v5.6.0

New features and enhancements

Aside from a new logo (which was needed to enable dark mode on the documentation website), most of the changes involve unblocking our ongoing development of OpenAPI support for JSON:API. Please read the docs and give it a try (see the instructions for NSwag and Kiota), we'd love to hear your feedback.

• The describedby top-level link has been added, whose visibility can be configured at various levels. Its value can be set by implementing IDocumentDescriptionLinkProvider.
• Controller action methods have been enriched with [Required], pipeline methods with [DisallowNull] for id parameters.
• A relaxed variant of the atomic operations media type can be used, to workaround deficiencies in OpenAPI client generators.

Breaking changes

• When your project contains an atomic operations controller, earlier versions would always expose all operations for all resource types, despite the use of [Resource(GenerateControllerEndpoints = ...)] to constrain endpoints. The new behavior is to block operations whose endpoints are blocked using GenerateControllerEndpoints. If you're using custom controllers (or just want to override this default), implement IAtomicOperationFilter. To revert to the old behavior, use IAtomicOperationFilter.AlwaysEnabled.

Bugfixes

• Fix crash on empty query string parameter name. For example: http://localhost:5065/people?=.
• Fix percent-encoding of whitespace in response links. For example: equals(city,%27New York%27) equals(city,%27New%20York%27).
• Return empty object ({}) instead of { "data": null } in atomic operation results.
• Do not allow lid in atomic operations request when a client-generated ID is required.
• Take options.UseRelativeLinks into account when rendering HTTP Location header.

Merged PRs

• Replace CreateTupleAccessExpressionForConstant with simpler implementation by @bkoelman in #1469
• Don't crash on empty query string parameter name by @verdie-g in #1484
• Drop dependency on EF Core internals by @bkoelman in #1492
• Enable setting the "describedby" top-level link by @bkoelman in #1495
• Controller attribute changes by @bkoelman in #1503
• Move back [FromBody] and [Required] to derived controllers by @bkoelman in #1506
• Move [FromBody] back on base controllers, to prevent a breaking change by @bkoelman in #1508
• Revert "Resharper: Replace async method with Task return" by @bkoelman in #1513
• Add support for configuring the visibility of the "describedby" link by @bkoelman in #1516
• Fix whitespace in query string parameters within pagination links by @bkoelman in #1526
• New logo, dark mode on landing page by @bkoelman in #1549
• Allow relaxed Content-Type for atomic operations by @bkoelman in #1553
• Filter operations based on GenerateControllerEndpoints usage by @bkoelman in #1561
• Return Forbidden when operation is inaccessible, to match resource endpoint status code by @bkoelman in #1562
• Fixed: return empty object instead of data:null in operation results by @bkoelman in #1564
• Fixed: Do not allow the use of 'lid' when client-generated IDs are required by @bkoelman in #1581
• Fixed: send absolute/relative URL in location header, depending on options.UseRelativeLinks by @bkoelman in #1582
• Add [DisallowNull] on TId in pipeline parameters by @bkoelman in #1583

Full Changelog: v5.5.1...v5.6.0

v5.5.1

This patch eliminates building an intermediate ServiceProvider at startup, which unblocks usage in Aspire (more specifically, its usage of AddNpgsqlDataSource) and improves Serilog compatibility.

Furthermore, this patch makes methods on FilterParser overridable, which enables plugging in custom parsing of constant values (text surrounded by single quotes) inside a filter query string value.

Merged PRs

• Allow to override valueconverter on FilterParser by @bjornharrtell in #1401
• Remove building an intermediate service provider at startup by @bkoelman in #1431

Full Changelog: v5.5.0...v5.5.1

v5.5.0

New features and enhancements

• This release adds support for .NET 8 and Entity Framework Core 8.
• A new example was added that uses Dapper instead of Entity Framework Core. It demonstrates how to produce SQL for nearly all JSON:API features, such as side-loading related resources and compound nested filters, as well as applying resource changes and atomic operations. The produced SQL works on PostgreSQL, MySQL, and SQL Server.
• We now use TryAdd[Singleton/Scoped/Transient] internally, which makes it easier to replace built-in dependencies with your own.

Bugfixes

• Fix crash on atomic operations request when trace logging is turned on.

