Bump xunit from 2.9.2 to 2.9.3#6
Open
dependabot[bot] wants to merge 1 commit into
Open
Conversation
systemslibrarian
added a commit
that referenced
this pull request
May 31, 2026
Lands recommendation items #2 (samples) and #3 (deployment guide) from the adoption analysis in chat.md, and captures the operational blueprint for items #1, #4, #5, #6 (Azure KMS, AWS KMS, external review, 1.0 cut) in future.md rather than scaffolding cloud crypto code that cannot be honestly tested in a single session. samples/WorkerService.Sample - LivenessWorker mints a content key every 10 seconds, encrypts a probe payload, then unwraps and decrypts it. Logs round-trip latency + the active KEK id so an ops dashboard can scrape both. A failure here is the early warning that something is wrong with the provider, the keyring, or the host's entropy. - RotationWorker rotates the active KEK on a configurable interval and persists the multi-KEK ring through the registered IKeyringStore on every rotation. Default 2 minutes; Development environment overrides to 30 seconds so the demo is visible at human speed. - README explains the production adaptation points (real secret-manager passphrase source, cadence, health-check integration, keyring backup). samples/EfCore.Sample - SQLite + EF Core console app showing per-row envelope encryption. A SecureNote entity carries Ciphertext + Nonce + Tag + WrappedKey (encoded via WrappedContentKey.Encode) as separate columns; SecureNotesRepository does the async wrap/unwrap at the persistence boundary. - Demo run: insert encrypted, read back through the repo, dump the raw row to prove only ciphertext is on disk, rotate the KEK, re-read the same row to prove the row's wrapped key still references the original KEK and decrypts without re-encryption. - README documents why explicit columns + async repository beats EF Core ValueConverter (async support + lazy migration without re-encrypting every row on rotation). docs/deployment.md - Production operational guide. Opens with "the four things you absolutely must get right": passphrase only in your secret manager, keyring backups, automated rotation, tested restore procedure. - Covers: passphrase storage (and where NOT to store it); keyring metadata durability + the realities of a single-file FileKeyringStore vs. cloud object stores; Argon2id preset selection by frequency-of-derivation rather than "how secure each preset feels"; what to log (KEK ids, rotation timestamps, liveness duration) and what to NEVER log (passphrases, DEK bytes); multi-instance deployments (shared keyring vs. dedicated rotator, and what does NOT work — shared passphrase without shared salt, two hosts both rotating); container + Kubernetes notes; the disaster-recovery matrix down to the irrecoverable "lost keyring AND passphrases" case. future.md - Concrete blueprint for items #1, #4, #5, #6: - Azure Key Vault provider: az provisioning script (RG, RBAC vault, RSA-3072 KEK, role assignment, purge protection), provider skeleton pinned to versioned key URIs, integration-test project layout using Xunit.SkippableFact so missing env vars skip rather than fail, and a GitHub Actions OIDC workflow. - AWS KMS provider: same shape with AWSSDK.KeyManagementService, aws kms create-key + alias, aws-actions/configure-aws-credentials OIDC, note that KMS Encrypt/Decrypt is already authenticated so Ciphertext just holds the AWS blob as-is. - External cryptographic review: two realistic engagement paths (named consultant at $15-50k for ~2-4 weeks vs. community/academic, slower but cheaper), exactly what to hand the reviewer (commit hash, threat model, KNOWN-GAPS, scope letter), and what to do with the report (publish it). - Cutting 1.0: explicit checklist (cloud providers shipped + in real use, audit done, formats stable for 2+ minors, named production deployment), and what 1.0 obligates the maintainer to (no breaking changes without a 2.0, backport policy, deprecation cycles). - Closes with sequencing: don't reorder; each step's value depends on the previous one being done. Plumbing - PostQuantum.KeyManagement.slnx references the two new sample projects. - README links to docs/deployment.md and future.md from the security section and the samples table now lists all three samples + what each demonstrates. - CHANGELOG updated under 0.3.0-preview.1. Build: full solution 0 warnings, 0 errors on net8/9/10. 42 core tests + 11 DI tests = 53 tests, all green. Both new samples build clean; EfCore.Sample was smoke-tested end-to-end including a rotation. To God be the glory - 1 Corinthians 10:31 Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
dependabot
Bot
force-pushed
the
dependabot/nuget/tests/PostQuantum.KeyManagement.Tests/xunit-2.9.3
branch
from
May 31, 2026 23:20
99f48f4 to
07b011d
Compare
--- updated-dependencies: - dependency-name: xunit dependency-version: 2.9.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/nuget/tests/PostQuantum.KeyManagement.Tests/xunit-2.9.3
branch
from
June 1, 2026 01:17
07b011d to
a9d105d
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updated xunit from 2.9.2 to 2.9.3.
Release notes
Sourced from xunit's releases.
No release notes found for this version range.
Commits viewable in compare view.