build: Bump the aspire-dependencies group with 1 update

[dependabot]

Updated Aspire.Hosting.AppHost from 9.4.2 to 13.1.0.

Release notes

Sourced from Aspire.Hosting.AppHost's releases.

13.1.0

We are excited to share that our 13.1.0 release of Aspire has shipped! All of the packages are available in NuGet.org now. Head over to https://aspire.dev/whats-new/aspire-13-1/ to find what's new in 13.1.0!

What's Changed

• Target net10.0 in client integrations by @​eerhardt in Target net10.0 in client integrations microsoft/aspire#12500
• Fix DockerComposeEnvironment duplicating image names in .env file by @​Copilot in Fix DockerComposeEnvironment duplicating image names in .env file microsoft/aspire#12310
• Replace apt-get with npm for Azure Functions Core Tools installation by @​Copilot in Replace apt-get with npm for Azure Functions Core Tools installation microsoft/aspire#12537
• Improve flaky dashboard integration test by @​JamesNK in Improve flaky dashboard integration test microsoft/aspire#12534
• Add README.md for the Aspire.Hosting.Azure.AppService package by @​ShilpiRach in Add README.md for the Aspire.Hosting.Azure.AppService package microsoft/aspire#12528
• Add support to enable automatic scaling for App Service Environment by @​ShilpiRach in Add support to enable automatic scaling for App Service Environment microsoft/aspire#12305
• Update to FluentUI 4.13.1 by @​JamesNK in Update to FluentUI 4.13.1 microsoft/aspire#12532
• Skip playground projects in build-packages workflow by @​Copilot in Skip playground projects in build-packages workflow microsoft/aspire#12547
• Allow HostUrl to remap both address and port by @​danegsta in Allow HostUrl to remap both address and port microsoft/aspire#12521
• Refactor NodeJs Integration by @​eerhardt in Refactor NodeJs Integration microsoft/aspire#12530
• Fix MCP endpoint with redirect HTTPS by @​JamesNK in Fix MCP endpoint with redirect HTTPS microsoft/aspire#12556
• [main] Update dependencies from microsoft/usvc-apiserver by @​dotnet-maestro[bot] in [main] Update dependencies from microsoft/usvc-apiserver microsoft/aspire#12540
• Refactor AddNodeApp by @​eerhardt in Refactor AddNodeApp microsoft/aspire#12538
• Update Aspire branding from 13.0 to 13.1 by @​Copilot in Update Aspire branding from 13.0 to 13.1 microsoft/aspire#12527
• Add annotation to specify custom base images for generated Dockerfiles by @​Copilot in Add annotation to specify custom base images for generated Dockerfiles microsoft/aspire#12566
• Fix generating random MCP endpoint URL in templates by @​JamesNK in Fix generating random MCP endpoint URL in templates microsoft/aspire#12558
• [CI] Add new Agent for disabling or quarantining tests by @​radical in [CI] Add new Agent for disabling or quarantining tests microsoft/aspire#12570
• Add ExcludeFromMcp() resource extension by @​JamesNK in Add ExcludeFromMcp() resource extension microsoft/aspire#12515
• Localized file check-in by OneLocBuild Task: Build definition ID 1309: Build ID 2828818 by @​dotnet-bot in Localized file check-in by OneLocBuild Task: Build definition ID 1309: Build ID 2828818 microsoft/aspire#12546
• Register IPipelineOutputService in DI for pipeline output directory management by @​Copilot in Register IPipelineOutputService in DI for pipeline output directory management microsoft/aspire#12563
• Add deploy support for Docker Compose by @​captainsafia in Add deploy support for Docker Compose microsoft/aspire#12548
• Quarantine flaky test: AzureServiceBusEmulatorResourceGeneratesConfigJsonWithCustomizations by @​Copilot in Quarantine flaky test: AzureServiceBusEmulatorResourceGeneratesConfigJsonWithCustomizations microsoft/aspire#12578
