chore(deps): Bump the minor-and-patch group with 23 updates by dependabot[bot] · Pull Request #181 · leehopper/personal-running-coach

dependabot · 2026-06-11T15:44:07Z

Updated Anthropic from 12.24.1 to 12.29.0.

Updated Aspire.Npgsql from 13.4.2 to 13.4.3.

Release notes

Sourced from Aspire.Npgsql's releases.

13.4.3 What's New in Aspire 13.4.3

Patch release for Aspire 13.4 with a fix for persistent container endpoint allocation regressions introduced in 13.4.

🐛 Fixes

🔌 Persistent container endpoints had incorrect default behavior — Persistent containers were defaulting to proxyless endpoint behavior instead of the proxied behavior used by normal containers. This caused integrations that depend on endpoint allocation before resource startup (such as the KeyVault emulator) to fail. Persistent containers now default to proxied endpoints matching normal container behavior; opt out with isProxied: false or WithEndpointProxySupport(false). Proxyless container endpoints with only a targetPort specified now also resolve immediately to that port instead of waiting for delayed allocation. (#17960, @danegsta)

🏷️ Housekeeping

🛠️ Unblocked WinGet manifest publishing on locked-down 1ES agents and updated manifest tags (#17958)

Full Changelog: microsoft/aspire@v13.4.2...v13.4.3

Full commit: 4f218933552e18ff2874d1b6d5dc3fe671e3b6d9

Generated by Generate release notes for a new stable Aspire release · ● 4.7M

Commits viewable in compare view.

Updated Marten from 9.5.2 to 9.7.2.

Release notes

Sourced from Marten's releases.

9.7.2 What's Changed

Fix #4713 — idempotent re-apply of per-tenant LIST partitions (consume Weasel 9.1.5) by @jeremydmiller in Fix #4713 — idempotent re-apply of per-tenant LIST partitions (consume Weasel 9.1.5) JasperFx/marten#4716
Bump shell-quote from 1.8.2 to 1.8.4 by @dependabot[bot] in Bump shell-quote from 1.8.2 to 1.8.4 JasperFx/marten#4715
#4712 + #4717 — per-tenant partitioning daemon: safe-harbor high-water + per-tenant progression (JasperFx 2.9.4) by @jeremydmiller in #4712 + #4717 — per-tenant partitioning daemon: safe-harbor high-water + per-tenant progression (JasperFx 2.9.4) JasperFx/marten#4714
Bump JasperFx 2.9.5 → 2.9.6 by @jeremydmiller in Bump JasperFx 2.9.5 → 2.9.6 JasperFx/marten#4719

Full Changelog: JasperFx/marten@V9.7.1...V9.7.2

9.7.1 What's Changed

Re-worked the mechanics of IEventStreamInstrumentation by @jeremydmiller in Re-worked the mechanics of IEventStreamInstrumentation JasperFx/marten#4703
#4679 — composite catch-up guard + unskip fixture (root cause fixed in JasperFx.Events 2.9.0) by @jeremydmiller in #4679 — composite catch-up guard + unskip fixture (root cause fixed in JasperFx.Events 2.9.0) JasperFx/marten#4704
Fix #4705 — composite projection shards stall at seq 1 under per-tenant event partitioning by @jeremydmiller in Fix #4705 — composite projection shards stall at seq 1 under per-tenant event partitioning JasperFx/marten#4707
feat(events): populate ProjectionErrors / ProjectionRebuildErrors on TryCreateUsage by @jeremydmiller in feat(events): populate ProjectionErrors / ProjectionRebuildErrors on TryCreateUsage JasperFx/marten#4708
Fix #4706 — managed partitioned tables destructively rebuilt on sharded redeploy by @jeremydmiller in Fix #4706 — managed partitioned tables destructively rebuilt on sharded redeploy JasperFx/marten#4709

Full Changelog: JasperFx/marten@V9.7.0...V9.7.1

9.7.0

There's a few bug fixes, and the new functionality is really for CritterWatch.

What's Changed

#4677 follow-up — object-projection aggregates + post-SelectMany Select/Where by @jeremydmiller in #4677 follow-up — object-projection aggregates + post-SelectMany Select/Where JasperFx/marten#4678
Bump JasperFx.* 2.8.2 → 2.9.0 by @jeremydmiller in Bump JasperFx.* 2.8.2 → 2.9.0 JasperFx/marten#4688
Fix #4681 — centralize high-water progression-row identity in a Marten helper by @jeremydmiller in Fix #4681 — centralize high-water progression-row identity in a Marten helper JasperFx/marten#4689
Fix #4686 — implement IEventStoreInstrumentation on EventGraph by @jeremydmiller in Fix #4686 — implement IEventStoreInstrumentation on EventGraph JasperFx/marten#4690
#4684 Phase E.1 — per-period throughput sampling + Npgsql round-trip counting by @jeremydmiller in #4684 Phase E.1 — per-period throughput sampling + Npgsql round-trip counting JasperFx/marten#4691
#4684 Phase E.2 — progression lock-wait sampler by @jeremydmiller in #4684 Phase E.2 — progression lock-wait sampler JasperFx/marten#4692
Fix #4680 — upcaster shadowed when source type is typed-appended in same DocumentStore by @jeremydmiller in Fix #4680 — upcaster shadowed when source type is typed-appended in same DocumentStore JasperFx/marten#4694
Fix #4683 (fixes 1+2) — drop per-tenant sequence + progression rows on tenant removal by @jeremydmiller in Fix #4683 (fixes 1+2) — drop per-tenant sequence + progression rows on tenant removal JasperFx/marten#4695
#4683 Fix 3 — dropcycle subcommand exercises drop-tenant cleanup end-to-end by @jeremydmiller in #4683 Fix 3 — dropcycle subcommand exercises drop-tenant cleanup end-to-end JasperFx/marten#4696
#4685 PR 1 — ProjectionUpdateBatch insert-only flush-mode plumbing by @jeremydmiller in #4685 PR 1 — ProjectionUpdateBatch insert-only flush-mode plumbing JasperFx/marten#4697
#4679 — Skipped reproduction fixture for catchUpPerTenantAsync 23505 regression by @jeremydmiller in #4679 — Skipped reproduction fixture for catchUpPerTenantAsync 23505 regression JasperFx/marten#4698
Bump JasperFx packages to 2.9.1 by @jeremydmiller in Bump JasperFx packages to 2.9.1 JasperFx/marten#4702
#4679 — sharded multi-tenant-per-shard catch-up regression guard by @jeremydmiller in #4679 — sharded multi-tenant-per-shard catch-up regression guard JasperFx/marten#4701

Full Changelog: JasperFx/marten@V9.6.0...V9.7.0

9.6.0

There's a couple tenant aware APIs that are new, so this had to be a minor point bump. The majority of the work in this release was stress testing projection rebuilds and ensuring there was never any concurrent access of un-thread safe dictionaries inside of the async daemon that happened as a side effect of 9.0 changes.

What's Changed

Bump version from 9.5.2 to 9.5.3 by @erdtsieck in Bump version from 9.5.2 to 9.5.3 JasperFx/marten#4662
Bump Weasel.Postgresql + Weasel.EntityFrameworkCore 9.0.2 → 9.0.3 by @jeremydmiller in Bump Weasel.Postgresql + Weasel.EntityFrameworkCore 9.0.2 → 9.0.3 JasperFx/marten#4664
#4667 Phase 1 — write-path *Projected variants bypass session-shared trackers by @jeremydmiller in #4667 Phase 1 — write-path *Projected variants bypass session-shared trackers JasperFx/marten#4669
#4667 Phase 2 — read-path LoadProjectedAsync bypasses session-shared trackers by @jeremydmiller in #4667 Phase 2 — read-path LoadProjectedAsync bypasses session-shared trackers JasperFx/marten#4670
#4667 Phase 3 — ProjectionDocumentSession routes user-code LoadAsync through projection-safe path by @jeremydmiller in #4667 Phase 3 — ProjectionDocumentSession routes user-code LoadAsync through projection-safe path JasperFx/marten#4671
#4666 Phase A — Marten.ScaleTesting CLI + event seeder by @jeremydmiller in #4666 Phase A — Marten.ScaleTesting CLI + event seeder JasperFx/marten#4672
#4668 — tenant-aware RebuildSingleStreamAsync overloads on AdvancedOperations by @jeremydmiller in #4668 — tenant-aware RebuildSingleStreamAsync overloads on AdvancedOperations JasperFx/marten#4674
#4665 — bump JasperFx 2.8.0 → 2.8.2 + CatchUpAsync per-tenant repro test by @jeremydmiller in #4665 — bump JasperFx 2.8.0 → 2.8.2 + CatchUpAsync per-tenant repro test JasperFx/marten#4673
#4666 Phase B — TelehealthComposite 4+2+2 + rebuild subcommand by @jeremydmiller in #4666 Phase B — TelehealthComposite 4+2+2 + rebuild subcommand JasperFx/marten#4675
#4666 Phase C — validate + stress subcommands by @jeremydmiller in #4666 Phase C — validate + stress subcommands JasperFx/marten#4676

Full Changelog: JasperFx/marten@V9.5.3...V9.6.0

9.5.3

This is a little optimization to the new 9.* code that eliminated the runtime codegen, and a fix for the daemon being a little vulnerable to concurrency in its internals -- which is also an optimization here.

What's Changed

Fix #4657: bypass session VersionTracker from projection StoreProjection (async daemon race) by @jeremydmiller in Fix #4657: bypass session VersionTracker from projection StoreProjection (async daemon race) JasperFx/marten#4658
#4659 Phase 1 — eliminate ConcurrencyMode runtime branches via type splits in closed-shape by @jeremydmiller in #4659 Phase 1 — eliminate ConcurrencyMode runtime branches via type splits in closed-shape JasperFx/marten#4660
#4659 Phase 2 — hierarchy selector split eliminates last per-row branch by @jeremydmiller in #4659 Phase 2 — hierarchy selector split eliminates last per-row branch JasperFx/marten#4661

Full Changelog: JasperFx/marten@9.5.2...V9.5.3

Commits viewable in compare view.

Updated Marten.EntityFrameworkCore from 9.5.2 to 9.7.2.

Release notes

Sourced from Marten.EntityFrameworkCore's releases.

9.7.2 What's Changed

Fix #4713 — idempotent re-apply of per-tenant LIST partitions (consume Weasel 9.1.5) by @jeremydmiller in Fix #4713 — idempotent re-apply of per-tenant LIST partitions (consume Weasel 9.1.5) JasperFx/marten#4716
Bump shell-quote from 1.8.2 to 1.8.4 by @dependabot[bot] in Bump shell-quote from 1.8.2 to 1.8.4 JasperFx/marten#4715
#4712 + #4717 — per-tenant partitioning daemon: safe-harbor high-water + per-tenant progression (JasperFx 2.9.4) by @jeremydmiller in #4712 + #4717 — per-tenant partitioning daemon: safe-harbor high-water + per-tenant progression (JasperFx 2.9.4) JasperFx/marten#4714
Bump JasperFx 2.9.5 → 2.9.6 by @jeremydmiller in Bump JasperFx 2.9.5 → 2.9.6 JasperFx/marten#4719

Full Changelog: JasperFx/marten@V9.7.1...V9.7.2

9.7.1 What's Changed

Re-worked the mechanics of IEventStreamInstrumentation by @jeremydmiller in Re-worked the mechanics of IEventStreamInstrumentation JasperFx/marten#4703
#4679 — composite catch-up guard + unskip fixture (root cause fixed in JasperFx.Events 2.9.0) by @jeremydmiller in #4679 — composite catch-up guard + unskip fixture (root cause fixed in JasperFx.Events 2.9.0) JasperFx/marten#4704
Fix #4705 — composite projection shards stall at seq 1 under per-tenant event partitioning by @jeremydmiller in Fix #4705 — composite projection shards stall at seq 1 under per-tenant event partitioning JasperFx/marten#4707
feat(events): populate ProjectionErrors / ProjectionRebuildErrors on TryCreateUsage by @jeremydmiller in feat(events): populate ProjectionErrors / ProjectionRebuildErrors on TryCreateUsage JasperFx/marten#4708
Fix #4706 — managed partitioned tables destructively rebuilt on sharded redeploy by @jeremydmiller in Fix #4706 — managed partitioned tables destructively rebuilt on sharded redeploy JasperFx/marten#4709

Full Changelog: JasperFx/marten@V9.7.0...V9.7.1

9.7.0

There's a few bug fixes, and the new functionality is really for CritterWatch.

What's Changed

#4677 follow-up — object-projection aggregates + post-SelectMany Select/Where by @jeremydmiller in #4677 follow-up — object-projection aggregates + post-SelectMany Select/Where JasperFx/marten#4678
Bump JasperFx.* 2.8.2 → 2.9.0 by @jeremydmiller in Bump JasperFx.* 2.8.2 → 2.9.0 JasperFx/marten#4688
Fix #4681 — centralize high-water progression-row identity in a Marten helper by @jeremydmiller in Fix #4681 — centralize high-water progression-row identity in a Marten helper JasperFx/marten#4689
Fix #4686 — implement IEventStoreInstrumentation on EventGraph by @jeremydmiller in Fix #4686 — implement IEventStoreInstrumentation on EventGraph JasperFx/marten#4690
#4684 Phase E.1 — per-period throughput sampling + Npgsql round-trip counting by @jeremydmiller in #4684 Phase E.1 — per-period throughput sampling + Npgsql round-trip counting JasperFx/marten#4691
#4684 Phase E.2 — progression lock-wait sampler by @jeremydmiller in #4684 Phase E.2 — progression lock-wait sampler JasperFx/marten#4692
Fix #4680 — upcaster shadowed when source type is typed-appended in same DocumentStore by @jeremydmiller in Fix #4680 — upcaster shadowed when source type is typed-appended in same DocumentStore JasperFx/marten#4694
Fix #4683 (fixes 1+2) — drop per-tenant sequence + progression rows on tenant removal by @jeremydmiller in Fix #4683 (fixes 1+2) — drop per-tenant sequence + progression rows on tenant removal JasperFx/marten#4695
#4683 Fix 3 — dropcycle subcommand exercises drop-tenant cleanup end-to-end by @jeremydmiller in #4683 Fix 3 — dropcycle subcommand exercises drop-tenant cleanup end-to-end JasperFx/marten#4696
#4685 PR 1 — ProjectionUpdateBatch insert-only flush-mode plumbing by @jeremydmiller in #4685 PR 1 — ProjectionUpdateBatch insert-only flush-mode plumbing JasperFx/marten#4697
#4679 — Skipped reproduction fixture for catchUpPerTenantAsync 23505 regression by @jeremydmiller in #4679 — Skipped reproduction fixture for catchUpPerTenantAsync 23505 regression JasperFx/marten#4698
Bump JasperFx packages to 2.9.1 by @jeremydmiller in Bump JasperFx packages to 2.9.1 JasperFx/marten#4702
#4679 — sharded multi-tenant-per-shard catch-up regression guard by @jeremydmiller in #4679 — sharded multi-tenant-per-shard catch-up regression guard JasperFx/marten#4701

Full Changelog: JasperFx/marten@V9.6.0...V9.7.0

9.6.0

There's a couple tenant aware APIs that are new, so this had to be a minor point bump. The majority of the work in this release was stress testing projection rebuilds and ensuring there was never any concurrent access of un-thread safe dictionaries inside of the async daemon that happened as a side effect of 9.0 changes.

What's Changed

Bump version from 9.5.2 to 9.5.3 by @erdtsieck in Bump version from 9.5.2 to 9.5.3 JasperFx/marten#4662
Bump Weasel.Postgresql + Weasel.EntityFrameworkCore 9.0.2 → 9.0.3 by @jeremydmiller in Bump Weasel.Postgresql + Weasel.EntityFrameworkCore 9.0.2 → 9.0.3 JasperFx/marten#4664
#4667 Phase 1 — write-path *Projected variants bypass session-shared trackers by @jeremydmiller in #4667 Phase 1 — write-path *Projected variants bypass session-shared trackers JasperFx/marten#4669
#4667 Phase 2 — read-path LoadProjectedAsync bypasses session-shared trackers by @jeremydmiller in #4667 Phase 2 — read-path LoadProjectedAsync bypasses session-shared trackers JasperFx/marten#4670
#4667 Phase 3 — ProjectionDocumentSession routes user-code LoadAsync through projection-safe path by @jeremydmiller in #4667 Phase 3 — ProjectionDocumentSession routes user-code LoadAsync through projection-safe path JasperFx/marten#4671
#4666 Phase A — Marten.ScaleTesting CLI + event seeder by @jeremydmiller in #4666 Phase A — Marten.ScaleTesting CLI + event seeder JasperFx/marten#4672
#4668 — tenant-aware RebuildSingleStreamAsync overloads on AdvancedOperations by @jeremydmiller in #4668 — tenant-aware RebuildSingleStreamAsync overloads on AdvancedOperations JasperFx/marten#4674
#4665 — bump JasperFx 2.8.0 → 2.8.2 + CatchUpAsync per-tenant repro test by @jeremydmiller in #4665 — bump JasperFx 2.8.0 → 2.8.2 + CatchUpAsync per-tenant repro test JasperFx/marten#4673
#4666 Phase B — TelehealthComposite 4+2+2 + rebuild subcommand by @jeremydmiller in #4666 Phase B — TelehealthComposite 4+2+2 + rebuild subcommand JasperFx/marten#4675
#4666 Phase C — validate + stress subcommands by @jeremydmiller in #4666 Phase C — validate + stress subcommands JasperFx/marten#4676

Full Changelog: JasperFx/marten@V9.5.3...V9.6.0

9.5.3

This is a little optimization to the new 9.* code that eliminated the runtime codegen, and a fix for the daemon being a little vulnerable to concurrency in its internals -- which is also an optimization here.

What's Changed

Fix #4657: bypass session VersionTracker from projection StoreProjection (async daemon race) by @jeremydmiller in Fix #4657: bypass session VersionTracker from projection StoreProjection (async daemon race) JasperFx/marten#4658
#4659 Phase 1 — eliminate ConcurrencyMode runtime branches via type splits in closed-shape by @jeremydmiller in #4659 Phase 1 — eliminate ConcurrencyMode runtime branches via type splits in closed-shape JasperFx/marten#4660
#4659 Phase 2 — hierarchy selector split eliminates last per-row branch by @jeremydmiller in #4659 Phase 2 — hierarchy selector split eliminates last per-row branch JasperFx/marten#4661

Full Changelog: JasperFx/marten@9.5.2...V9.5.3

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.DataProtection.EntityFrameworkCore from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.AspNetCore.DataProtection.EntityFrameworkCore's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Identity.EntityFrameworkCore from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.AspNetCore.Identity.EntityFrameworkCore's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.Design from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.EntityFrameworkCore.Design's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.AI.Evaluation from 10.6.0 to 10.7.0.

Release notes

Sourced from Microsoft.Extensions.AI.Evaluation's releases.

10.7.0

v10.7.0 graduates the Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes package to stable. The package registers a Kubernetes-aware ResourceQuotaProvider that reads the pod's CPU and memory requests and limits and exposes them to Microsoft.Extensions.Diagnostics.ResourceMonitoring as baseline and maximum quotas, which then feed the request and limit dimensions of the published resource utilization metrics. The companion ResourceQuota and ResourceQuotaProvider types in Microsoft.Extensions.Diagnostics.ResourceMonitoring graduate to stable in the same change so that consumers can implement custom quota providers without taking an experimental dependency.

On the AI side, Microsoft.Extensions.AI.OpenAI moves to OpenAI 2.11.0 and fixes a deserialization bug in ToolJson.AdditionalProperties so that JSON Schema additionalProperties values shaped as sub-schema objects (for example {"type":"string"}) are preserved instead of throwing during deserialization. HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt graduate to stable since both values are consistently available across hosted-file providers, while Purpose and Scope remain experimental as provider-shaped vocabulary. FunctionInvokingChatClient drops a backward-compat path that auto-marked ToolApprovalResponseContent entries with InformationalOnly: true; consumers that need to continue accepting sessions serialized before #7468 can use the sample ApprovalHistoryNormalizingChatClient middleware added in the test project.

Experimental API Changes

Now Stable

Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes package is now stable #7253
Resource Monitoring ResourceQuota and ResourceQuotaProvider APIs are now stable (previously EXTEXP0008) #7253
HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt are now stable (previously MEAI001) #7513

What's Changed

AI

Graduate HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt #7513 by @jozkee (co-authored by @Copilot)
Remove backward-compat InformationalOnly case from FICC; suggest middleware workaround #7538 by @jozkee (co-authored by @Copilot)
Upgrade OpenAI package from 2.10.0 to 2.11.0 #7544 by @jozkee (co-authored by @Copilot)
Fix ToolJson.AdditionalProperties to accept sub-schema objects #7546 by @jozkee (co-authored by @Copilot)

Diagnostics, Health Checks, and Resource Monitoring

Move Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes to stable #7253 by @amadeuszl (co-authored by @Copilot)

Repository Infrastructure Updates

[main] Update dependencies from dotnet/arcade #7521
Bump dotnet-reportgenerator-globaltool from 5.5.9 to 5.5.10 #7522
Bump dotnet-coverage from 18.6.2 to 18.7.0 #7530
Bump PowerShell from 7.6.1 to 7.6.2 #7531
Bump qs from 6.15.1 to 6.15.2 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #7532
[main] Update dependencies from dotnet/arcade #7534
Bump tmp from 0.2.5 to 0.2.6 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #7537

Acknowledgements

@ericstj submitted issue #7509 (resolved by #7544)
@scottt732 submitted issue #7540 (resolved by #7546)
@DeagleGross @wtgodbe @dariusclay @evgenyfedorov2 @peterwald @PranavSenthilnathan @shyamnamboodiripad @stephentoub @tarekgh reviewed pull requests

Full Changelog: dotnet/extensions@v10.6.0...v10.7.0

Commits viewable in compare view.

Updated Microsoft.Extensions.AI.Evaluation.Quality from 10.6.0 to 10.7.0.

Release notes

Sourced from Microsoft.Extensions.AI.Evaluation.Quality's releases.

10.7.0

v10.7.0 graduates the Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes package to stable. The package registers a Kubernetes-aware ResourceQuotaProvider that reads the pod's CPU and memory requests and limits and exposes them to Microsoft.Extensions.Diagnostics.ResourceMonitoring as baseline and maximum quotas, which then feed the request and limit dimensions of the published resource utilization metrics. The companion ResourceQuota and ResourceQuotaProvider types in Microsoft.Extensions.Diagnostics.ResourceMonitoring graduate to stable in the same change so that consumers can implement custom quota providers without taking an experimental dependency.

On the AI side, Microsoft.Extensions.AI.OpenAI moves to OpenAI 2.11.0 and fixes a deserialization bug in ToolJson.AdditionalProperties so that JSON Schema additionalProperties values shaped as sub-schema objects (for example {"type":"string"}) are preserved instead of throwing during deserialization. HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt graduate to stable since both values are consistently available across hosted-file providers, while Purpose and Scope remain experimental as provider-shaped vocabulary. FunctionInvokingChatClient drops a backward-compat path that auto-marked ToolApprovalResponseContent entries with InformationalOnly: true; consumers that need to continue accepting sessions serialized before #7468 can use the sample ApprovalHistoryNormalizingChatClient middleware added in the test project.

Experimental API Changes

Now Stable

Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes package is now stable #7253
Resource Monitoring ResourceQuota and ResourceQuotaProvider APIs are now stable (previously EXTEXP0008) #7253
HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt are now stable (previously MEAI001) #7513

What's Changed

AI

Graduate HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt #7513 by @jozkee (co-authored by @Copilot)
Remove backward-compat InformationalOnly case from FICC; suggest middleware workaround #7538 by @jozkee (co-authored by @Copilot)
Upgrade OpenAI package from 2.10.0 to 2.11.0 #7544 by @jozkee (co-authored by @Copilot)
Fix ToolJson.AdditionalProperties to accept sub-schema objects #7546 by @jozkee (co-authored by @Copilot)

Diagnostics, Health Checks, and Resource Monitoring

Move Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes to stable #7253 by @amadeuszl (co-authored by @Copilot)

Repository Infrastructure Updates

[main] Update dependencies from dotnet/arcade #7521
Bump dotnet-reportgenerator-globaltool from 5.5.9 to 5.5.10 #7522
Bump dotnet-coverage from 18.6.2 to 18.7.0 #7530
Bump PowerShell from 7.6.1 to 7.6.2 #7531
Bump qs from 6.15.1 to 6.15.2 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #7532
[main] Update dependencies from dotnet/arcade #7534
Bump tmp from 0.2.5 to 0.2.6 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #7537

Acknowledgements

@ericstj submitted issue #7509 (resolved by #7544)
@scottt732 submitted issue #7540 (resolved by #7546)
@DeagleGross @wtgodbe @dariusclay @evgenyfedorov2 @peterwald @PranavSenthilnathan @shyamnamboodiripad @stephentoub @tarekgh reviewed pull requests

Full Changelog: dotnet/extensions@v10.6.0...v10.7.0

Commits viewable in compare view.

Updated Microsoft.Extensions.AI.Evaluation.Reporting from 10.6.0 to 10.7.0.

Release notes

Sourced from Microsoft.Extensions.AI.Evaluation.Reporting's releases.

10.7.0

v10.7.0 graduates the Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes package to stable. The package registers a Kubernetes-aware ResourceQuotaProvider that reads the pod's CPU and memory requests and limits and exposes them to Microsoft.Extensions.Diagnostics.ResourceMonitoring as baseline and maximum quotas, which then feed the request and limit dimensions of the published resource utilization metrics. The companion ResourceQuota and ResourceQuotaProvider types in Microsoft.Extensions.Diagnostics.ResourceMonitoring graduate to stable in the same change so that consumers can implement custom quota providers without taking an experimental dependency.

On the AI side, Microsoft.Extensions.AI.OpenAI moves to OpenAI 2.11.0 and fixes a deserialization bug in ToolJson.AdditionalProperties so that JSON Schema additionalProperties values shaped as sub-schema objects (for example {"type":"string"}) are preserved instead of throwing during deserialization. HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt graduate to stable since both values are consistently available across hosted-file providers, while Purpose and Scope remain experimental as provider-shaped vocabulary. FunctionInvokingChatClient drops a backward-compat path that auto-marked ToolApprovalResponseContent entries with InformationalOnly: true; consumers that need to continue accepting sessions serialized before #7468 can use the sample ApprovalHistoryNormalizingChatClient middleware added in the test project.

Experimental API Changes

Now Stable

Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes package is now stable #7253
Resource Monitoring ResourceQuota and ResourceQuotaProvider APIs are now stable (previously EXTEXP0008) #7253
HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt are now stable (previously MEAI001) #7513

What's Changed

AI

Graduate HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt #7513 by @jozkee (co-authored by @Copilot)
Remove backward-compat InformationalOnly case from FICC; suggest middleware workaround #7538 by @jozkee (co-authored by @Copilot)
Upgrade OpenAI package from 2.10.0 to 2.11.0 #7544 by @jozkee (co-authored by @Copilot)
Fix ToolJson.AdditionalProperties to accept sub-schema objects #7546 by @jozkee (co-authored by @Copilot)

Diagnostics, Health Checks, and Resource Monitoring

Move Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes to stable #7253 by @amadeuszl (co-authored by @Copilot)

Repository Infrastructure Updates

[main] Update dependencies from dotnet/arcade #7521
Bump dotnet-reportgenerator-globaltool from 5.5.9 to 5.5.10 #7522
Bump dotnet-coverage from 18.6.2 to 18.7.0 #7530
Bump PowerShell from 7.6.1 to 7.6.2 #7531
Bump qs from 6.15.1 to 6.15.2 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #7532
[main] Update dependencies from dotnet/arcade #7534
Bump tmp from 0.2.5 to 0.2.6 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #7537

Acknowledgements

@ericstj submitted issue #7509 (resolved by #7544)
@scottt732 submitted issue #7540 (resolved by #7546)
@DeagleGross @wtgodbe @dariusclay @evgenyfedorov2 @peterwald @PranavSenthilnathan @shyamnamboodiripad @stephentoub @tarekgh reviewed pull requests

Full Changelog: dotnet/extensions@v10.6.0...v10.7.0

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration.EnvironmentVariables from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Configuration.EnvironmentVariables's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration.Json from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Configuration.Json's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration.UserSecrets from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Configuration.UserSecrets's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.TimeProvider.Testing from 10.6.0 to 10.7.0.

Release notes

Sourced from Microsoft.Extensions.TimeProvider.Testing's releases.

10.7.0

v10.7.0 graduates the Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes package to stable. The package registers a Kubernetes-aware ResourceQuotaProvider that reads the pod's CPU and memory requests and limits and exposes them to Microsoft.Extensions.Diagnostics.ResourceMonitoring as baseline and maximum quotas, which then feed the request and limit dimensions of the published resource utilization metrics. The companion ResourceQuota and ResourceQuotaProvider types in Microsoft.Extensions.Diagnostics.ResourceMonitoring graduate to stable in the same change so that consumers can implement custom quota providers without taking an experimental dependency.

On the AI side, Microsoft.Extensions.AI.OpenAI moves to OpenAI 2.11.0 and fixes a deserialization bug in ToolJson.AdditionalProperties so that JSON Schema additionalProperties values shaped as sub-schema objects (for example {"type":"string"}) are preserved instead of throwing during deserialization. HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt graduate to stable since both values are consistently available across hosted-file providers, while Purpose and Scope remain experimental as provider-shaped vocabulary. FunctionInvokingChatClient drops a backward-compat path that auto-marked ToolApprovalResponseContent entries with InformationalOnly: true; consumers that need to continue accepting sessions serialized before #7468 can use the sample ApprovalHistoryNormalizingChatClient middleware added in the test project.

Experimental API Changes

Now Stable

Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes package is now stable #7253
Resource Monitoring ResourceQuota and ResourceQuotaProvider APIs are now stable (previously EXTEXP0008) #7253
HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt are now stable (previously MEAI001) #7513

What's Changed

AI

Graduate HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt #7513 by @jozkee (co-authored by @Copilot)
Remove backward-compat InformationalOnly case from FICC; suggest middleware workaround #7538 by @jozkee (co-authored by @Copilot)
Upgrade OpenAI package from 2.10.0 to 2.11.0 #7544 by @jozkee (co-authored by @Copilot)
Fix ToolJson.AdditionalProperties to accept sub-schema objects #7546 by @jozkee (co-authored by @Copilot)

Diagnostics, Health Checks, and Resource Monitoring

Move Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes to stable #7253 by @amadeuszl (co-authored by @Copilot)

Repository Infrastructure Updates

[main] Update dependencies from dotnet/arcade #7521
Bump dotnet-reportgenerator-globaltool from 5.5.9 to 5.5.10 #7522
Bump dotnet-coverage from 18.6.2 to 18.7.0 #7530
Bump PowerShell from 7.6.1 to 7.6.2 #7531
Bump qs from 6.15.1 to 6.15.2 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #7532
[main] Update dependencies from dotnet/arcade #7534
Bump tmp from 0.2.5 to 0.2.6 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #7537

Acknowledgements

@ericstj submitted issue #7509 (resolved by #7544)
@scottt732 submitted issue #7540 (resolved by #7546)
@DeagleGross @wtgodbe @dariusclay @evgenyfedorov2 @peterwald @PranavSenthilnathan @shyamnamboodiripad @stephentoub @tarekgh reviewed pull requests

Full Changelog: dotnet/extensions@v10.6.0...v10.7.0

Commits viewable in compare view.

Updated OpenTelemetry from 1.15.3 to 1.16.0.

Release notes

Sourced from OpenTelemetry's releases.

1.16.0

For highlights and announcements pertaining to this release see: Release Notes > 1.16.0.

The following changes are from the previous release 1.16.0-rc.1.

NuGet: OpenTelemetry v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Api v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.Console v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.InMemory v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.OpenTelemetryProtocol v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.Zipkin v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Extensions.Hosting v1.16.0

No notable changes.

... (truncated)

1.16.0-rc.1

The following changes are from the previous release 1.15.3.

NuGet: OpenTelemetry v1.16.0-rc.1
- Stop validating View-provided metric stream Name against the instrument
  name syntax, per
  spec clarification.
  (#7300)
- Fix incorrect validation of OTEL_BSP_* and OTEL_BLRP_* environment
  variables.
  (#7187)
- Fix observable instrument callbacks running once per reader instead of
  once per collection cycle.
  (#7188)
- Added exception safety for user-supplied ExemplarReservoir implementations.
  Exceptions thrown from Offer are now caught and logged rather than propagating
  out of Counter.Add/Histogram.Record.
  (#7277)
- Update OpenTelemetrySdkEventSource to support the W3C randomness flag.
  (#7301)
- Added ObservedTimestamp property to LogRecord.
  (#6979)
- Breaking Change Explicit histogram boundaries no longer allow more than
  10 million values.
  (#7165)
- Fixed a circular reference which could cause a LoggerProvider to fail to
  resolve when one of its dependencies depends on ILogger or ILoggerFactory.
  As part of this fix the LoggerProvider resolved from dependency injection
  is now created lazily when the first logger is created rather than when
  ILoggerProvider or ILoggerFactory is resolved. A consequence is that any
  invalid configuration now surfaces when the first log record is written instead
  of when the logging services are resolved.
  (#7308)
See CHANGELOG for details.
NuGet: OpenTelemetry.Api v1.16.0-rc.1
- Experimental (pre-release builds only):
  Add support for using environment variables as context propagation carriers.
  (#7174)
- Fix BaggagePropagator to correctly follow Key and Value Encoding rules as per
  ... (truncated)

1.16.0-beta.1

The following changes are from the previous release 1.15.3-beta.1.

NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.16.0-beta.1
- Fixed scrape response cache freshness using monotonic time so it is not
  affected by NTP system clock adjustments.
  (#7253)
- Breaking Change Removed DisableTimestamp property from
  PrometheusAspNetCoreOptions.
  (#7176)
- Fixed the serialization of NaN, PositiveInfinity, and NegativeInfinity
  values in Prometheus metrics to be compliant with the specification.
  (#7179)
- Fixed loss of precision when serializing double and float values in
  Prometheus metrics to be compliant with the specification by using 17
  significant digits to represent such values.
  (#7179)
- Fix non-ASCII characters in metric names and unit strings not being sanitized
  correctly during Prometheus serialization.
  (#7184)
- Fix case where reader tracking could be reset while readers were still active.
  (#7190)
- Improve Accept header handling for format negotiation so OpenMetrics is
  selected correctly by considering whitespace and q weights.
  (#7208)
- Emit OpenMetrics exemplars for counters and histogram buckets.
  (#7222)
- Fix incorrect handling of untyped metrics when using OpenMetrics format.
  (#7219)
- Fix Prometheus/OpenMetrics serialization to emit metric and label names
  containing _ instead of dropping them and prefixing leading digits.
  Invalid characters are replaced with _ instead of being dropped.
  (#7209)
- Add escaping=underscores to the Accept header handling for content
  negotiation so OpenMetrics are handled correctly.
  (#7209)
- Omit histogram _sum and _count in OpenMetrics when negative bucket
  thresholds are present.
  (#7221)
  ... (truncated)

Commits viewable in compare view.

Updated OpenTelemetry.Api from 1.15.3 to 1.16.0.

Release notes

Sourced from OpenTelemetry.Api's releases.

1.16.0

For highlights and announcements pertaining to this release see: Release Notes > 1.16.0.

The following changes are from the previous release 1.16.0-rc.1.

NuGet: OpenTelemetry v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Api v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.Console v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.InMemory v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.OpenTelemetryProtocol v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.Zipkin v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Extensions.Hosting v1.16.0

No notable changes.

... (truncated)

1.16.0-rc.1

The following changes are from the previous release 1.15.3.

NuGet: OpenTelemetry v1.16.0-rc.1
- Stop validating View-provided metric stream Name against the instrument
  name syntax, per
  spec clarification.
  (#7300)
- Fix incorrect validation of OTEL_BSP_* and OTEL_BLRP_* environment
  variables.
  (#7187)
- Fix observable instrument callbacks running once per reader instead of
  once per collection cycle.
  (#7188)
- Added exception safety for user-supplied ExemplarReservoir implementations.
  Exceptions thrown from Offer are now caught and logged rather than propagating
  out of Counter.Add/Histogram.Record.
  (#7277)
- Update OpenTelemetrySdkEventSource to support the W3C randomness flag.
  (#7301)
- Added ObservedTimestamp property to LogRecord.
  (#6979)
- Breaking Change Explicit histogram boundaries no longer allow more than
  10 million values.
  (#7165)
- Fixed a circular reference which could cause a LoggerProvider to fail to
  resolve when one of its dependencies depends on ILogger or ILoggerFactory.
  As part of this fix the LoggerProvider resolved from dependency injection
  is now created lazily when the first logger is created rather than when
  ILoggerProvider or ILoggerFactory is resolved. A consequence is that any
  invalid configuration now surfaces when the first log record is written instead
  of when the logging services are resolved.
  (#7308)
See CHANGELOG for details.
NuGet: OpenTelemetry.Api v1.16.0-rc.1
- Experimental (pre-release builds only):
  Add support for using environment variables as context propagation carriers.
  (#7174)
- Fix BaggagePropagator to correctly follow Key and Value Encoding rules as per
  ... (truncated)

1.16.0-beta.1

The following changes are from the previous release 1.15.3-beta.1.

NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.16.0-beta.1
- Fixed scrape response cache freshness using monotonic time so it is not
  affected by NTP system clock adjustments.
  (#7253)
- Breaking Change Removed DisableTimestamp property from
  PrometheusAspNetCoreOptions.
  (#7176)
- Fixed the serialization of NaN, PositiveInfinity, and NegativeInfinity
  values in Prometheus metrics to be compliant with the specification.
  (#7179)
- Fixed loss of precision when serializing double and float values in
  Prometheus metrics to be compliant with the specification by using 17
  significant digits to represent such values.
  (#7179)
- Fix non-ASCII characters in metric names and unit strings not being sanitized
  correctly during Prometheus serialization.
  (#7184)
- Fix case where reader tracking could be reset while readers were still active.
  (#7190)
- Improve Accept header handling for format negotiation so OpenMetrics is
  selected correctly by considering whitespace and q weights.
  (#7208)
- Emit OpenMetrics exemplars for counters and histogram buckets.
  (#7222)
- Fix incorrect handling of untyped metrics when using OpenMetrics format.
  (#7219)
- Fix Prometheus/OpenMetrics serialization to emit metric and label names
  containing _ instead of dropping them and prefixing leading digits.
  Invalid characters are replaced with _ instead of being dropped.
  (#7209)
- Add escaping=underscores to the Accept header handling for content
  negotiation so OpenMetrics are handled correctly.
  (#7209)
- Omit histogram _sum and _count in OpenMetrics when negative bucket
  thresholds are present.
  (#7221)
  ... (truncated)

Commits viewable in compare view.

Updated OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.15.3 to 1.16.0.

Release notes

Sourced from OpenTelemetry.Exporter.OpenTelemetryProtocol's releases.

1.16.0

For highlights and announcements pertaining to this release see: Release Notes > 1.16.0.

The following changes are from the previous release 1.16.0-rc.1.

NuGet: OpenTelemetry v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Api v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.Console v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.InMemory v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.OpenTelemetryProtocol v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.Zipkin v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Extensions.Hosting v1.16.0

No notable changes.

... (truncated)

1.16.0-rc.1

The following changes are from the previous release 1.15.3.

NuGet: OpenTelemetry v1.16.0-rc.1
- Stop validating View-provided metric stream Name against the instrument
  name syntax, per
  spec clarification.
  (#7300)
- Fix incorrect validation of OTEL_BSP_* and OTEL_BLRP_* environment
  variables.
  (#7187)
- Fix observable instrument callbacks running once per reader instead of
  once per collection cycle.
  (#7188)
- Added exception safety for user-supplied ExemplarReservoir implementations.
  Exceptions thrown from Offer are now caught and logged rather than propagating
  out of Counter.Add/Histogram.Record.
  (#7277)
- Update OpenTelemetrySdkEventSource to support the W3C randomness flag.
  (#7301)
- Added ObservedTimestamp property to LogRecord.
  (#6979)
- Breaking Change Explicit histogram boundaries no longer allow more than
  10 million values.
  (#7165)
- Fixed a circular reference which could cause a LoggerProvider to fail to
  resolve when one of its dependencies depends on ILogger or ILoggerFactory.
  As part of this fix the LoggerProvider resolved from dependency injection
  is now created lazily when the first logger is created rather than when
  ILoggerProvider or ILoggerFactory is resolved. A consequence is that any
  invalid configuration now surfaces when the first log record is written instead
  of when the logging services are resolved.
  (#7308)
See CHANGELOG for details.
NuGet: OpenTelemetry.Api v1.16.0-rc.1
- Experimental (pre-release builds only):
  Add support for using environment variables as context propagation carriers.
  (#7174)
- Fix BaggagePropagator to correctly follow Key and Value Encoding rules as per
  ... (truncated)

1.16.0-beta.1

The following changes are from the previous release 1.15.3-beta.1.

NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.16.0-beta.1
- Fixed scrape response cache freshness using monotonic time so it is not
  affected by NTP system clock adjustments.
  (#7253)
- Breaking Change Removed DisableTimestamp property from
  PrometheusAspNetCoreOptions.
  (#7176)
- Fixed the serialization of NaN, PositiveInfinity, and NegativeInfinity
  values in Prometheus metrics to be compliant with the specification.
  (#7179)
- Fixed loss of precision when serializing double and float values in
  Prometheus metrics to be compliant with the specification by using 17
  significant digits to represent such values.
  (#7179)
- Fix non-ASCII characters in metric names and unit strings not being sanitized
  correctly during Prometheus serialization.
  (#7184)
- Fix case where reader tracking could be reset while readers were still active.
  (#7190)
- Improve Accept header handling for format negotiation so OpenMetrics is
  selected correctly by considering whitespace and q weights.
  (#7208)
- Emit OpenMetrics exemplars for counters and histogram buckets.
  (#7222)
- Fix incorrect handling of untyped metrics when using OpenMetrics format.
  (#7219)
- Fix Prometheus/OpenMetrics serialization to emit metric and label names
  containing _ instead of dropping them and prefixing leading digits.
  Invalid characters are replaced with _ instead of being dropped.
  (#7209)
- Add escaping=underscores to the Accept header handling for content
  negotiation so OpenMetrics are handled correctly.
  (#7209)
- Omit histogram _sum and _count in OpenMetrics when negative bucket
  thresholds are present.
  (#7221)
  ... (truncated)

Commits viewable in compare view.

Updated OpenTelemetry.Extensions.Hosting from 1.15.3 to 1.16.0.

Release notes

Sourced from OpenTelemetry.Extensions.Hosting's releases.

1.16.0

For highlights and announcements pertaining to this release see: Release Notes > 1.16.0.

The following changes are from the previous release 1.16.0-rc.1.

NuGet: OpenTelemetry v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Api v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.Console v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.InMemory v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.OpenTelemetryProtocol v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.Zipkin v1.16.0

No notable changes.

See CHANGELOG for details.
NuGet: OpenTelemetry.Extensions.Hosting v1.16.0

No notable changes.

... (truncated)

1.16.0-rc.1

The following changes are from the previous release 1.15.3.

NuGet: OpenTelemetry v1.16.0-rc.1
- Stop validating View-provided metric stream Name against the instrument
  name syntax, per
  spec clarification.
  (#7300)
- Fix incorrect validation of OTEL_BSP_* and OTEL_BLRP_* environment
  variables.
  (#7187)
- Fix observable instrument callbacks running once per reader instead of
  once per collection cycle.
  (#7188)
- Added exception safety for user-supplied ExemplarReservoir implementations.
  Exceptions thrown from Offer are now caught and logged rather than propagating
  out of Counter.Add/Histogram.Record.
  (#7277)
- Update OpenTelemetrySdkEventSource to support the W3C randomness flag.
  (#7301)
- Added ObservedTimestamp property to LogRecord.
  (#6979)
- Breaking Change Explicit histogram boundaries no longer allow more than
  10 million values.
  (#7165)
- Fixed a circular reference which could cause a LoggerProvider to fail to
  resolve when one of its dependencies depends on ILogger or ILoggerFactory.
  As part of this fix the LoggerProvider resolved from dependency injection
  is now created lazily when the first logger is created rather than when
  ILoggerProvider or ILoggerFactory is resolved. A consequence is that any
  invalid configuration now surfaces when the first log record is written instead
  of when the logging services are resolved.
  (#7308)
See CHANGELOG for details.
NuGet: [OpenTelemetry.Api v1.16.0-rc.1](https://www.nuget.org/packages/OpenTelemetry.Api/...
...

Description has been truncated

Bumps Anthropic from 12.24.1 to 12.29.0 Bumps Aspire.Npgsql from 13.4.2 to 13.4.3 Bumps Marten from 9.5.2 to 9.7.2 Bumps Marten.EntityFrameworkCore from 9.5.2 to 9.7.2 Bumps Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.8 to 10.0.9 Bumps Microsoft.AspNetCore.DataProtection.EntityFrameworkCore from 10.0.8 to 10.0.9 Bumps Microsoft.AspNetCore.Identity.EntityFrameworkCore from 10.0.8 to 10.0.9 Bumps Microsoft.EntityFrameworkCore.Design from 10.0.8 to 10.0.9 Bumps Microsoft.Extensions.AI.Evaluation from 10.6.0 to 10.7.0 Bumps Microsoft.Extensions.AI.Evaluation.Quality from 10.6.0 to 10.7.0 Bumps Microsoft.Extensions.AI.Evaluation.Reporting from 10.6.0 to 10.7.0 Bumps Microsoft.Extensions.Configuration.EnvironmentVariables from 10.0.8 to 10.0.9 Bumps Microsoft.Extensions.Configuration.Json from 10.0.8 to 10.0.9 Bumps Microsoft.Extensions.Configuration.UserSecrets from 10.0.8 to 10.0.9 Bumps Microsoft.Extensions.TimeProvider.Testing from 10.6.0 to 10.7.0 Bumps OpenTelemetry from 1.15.3 to 1.16.0 Bumps OpenTelemetry.Api from 1.15.3 to 1.16.0 Bumps OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.15.3 to 1.16.0 Bumps OpenTelemetry.Extensions.Hosting from 1.15.3 to 1.16.0 Bumps WolverineFx from 6.4.3 to 6.7.0 Bumps WolverineFx.EntityFrameworkCore from 6.4.3 to 6.7.0 Bumps WolverineFx.Marten from 6.4.3 to 6.7.0 Bumps WolverineFx.RuntimeCompilation from 6.4.3 to 6.7.0 --- updated-dependencies: - dependency-name: Anthropic dependency-version: 12.29.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: Aspire.Npgsql dependency-version: 13.4.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: Marten dependency-version: 9.7.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: Marten.EntityFrameworkCore dependency-version: 9.7.2 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: Microsoft.AspNetCore.DataProtection.EntityFrameworkCore dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: Microsoft.AspNetCore.Identity.EntityFrameworkCore dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: Microsoft.EntityFrameworkCore.Design dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: Microsoft.Extensions.AI.Evaluation dependency-version: 10.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: Microsoft.Extensions.AI.Evaluation.Quality dependency-version: 10.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: Microsoft.Extensions.AI.Evaluation.Reporting dependency-version: 10.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: Microsoft.Extensions.Configuration.EnvironmentVariables dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: Microsoft.Extensions.Configuration.Json dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: Microsoft.Extensions.Configuration.UserSecrets dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: minor-and-patch - dependency-name: Microsoft.Extensions.TimeProvider.Testing dependency-version: 10.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: OpenTelemetry dependency-version: 1.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: OpenTelemetry.Api dependency-version: 1.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: OpenTelemetry.Exporter.OpenTelemetryProtocol dependency-version: 1.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: OpenTelemetry.Extensions.Hosting dependency-version: 1.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: WolverineFx dependency-version: 6.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: WolverineFx.EntityFrameworkCore dependency-version: 6.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: WolverineFx.Marten dependency-version: 6.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch - dependency-name: WolverineFx.RuntimeCompilation dependency-version: 6.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: minor-and-patch ... Signed-off-by: dependabot[bot] <support@github.com>

github-actions · 2026-06-11T15:45:06Z

Dependency Review

The following issues were found:

✅ 0 vulnerable package(s)
✅ 0 package(s) with incompatible licenses
✅ 0 package(s) with invalid SPDX license definitions
⚠️ 59 package(s) with unknown licenses.

See the Details below.

License Issues

backend/src/RunCoach.Api/RunCoach.Api.csproj

Package	Version	License	Issue Type
Anthropic	12.29.0	Null	Unknown License
Aspire.Npgsql	13.4.3	Null	Unknown License
JasperFx	2.9.6	Null	Unknown License
JasperFx.Events	2.9.6	Null	Unknown License
JasperFx.SourceGenerator	2.8.2	Null	Unknown License
Marten	9.7.2	Null	Unknown License
Marten.EntityFrameworkCore	9.7.2	Null	Unknown License
Microsoft.AspNetCore.Authentication.JwtBearer	10.0.9	Null	Unknown License
Microsoft.AspNetCore.DataProtection.EntityFrameworkCore	10.0.9	Null	Unknown License
Microsoft.AspNetCore.Identity.EntityFrameworkCore	10.0.9	Null	Unknown License
Microsoft.EntityFrameworkCore	10.0.9	Null	Unknown License
Microsoft.EntityFrameworkCore.Abstractions	10.0.9	Null	Unknown License
Microsoft.EntityFrameworkCore.Analyzers	10.0.9	Null	Unknown License
Microsoft.EntityFrameworkCore.Design	10.0.9	Null	Unknown License
Microsoft.EntityFrameworkCore.Relational	10.0.9	Null	Unknown License
Microsoft.Extensions.DependencyModel	10.0.9	Null	Unknown License
OpenTelemetry	1.16.0	Null	Unknown License
OpenTelemetry.Api	1.16.0	Null	Unknown License
OpenTelemetry.Api.ProviderBuilderExtensions	1.16.0	Null	Unknown License
OpenTelemetry.Exporter.OpenTelemetryProtocol	1.16.0	Null	Unknown License
OpenTelemetry.Extensions.Hosting	1.16.0	Null	Unknown License
Weasel.Core	9.1.5	Null	Unknown License
Weasel.EntityFrameworkCore	9.1.5	Null	Unknown License
Weasel.Postgresql	9.1.5	Null	Unknown License
WolverineFx	6.7.0	Null	Unknown License
WolverineFx.EntityFrameworkCore	6.7.0	Null	Unknown License
WolverineFx.Marten	6.7.0	Null	Unknown License
WolverineFx.Postgresql	6.7.0	Null	Unknown License
WolverineFx.RDBMS	6.7.0	Null	Unknown License
WolverineFx.RuntimeCompilation	6.7.0	Null	Unknown License

backend/tests/RunCoach.Api.Tests/RunCoach.Api.Tests.csproj

Package	Version	License	Issue Type
Microsoft.Extensions.AI	10.7.0	Null	Unknown License
Microsoft.Extensions.AI.Abstractions	10.7.0	Null	Unknown License
Microsoft.Extensions.AI.Evaluation	10.7.0	Null	Unknown License
Microsoft.Extensions.AI.Evaluation.Quality	10.7.0	Null	Unknown License
Microsoft.Extensions.AI.Evaluation.Reporting	10.7.0	Null	Unknown License
Microsoft.Extensions.Caching.Abstractions	10.0.9	Null	Unknown License
Microsoft.Extensions.Configuration	10.0.9	Null	Unknown License
Microsoft.Extensions.Configuration.Abstractions	10.0.9	Null	Unknown License
Microsoft.Extensions.Configuration.Binder	10.0.9	Null	Unknown License
Microsoft.Extensions.Configuration.EnvironmentVariables	10.0.9	Null	Unknown License
Microsoft.Extensions.Configuration.FileExtensions	10.0.9	Null	Unknown License
Microsoft.Extensions.Configuration.Json	10.0.9	Null	Unknown License
Microsoft.Extensions.Configuration.UserSecrets	10.0.9	Null	Unknown License
Microsoft.Extensions.DependencyInjection	10.0.9	Null	Unknown License
Microsoft.Extensions.DependencyInjection.Abstractions	10.0.9	Null	Unknown License
Microsoft.Extensions.DependencyModel	10.0.9	Null	Unknown License
Microsoft.Extensions.Diagnostics	10.0.9	Null	Unknown License
Microsoft.Extensions.Diagnostics.Abstractions	10.0.9	Null	Unknown License
Microsoft.Extensions.FileProviders.Abstractions	10.0.9	Null	Unknown License
Microsoft.Extensions.FileProviders.Physical	10.0.9	Null	Unknown License
Microsoft.Extensions.FileSystemGlobbing	10.0.9	Null	Unknown License
Microsoft.Extensions.Hosting.Abstractions	10.0.9	Null	Unknown License
Microsoft.Extensions.Logging	10.0.9	Null	Unknown License
Microsoft.Extensions.Logging.Abstractions	10.0.9	Null	Unknown License
Microsoft.Extensions.Options	10.0.9	Null	Unknown License
Microsoft.Extensions.Options.ConfigurationExtensions	10.0.9	Null	Unknown License
Microsoft.Extensions.Primitives	10.0.9	Null	Unknown License
Microsoft.Extensions.TimeProvider.Testing	10.7.0	Null	Unknown License
System.Numerics.Tensors	10.0.9	Null	Unknown License

Allowed Licenses:
MIT, Apache-2.0, BSD-2-Clause, BSD-3-Clause, ISC, 0BSD, Unlicense, CC0-1.0, CC-BY-4.0, Zlib, BSL-1.0, Python-2.0, PSF-2.0, Artistic-2.0, MPL-2.0, WTFPL, PostgreSQL

Excluded from license check:
pkg:githubactions/SonarSource/sonarqube-scan-action, pkg:npm/runcoach-frontend

OpenSSF Scorecard

Scorecard details

Package

Version

Score

Details

nuget/Anthropic

12.29.0

Unknown

nuget/Aspire.Npgsql

13.4.3

Unknown

nuget/JasperFx

2.9.6

Unknown

nuget/JasperFx.Events

2.9.6

Unknown

nuget/JasperFx.SourceGenerator

2.8.2

Unknown

nuget/Marten

9.7.2

Unknown

nuget/Marten.EntityFrameworkCore

9.7.2

Unknown

nuget/Microsoft.AspNetCore.Authentication.JwtBearer

10.0.9

Unknown

nuget/Microsoft.AspNetCore.DataProtection.EntityFrameworkCore

10.0.9

Unknown

nuget/Microsoft.AspNetCore.Identity.EntityFrameworkCore

10.0.9

Unknown

nuget/Microsoft.EntityFrameworkCore

10.0.9

Unknown

nuget/Microsoft.EntityFrameworkCore.Abstractions

10.0.9

Unknown

nuget/Microsoft.EntityFrameworkCore.Analyzers

10.0.9

Unknown

nuget/Microsoft.EntityFrameworkCore.Design

10.0.9

Unknown

nuget/Microsoft.EntityFrameworkCore.Relational

10.0.9

Unknown

nuget/Microsoft.Extensions.DependencyModel

10.0.9

Unknown

nuget/OpenTelemetry

1.16.0

🟢 8.3

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	🟢 5	badge detected: Passing
Pinned-Dependencies	🟢 10	all dependencies are pinned
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
License	🟢 10	license file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	30 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 38 contributing companies or organizations

nuget/OpenTelemetry.Api

1.16.0

🟢 8.3

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	🟢 5	badge detected: Passing
Pinned-Dependencies	🟢 10	all dependencies are pinned
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
License	🟢 10	license file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	30 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 38 contributing companies or organizations

nuget/OpenTelemetry.Api.ProviderBuilderExtensions

1.16.0

🟢 8.3

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	🟢 5	badge detected: Passing
Pinned-Dependencies	🟢 10	all dependencies are pinned
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
License	🟢 10	license file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	30 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 38 contributing companies or organizations

nuget/OpenTelemetry.Exporter.OpenTelemetryProtocol

1.16.0

🟢 8.3

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	🟢 5	badge detected: Passing
Pinned-Dependencies	🟢 10	all dependencies are pinned
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
License	🟢 10	license file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	30 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 38 contributing companies or organizations

nuget/OpenTelemetry.Extensions.Hosting

1.16.0

🟢 8.3

Details

Check	Score	Reason
Code-Review	🟢 10	all changesets reviewed
Maintained	🟢 10	30 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Dependency-Update-Tool	🟢 10	update tool detected
Token-Permissions	🟢 10	GitHub workflow tokens follow principle of least privilege
Binary-Artifacts	🟢 10	no binaries found in the repo
CII-Best-Practices	🟢 5	badge detected: Passing
Pinned-Dependencies	🟢 10	all dependencies are pinned
Signed-Releases	⚠️ 0	Project has not signed or included provenance with any releases.
License	🟢 10	license file detected
Vulnerabilities	🟢 10	0 existing vulnerabilities detected
Packaging	🟢 10	packaging workflow detected
SAST	🟢 10	SAST tool is run on all commits
Fuzzing	⚠️ 0	project is not fuzzed
Security-Policy	🟢 10	security policy file detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
CI-Tests	🟢 10	30 out of 30 merged PRs checked by a CI test -- score normalized to 10
Contributors	🟢 10	project has 38 contributing companies or organizations

nuget/Weasel.Core

9.1.5

Unknown

nuget/Weasel.EntityFrameworkCore

9.1.5

Unknown

nuget/Weasel.Postgresql

9.1.5

Unknown

nuget/WolverineFx

6.7.0

Unknown

nuget/WolverineFx.EntityFrameworkCore

6.7.0

Unknown

nuget/WolverineFx.Marten

6.7.0

Unknown

nuget/WolverineFx.Postgresql

6.7.0

Unknown

nuget/WolverineFx.RDBMS

6.7.0

Unknown

nuget/WolverineFx.RuntimeCompilation

6.7.0

Unknown

nuget/Microsoft.Extensions.AI

10.7.0

🟢 6.7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	🟢 9	dependency not pinned by hash detected -- score normalized to 9
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

nuget/Microsoft.Extensions.AI.Abstractions

10.7.0

🟢 6.7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	🟢 9	dependency not pinned by hash detected -- score normalized to 9
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

nuget/Microsoft.Extensions.AI.Evaluation

10.7.0

🟢 6.7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	🟢 9	dependency not pinned by hash detected -- score normalized to 9
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

nuget/Microsoft.Extensions.AI.Evaluation.Quality

10.7.0

🟢 6.7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	🟢 9	dependency not pinned by hash detected -- score normalized to 9
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

nuget/Microsoft.Extensions.AI.Evaluation.Reporting

10.7.0

🟢 6.7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	🟢 9	dependency not pinned by hash detected -- score normalized to 9
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

nuget/Microsoft.Extensions.Caching.Abstractions

10.0.9

Unknown

nuget/Microsoft.Extensions.Configuration

10.0.9

Unknown

nuget/Microsoft.Extensions.Configuration.Abstractions

10.0.9

Unknown

nuget/Microsoft.Extensions.Configuration.Binder

10.0.9

Unknown

nuget/Microsoft.Extensions.Configuration.EnvironmentVariables

10.0.9

Unknown

nuget/Microsoft.Extensions.Configuration.FileExtensions

10.0.9

Unknown

nuget/Microsoft.Extensions.Configuration.Json

10.0.9

Unknown

nuget/Microsoft.Extensions.Configuration.UserSecrets

10.0.9

Unknown

nuget/Microsoft.Extensions.DependencyInjection

10.0.9

Unknown

nuget/Microsoft.Extensions.DependencyInjection.Abstractions

10.0.9

Unknown

nuget/Microsoft.Extensions.DependencyModel

10.0.9

Unknown

nuget/Microsoft.Extensions.Diagnostics

10.0.9

Unknown

nuget/Microsoft.Extensions.Diagnostics.Abstractions

10.0.9

Unknown

nuget/Microsoft.Extensions.FileProviders.Abstractions

10.0.9

Unknown

nuget/Microsoft.Extensions.FileProviders.Physical

10.0.9

Unknown

nuget/Microsoft.Extensions.FileSystemGlobbing

10.0.9

Unknown

nuget/Microsoft.Extensions.Hosting.Abstractions

10.0.9

Unknown

nuget/Microsoft.Extensions.Logging

10.0.9

Unknown

nuget/Microsoft.Extensions.Logging.Abstractions

10.0.9

Unknown

nuget/Microsoft.Extensions.Options

10.0.9

Unknown

nuget/Microsoft.Extensions.Options.ConfigurationExtensions

10.0.9

Unknown

nuget/Microsoft.Extensions.Primitives

10.0.9

Unknown

nuget/Microsoft.Extensions.TimeProvider.Testing

10.7.0

🟢 6.7

Details

Check	Score	Reason
Maintained	🟢 10	30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10
Code-Review	🟢 10	all changesets reviewed
Packaging	⚠️ -1	packaging workflow not detected
Security-Policy	🟢 10	security policy file detected
CII-Best-Practices	⚠️ 0	no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow	🟢 10	no dangerous workflow patterns detected
Token-Permissions	⚠️ 0	detected GitHub workflow tokens with excessive permissions
License	🟢 10	license file detected
Branch-Protection	🟢 5	branch protection is not maximal on development and all release branches
Binary-Artifacts	🟢 10	no binaries found in the repo
Signed-Releases	⚠️ -1	no releases found
Fuzzing	⚠️ 0	project is not fuzzed
Pinned-Dependencies	🟢 9	dependency not pinned by hash detected -- score normalized to 9
SAST	⚠️ 0	SAST tool is not run on all commits -- score normalized to 0

nuget/System.Numerics.Tensors

10.0.9

Unknown

Scanned Files

backend/src/RunCoach.Api/RunCoach.Api.csproj
backend/tests/RunCoach.Api.Tests/RunCoach.Api.Tests.csproj

dependabot Bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Jun 11, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

chore(deps): Bump the minor-and-patch group with 23 updates#181

chore(deps): Bump the minor-and-patch group with 23 updates#181
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/backend/minor-and-patch-8841796149

dependabot Bot commented on behalf of github Jun 11, 2026

Uh oh!

github-actions Bot commented Jun 11, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github Jun 11, 2026

13.4.3

What's New in Aspire 13.4.3

🐛 Fixes

🏷️ Housekeeping

9.7.2

What's Changed

9.7.1

What's Changed

9.7.0

What's Changed

9.6.0

What's Changed

9.5.3

What's Changed

9.7.2

What's Changed

9.7.1

What's Changed

9.7.0

What's Changed

9.6.0

What's Changed

9.5.3

What's Changed

10.7.0

Experimental API Changes

Now Stable

What's Changed

AI

Diagnostics, Health Checks, and Resource Monitoring

Repository Infrastructure Updates

Acknowledgements

10.7.0

Experimental API Changes

Now Stable

What's Changed

AI

Diagnostics, Health Checks, and Resource Monitoring

Repository Infrastructure Updates

Acknowledgements

10.7.0

Experimental API Changes

Now Stable

What's Changed

AI

Diagnostics, Health Checks, and Resource Monitoring

Repository Infrastructure Updates

Acknowledgements

10.7.0

Experimental API Changes

Now Stable

What's Changed

AI

Diagnostics, Health Checks, and Resource Monitoring

Repository Infrastructure Updates

Acknowledgements

1.16.0

1.16.0-rc.1

1.16.0-beta.1

1.16.0

1.16.0-rc.1

1.16.0-beta.1

1.16.0

1.16.0-rc.1

1.16.0-beta.1

1.16.0

1.16.0-rc.1

Uh oh!

github-actions Bot commented Jun 11, 2026

Dependency Review

License Issues

backend/src/RunCoach.Api/RunCoach.Api.csproj

backend/tests/RunCoach.Api.Tests/RunCoach.Api.Tests.csproj

OpenSSF Scorecard

Scanned Files

Uh oh!

Reviewers

Assignees