Merged PRs

• Make it easier to register custom services in the IoC container by @bkoelman in #1352
• Example to produce SQL without Entity Framework Core! by @bkoelman in #1361
• Fix crash on operations requests when trace logging is turned on by @bkoelman in #1396
• Multi-target against .NET 6 and .NET 8 by @bkoelman in #1349

Full Changelog: v5.4.0...v5.5.0

v5.4.0

New features and enhancements

• The usage of client-generated IDs can now be overruled per resource type. The new choices are: Forbidden/Allowed/Required (both per type and globally). See the documentation for details.
• New example for using generic scopes-based authorization (see here).
• Continuous integration builds use GitHub Actions on Windows, Ubuntu and macOS. This includes dependabot updates and CodeQL vulnerability scanning. It comes with a new NuGet feed for trying out the latest builds.
• You can now sponsor our project with one-time and monthly donations.

Breaking changes

The boolean AllowClientGeneratedIds in options has been obsoleted in favor of the new IJsonApiOptions.ClientIdGeneration (see above)

Bugfixes

• Correct examples in the documentation for AddJsonApi calls.
• Correct nullability in the return value of the QueryExpressionRewriter.VisitResourceFieldChain method.
• Change inheritdoc usage to correct IntelliSense/documentation on classes.
• Sanitize user input to prevent a malicious user from forging log entries.

Merged PRs

• Docs: Add missing parameter name to AddJsonApi calls by @bkoelman in #1296
• Add example for scopes-based authorization by @bkoelman in #1303
• Replace AppVeyor with GitHub Actions by @bkoelman in #1294
• Client-generated IDs per resource type by @bkoelman in #1305
• Add sponsoring by @bkoelman in #1340

Full Changelog: v5.3.0...v5.4.0

v5.3.0

New features and enhancements

This release opens up query string parsing plus LINQ expression building for extensibility. This means that you can now define and plug in your own functions, available for use in query strings. Also, errors for invalid query string values now include the failure position, along with the ^ marker. See #1286 for details and examples.

Breaking changes

Related to the above, the query string parsers, LINQ builders, and RuntimeTypeConverter have been moved out of .Internal namespaces.

Bugfixes

• Do not execute unneeded SQL query in 1-to-1 relationship update, which fails on EF Core 8 preview.
• Query strings: do not allow comparison of count() with null; do not treat null as a possible field name.

Merged PRs

• Package updates by @bkoelman in #1274
• Corrected HTTP method in updating.md by @boginw in #1278
• Remove workaround for RSRP-491451 by @bkoelman in #1276
• Add sponsor credits by @bkoelman in #1292
• Fix exception thrown by EF Core 8 preview by @bkoelman in #1289
• Extensible query string functions by @bkoelman in #1286

New Contributors

• @boginw made their first contribution in #1278

Full Changelog: v5.2.0...v5.3.0

v5.2.0

Enhancements

• Improve resource change tracking performance.
• Improve performance of response serialization for large number of included resources.
• Auto-feed includes from query string to the serializer when custom resource service is used.
• Refreshed examples: connection strings, API namespaces, seed with sample data, use long IDs, detailed logging.
  • NoEntityFrameworkExample now uses a hardcoded in-memory dataset, demonstrating how to implement a custom read-only resource service and resource repository, which compiles the produced LINQ query and executes it against the dataset.
• Harden Attr/Relationship attributes against invalid input.
• Updated Ember sample to use latest versions and include tests. Special thanks to @briarsweetbriar and @rtablada!

Bugfixes

• On secondary endpoint, the incoming filter from query string was not applied when determining total resource count via inverse relationship.
• A duplicate trailing slash was rendered in Location header when request path ended with a slash.
• Minor corrections in documentation.
• Do not emit unused namespace import in controller source generator.
• Use deterministic culture when converting to string.
• Fixes for using include and fields with EF Core owned entities.

Breaking changes

• Minor changes in the QueryExpression model shape, to make it easier to understand and consume.
• Removed resource ID from error message, as the error is unrelated to any specific record.
• Disable EF Core Change Tracking on read-only requests (can be reverted by overriding a virtual method on the resource repository).

