Bump the all-actions group with 3 updates

[dependabot]

Updated Aspire.Hosting.Redis from 13.2.1 to 13.2.4.

Release notes

Sourced from Aspire.Hosting.Redis's releases.

13.2.4

Aspire 13.2.4

What's New in Aspire 13.2.4

Patch release addressing a security advisory in OpenTelemetry dependencies.

🐛 Fixes

• 🔒 Bumped OpenTelemetry dependencies to address CVE-2026-40894 (#​16420)

🏷️ Housekeeping

• 🚀 Bumped branding to
  13.2.4 (#​16436)

13.2.3

What's New in Aspire 13.2.3

Patch release focused on CLI packaging, signing, and reliability fixes.

🐛 Fixes

• 🛑 aspire stop now properly cleans up application containers on Windows (#​16123)
• 🔐 Fixed macOS signing, permissions, and certificate trust with improved CI verification (#​16053)
• ✍️ Fixed signing for the aspire-managed bundle payload (#​16211)
• 🎭 Fixed Playwright CLI provenance verification for the new tag format (#​16134)
• 🧭 Updated service discovery environment variables (#​16223)

🔧 Improvements

• 📊 Removed telemetry API data limits and refactored URL builders (#​16023)
• ⏱️ Increased native build + sign timeout to 60 minutes for reliability (#​16212)

🏷️ Housekeeping

• 🔖 Bumped branding to 13.2.3 (#​16181)
• 🧪 Temporarily disabled Verify CLI archive step on Windows while investigating (#​16276, #​16285)

13.2.2

This is a servicing release focused on bug fixes and platform improvements.

🐛 Bug Fixes

• Fix SqlClient runtime asset layout on Unix — Resolved an issue where Microsoft.Data.SqlClient failed to load correctly on macOS and Linux due to incorrect NuGet asset layout (#​15709)
• Fix IDE execution regressions for Azure Functions and class library projects — Backported fixes for
  13.2 regressions impacting IDE-based execution (#​15714)
• Fix NpmRunner multi-version output parsing — npm view returning multiple versions no longer breaks version resolution; also bumps @​playwright/cli to >=0.1.3 (#​15746)
• Skip name validation for internal resources — ProjectRebuilderResource, installer, and venv creator resources no longer fail the 64-char name limit since they're never deployed (#​15726, fixes #​15693)

🔒 Security & Certificates

• Use ASP.NET Core dev cert for DCP — Avoids ephemeral certificate trust issues by using the standard ASP.NET Core developer certificate (#​15718)
• Cache PFX dev certs on Windows and Linux — Prevents binary-level changes between runs for persistent container scenarios (#​15774)

🏗️ Infrastructure & Platform

• ARM64 CLI support — Added win-arm64 and linux-arm64 to the native CLI archive build matrix (#​15599)
• Update DCP to
  0.22.11 (#​15713)

💻 CLI Improvements

• Show anonymous dashboard URLs in aspire ps — The dashboard URL is now displayed even when running without authentication (#​15731

Commits viewable in compare view.

Updated Azure.Monitor.OpenTelemetry.AspNetCore from 1.4.0 to 1.5.0.

Release notes

Sourced from Azure.Monitor.OpenTelemetry.AspNetCore's releases.

1.5.0

1.5.0 (2026-04-30)

Features Added

• Add ability to specify EnableStandardMetrics and EnablePerformanceCounters
  (#​56438)

Breaking Changes

• Default Sampler Changed: The default sampling behavior has been changed from
  ApplicationInsightsSampler with 100% sampling (all traces sampled) to
  RateLimitedSampler with 5.0 traces per second. This change significantly
  reduces telemetry volume for high-traffic applications and provides better
  cost optimization out of the box.
  Impact: Applications with more than 5 requests per second will see fewer
  traces exported by default.
  Migration: To maintain the previous behavior (100% sampling), explicitly
  configure the sampler:

// Option 1: Set SamplingRatio and clear TracesPerSecond
builder.Services.AddOpenTelemetry()
    .UseAzureMonitor(options =>
    {
        options.SamplingRatio = 1.0f;
        options.TracesPerSecond = null;
    });
// Option 2: Use environment variables
// OTEL_TRACES_SAMPLER=microsoft.fixed_percentage
// OTEL_TRACES_SAMPLER_ARG=1.0

Bugs Fixed

• Fixed an issue where Azure Container Apps instances were showing VM instance GUIDs
  instead of replica names in the Role Instance field.
  (#​54586)

1.5.0-beta.1

1.5.0-beta.1 (2026-04-28)

Features Added

• Upgraded api-version tag from package-2024-05-01 to package-preview-2025-06. Tag detail available at https://github.com/Azure/azure-rest-api-specs/blob/main/specification/appconfiguration/resource-manager/readme.md.
• Added AzureFrontDoor property to AppConfigurationStoreData and AppConfigurationStorePatch to support Azure Front Door configuration for a configuration store.
• Added new model AppConfigurationAzureFrontDoorProperties with a ResourceId property representing an Azure Front Door profile resource ID.

1.4.2

1.4.2 (2026-04-28)

Other Changes

• Upgraded dependent Azure.Core to 1.54.0.
• Upgraded dependent Azure.ResourceManager to 1.14.0.

1.4.1

1.4.1 (2026-04-27)

Other Changes

• Upgraded dependent Azure.Core to 1.54.0.
• Upgraded dependent Azure.ResourceManager to 1.14.0.

Commits viewable in compare view.

Updated Azure.Storage.Blobs from 12.20.0 to 12.27.0.

Release notes

Sourced from Azure.Storage.Blobs's releases.

12.25.0

12.25.0 (2026-04-24)

Features Added

• Includes all features from 12.25.0-beta.1

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: nuget. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[github-actions]

🤖 Dependency Update PR

This PR was opened by dependabot[bot] and has been automatically labeled for Boromir (DevOps) to review.

Labels applied:

• squad:boromir — Assigned to DevOps for dependency updates
• squad — In triage queue

Dependency and infrastructure updates are owned by the DevOps team.

[github-actions]

Test Results Summary

2 365 tests   2 341 ✅  11m 46s ⏱️
   10 suites      0 💤
   10 files       24 ❌

For more details on these failures, see this check.

Results for commit 0e551ec.

♻️ This comment has been updated with latest results.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 77.77%. Comparing base (5cebb55) to head (0e551ec).
⚠️ Report is 2 commits behind head on dev.

Additional details and impacted files

@@            Coverage Diff             @@
##              dev     #276      +/-   ##
==========================================
- Coverage   78.10%   77.77%   -0.34%     
==========================================
  Files         228      228              
  Lines        8469     8469              
  Branches     1172     1172              
==========================================
- Hits         6615     6587      -28     
- Misses       1310     1337      +27     
- Partials      544      545       +1     

see 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.