Skip to content

Bump Refit.HttpClientFactory from 11.2.0 to 13.1.0#310

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/sample/Refit.HttpClientFactory-13.1.0
Open

Bump Refit.HttpClientFactory from 11.2.0 to 13.1.0#310
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/sample/Refit.HttpClientFactory-13.1.0

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 3, 2026

Copy link
Copy Markdown
Contributor

Updated Refit.HttpClientFactory from 11.2.0 to 13.1.0.

Release notes

Sourced from Refit.HttpClientFactory's releases.

13.1.0

🗞️ What's Changed

  • Fixed the CS0436 build error from PrimitivesR3BridgeGeneratedAttribute (#​2176, #​2194). Bumps ReactiveUI.Primitives to 6.0.0, which moves the R3 bridge generator out of the runtime package. Projects using InternalsVisibleTo (e.g. test projects) build again, and the <Analyzer Remove=... /> workaround is no longer needed.
  • Path parameters now use generated request building instead of reflection (#​2174), so they work with AddRefitGeneratedClient and NativeAOT. Now covers enum, Guid, DateTime/DateTimeOffset/DateOnly/TimeOnly/TimeSpan, all integer widths (incl. Int128/UInt128/Half), and any IFormattable (#​2193).

✨ Features

  • reactiveui/refit@​b592413509791e267aba66f24e2cf2be9ec1508a feat: add generated request building support for path parameters in the URL. (#​2174) @​calebkiage @​glennawatson
  • reactiveui/refit@​9bc675408e2950b54f7e96911f8c6b9754f39e3f feat: support more path parameter types in generated request building (#​2193) @​glennawatson

🧹 General Changes

  • reactiveui/refit@​ac79c760e414adeca629adbe290b5765cea41df2 build: update NuGet dependencies (#​2198) @​glennawatson

🔗 Full Changelog: reactiveui/refit@v13.0.0...13.1.0

🙌 Contributions

🌱 New contributors since the last release: @​calebkiage
💖 Thanks to all the contributors: @​calebkiage, @​glennawatson

13.0.0

🗞️ What's Changed

Refit 13 is a major release focused on security hardening and a brand-new testing package.

  • Security hardening (#​2181) — closes issues found in a security audit. XML deserialization is now protected against XXE (external entity) attacks, the Newtonsoft.Json integration no longer honours unsafe TypeNameHandling by default (blocking type-confusion/deserialization attacks), and sensitive values (auth headers, tokens) are now redacted from exception and log output. This is the main reason for the major version bump: if you relied on permissive Newtonsoft type handling you may need to opt back in explicitly.
  • New Refit.Testing package (#​2184) — a first-party way to stub and verify Refit clients in tests without spinning up a real HttpClient. Supply canned responses for interface calls and assert which requests your code made, instead of hand-rolling HttpMessageHandler fakes.
  • R3 bridge analyzer fix (#​2186) — corrects the removal target for the R3 bridge analyzer.
  • CI and documentation tidy-ups for SonarCloud on fork pull requests.

✨ Features

  • reactiveui/refit@​cc24382535a48c24e15100a3f58914a6e4fe8dcc feat: security hardening from audit (XXE, Newtonsoft type handling, redaction) (#​2181) @​glennawatson
  • reactiveui/refit@​339cb8d39e16d05770217902ad9794f0fe289869 feat: add Refit.Testing package for stubbing and verifying clients (#​2184) @​glennawatson

🧹 General Changes

  • reactiveui/refit@​5d272c8dc2d691d8c793abe64f1b9e430fdbec4f ci: run SonarCloud on fork pull requests @​glennawatson

📝 Documentation

  • reactiveui/refit@​533bbbe525a51eed6397c0d522e5e9cdc281c50b docs: slim fork-PR SonarCloud wrapper comments @​glennawatson

📌 Other

  • reactiveui/refit@​c0bbb5a857691bb7cd39c19d573a3f21faaaf607 [codex] Fix R3 bridge analyzer removal target (#​2186) @​ChrisPulman

