Bump the nuget-non-major group with 16 updates#107
Open
dependabot[bot] wants to merge 1 commit into
Open
Conversation
Bumps Aspire.Hosting.AppHost from 13.4.2 to 13.4.6 Bumps Aspire.Hosting.PostgreSQL from 13.4.2 to 13.4.6 Bumps Markdig from 1.2.0 to 1.3.2 Bumps Microsoft.EntityFrameworkCore from 10.0.8 to 10.0.10 Bumps Microsoft.EntityFrameworkCore.Design from 10.0.8 to 10.0.10 Bumps Microsoft.EntityFrameworkCore.InMemory from 10.0.8 to 10.0.10 Bumps Microsoft.EntityFrameworkCore.Relational from 10.0.8 to 10.0.10 Bumps Microsoft.Extensions.Hosting from 10.0.8 to 10.0.10 Bumps Microsoft.Extensions.Http.Resilience from 10.6.0 to 10.8.0 Bumps Microsoft.NET.Test.Sdk from 18.6.0 to 18.8.1 Bumps Npgsql.EntityFrameworkCore.PostgreSQL from 10.0.2 to 10.0.3 Bumps Serilog.Settings.Configuration from 10.0.0 to 10.0.1 Bumps System.CommandLine from 2.0.8 to 2.0.10 Bumps Testcontainers from 4.12.0 to 4.13.0 Bumps Testcontainers.PostgreSql from 4.12.0 to 4.13.0 Bumps WireMock.Net from 2.9.0 to 2.12.0 --- updated-dependencies: - dependency-name: Aspire.Hosting.AppHost dependency-version: 13.4.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-non-major - dependency-name: Aspire.Hosting.PostgreSQL dependency-version: 13.4.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-non-major - dependency-name: Markdig dependency-version: 1.3.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-non-major - dependency-name: Microsoft.EntityFrameworkCore dependency-version: 10.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-non-major - dependency-name: Microsoft.EntityFrameworkCore.Design dependency-version: 10.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-non-major - dependency-name: Microsoft.EntityFrameworkCore.InMemory dependency-version: 10.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-non-major - dependency-name: Microsoft.EntityFrameworkCore.Relational dependency-version: 10.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-non-major - dependency-name: Microsoft.Extensions.Hosting dependency-version: 10.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-non-major - dependency-name: Microsoft.Extensions.Http.Resilience dependency-version: 10.8.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-non-major - dependency-name: Microsoft.NET.Test.Sdk dependency-version: 18.8.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-non-major - dependency-name: Npgsql.EntityFrameworkCore.PostgreSQL dependency-version: 10.0.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-non-major - dependency-name: Serilog.Settings.Configuration dependency-version: 10.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-non-major - dependency-name: System.CommandLine dependency-version: 2.0.10 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-non-major - dependency-name: Testcontainers dependency-version: 4.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-non-major - dependency-name: Testcontainers.PostgreSql dependency-version: 4.13.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-non-major - dependency-name: WireMock.Net dependency-version: 2.12.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-non-major ... Signed-off-by: dependabot[bot] <support@github.com>
Contributor
|
🟢 SemVer classification: Rationale: This PR only updates NuGet dependency versions to non-major releases (patch and minor version bumps within compatible ranges), which is a routine maintenance change with no breaking deployment implications. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updated Aspire.Hosting.AppHost from 13.4.2 to 13.4.6.
Release notes
Sourced from Aspire.Hosting.AppHost's releases.
13.4.6
What's New in Aspire 13.4.6
Patch release for Aspire 13.4 fixing polyglot AppHost code generation binding when CLI and SDK versions diverge, resource service port collision in
--isolatedmode, and a MongoDB.Driver dependency update.🐛 Fixes
🔗 Polyglot AppHost code generation silently failed when CLI and SDK versions diverged —
Aspire.TypeSystemused a floating strong-nameAssemblyVersionthat changed with every build. When the installed Aspire CLI was built at a different version than the AppHost's SDK, the CLR couldn't satisfy the strong-name bind and every code generator (TypeScript, Python, Java, Go, Rust) was silently dropped, surfacing asNo code generator found for language: <lang>. TheAssemblyVersionis now frozen at a stable constant so any compatible CLI/SDK pair on 13.4 binds successfully. Relates to #18110 and #17910. (#18160,@sebastienros)🔌 Multiple AppHosts started with
--isolatedcollided on the resource service port — Both instances tried to bind to the same fixed port fromASPIRE_RESOURCE_SERVICE_ENDPOINT_URL, causing an "address already in use" error on the second instance.DashboardServiceHostnow binds to port 0 on loopback whenRandomizePortsis true (set by--isolated), letting the OS assign a unique port per instance. (#18341,@JamesNK)🍃 MongoDB.Driver updated to 3.9.0 — Removes a wrongly pinned
SharpCompresstransitive dependency and uses the correctedSnappiertransitive. Fixes #17981. (#18279,@Falco20019)🏷️ Housekeeping
Full Changelog: v13.4.5...v13.4.6
Full commit: 87fe259e4fc244c599019a7b1304c85a1488f248
13.4.5
What's New in Aspire 13.4.5
Patch release for Aspire 13.4 clearing a transitive MessagePack security advisory, tightening CLI validation for Playwright configuration, and adding coding-agent detection to CLI telemetry.
🐛 Fixes
MessagePackFormatteror LZ4 — all StreamJsonRpc calls useSystemTextJsonFormatterover local Unix sockets — so the vulnerability was not reachable in practice. The bump clears the NU1903 warning for consumers of theAspire.Hostingpackage. (#18204,@mitchdenny)playwrightCliVersionvalues that are not valid SemVer 2.0 now fail fast with a clear diagnostic — Previously an invalid override (range expression, dist-tag likelatest, or av-prefixed string) would surface as a generic npm resolution failure. The value is now validated with strict SemVer parsing at startup; an error naming the configuration key and the offending value is emitted immediately. (#18205,@mitchdenny)copilot-cli. (#18240,@damianedwards)🏷️ Housekeeping
@microsoft/aspire-clinpm package README to be TypeScript-only — updated examples to the currentts-startertemplate (apphost.mts/aspire.mjs), added a backing-services snippet showingaspire addfor PostgreSQL and Redis, and documentedaspire dashboard runas a standalone dashboard option. (#18221,@adamint)Full Changelog: v13.4.4...v13.4.5
Full commit: 73114e86c64aeb9f3f3c7da8e37df1ae4281b27e
13.4.4
What's New in Aspire 13.4.4
Patch release for Aspire 13.4 with improved DCP connection reliability during request execution and consistent
ExcludeFromMcp()filtering across all CLI MCP tools.🐛 Fixes
@karolz-ms)ExcludeFromMcp()were not consistently filtered from CLI MCP tools — Resources with theresource.excludeFromMcpproperty were not excluded uniformly from all CLI MCP tool results.list_resources,list_console_logs,execute_resource_command,list_structured_logs,list_traces, andlist_trace_structured_logsall now honor the exclusion, preventing excluded resources and their telemetry from appearing in agent context. (#18150,@JamesNK)🏷️ Housekeeping
@adamratzman)Full Changelog: v13.4.3...v13.4.4
Full commit: ccc566c5ab3285c9beb8f38ede34734bb477c029
13.4.3
What's New in Aspire 13.4.3
Patch release for Aspire 13.4 with a fix for persistent container endpoint allocation regressions introduced in 13.4.
🐛 Fixes
isProxied: falseorWithEndpointProxySupport(false). Proxyless container endpoints with only atargetPortspecified now also resolve immediately to that port instead of waiting for delayed allocation. (#17960,@danegsta)🏷️ Housekeeping
Full Changelog: microsoft/aspire@v13.4.2...v13.4.3
Full commit: 4f218933552e18ff2874d1b6d5dc3fe671e3b6d9
Commits viewable in compare view.
Updated Aspire.Hosting.PostgreSQL from 13.4.2 to 13.4.6.
Release notes
Sourced from Aspire.Hosting.PostgreSQL's releases.
13.4.6
What's New in Aspire 13.4.6
Patch release for Aspire 13.4 fixing polyglot AppHost code generation binding when CLI and SDK versions diverge, resource service port collision in
--isolatedmode, and a MongoDB.Driver dependency update.🐛 Fixes
🔗 Polyglot AppHost code generation silently failed when CLI and SDK versions diverged —
Aspire.TypeSystemused a floating strong-nameAssemblyVersionthat changed with every build. When the installed Aspire CLI was built at a different version than the AppHost's SDK, the CLR couldn't satisfy the strong-name bind and every code generator (TypeScript, Python, Java, Go, Rust) was silently dropped, surfacing asNo code generator found for language: <lang>. TheAssemblyVersionis now frozen at a stable constant so any compatible CLI/SDK pair on 13.4 binds successfully. Relates to #18110 and #17910. (#18160,@sebastienros)🔌 Multiple AppHosts started with
--isolatedcollided on the resource service port — Both instances tried to bind to the same fixed port fromASPIRE_RESOURCE_SERVICE_ENDPOINT_URL, causing an "address already in use" error on the second instance.DashboardServiceHostnow binds to port 0 on loopback whenRandomizePortsis true (set by--isolated), letting the OS assign a unique port per instance. (#18341,@JamesNK)🍃 MongoDB.Driver updated to 3.9.0 — Removes a wrongly pinned
SharpCompresstransitive dependency and uses the correctedSnappiertransitive. Fixes #17981. (#18279,@Falco20019)🏷️ Housekeeping
Full Changelog: v13.4.5...v13.4.6
Full commit: 87fe259e4fc244c599019a7b1304c85a1488f248
13.4.5
What's New in Aspire 13.4.5
Patch release for Aspire 13.4 clearing a transitive MessagePack security advisory, tightening CLI validation for Playwright configuration, and adding coding-agent detection to CLI telemetry.
🐛 Fixes
MessagePackFormatteror LZ4 — all StreamJsonRpc calls useSystemTextJsonFormatterover local Unix sockets — so the vulnerability was not reachable in practice. The bump clears the NU1903 warning for consumers of theAspire.Hostingpackage. (#18204,@mitchdenny)playwrightCliVersionvalues that are not valid SemVer 2.0 now fail fast with a clear diagnostic — Previously an invalid override (range expression, dist-tag likelatest, or av-prefixed string) would surface as a generic npm resolution failure. The value is now validated with strict SemVer parsing at startup; an error naming the configuration key and the offending value is emitted immediately. (#18205,@mitchdenny)copilot-cli. (#18240,@damianedwards)🏷️ Housekeeping
@microsoft/aspire-clinpm package README to be TypeScript-only — updated examples to the currentts-startertemplate (apphost.mts/aspire.mjs), added a backing-services snippet showingaspire addfor PostgreSQL and Redis, and documentedaspire dashboard runas a standalone dashboard option. (#18221,@adamint)Full Changelog: v13.4.4...v13.4.5
Full commit: 73114e86c64aeb9f3f3c7da8e37df1ae4281b27e
13.4.4
What's New in Aspire 13.4.4
Patch release for Aspire 13.4 with improved DCP connection reliability during request execution and consistent
ExcludeFromMcp()filtering across all CLI MCP tools.🐛 Fixes
@karolz-ms)ExcludeFromMcp()were not consistently filtered from CLI MCP tools — Resources with theresource.excludeFromMcpproperty were not excluded uniformly from all CLI MCP tool results.list_resources,list_console_logs,execute_resource_command,list_structured_logs,list_traces, andlist_trace_structured_logsall now honor the exclusion, preventing excluded resources and their telemetry from appearing in agent context. (#18150,@JamesNK)🏷️ Housekeeping
@adamratzman)Full Changelog: v13.4.3...v13.4.4
Full commit: ccc566c5ab3285c9beb8f38ede34734bb477c029
13.4.3
What's New in Aspire 13.4.3
Patch release for Aspire 13.4 with a fix for persistent container endpoint allocation regressions introduced in 13.4.
🐛 Fixes
isProxied: falseorWithEndpointProxySupport(false). Proxyless container endpoints with only atargetPortspecified now also resolve immediately to that port instead of waiting for delayed allocation. (#17960,@danegsta)🏷️ Housekeeping
Full Changelog: microsoft/aspire@v13.4.2...v13.4.3
Full commit: 4f218933552e18ff2874d1b6d5dc3fe671e3b6d9
Commits viewable in compare view.
Updated Markdig from 1.2.0 to 1.3.2.
Release notes
Sourced from Markdig's releases.
1.3.2
Changes
🐛 Bug Fixes
Full Changelog: 1.3.1...1.3.2
Published with dotnet-releaser
1.3.1
Changes
🐛 Bug Fixes
Full Changelog: 1.3.0...1.3.1
Published with dotnet-releaser
1.3.0
Changes
🐛 Bug Fixes
📚 Documentation
🧰 Misc
Full Changelog: 1.2.0...1.3.0
Published with dotnet-releaser
Commits viewable in compare view.
Updated Microsoft.EntityFrameworkCore from 10.0.8 to 10.0.10.
Release notes
Sourced from Microsoft.EntityFrameworkCore's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Microsoft.EntityFrameworkCore.Design from 10.0.8 to 10.0.10.
Release notes
Sourced from Microsoft.EntityFrameworkCore.Design's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Microsoft.EntityFrameworkCore.InMemory from 10.0.8 to 10.0.10.
Release notes
Sourced from Microsoft.EntityFrameworkCore.InMemory's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Microsoft.EntityFrameworkCore.Relational from 10.0.8 to 10.0.10.
Release notes
Sourced from Microsoft.EntityFrameworkCore.Relational's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Microsoft.Extensions.Hosting from 10.0.8 to 10.0.10.
Release notes
Sourced from Microsoft.Extensions.Hosting's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Microsoft.Extensions.Http.Resilience from 10.6.0 to 10.8.0.
Release notes
Sourced from Microsoft.Extensions.Http.Resilience's releases.
10.8.0
This release adds new experimental APIs to Microsoft.Extensions.AI.Abstractions and updates the OpenAI dependency to 2.12.0, alongside documentation, test, and repository maintenance.
Experimental API Changes
New Experimental APIs
AIFunctionNameAttributeandAIParameterNameAttribute#7610 by @jozkee (co-authored by @jeffhandley @Copilot)ToolApprovalRequestContent.RequiresConfirmation(MEAI001) #7549 by @javiercn (co-authored by @Copilot)What's Changed
AI
Vector Data
Documentation Updates
Test Improvements
Repository Infrastructure Updates
... (truncated)
10.7.0
v10.7.0 graduates the Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes package to stable. The package registers a Kubernetes-aware
ResourceQuotaProviderthat reads the pod's CPU and memory requests and limits and exposes them toMicrosoft.Extensions.Diagnostics.ResourceMonitoringas baseline and maximum quotas, which then feed the request and limit dimensions of the published resource utilization metrics. The companionResourceQuotaandResourceQuotaProvidertypes inMicrosoft.Extensions.Diagnostics.ResourceMonitoringgraduate to stable in the same change so that consumers can implement custom quota providers without taking an experimental dependency.On the AI side,
Microsoft.Extensions.AI.OpenAImoves to OpenAI 2.11.0 and fixes a deserialization bug inToolJson.AdditionalPropertiesso that JSON SchemaadditionalPropertiesvalues shaped as sub-schema objects (for example{"type":"string"}) are preserved instead of throwing during deserialization.HostedFileContent.SizeInBytesandHostedFileContent.CreatedAtgraduate to stable since both values are consistently available across hosted-file providers, whilePurposeandScoperemain experimental as provider-shaped vocabulary.FunctionInvokingChatClientdrops a backward-compat path that auto-markedToolApprovalResponseContententries withInformationalOnly: true; consumers that need to continue accepting sessions serialized before #7468 can use the sampleApprovalHistoryNormalizingChatClientmiddleware added in the test project.Experimental API Changes
Now Stable
Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetespackage is now stable #7253ResourceQuotaandResourceQuotaProviderAPIs are now stable (previouslyEXTEXP0008) #7253HostedFileContent.SizeInBytesandHostedFileContent.CreatedAtare now stable (previouslyMEAI001) #7513What's Changed
AI
Diagnostics, Health Checks, and Resource Monitoring
Repository Infrastructure Updates
Acknowledgements
Full Changelog: dotnet/extensions@v10.6.0...v10.7.0
Commits viewable in compare view.
Updated Microsoft.NET.Test.Sdk from 18.6.0 to 18.8.1.
Release notes
Sourced from Microsoft.NET.Test.Sdk's releases.
18.8.1
What's Changed
Full Changelog: microsoft/vstest@v18.8.0...v18.8.1
18.8.0
What's Changed
Full Changelog: microsoft/vstest@v18.7.0...v18.8.0
18.7.0
What's Changed
New Contributors
Full Changelog: microsoft/vstest@v18.6.0...v18.7.0
Commits viewable in compare view.
Updated Npgsql.EntityFrameworkCore.PostgreSQL from 10.0.2 to 10.0.3.
Release notes
Sourced from Npgsql.EntityFrameworkCore.PostgreSQL's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Serilog.Settings.Configuration from 10.0.0 to 10.0.1.
Release notes
Sourced from Serilog.Settings.Configuration's releases.
10.0.1
What's Changed
New Contributors
Full Changelog: serilog/serilog-settings-configuration@v10.0.0...v10.0.1
Commits viewable in compare view.
Updated System.CommandLine from 2.0.8 to 2.0.10.
Release notes
Sourced from System.CommandLine's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated Testcontainers from 4.12.0 to 4.13.0.
Release notes
Sourced from Testcontainers's releases.
4.13.0
What's Changed
Thank you to everyone who contributed and shared their feedback 🤜🤛.
The NuGet packages for this release have been attested for supply chain security using
actions/attest. This confirms the integrity and provenance of the artifacts and helps ensure they can be trusted: #33686956.🚀 Features
🐛 Bug Fixes
📖 Documentation
🧹 Housekeeping
📦 Dependency Updates
Commits viewable in compare view.
Updated Testcontainers.PostgreSql from 4.12.0 to 4.13.0.
Release notes
Sourced from Testcontainers.PostgreSql's releases.
4.13.0
What's Changed
Thank you to everyone who contributed and shared their feedback 🤜🤛.
The NuGet packages for this release have been attested for supply chain security using
actions/attest. This confirms the integrity and provenance of the artifacts and helps ensure they can be trusted: #33686956.🚀 Features
🐛 Bug Fixes
📖 Documentation
🧹 Housekeeping
📦 Dependency Updates
Commits viewable in compare view.
Updated WireMock.Net from 2.9.0 to 2.12.0.
Release notes
Sourced from WireMock.Net's releases.
2.12.0
What's Changed
New Contributors
Full Changelog: wiremock/WireMock.Net@2.11.0...2.12.0
2.11.0
What's Changed
Full Changelog: wiremock/WireMock.Net@2.10.0...2.11.0
2.10.0
What's Changed
Full Changelog: wiremock/WireMock.Net@2.9.0...2.10.0
Commits viewable in compare view.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions