keeps NUnit at 4.5.1 rather than updating to 4.6.0, which breaks some tests.

Summary by CodeRabbit

• Chores
  • Updated security and authentication framework packages to the latest stable versions.
  • Upgraded observability and telemetry infrastructure for enhanced monitoring capabilities.
  • Enhanced API documentation generation and management tools.
  • Improved testing and code quality analysis frameworks.
  • Refreshed license documentation to reflect all dependency updates.

---

This change is 

[coderabbitai]

📝 Walkthrough

Walkthrough

Backend and test project dependencies are modernized through coordinated NuGet package version bumps. OpenTelemetry observability stack, security packages, API documentation libraries, and SIL-maintained dependencies receive upgrades. License documentation is updated to reflect all version changes and new transitive dependencies.

Changes

Backend Dependency Updates

Layer / File(s)	Summary
Test Package Updates Backend.Tests/Backend.Tests.csproj	Microsoft.NET.Test.Sdk upgraded to 18.5.1, NUnit.Analyzers to 4.13.0, and coverlet tools to 10.0.0.
OpenTelemetry Observability Stack Backend/BackendFramework.csproj, docs/user_guide/assets/licenses/backend_licenses.txt	OpenTelemetry exporter and instrumentation packages updated from 1.12.0 to 1.15.x versions. License metadata updated for all packages.
Security & Authentication Packages Backend/BackendFramework.csproj, docs/user_guide/assets/licenses/backend_licenses.txt	JWT bearer upgraded to 8.0.26, IdentityModel tokens to 8.18.0. Microsoft.Extensions.\* packages adjusted from 9.0.0 to 8.0.0 (Configuration.Binder at 8.0.2). License entries updated across authentication-related packages.
API Documentation & Content Libraries Backend/BackendFramework.csproj, docs/user_guide/assets/licenses/backend_licenses.txt	Swashbuckle.AspNetCore upgraded from 9.0.1 to 10.1.7, Xabe.FFmpeg from 6.0.1 to 6.0.2. Microsoft.OpenApi and Newtonsoft.Json versions bumped. License entries synced.
SIL Maintained Dependencies Backend/BackendFramework.csproj, docs/user_guide/assets/licenses/backend_licenses.txt	SIL.Core and related packages updated from 16.0.0 to 18.0.0-beta0012 with SIL.Core.Desktop removed. New transitive dependencies: L10NSharp, System.Resources.Extensions, System.Security.Cryptography.Xml, System.ServiceModel.Http, System.ServiceModel.Primitives, and TagLibSharp. Comprehensive license entries added or updated.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• sillsdev/TheCombine#4276: Both PRs modify OpenTelemetry package references in Backend/BackendFramework.csproj (1.12.x → 1.15.x).
• sillsdev/TheCombine#4076: Both PRs update test-related packages in Backend.Tests.csproj, including Microsoft.NET.Test.Sdk.

Suggested labels

backend, dependencies, documentation, .NET, test

Suggested reviewers

• jasonleenaylor

Poem

🐰 Hop along the dependency trail,
Where versions climb and packages sail,
From telemetry glow to tokens so bright,
SIL's beta branch makes everything right,
All licenses recorded with careful delight! ✨

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title 'Bump backend deps' accurately captures the main purpose of the PR: updating backend dependencies (NuGet packages). It is concise and clear.
Linked Issues check	✅ Passed	PR updates SIL dependencies from v7 to v18-beta as intended to address memory leak in issue #880, plus resolves OpenTelemetry CVE and updates license documentation.
Out of Scope Changes check	✅ Passed	All changes are directly related to dependency updates and license documentation. NUnit kept at 4.5.1 and OpenTelemetry CVE fix align with PR objectives.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

📝 Generate docstrings

• Create stacked PR
• Commit on current branch

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch backend-deps-sil-17

Warning

Review ran into problems

🔥 Problems

Timed out fetching pipeline failures after 30000ms

Tip

💬 Introducing Slack Agent: The best way for teams to turn conversations into code.

Slack Agent is built on CodeRabbit's deep understanding of your code, so your team can collaborate across the entire SDLC without losing context.

• Generate code and open pull requests
• Plan features and break down work
• Investigate incidents and troubleshoot customer tickets together
• Automate recurring tasks and respond to alerts with triggers
• Summarize progress and report instantly

Built for teams:

• Shared memory across your entire org—no repeating context
• Per-thread sandboxes to safely plan and execute work
• Governance built-in—scoped access, auditability, and budget controls

One agent for your entire SDLC. Right inside Slack.

👉 Get started

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 75.93%. Comparing base (a7bf167) to head (afa2e51).
⚠️ Report is 9 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master    #4283      +/-   ##
==========================================
- Coverage   75.94%   75.93%   -0.01%     
==========================================
  Files         303      303              
  Lines       11352    11352              
  Branches     1403     1404       +1     
==========================================
- Hits         8621     8620       -1     
  Misses       2330     2330              
- Partials      401      402       +1     

Flag	Coverage Δ
backend	87.21% <ø> (-0.02%)	⬇️
frontend	66.79% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[jasonleenaylor]

@jasonleenaylor reviewed 3 files and all commit messages, and made 1 comment.
Reviewable status: complete! all files reviewed, all discussions resolved (waiting on imnasnainaec).