Merged PRs

• Fixed: incorrect meta:total on secondary endpoint with filter by @bart-vmware in #1259
• Query tweaks by @bkoelman in #1257
• Fix namespace imports in controller source generator by @bkoelman in #1261
• Improve serializer performance by @bkoelman in #1265
• Use deterministic culture when converting to string by @bkoelman in #1267
• Update examples by @bkoelman in #1269
• Harden Attr/Relationship attributes against invalid input by @bkoelman in #1268
• Fixes for EF Core owned entities by @bkoelman in #1272

Full Changelog: v5.1.2...v5.2.0

v5.1.2

Enhancements

• New documentation sections: FAQ and Common Pitfalls.
• Entity Framework Core 7 table-per-concrete-type (TPC) inheritance is now supported.
• Added support for DateOnly and TimeOnly. This works out of the box when using .NET 7. But when using .NET 6, additional steps are required.
• Support for [ApiController] has improved, though its use is not recommended because it degrades JSON:API compliance. Therefore we now log a warning when found.

Bugfixes

• Fixed whitespace handling in query string parameters.
• Fixed ModelState validation in atomic operations when using custom validators with injected dependencies.
• Fixed incorrect ModelState validation error when using [Range] that does not include the type's default value.

Breaking changes

• Parsing query string parameters used to rely on the current culture, which is no longer the case. To revert to the old behavior, add the following at startup:

  AppContext.SetSwitch("JsonApiDotNetCore.ParseQueryStringsUsingCurrentCulture", true);

Merged PRs

• Fix missing HttpContext on ValidationContext during atomic operations by @Tommy228 in #1251
• Better handling of [ApiController] usage by @bkoelman in #1246
• Package updates; run tests against EF Core 7 by @bkoelman in #1249
• Fixed: fail on non-leading whitespace in field chains by @bkoelman in #1252
• Fixed: ModelState validation failed when [Range] does not include property default value by @bkoelman in #1253
• Documentation: FAQ and Common Pitfalls by @bkoelman in #1245
• Add support for DateOnly/TimeOnly by @bkoelman in #1169

New Contributors

• @Tommy228 made their first contribution in #1251

Full Changelog: v5.1.1...v5.1.2

v5.1.1

This patch relaxes the requirements for the any() filter function: Instead of requiring at least two constants, now a single constant works as well.

Merged PRs

• Allow at least one constant instead of two in any() filter function by @bkoelman in #1234

Full Changelog: v5.1.0...v5.1.1

v5.1.0

New features and enhancements

The final version of JSON:API v1.1 was released recently, eight years after its initial draft. We've always tried to keep up-to-date with specification changes, and this release follows that tradition. We've slightly adapted JsonApiDotNetCore in corner cases (#1195 and #1196) where the specification used to be ambiguous.

New in this release: capabilities for relationships. Similar to [Attr(Capabilities = ...)], you can now declare what's permitted in requests where relationships are involved: [HasOne(HasOneCapabilities = ...)] and set the default in options. Despite this was already possible by writing custom code in resource definitions (which can still be useful when depending on externally changing conditions), relationship capabilities are just a shorthand for simpler cases. See its documentation and feature design for details.

Based on our own research and experiments, we've updated the guidance on mapping Entity Framework Core one-to-one relationships at https://www.jsonapi.net/usage/resources/relationships.html#one-to-one-relationships-in-entity-framework-core to make JsonApiDotNetCore work properly. In summary, there are two pitfalls to watch out for, where you need to override the default mappings: identifying foreign keys and using DeleteBehavior.SetNull instead of the misleading default DeleteBehavior.ClientSetNull.

You can now share your models (that is, your Entity Framework Core entity classes that are decorated with JsonApiDotNetCore attributes) with .NET Framework code. To accomplish this, move them into a separate, shared project that references only the JsonApiDotNetCore.Annotations package. Aside from targeting .NET Standard 1.0 instead of .NET 6, we've fixed #1198 and #1199.

Breaking changes

Related to the above, we've obsoleted CanInclude on relationships. The equivalent functionality is now covered by relationship capabilities.

Merged PRs

• Multi-target Annotations against .NET Standard 1.0 by @bkoelman in #1192
• Improve error message when duplicate controllers found by @bkoelman in #1193
• Relationship capabilities and bugfixes by @bkoelman in #1197
• Update EF Core docs for one-to-one relationships by @bkoelman in #1207
• Updated example to match with current implementation by @bkoelman in #1208

Full Changelog: v5.0.3...v5.1.0

v5.0.3

This patch removes a limitation that blocked future use of EF Core 7, as well as minor tweaks and optimizations.

Merged PRs

• Minor serialization tweaks by @bkoelman in #1170
• Remove dependency on EF Core "Issue26779" AppContext switch by @bkoelman in #1176
• Add // <auto-generated /> comment to source-generated controllers by @bkoelman in #1178

Full Changelog: v5.0.2...v5.0.3