🔗 Full Changelog: reactiveui/refit@v12.1.0...v13.0.0

🙌 Contributions

💖 Thanks to all the contributors: @​ChrisPulman, @​glennawatson

12.1.0

🗞️ What's Changed

✨ Features

  • reactiveui/refit@​89f17aec24691e38a9b9f87238276e6b754ef981 feat: AOT-safe generated-only client DI registration and case-insensitive problem+json detection (#​2172) @​glennawatson
  • reactiveui/refit@​b31e9fe53f6d64c6e5597efd367cbddb123022a4 feat: read sent request body and synchronously inspect the error body on ApiException (#​2175) @​glennawatson

🐛 Fixes

  • reactiveui/refit@​e3ec13ffa2a8867ce93245b892bfe731d2acc96a fix: correctly annotate error out parameters for nullable flow (#​2177) @​HulinCedric

📝 Documentation

  • reactiveui/refit@​db3305331c7c81c663d233043a3ff5c53d3e65e9 docs: document v12 breaking changes and update package versions (#​2180) @​ChrisPulman

📦 Dependencies

  • reactiveui/refit@​459aec45f0705e9ed3237bab7c230ce9e521b7fe chore(deps): update dependency verify.diffplex to 3.3.0 (#​2178) @​renovate[bot]

🔗 Full Changelog: reactiveui/refit@v12.0.0...12.1.0

🙌 Contributions

💖 Thanks to all the contributors: @​ChrisPulman, @​glennawatson, @​HulinCedric

🤖 Automated services that contributed: @​renovate[bot]

12.0.0

Overview

Refit 12.0 is a large release centred on a near-complete rewrite of how requests are built. The source generator now constructs HTTP requests inline at compile time instead of going through the reflection pipeline, making generated clients faster and friendly to trimming and Native AOT. On top of that foundation it adds response streaming, JSON Lines, naming-convention presets, and a batch of long-standing fixes. Two small, well-scoped breaking changes are called out below.

This release also removed netstandard2.0 and netstandard2.1 support. You should to use net462/net8 as your base lines, and use multiple targets if you need to target both.

Highlights

  • Reflection-free, AOT-ready source generation. Eligible interface methods now have their request (URI, headers, body, request properties) built directly in generated code, with the reflection request-builder kept only as a fallback for shapes that cannot be generated inline. Form bodies flatten through compiled, source-generated field descriptors. The generator itself was modernised and optimised, and ships analyzer diagnostics and code fixes. There is also a generated-only client-creation mode and a build-time switch for generated request building.
  • IAsyncEnumerable<T> response streaming. Stream large responses, auto-detecting a JSON array vs JSON Lines from the content type, generated inline on the hot path.
  • JSON Lines request bodies. [Body(BodySerializationMethod.JsonLines)] plus a streaming JsonLinesContent (application/x-ndjson), wired through both the reflection and source-gen paths.
  • Naming-convention presets. RefitSettings.CamelCase() / SnakeCase() / KebabCase() configure query keys, form-url-encoded keys, and JSON body property names consistently, plus snake/kebab URL key formatters. Opt-in, so existing behaviour is unchanged.
  • Response ergonomics. EnsureSuccessStatusCodeAsync() / EnsureSuccessfulAsync() are now available directly on IApiResponse<T>; a new IsSuccessfulWithContent (and HasContent) gives a single, mock-safe success-with-content check; nullable annotations on IApiResponse<T> were corrected to be sound.
  • URL and route control. Opt-in RFC 3986 / HttpClient-style URL resolution via RefitSettings.UrlResolution, and RefitSettings.AllowUnmatchedRouteParameters to leave an unmatched {token} for a DelegatingHandler to rewrite.
  • Faster JSON. A fast-path serialization option (SystemTextJsonContentSerializer.GetFastPathJsonSerializerOptions()) and buffered/streamed request-body modes that run through it.
  • Smaller additions. [Query(SerializeNull = true)] to send a null property as key= instead of omitting it, and a public UniqueName.ForType<T>() to resolve the generated IHttpClientFactory client name.
  • Fixes. Multipart Guid/DateTime/DateTimeOffset/TimeSpan (and DateOnly/TimeOnly) are sent as plain text (#​2016); property-level [Query(delimiter, prefix)] is honoured when flattening complex objects (#​1334); [Query(Format = "")] serializes a complex value via ToString() (#​1281); and IApiResponse<T> no longer shadows base members (#​1933).

