Dependencies: Update server dependencies

[lauraneto]

📦 Package Updates Summary

🔴 Major Updates (5)

Package	Previous	New
OpenIddict.* (3 packages)	6.2.1	7.1.0
Serilog.Sinks.File	6.0.0	7.0.0
Swashbuckle.AspNetCore	8.1.1	9.0.6

Updating OpenIddict to v7 required an EF Core database migration as described in https://documentation.openiddict.com/guides/migration/60-to-70.html#add-and-apply-migrations-if-applicable.

🟡 Minor Updates (6)

Package	Previous	New
Nerdbank.GitVersioning	3.7.115	3.8.118
Microsoft.Extensions.Caching.Hybrid	9.8.0	9.9.0
MailKit	4.11.0	4.14.0
ncrontab	3.3.3	3.4.0
Serilog	4.2.0	4.3.0
SixLabors.ImageSharp.Web	3.1.5	3.2.0

Updating SixLabors.ImageSharp.Web required adding missing using statements as the ImageSharp package references stopped being added automatically to the global usings in SixLabors/ImageSharp.Web#391

🟢 Patch Updates (22)

Package	Previous	New
Microsoft.AspNetCore.Mvc.Razor.RuntimeCompilation	10.0.0-preview.7.25380.108	10.0.0-rc.1.25451.107
Microsoft.Data.Sqlite	10.0.0-preview.7.25380.108	10.0.0-rc.1.25451.107
Microsoft.EntityFrameworkCore.* (3 packages)	10.0.0-preview.7.25380.108	10.0.0-rc.1.25451.107
Microsoft.Extensions.* (15 packages)	10.0.0-preview.7.25380.108	10.0.0-rc.1.25451.107
HtmlAgilityPack	1.12.1	1.12.4
MessagePack	3.1.3	3.1.4

🗑️ Removed (9)

Removed all transitive pinned packages (security vulnerability workarounds no longer needed)

Total: 33 packages updated • 9 packages removed • 28 unchanged

Notes: Also updated NJsonSchema from 11.0.2 to 11.5.1 and some of the packages referenced by the Tests projects, except for NUnit which is a major upgrade and isn't necessarily needed for now.

[Copilot]

Pull Request Overview

This PR updates Umbraco CMS's server dependencies, focusing on major updates to OpenIddict (v6.2.1 → v7.1.0), Serilog.Sinks.File (v6.0.0 → v7.0.0), and Swashbuckle.AspNetCore (v8.1.1 → v9.0.6), along with minor and patch updates to various Microsoft packages and third-party libraries.

• Added database migration support for OpenIddict v7 upgrade with required schema changes
• Removed transitive security vulnerability workarounds that are no longer needed
• Added missing ImageSharp using statements due to breaking changes in SixLabors.ImageSharp.Web v3.2.0

Reviewed Changes

Copilot reviewed 25 out of 27 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
Directory.Packages.props	Updated package versions across Microsoft, OpenIddict, Serilog, and other dependencies; removed transitive vulnerability workarounds
global.json	Enabled prerelease packages for .NET 10 RC
src/Umbraco.Infrastructure/Migrations/EFCoreMigration.cs	Added UpdateOpenIddictToV7 migration enum value
src/Umbraco.Infrastructure/Migrations/Upgrade/V_17_0_0/UpdateToOpenIddictV7.cs	New migration class to handle OpenIddict v7 database updates
src/Umbraco.Infrastructure/Migrations/Upgrade/UmbracoPremigrationPlan.cs	Registered OpenIddict v7 migration in the upgrade plan
src/Umbraco.Cms.Persistence.EFCore.*/Migrations/	EF Core migrations and model snapshots for OpenIddict v7 schema changes
src/Umbraco.Cms.Imaging.ImageSharp/	Added missing SixLabors.ImageSharp using statements due to breaking changes
Multiple .csproj files	Removed transitive security vulnerability package references

Files not reviewed (2)

• src/Umbraco.Cms.Persistence.EFCore.SqlServer/Migrations/20251006140751_UpdateOpenIddictToV7.Designer.cs: Language not supported
• src/Umbraco.Cms.Persistence.EFCore.Sqlite/Migrations/20251006140958_UpdateOpenIddictToV7.Designer.cs: Language not supported

[kjac]

Tests out good 👍