Skip to content

Bump the dotnet-deps group with 18 updates#47

Merged
MiguelGuedelha merged 1 commit into
masterfrom
dependabot/nuget/project-templates/content/umbraco-headless-bff/UmbracoHeadlessBFF.Aspire/dotnet-deps-c6441c8c98
Apr 18, 2026
Merged

Bump the dotnet-deps group with 18 updates#47
MiguelGuedelha merged 1 commit into
masterfrom
dependabot/nuget/project-templates/content/umbraco-headless-bff/UmbracoHeadlessBFF.Aspire/dotnet-deps-c6441c8c98

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 17, 2026

Copy link
Copy Markdown
Contributor

Updated Aspire.Hosting.AppHost from 13.2.1 to 13.2.2.

Release notes

Sourced from Aspire.Hosting.AppHost's releases.

13.2.2

This is a servicing release focused on bug fixes and platform improvements.

🐛 Bug Fixes

  • Fix SqlClient runtime asset layout on Unix — Resolved an issue where Microsoft.Data.SqlClient failed to load correctly on macOS and Linux due to incorrect NuGet asset layout (#​15709)
  • Fix IDE execution regressions for Azure Functions and class library projects — Backported fixes for
    13.2 regressions impacting IDE-based execution (#​15714)
  • Fix NpmRunner multi-version output parsing — npm view returning multiple versions no longer breaks version resolution; also bumps @​playwright/cli to >=0.1.3 (#​15746)
  • Skip name validation for internal resources — ProjectRebuilderResource, installer, and venv creator resources no longer fail the 64-char name limit since they're never deployed (#​15726, fixes #​15693)

🔒 Security & Certificates

  • Use ASP.NET Core dev cert for DCP — Avoids ephemeral certificate trust issues by using the standard ASP.NET Core developer certificate (#​15718)
  • Cache PFX dev certs on Windows and Linux — Prevents binary-level changes between runs for persistent container scenarios (#​15774)

🏗️ Infrastructure & Platform

  • ARM64 CLI support — Added win-arm64 and linux-arm64 to the native CLI archive build matrix (#​15599)
  • Update DCP to
    0.22.11 (#​15713)

💻 CLI Improvements

  • Show anonymous dashboard URLs in aspire ps — The dashboard URL is now displayed even when running without authentication (#​15731

Commits viewable in compare view.

Updated Aspire.Hosting.Azure.Storage from 13.2.1 to 13.2.2.

Release notes

Sourced from Aspire.Hosting.Azure.Storage's releases.

13.2.2

This is a servicing release focused on bug fixes and platform improvements.

🐛 Bug Fixes

  • Fix SqlClient runtime asset layout on Unix — Resolved an issue where Microsoft.Data.SqlClient failed to load correctly on macOS and Linux due to incorrect NuGet asset layout (#​15709)
  • Fix IDE execution regressions for Azure Functions and class library projects — Backported fixes for
    13.2 regressions impacting IDE-based execution (#​15714)
  • Fix NpmRunner multi-version output parsing — npm view returning multiple versions no longer breaks version resolution; also bumps @​playwright/cli to >=0.1.3 (#​15746)
  • Skip name validation for internal resources — ProjectRebuilderResource, installer, and venv creator resources no longer fail the 64-char name limit since they're never deployed (#​15726, fixes #​15693)

🔒 Security & Certificates

  • Use ASP.NET Core dev cert for DCP — Avoids ephemeral certificate trust issues by using the standard ASP.NET Core developer certificate (#​15718)
  • Cache PFX dev certs on Windows and Linux — Prevents binary-level changes between runs for persistent container scenarios (#​15774)

🏗️ Infrastructure & Platform

  • ARM64 CLI support — Added win-arm64 and linux-arm64 to the native CLI archive build matrix (#​15599)
  • Update DCP to
    0.22.11 (#​15713)

💻 CLI Improvements

  • Show anonymous dashboard URLs in aspire ps — The dashboard URL is now displayed even when running without authentication (#​15731

Commits viewable in compare view.

Updated Aspire.Hosting.Redis from 13.2.1 to 13.2.2.

Release notes

Sourced from Aspire.Hosting.Redis's releases.

13.2.2

This is a servicing release focused on bug fixes and platform improvements.

🐛 Bug Fixes

  • Fix SqlClient runtime asset layout on Unix — Resolved an issue where Microsoft.Data.SqlClient failed to load correctly on macOS and Linux due to incorrect NuGet asset layout (#​15709)
  • Fix IDE execution regressions for Azure Functions and class library projects — Backported fixes for
    13.2 regressions impacting IDE-based execution (#​15714)
  • Fix NpmRunner multi-version output parsing — npm view returning multiple versions no longer breaks version resolution; also bumps @​playwright/cli to >=0.1.3 (#​15746)
  • Skip name validation for internal resources — ProjectRebuilderResource, installer, and venv creator resources no longer fail the 64-char name limit since they're never deployed (#​15726, fixes #​15693)

🔒 Security & Certificates

  • Use ASP.NET Core dev cert for DCP — Avoids ephemeral certificate trust issues by using the standard ASP.NET Core developer certificate (#​15718)
  • Cache PFX dev certs on Windows and Linux — Prevents binary-level changes between runs for persistent container scenarios (#​15774)

🏗️ Infrastructure & Platform

  • ARM64 CLI support — Added win-arm64 and linux-arm64 to the native CLI archive build matrix (#​15599)
  • Update DCP to
    0.22.11 (#​15713)

💻 CLI Improvements

  • Show anonymous dashboard URLs in aspire ps — The dashboard URL is now displayed even when running without authentication (#​15731

Commits viewable in compare view.

Updated Aspire.Hosting.SqlServer from 13.2.1 to 13.2.2.

Release notes

Sourced from Aspire.Hosting.SqlServer's releases.

13.2.2

This is a servicing release focused on bug fixes and platform improvements.

🐛 Bug Fixes

  • Fix SqlClient runtime asset layout on Unix — Resolved an issue where Microsoft.Data.SqlClient failed to load correctly on macOS and Linux due to incorrect NuGet asset layout (#​15709)
  • Fix IDE execution regressions for Azure Functions and class library projects — Backported fixes for
    13.2 regressions impacting IDE-based execution (#​15714)
  • Fix NpmRunner multi-version output parsing — npm view returning multiple versions no longer breaks version resolution; also bumps @​playwright/cli to >=0.1.3 (#​15746)
  • Skip name validation for internal resources — ProjectRebuilderResource, installer, and venv creator resources no longer fail the 64-char name limit since they're never deployed (#​15726, fixes #​15693)

🔒 Security & Certificates

  • Use ASP.NET Core dev cert for DCP — Avoids ephemeral certificate trust issues by using the standard ASP.NET Core developer certificate (#​15718)
  • Cache PFX dev certs on Windows and Linux — Prevents binary-level changes between runs for persistent container scenarios (#​15774)

🏗️ Infrastructure & Platform

  • ARM64 CLI support — Added win-arm64 and linux-arm64 to the native CLI archive build matrix (#​15599)
  • Update DCP to
    0.22.11 (#​15713)

💻 CLI Improvements

  • Show anonymous dashboard URLs in aspire ps — The dashboard URL is now displayed even when running without authentication (#​15731

Commits viewable in compare view.

Updated Aspire.StackExchange.Redis.DistributedCaching from 13.2.1 to 13.2.2.

Release notes

Sourced from Aspire.StackExchange.Redis.DistributedCaching's releases.

13.2.2

This is a servicing release focused on bug fixes and platform improvements.

🐛 Bug Fixes

  • Fix SqlClient runtime asset layout on Unix — Resolved an issue where Microsoft.Data.SqlClient failed to load correctly on macOS and Linux due to incorrect NuGet asset layout (#​15709)
  • Fix IDE execution regressions for Azure Functions and class library projects — Backported fixes for
    13.2 regressions impacting IDE-based execution (#​15714)
  • Fix NpmRunner multi-version output parsing — npm view returning multiple versions no longer breaks version resolution; also bumps @​playwright/cli to >=0.1.3 (#​15746)
  • Skip name validation for internal resources — ProjectRebuilderResource, installer, and venv creator resources no longer fail the 64-char name limit since they're never deployed (#​15726, fixes #​15693)

🔒 Security & Certificates

  • Use ASP.NET Core dev cert for DCP — Avoids ephemeral certificate trust issues by using the standard ASP.NET Core developer certificate (#​15718)
  • Cache PFX dev certs on Windows and Linux — Prevents binary-level changes between runs for persistent container scenarios (#​15774)

🏗️ Infrastructure & Platform

  • ARM64 CLI support — Added win-arm64 and linux-arm64 to the native CLI archive build matrix (#​15599)
  • Update DCP to
    0.22.11 (#​15713)

💻 CLI Improvements

  • Show anonymous dashboard URLs in aspire ps — The dashboard URL is now displayed even when running without authentication (#​15731

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.5 to 10.0.6.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.HeaderPropagation from 10.0.5 to 10.0.6.

Release notes

Sourced from Microsoft.AspNetCore.HeaderPropagation's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Http.Resilience from 10.4.0 to 10.5.0.

Release notes

Sourced from Microsoft.Extensions.Http.Resilience's releases.

10.5.0

HTTP Logging Middleware APIs in Microsoft.AspNetCore.Diagnostics.Middleware are now stable. This release also transfers Microsoft.Extensions.VectorData.Abstractions and Microsoft.Extensions.VectorData.ConformanceTests from the Semantic Kernel repository into dotnet/extensions, jumping from 10.1.0 to 10.5.0 for consistent versioning. The release also delivers fixes across the AI libraries, AI Evaluation, and Service Discovery.

Breaking Changes

  1. Rename VectorStoreVectorAttribute constructor parameter #​7460
    • The Dimensions parameter was renamed to dimensions (lowercase). This is a source-breaking change only — binary compatibility is preserved.
    • If you use the named argument syntax new VectorStoreVectorAttribute(Dimensions: 1536), update it to new VectorStoreVectorAttribute(dimensions: 1536).

Experimental API Changes

Now Stable

  • HTTP Logging Middleware APIs are now stable (previously EXTEXP0013): AddHttpLogEnricher<T>, IHttpLogEnricher, and RequestHeadersLogEnricherOptions.HeadersDataClasses #​7380

What's Changed

AI

  • Fix OpenAIResponsesChatClient to respect "store":false in responses #​7417 by @​stephentoub
  • Fix InvalidOperationException in CoalesceWebSearchToolCallContent #​7419 by @​stephentoub
  • Handle F# optional parameters in AIFunctionFactory schema generation #​7439 by @​eiriktsarpalis
  • Fix ComputerCallResponseItem using Item.Id instead of CallId #​7446 by @​jozkee
  • Fix HostedFileContent with image MIME type sent as input_file instead of input_image #​7438 by @​stephentoub (co-authored by @​copilot)
  • Guard Activity.Current restore with null check in OpenTelemetry streaming clients #​7443 by @​stephentoub (co-authored by @​copilot)
  • Enable stateless mode in remote MCP server template (released as v1.2.0 on 2026-04-01) #​7441 by @​jeffhandley

Vector Data

  • Move Microsoft.Extensions.VectorData.Abstractions over from Semantic Kernel #​7434 by @​roji
  • Rename VectorStoreVectorAttribute dimensions constructor parameter #​7460 by @​roji

AI Evaluation

  • Add Path Validation for DiskBasedResponseCache and DiskBasedResultStore #​7397 by @​peterwald
  • Update brace-expansion for CVE-2026-33750 #​7457 by @​SamMonoRT

ASP.NET Core Extensions

  • Removing experimental attribute from Http logging middleware #​7380 by @​mariamgerges

Service Discovery

  • Implement RFC6761 reserved DNS names handling #​6924 by @​rzikm

Documentation Updates

  • Remove per-library CHANGELOG.md files #​7413 by @​jeffhandley

Test Improvements

... (truncated)

10.4.1

This release of the Microsoft.Extensions.AI packages adds new experimental APIs for Realtime client sessions and Text-to-Speech, along with OpenTelemetry and middleware improvements.

Packages in this release

Package Version
Microsoft.Extensions.AI.Abstractions 10.4.1
Microsoft.Extensions.AI 10.4.1
Microsoft.Extensions.AI.OpenAI 10.4.1

Experimental API Changes

New Experimental APIs

  • New experimental API: Realtime Client Sessions #​7285 and #​7399
  • New experimental API: Text-to-Speech Client #​7381

Changes to Experimental APIs

  • Hosted File Download Stream: write-path methods now explicitly throw NotSupportedException #​7394

What's Changed

AI

  • Add ITextToSpeechClient abstraction, middleware, and OpenAI implementation #​7381 by @​stephentoub
  • Realtime Client Proposal #​7285 by @​tarekgh
  • Add VoiceActivityDetection options to realtime session abstractions #​7399 by @​tarekgh
  • Make UriContent mediaType parameter optional with inference from URI file extension #​7398 by @​stephentoub (co-authored by @​Copilot)
  • Emit gen_ai.client.operation.exception via ILogger LoggerMessage on OpenTelemetry instrumentation classes #​7379 by @​stephentoub (co-authored by @​Copilot)
  • Support invoke_workflow as an equivalent parent span to invoke_agent in FunctionInvokingChatClient #​7382 by @​stephentoub (co-authored by @​Copilot)
  • Make HostedFileDownloadStream explicitly read-only #​7394 by @​stephentoub (co-authored by @​Copilot)

Documentation Updates

  • Document JSON schema derivation for return types in AIFunctionFactory #​7400 by @​stephentoub (co-authored by @​Copilot)

Test Improvements

  • Fix test warnings #​7369 by @​jozkee
  • Add tests for JSON deserialization of serializable types #​7373 by @​stephentoub (co-authored by @​Copilot)

Repository Infrastructure Updates

  • Update Package Validation Baseline to 10.4.0 #​7389 by @​jeffhandley (co-authored by @​Copilot)
  • Update ModelContextProtocol libraries to version 1.0.0 #​7340 by @​stephentoub (co-authored by @​Copilot)

Acknowledgements

  • @​eiriktsarpalis @​ericstj @​CodeBlanch @​lmolkova @​adamsitnik @​joperezr reviewed pull requests
    ... (truncated)

Commits viewable in compare view.

Updated Microsoft.Extensions.ServiceDiscovery from 10.4.0 to 10.5.0.

Release notes

Sourced from Microsoft.Extensions.ServiceDiscovery's releases.

10.5.0

HTTP Logging Middleware APIs in Microsoft.AspNetCore.Diagnostics.Middleware are now stable. This release also transfers Microsoft.Extensions.VectorData.Abstractions and Microsoft.Extensions.VectorData.ConformanceTests from the Semantic Kernel repository into dotnet/extensions, jumping from 10.1.0 to 10.5.0 for consistent versioning. The release also delivers fixes across the AI libraries, AI Evaluation, and Service Discovery.

Breaking Changes

  1. Rename VectorStoreVectorAttribute constructor parameter #​7460
    • The Dimensions parameter was renamed to dimensions (lowercase). This is a source-breaking change only — binary compatibility is preserved.
    • If you use the named argument syntax new VectorStoreVectorAttribute(Dimensions: 1536), update it to new VectorStoreVectorAttribute(dimensions: 1536).