Breaking changes and migration

  • IApiResponse<T> no longer shadows base members. The new-shadowed Error, ContentHeaders, IsSuccessStatusCode, and IsSuccessful members are removed from the generic interface. Source that reads these still compiles (they bind to the inherited base members), but code compiled against v8-v11 that bound to the generic-interface slots needs a recompile. If you relied on IsSuccessful to narrow Content to non-null on an IApiResponse<T>-typed value, switch to HasContent / IsSuccessfulWithContent.
  • The default System.Text.Json serializer now reads numbers from JSON strings (NumberHandling = AllowReadingFromString). Opt back out with NumberHandling = JsonNumberHandling.Strict on your JsonSerializerOptions.

🗞️ What's Changed

💥 Breaking Changes

  • reactiveui/refit@​8b70ca1c072ac17741615e38918dfe50b970dc8b break: request-building fixes, JSON Lines, and response ergonomics (#​2155) @​glennawatson
  • reactiveui/refit@​3881cc67286012268521a58740752556ed500bcf break: add IAsyncEnumerable streaming and opt-in URL, route and JSON serialization modes (#​2157) @​glennawatson

✨ Features

  • reactiveui/refit@​6f2e43dadafdf965e6764b07220b30239990b860 feat: respect naming conventions across query, form and JSON body (#​2154) @​glennawatson
  • reactiveui/refit@​196cd4966dee21f89cc982970171e174f3249427 feat: add IsSuccessfulWithContent and correct IApiResponse nullable annotations (#​2159) @​glennawatson
  • reactiveui/refit@​e28a38438ebd16e94b41de860cc609820377170c feat: generate request construction to avoid reflection pipeline (#​2150) @​glennawatson
  • reactiveui/refit@​98982b48d27a94e0d3caac0d692ccc927db00d2c feat: reflection-free generated form serialization, opt-in null values, and public UniqueName (#​2164) @​glennawatson
  • reactiveui/refit@​bf488d6a0849184eb1d1b72368fb0d7b5c5b019f feat: improve generated clients for AOT (#​2151) @​glennawatson

♻️ Refactoring

  • reactiveui/refit@​3fd4ce6f0d76405c69c5681cc4a660ab3a708d9f refactor: replace System.Reactive with ReactiveUI.Primitives and integrate observable test helpers (#​2152) @​glennawatson
  • reactiveui/refit@​c7c14b43f9ff954cf5249a6c25e526b5bdf75eb6 refactor: align Refit with rxui coding standards and modernize (#​2149) @​glennawatson

⚡ Performance

  • reactiveui/refit@​3717256d32f6dac0503e66aad68795fe1929a2f7 perf: modernize and optimize the Refit source generator (#​2148) @​glennawatson

🧹 General Changes

  • reactiveui/refit@​0aae034524fef8a3b56074e56edc21d15f771bb7 build: update StyleSharp.Analyzers to 3.13.4 and align editorconfig (#​2163) @​glennawatson

🔗 Full Changelog: reactiveui/refit@v11.2.0...v12.0.0

... (truncated)

Commits viewable in compare view.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

---
updated-dependencies:
- dependency-name: Refit.HttpClientFactory
  dependency-version: 13.1.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .net code dependencies Pull requests that update a dependency file labels Jul 3, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .net code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants