fix(deps): upgrade AutoMapper from 14.x to 16.1.1 to resolve GHSA-rvv3-g6hj-g44x (#414)

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: Claude <noreply@anthropic.com>

Author: 3 people

.github/dependabot.yml

@@ -9,10 +9,6 @@ updates:
     commit-message:
       include: scope
       prefix: "chore(deps): "
-    # Pin AutoMapper to 14.x line to avoid commercial v15.x upgrades
-    ignore:
-      - dependency-name: "AutoMapper"
-        update-types: ["version-update:semver-major"]
     groups:
       serilog:
         patterns:
@@ -34,10 +30,6 @@ updates:
     commit-message:
       include: scope
       prefix: "chore(deps): "
-    # Pin AutoMapper to 14.x line to avoid commercial v15.x upgrades
-    ignore:
-      - dependency-name: "AutoMapper"
-        update-types: ["version-update:semver-major"]
     groups:
       xunit:
         patterns:

CHANGELOG.md

@@ -46,6 +46,7 @@ This project uses famous football stadiums (A-Z) that hosted FIFA World Cup matc
 
 ### Changed
 
+- Upgrade AutoMapper from 14.x to 16.1.1 to resolve high-severity security vulnerability GHSA-rvv3-g6hj-g44x (#414)
 - Rename test methods to follow Microsoft .NET naming standard (#396)
 
 ### Deprecated

src/Dotnet.Samples.AspNetCore.WebApi/Dotnet.Samples.AspNetCore.WebApi.csproj

@@ -15,7 +15,7 @@
   <ItemGroup Label="Runtime dependencies">
     <PackageReference Include="Microsoft.AspNetCore.OpenApi" Version="10.0.5" />
     <PackageReference Include="Microsoft.EntityFrameworkCore.Sqlite" Version="10.0.5" />
-    <PackageReference Include="AutoMapper" Version="[14.0.0,15.0.0)" />
+    <PackageReference Include="AutoMapper" Version="[16.1.1,17.0.0)" />
     <PackageReference Include="FluentValidation" Version="12.1.1" />
     <PackageReference Include="FluentValidation.DependencyInjectionExtensions" Version="12.1.1" />
     <PackageReference Include="Serilog.AspNetCore" Version="10.0.0" />

src/Dotnet.Samples.AspNetCore.WebApi/Extensions/ServiceCollectionExtensions.cs

@@ -138,7 +138,7 @@ public static IServiceCollection RegisterPlayerService(this IServiceCollection s
     /// <returns>The IServiceCollection for method chaining.</returns>
     public static IServiceCollection AddMappings(this IServiceCollection services)
     {
-        services.AddAutoMapper(typeof(PlayerMappingProfile));
+        services.AddAutoMapper(config => config.AddProfile<PlayerMappingProfile>());
         return services;
     }
 

src/Dotnet.Samples.AspNetCore.WebApi/packages.lock.json

@@ -4,9 +4,12 @@
     "net10.0": {
       "AutoMapper": {
         "type": "Direct",
-        "requested": "[14.0.0, 15.0.0)",
-        "resolved": "14.0.0",
-        "contentHash": "OC+1neAPM4oCCqQj3g2GJ2shziNNhOkxmNB9cVS8jtx4JbgmRzLcUOxB9Tsz6cVPHugdkHgCaCrTjjSI0Z5sCQ=="
+        "requested": "[16.1.1, 17.0.0)",
+        "resolved": "16.1.1",
+        "contentHash": "VNEky8JA15ci+oIDRGHITOGOpV4dILsf8pnn24QhDl2urtqgJ2IXiS/V2EtGU17P/+f6OeFQPJETaZXV9QOIZg==",
+        "dependencies": {
+          "Microsoft.IdentityModel.JsonWebTokens": "8.14.0"
+        }
       },
       "FluentValidation": {
         "type": "Direct",
@@ -815,6 +818,35 @@
         "resolved": "10.0.5",
         "contentHash": "xA4kkL+QS6KCAOKz/O0oquHs44Ob8J7zpBCNt3wjkBWDg5aCqfwG8rWWLsg5V86AM0sB849g9JjPjIdksTCIKg=="
       },
+      "Microsoft.IdentityModel.Abstractions": {
+        "type": "Transitive",
+        "resolved": "8.14.0",
+        "contentHash": "iwbCpSjD3ehfTwBhtSNEtKPK0ICun6ov7Ibx6ISNA9bfwIyzI2Siwyi9eJFCJBwxowK9xcA1mj+jBWiigeqgcQ=="
+      },
+      "Microsoft.IdentityModel.JsonWebTokens": {
+        "type": "Transitive",
+        "resolved": "8.14.0",
+        "contentHash": "4jOpiA4THdtpLyMdAb24dtj7+6GmvhOhxf5XHLYWmPKF8ApEnApal1UnJsKO4HxUWRXDA6C4WQVfYyqsRhpNpQ==",
+        "dependencies": {
+          "Microsoft.IdentityModel.Tokens": "8.14.0"
+        }
+      },
+      "Microsoft.IdentityModel.Logging": {
+        "type": "Transitive",
+        "resolved": "8.14.0",
+        "contentHash": "eqqnemdW38CKZEHS6diA50BV94QICozDZEvSrsvN3SJXUFwVB9gy+/oz76gldP7nZliA16IglXjXTCTdmU/Ejg==",
+        "dependencies": {
+          "Microsoft.IdentityModel.Abstractions": "8.14.0"
+        }
+      },
+      "Microsoft.IdentityModel.Tokens": {
+        "type": "Transitive",
+        "resolved": "8.14.0",
+        "contentHash": "lKIZiBiGd36k02TCdMHp1KlNWisyIvQxcYJvIkz7P4gSQ9zi8dgh6S5Grj8NNG7HWYIPfQymGyoZ6JB5d1Lo1g==",
+        "dependencies": {
+          "Microsoft.IdentityModel.Logging": "8.14.0"
+        }
+      },
       "Microsoft.NET.StringTools": {
         "type": "Transitive",
         "resolved": "17.11.48",