Experimental API Changes

Now Stable

  • HTTP Logging Middleware APIs are now stable (previously EXTEXP0013): AddHttpLogEnricher<T>, IHttpLogEnricher, and RequestHeadersLogEnricherOptions.HeadersDataClasses #​7380

What's Changed

AI

  • Fix OpenAIResponsesChatClient to respect "store":false in responses #​7417 by @​stephentoub
  • Fix InvalidOperationException in CoalesceWebSearchToolCallContent #​7419 by @​stephentoub
  • Handle F# optional parameters in AIFunctionFactory schema generation #​7439 by @​eiriktsarpalis
  • Fix ComputerCallResponseItem using Item.Id instead of CallId #​7446 by @​jozkee
  • Fix HostedFileContent with image MIME type sent as input_file instead of input_image #​7438 by @​stephentoub (co-authored by @​copilot)
  • Guard Activity.Current restore with null check in OpenTelemetry streaming clients #​7443 by @​stephentoub (co-authored by @​copilot)
  • Enable stateless mode in remote MCP server template (released as v1.2.0 on 2026-04-01) #​7441 by @​jeffhandley

Vector Data

  • Move Microsoft.Extensions.VectorData.Abstractions over from Semantic Kernel #​7434 by @​roji
  • Rename VectorStoreVectorAttribute dimensions constructor parameter #​7460 by @​roji

AI Evaluation

  • Add Path Validation for DiskBasedResponseCache and DiskBasedResultStore #​7397 by @​peterwald
  • Update brace-expansion for CVE-2026-33750 #​7457 by @​SamMonoRT

ASP.NET Core Extensions

  • Removing experimental attribute from Http logging middleware #​7380 by @​mariamgerges

Service Discovery

  • Implement RFC6761 reserved DNS names handling #​6924 by @​rzikm

Documentation Updates

  • Remove per-library CHANGELOG.md files #​7413 by @​jeffhandley

Test Improvements

... (truncated)

10.4.1

This release of the Microsoft.Extensions.AI packages adds new experimental APIs for Realtime client sessions and Text-to-Speech, along with OpenTelemetry and middleware improvements.

Packages in this release

Package Version
Microsoft.Extensions.AI.Abstractions 10.4.1
Microsoft.Extensions.AI 10.4.1
Microsoft.Extensions.AI.OpenAI 10.4.1

Experimental API Changes

New Experimental APIs

  • New experimental API: Realtime Client Sessions #​7285 and #​7399
  • New experimental API: Text-to-Speech Client #​7381

Changes to Experimental APIs

  • Hosted File Download Stream: write-path methods now explicitly throw NotSupportedException #​7394

What's Changed

AI

  • Add ITextToSpeechClient abstraction, middleware, and OpenAI implementation #​7381 by @​stephentoub
  • Realtime Client Proposal #​7285 by @​tarekgh
  • Add VoiceActivityDetection options to realtime session abstractions #​7399 by @​tarekgh
  • Make UriContent mediaType parameter optional with inference from URI file extension #​7398 by @​stephentoub (co-authored by @​Copilot)
  • Emit gen_ai.client.operation.exception via ILogger LoggerMessage on OpenTelemetry instrumentation classes #​7379 by @​stephentoub (co-authored by @​Copilot)
  • Support invoke_workflow as an equivalent parent span to invoke_agent in FunctionInvokingChatClient #​7382 by @​stephentoub (co-authored by @​Copilot)
  • Make HostedFileDownloadStream explicitly read-only #​7394 by @​stephentoub (co-authored by @​Copilot)

Documentation Updates

  • Document JSON schema derivation for return types in AIFunctionFactory #​7400 by @​stephentoub (co-authored by @​Copilot)

Test Improvements

  • Fix test warnings #​7369 by @​jozkee
  • Add tests for JSON deserialization of serializable types #​7373 by @​stephentoub (co-authored by @​Copilot)

Repository Infrastructure Updates

  • Update Package Validation Baseline to 10.4.0 #​7389 by @​jeffhandley (co-authored by @​Copilot)
  • Update ModelContextProtocol libraries to version 1.0.0 #​7340 by @​stephentoub (co-authored by @​Copilot)

Acknowledgements

  • @​eiriktsarpalis @​ericstj @​CodeBlanch @​lmolkova @​adamsitnik @​joperezr reviewed pull requests
    ... (truncated)

Commits viewable in compare view.

Updated OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.15.1 to 1.15.2.

Release notes

Sourced from OpenTelemetry.Exporter.OpenTelemetryProtocol's releases.

1.15.2

For highlights and announcements pertaining to this release see: Release Notes > 1.15.2.

The following changes are from the previous release 1.15.1.

... (truncated)

1.15.2-beta.1

The following changes are from the previous release 1.15.1-beta.1.

Commits viewable in compare view.

Updated OpenTelemetry.Extensions.Hosting from 1.15.1 to 1.15.2.

Release notes

Sourced from OpenTelemetry.Extensions.Hosting's releases.

1.15.2

For highlights and announcements pertaining to this release see: Release Notes > 1.15.2.

The following changes are from the previous release 1.15.1.

... (truncated)

1.15.2-beta.1

The following changes are from the previous release 1.15.1-beta.1.

Commits viewable in compare view.

Updated Scalar.AspNetCore from 2.13.18 to 2.14.0.

Release notes

Sourced from Scalar.AspNetCore's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Umbraco.Cms from 17.3.0 to 17.3.4.

Release notes

Sourced from Umbraco.Cms's releases.

17.3.4

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.3...release-17.3.4

17.3.3

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.2...release-17.3.3

17.3.2

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.1...release-17.3.2

17.3.1

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.0...release-17.3.1

Commits viewable in compare view.

Updated Umbraco.Cms.Core from 17.3.0 to 17.3.4.

Release notes

Sourced from Umbraco.Cms.Core's releases.

17.3.4

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.3...release-17.3.4

17.3.3

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.2...release-17.3.3

17.3.2

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.1...release-17.3.2

17.3.1

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.0...release-17.3.1

Commits viewable in compare view.

Updated Umbraco.Cms.Infrastructure from 17.3.0 to 17.3.4.

Release notes

Sourced from Umbraco.Cms.Infrastructure's releases.

17.3.4

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.3...release-17.3.4

17.3.3

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.2...release-17.3.3

17.3.2

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.1...release-17.3.2

17.3.1

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.0...release-17.3.1

Commits viewable in compare view.

Updated Umbraco.Cms.Web.Common from 17.3.0 to 17.3.4.

Release notes

Sourced from Umbraco.Cms.Web.Common's releases.

17.3.4

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.3...release-17.3.4

17.3.3

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.2...release-17.3.3

17.3.2

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.1...release-17.3.2

17.3.1

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.0...release-17.3.1

Commits viewable in compare view.

Updated Umbraco.Cms.Web.Website from 17.3.0 to 17.3.4.

Release notes

Sourced from Umbraco.Cms.Web.Website's releases.

17.3.4

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.3...release-17.3.4

17.3.3

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.2...release-17.3.3

17.3.2

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.1...release-17.3.2

17.3.1

What's Changed

🐛 Bug Fixes

Full Changelog: umbraco/Umbraco-CMS@release-17.3.0...release-17.3.1

Commits viewable in compare view.

Updated uSync from 17.0.4 to 17.3.0.

Release notes

Sourced from uSync's releases.

17.3.0

This is a major point release update for uSync for Umbraco v17. it contains quite a few updates, fixes and performance improvements.

[!WARNING]
This release jumps two point releases (there is no v17.1 or v17.2) because it has a dependency on Umbraco v17.3 and we figure the easiest way to mange that is to keep the release versions in sync.

Highlights

Client auth updates.

There are a couple of small changes in v17.3 that we wanted to support. We have for example moved the client authentication to the newer umbHttpClient.getConfig() methods to match the newer extension templates - moving to 17.3 also allows us to move our version of @​hey-api/openapi-ts independently of Umbraco which means we can update for some critical vulnerabilities.

Changing HMAC Key support

We have added support for changing HMAC image keys, The umbraco recommendation is that these keys match across your site installations, but if you are moving between clients, or projects or for some other reason you might not have these values match and incline images inside RTE blocks for example will have the wrong HMAC value assigned to them - off by default uSync can go in an update these HMAC values so you can sync stuff across non-matching installations.