• Update connection properties for non-Azure resources by @​sebastienros in Update connection properties for non-Azure resources microsoft/aspire#12583
• Filter to highest package version per channel in aspire add command by @​Copilot in Filter to highest package version per channel in aspire add command microsoft/aspire#12553
• Log DCP messages at Debug/Trace level in AppHost by @​Copilot in Log DCP messages at Debug/Trace level in AppHost microsoft/aspire#12533
• Add CLI self-update prompts to aspire update command by @​Copilot in Add CLI self-update prompts to aspire update command microsoft/aspire#12395
• Fix golang and alpine images. by @​mitchdenny in Fix golang and alpine images. microsoft/aspire#12592
• Replace ContainerTargetPlatform.AllLinux with LinuxAmd64 by @​Copilot in Replace ContainerTargetPlatform.AllLinux with LinuxAmd64 microsoft/aspire#12596
• [main] Update dependencies from microsoft/usvc-apiserver by @​dotnet-maestro[bot] in [main] Update dependencies from microsoft/usvc-apiserver microsoft/aspire#12610
• Make IReportingStep and IReportingTask completion idempotent by @​Copilot in Make IReportingStep and IReportingTask completion idempotent microsoft/aspire#12602
• Show --log-level debug hint when pipeline fails by @​Copilot in Show --log-level debug hint when pipeline fails microsoft/aspire#12603
• [main] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [main] Update dependencies from dotnet/arcade microsoft/aspire#12622
• Rename app.py to main.py in template by @​eerhardt in Rename app.py to main.py in template microsoft/aspire#12628
• bump extension version by @​adamint in bump extension version microsoft/aspire#12623
• don't build apphost in cli when running in extension by @​adamint in don't build apphost in cli when running in extension microsoft/aspire#12621
• Detect which version of yarn is being used by @​eerhardt in Detect which version of yarn is being used microsoft/aspire#12633
• Fix duplicate key exception when using WithExplicitStart() on resources with environment callbacks by @​Copilot in Fix duplicate key exception when using WithExplicitStart() on resources with environment callbacks microsoft/aspire#12604
• Support AddCSharpApp, fix some rough edges around project resources by @​adamint in Support AddCSharpApp, fix some rough edges around project resources microsoft/aspire#12568
• Add missing namespace to CertificateAuthorityCollectionResource by @​danegsta in Add missing namespace to CertificateAuthorityCollectionResource microsoft/aspire#12639
• Add ModelContextProtocol assemblies to signing list by @​joperezr in Add ModelContextProtocol assemblies to signing list microsoft/aspire#12637
• Generate fallback Dockerfile for Python apps without UV by @​Copilot in Generate fallback Dockerfile for Python apps without UV microsoft/aspire#12627
• Update/bump container image tags for hosting components by @​joperezr in Update/bump container image tags for hosting components microsoft/aspire#12459
• Mark IDeveloperCertificateService experimental by @​danegsta in Mark IDeveloperCertificateService experimental microsoft/aspire#12648
• Wait with exponential backoff for expected Executables by @​karolz-ms in Wait with exponential backoff for expected Executables microsoft/aspire#12647
• Make ProcessCertificateTrustConfigAsync internal by @​danegsta in Make ProcessCertificateTrustConfigAsync internal microsoft/aspire#12649
• Add test cases and ensure container cert override paths work by @​danegsta in Add test cases and ensure container cert override paths work microsoft/aspire#12654
• Python hosting: Support .venv lookup by walking up parent directories by @​Copilot in Python hosting: Support .venv lookup by walking up parent directories microsoft/aspire#12616
  ... (truncated)

13.0.2

This patch is updating our Project Templates for our Python starter app to ensure we depend on the latest version of React. This is out of an abundance of caution, as we don't depend on any of the react packages that were flagged as vulnerable in GHSA-fv66-9v8q-g76r.

What's Changed

• Bump patch version from 13.0.1 to 13.0.2 by @​Copilot in Bump patch version from 13.0.1 to 13.0.2 microsoft/aspire#13324
• Update React and ReactDOM to version 19.2.1 across all projects by @​joperezr in Update React and ReactDOM to version 19.2.1 across all projects microsoft/aspire#13325

Full Changelog: microsoft/aspire@v13.0.1...v13.0.2

13.0.1

What's Changed

• Merge internal changes by @​joperezr in Merge internal changes microsoft/aspire#12896
• [release/13.0] Fix Azure roles resources always redeploying by @​github-actions[bot] in [release/13.0] Fix Azure roles resources always redeploying microsoft/aspire#12903
• [release/13.0] Remove .py and .js files from being signed (#​13005) by @​eerhardt in [release/13.0] Remove .py and .js files from being signed (#13005) microsoft/aspire#13032
• [release/13.0] Fix subscription ID not being disabled on Azure provisioning dialog by @​github-actions[bot] in [release/13.0] Fix subscription ID not being disabled on Azure provisioning dialog microsoft/aspire#12913
• [release/13.0] Default OpenAISettings.EnableSensitiveTelemetryData to TelemetryHelpers.EnableSensitiveDataDefault by @​github-actions[bot] in [release/13.0] Default OpenAISettings.EnableSensitiveTelemetryData to TelemetryHelpers.EnableSensitiveDataDefault microsoft/aspire#13017
• Bump patch version from 13.0.0 to 13.0.1 by @​Copilot in Bump patch version from 13.0.0 to 13.0.1 microsoft/aspire#13167
• [release/13.0] EndpointReference evaluation should wait on missing AllocatedEndpoint (#​13074) by @​karolz-ms in [release/13.0] EndpointReference evaluation should wait on missing AllocatedEndpoint (#13074) microsoft/aspire#13076
• [release/13.0] Update to Npgsql 10 by @​github-actions[bot] in [release/13.0] Update to Npgsql 10 microsoft/aspire#13166
• [release/13.0] Update dependencies from microsoft/usvc-apiserver by @​danegsta in [release/13.0] Update dependencies from microsoft/usvc-apiserver microsoft/aspire#13187

Full Changelog: microsoft/aspire@v13.0.0...v13.0.1

13.0.0

We are excited to share that our 13.0.0 release of Aspire has shipped! All of the packages are available in NuGet.org now. Head over to https://aspire.dev/whats-new/aspire-13/ to find what's new in 13.0.0!

New Contributors

• @​jomaxso made their first contribution in Add WithChildRelationship methods for parent-child relationships microsoft/aspire#11840
• @​jguadagno made their first contribution in Queue document update microsoft/aspire#11876
• @​foxminchan made their first contribution in Update Qdrant logo image to a new version microsoft/aspire#11700
• @​yreynhout made their first contribution in Support for .fsproj, .vbproj project files next to .csproj microsoft/aspire#12087

Full Changelog: microsoft/aspire@v9.5.0...v13.0.0

9.5.2

What's Changed

• [release/9.5] Revert SQL Server container image tag from 2025-latest to 2022-latest for Mac ARM compatibility by @​github-actions[bot] in [release/9.5] Revert SQL Server container image tag from 2025-latest to 2022-latest for Mac ARM compatibility microsoft/aspire#11908
• [release/9.5] Ensure OutputPath is created in ResourceContainerImageBuilder by @​github-actions[bot] in [release/9.5] Ensure OutputPath is created in ResourceContainerImageBuilder microsoft/aspire#11886
• [release/9.5] Add configuration to suppress unsecured telemetry message in dashboard by @​github-actions[bot] in [release/9.5] Add configuration to suppress unsecured telemetry message in dashboard microsoft/aspire#11954
• [release/9.5] Update dependencies from https://github.com/microsoft/usvc-apiserver build 0.17.3 by @​danegsta in [release/9.5] Update dependencies from https://github.com/microsoft/usvc-apiserver build 0.17.3 microsoft/aspire#12032
• [release/9.5] Multi-target RabbitMQ and Redis client libraries by @​eerhardt in [release/9.5] Multi-target RabbitMQ and Redis client libraries microsoft/aspire#12138
• Backport PR #​11951: Add noProfileSwitch to run command in DotNetCliRunner by @​Copilot in Backport PR #11951: Add noProfileSwitch to run command in DotNetCliRunner microsoft/aspire#11959
• Bump patch version to 9.5.2 by @​Copilot in Bump patch version to 9.5.2 microsoft/aspire#12139

Full Changelog: microsoft/aspire@v9.5.1...v9.5.2

9.5.1

What's Changed

• [release/9.5]: Add proper launch profile support to the VS Code extension by @​Copilot in [release/9.5]: Add proper launch profile support to the VS Code extension microsoft/aspire#11617
• [release/9.5] Cherry-pick extension build and sign pipeline setup by @​Copilot in [release/9.5] Cherry-pick extension build and sign pipeline setup microsoft/aspire#11618
• [release/9.5] Fix globalPackagesFolder path to be platform-agnostic in NuGetConfigMerger by @​github-actions[bot] in [release/9.5] Fix globalPackagesFolder path to be platform-agnostic in NuGetConfigMerger microsoft/aspire#11626
• [release/9.5] Fix flashing console windows when Docker processes are launched on Windows by @​github-actions[bot] in [release/9.5] Fix flashing console windows when Docker processes are launched on Windows microsoft/aspire#11615
• [release/9.5] Display help text for GenAI sensitive data when no messages by @​github-actions[bot] in [release/9.5] Display help text for GenAI sensitive data when no messages microsoft/aspire#11668
• [release/9.5] Allow .NET 10 prerelease versions for single-file apphost scenarios by @​github-actions[bot] in [release/9.5] Allow .NET 10 prerelease versions for single-file apphost scenarios microsoft/aspire#11616
• [release/9.5] Update Aspire package versions from 9.5.0 to 9.5.1 by @​Copilot in [release/9.5] Update Aspire package versions from 9.5.0 to 9.5.1 microsoft/aspire#11721
• [release/9.5] Fix DevTunnels in DevContainers and Codespaces by @​github-actions[bot] in [release/9.5] Fix DevTunnels in DevContainers and Codespaces microsoft/aspire#11730
• [release/9.5] Don't require gen_ai.system attribute on span events by @​github-actions[bot] in [release/9.5] Don't require gen_ai.system attribute on span events microsoft/aspire#11735
• [release/9.5] Update Microsoft.Extensions.AI packages, use content env var by @​github-actions[bot] in [release/9.5] Update Microsoft.Extensions.AI packages, use content env var microsoft/aspire#11726
• [release/9.5] Fix ParameterProcessor to use ExecutionContextOptions and skip excluded resources by @​github-actions[bot] in [release/9.5] Fix ParameterProcessor to use ExecutionContextOptions and skip excluded resources microsoft/aspire#11782
• [release/9.5] Update retry in Kusto emulator actions to handle any non-permanent error by @​github-actions[bot] in [release/9.5] Update retry in Kusto emulator actions to handle any non-permanent error microsoft/aspire#11779
• [release/9.5] Fix CommandLineArgsCallbackContext ExecutionContext in AzureResourcePreparer and prevent WithVSCodeDebugSupport execution in publish mode by @​github-actions[bot] in [release/9.5] Fix CommandLineArgsCallbackContext ExecutionContext in AzureResourcePreparer and prevent WithVSCodeDebugSupport execution in publish mode microsoft/aspire#11788
• [release/9.5] Fix GenAI visualizer when span is missing peer attribute by @​JamesNK in [release/9.5] Fix GenAI visualizer when span is missing peer attribute microsoft/aspire#11765
• [release/9.5] Support parameter names with dashes resolved from underscore configuration by @​github-actions[bot] in [release/9.5] Support parameter names with dashes resolved from underscore configuration microsoft/aspire#11802
• [release/9.5] Adapt OpenAI health check based on endpoint configuration by @​github-actions[bot] in [release/9.5] Adapt OpenAI health check based on endpoint configuration microsoft/aspire#11792

Full Changelog: microsoft/aspire@v9.5.0...v9.5.1

9.5.0

We are excited to share that our 9.5.0 release of Aspire has shipped! All of the packages are available in NuGet.org now. Head over to https://learn.microsoft.com/en-us/dotnet/aspire/whats-new/dotnet-aspire-9.5 to find what's new in 9.5.0!

New Contributors

• @​benwitmanmsft made their first contribution in Add missing end quote for Outputs declaration microsoft/aspire#10289
• @​MattKotsenas made their first contribution in Add xmldocs to generated metadata projects microsoft/aspire#9868
• @​danespinosa made their first contribution in Update contributing.md microsoft/aspire#10394
• @​jnyrup made their first contribution in Do not match pipe as port separator microsoft/aspire#10884
• @​ericstj made their first contribution in Update Azure.AI.OpenAI microsoft/aspire#10928
• @​jeremy-vm made their first contribution in Bump azurite to latest release for azure storage emulator microsoft/aspire#10972
• @​Steinblock made their first contribution in fix for wrong OpenAIClientOptions used with keyed OpenAIClient(s) microsoft/aspire#11003
• @​brettcannon made their first contribution in Fix grammar in AddX method responsibilities docs microsoft/aspire#11014
• @​twsouthwick made their first contribution in Allow requiring OpenTelemetry protocol if needed microsoft/aspire#10507
• @​KirillOsenkov made their first contribution in Make copying project templates incremental microsoft/aspire#11164
• @​CaitieM20 made their first contribution in Caitie/update test templates microsoft/aspire#10662

Full Changelog: microsoft/aspire@v9.4.0...v9.5.0

Commits viewable in compare view.

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[dependabot]

Labels

The following labels could not be found: automerge, dependencies. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Review	Updated (UTC)
leaflet	Ready	Preview, Comment	Jan 26, 2026 2:33am

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}