Performance.

We asked AI . "Analyse this code base for any performance improvements, ignore the minor improvements in things like string allocation and concentrate on any potential reduction in database calls or file IO that could be improved upon" #​924.

This gave us some nice pointers. Most of these updates are around file IO, and file parsing, it didn't reduce and DB calls within the code.

For example there is now some parallelism in how we read in files (https://github.com/KevinJump/uSync/blob/v17/main/uSync.BackOffice/Services/SyncFileService.cs#L493-L520) which does give some measurable improvements in the read time of large folder structures.

Updates

uSync.Migrations changes

These changes help the new uSync.Migrations integrate into the usync processes better.

Fixes

Dependency Updates

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps Aspire.Hosting.AppHost from 13.2.1 to 13.2.2
Bumps Aspire.Hosting.Azure.Storage from 13.2.1 to 13.2.2
Bumps Aspire.Hosting.Redis from 13.2.1 to 13.2.2
Bumps Aspire.Hosting.SqlServer from 13.2.1 to 13.2.2
Bumps Aspire.StackExchange.Redis.DistributedCaching from 13.2.1 to 13.2.2
Bumps Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.5 to 10.0.6
Bumps Microsoft.AspNetCore.HeaderPropagation from 10.0.5 to 10.0.6
Bumps Microsoft.Extensions.Http.Resilience from 10.4.0 to 10.5.0
Bumps Microsoft.Extensions.ServiceDiscovery from 10.4.0 to 10.5.0
Bumps OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.15.1 to 1.15.2
Bumps OpenTelemetry.Extensions.Hosting from 1.15.1 to 1.15.2
Bumps Scalar.AspNetCore from 2.13.18 to 2.14.0
Bumps Umbraco.Cms from 17.3.0 to 17.3.4
Bumps Umbraco.Cms.Core from 17.3.0 to 17.3.4
Bumps Umbraco.Cms.Infrastructure from 17.3.0 to 17.3.4
Bumps Umbraco.Cms.Web.Common from 17.3.0 to 17.3.4
Bumps Umbraco.Cms.Web.Website from 17.3.0 to 17.3.4
Bumps uSync from 17.0.4 to 17.3.0

---
updated-dependencies:
- dependency-name: Aspire.Hosting.AppHost
  dependency-version: 13.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Aspire.Hosting.Azure.Storage
  dependency-version: 13.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Aspire.Hosting.Redis
  dependency-version: 13.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Aspire.Hosting.SqlServer
  dependency-version: 13.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Aspire.StackExchange.Redis.DistributedCaching
  dependency-version: 13.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer
  dependency-version: 10.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.AspNetCore.HeaderPropagation
  dependency-version: 10.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.Http.Resilience
  dependency-version: 10.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: Microsoft.Extensions.ServiceDiscovery
  dependency-version: 10.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: OpenTelemetry.Exporter.OpenTelemetryProtocol
  dependency-version: 1.15.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: OpenTelemetry.Extensions.Hosting
  dependency-version: 1.15.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Scalar.AspNetCore
  dependency-version: 2.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: Scalar.AspNetCore
  dependency-version: 2.14.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
- dependency-name: Umbraco.Cms
  dependency-version: 17.3.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Umbraco.Cms.Core
  dependency-version: 17.3.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Umbraco.Cms.Infrastructure
  dependency-version: 17.3.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Umbraco.Cms.Web.Common
  dependency-version: 17.3.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: Umbraco.Cms.Web.Website
  dependency-version: 17.3.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet-deps
- dependency-name: uSync
  dependency-version: 17.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Apr 17, 2026
@MiguelGuedelha MiguelGuedelha merged commit 7c78c9c into master Apr 18, 2026
1 check passed
@MiguelGuedelha MiguelGuedelha deleted the dependabot/nuget/project-templates/content/umbraco-headless-bff/UmbracoHeadlessBFF.Aspire/dotnet-deps-c6441c8c98 branch April 18, 2026 12:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant