Bump the nuget-catalog group with 7 updates#139
Open
dependabot[bot] wants to merge 1 commit intomainfrom
Open
Conversation
Bumps Azure.Identity from 1.19.0 to 1.20.0 Bumps Azure.Monitor.OpenTelemetry.Exporter from 1.6.0 to 1.7.0 Bumps Microsoft.OpenApi from 3.5.0 to 3.5.1 Bumps ModelContextProtocol.AspNetCore from 1.1.0 to 1.2.0 Bumps NetBricks from 2.0.3 to 2.0.4 Bumps OpenTelemetry from 1.15.0 to 1.15.1 Bumps OpenTelemetry.Extensions.Hosting from 1.15.0 to 1.15.1 --- updated-dependencies: - dependency-name: Azure.Identity dependency-version: 1.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-catalog - dependency-name: Azure.Monitor.OpenTelemetry.Exporter dependency-version: 1.7.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-catalog - dependency-name: OpenTelemetry dependency-version: 1.15.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-catalog - dependency-name: OpenTelemetry.Extensions.Hosting dependency-version: 1.15.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-catalog - dependency-name: Microsoft.OpenApi dependency-version: 3.5.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-catalog - dependency-name: ModelContextProtocol.AspNetCore dependency-version: 1.2.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget-catalog - dependency-name: NetBricks dependency-version: 2.0.4 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget-catalog ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
.NET
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updated Azure.Identity from 1.19.0 to 1.20.0.
Release notes
Sourced from Azure.Identity's releases.
1.20.0
1.20.0 (2026-03-30)
Features Added
appsettings.json.Breaking Changes
AddAzureClient,AddKeyedAzureClient, andWithAzureCredentialreturn type changed fromIHostApplicationBuildertoIClientBuilderto align with theIClientBuildercomposition change in System.ClientModel.Commits viewable in compare view.
Updated Azure.Monitor.OpenTelemetry.Exporter from 1.6.0 to 1.7.0.
Release notes
Sourced from Azure.Monitor.OpenTelemetry.Exporter's releases.
1.7.0
1.7.0 (2026-03-27)
Features Added
ApplicationInsightsRestClientSettingsto support creating aApplicationInsightsRestClientfromIConfiguration, including configuration-based credential resolution and dependency injection registration.(#56891)
Bugs Fixed
ConfigurationBindercalls.(#56368)
Other Changes
(#57549)
AzureMonitorLogExporter,AzureMonitorMetricExporter, andAzureMonitorTraceExporterpublic for direct use when configuring OpenTelemetry.(#56344)
EnablePerformanceCountersandEnableStandardMetricspublic inAzureMonitorExporterOptions.(#56344)
1.6.2
1.6.2 (2026-04-02)
Other Changes
1.6.1
1.6.1 (2026-03-10)
Bugs Fixed
ActiveDirectoryDomainGuiddeserialization to handle empty string values returned by the service (#56903)Commits viewable in compare view.
Updated Microsoft.OpenApi from 3.5.0 to 3.5.1.
Release notes
Sourced from Microsoft.OpenApi's releases.
3.5.1
3.5.1 (2026-03-31)
Bug Fixes
Commits viewable in compare view.
Updated ModelContextProtocol.AspNetCore from 1.1.0 to 1.2.0.
Release notes
Sourced from ModelContextProtocol.AspNetCore's releases.
1.2.0
This release improves stateless HTTP transport defaults and documentation with a breaking behavioral change that we are considering as a server reliability fix and therefore not bumping the major version with this release. Legacy SSE endpoints are now disabled by default with a new
HttpServerTransportOptions.EnableLegacySseproperty available to opt back into responding to the SSE endpoints; the property is marked as an[Obsolete]warning as we expect to remove this property in a future major version.A warning-level
[Obsolete]attribute is also applied to theRequestContext(McpServer, JsonRpcRequest)constructor, and theRequestContext(McpServer, JsonRpcRequest, TParams)overload should be used instead. This change contributes to fixes including DI scope lifetime in task-augmented tools, meta/progress combination failures, and outgoing message filter routing. We plan to remove the obsolete overload in a future major version.Breaking Changes
Refer to the C# SDK Versioning documentation for details on versioning and breaking change policies.
1. Disable legacy SSE by default #1468
MapMcp()no longer maps/sseand/messageendpoints by default. Servers whose clients connect via SSE will find those endpoints removed.Migrating from legacy SSE
If your clients connect to a
/sseendpoint (e.g.,https://my-server.example.com/sse), they were using the legacy SSE transport--if not running inStatelessmode. The/sseand/messageendpoints are now disabled by default (EnableLegacySseisfalseand marked[Obsolete]with diagnosticMCP9004). Upgrading the server SDK without updating clients will break SSE connections.Client-side migration. Change the client
Endpointfrom the/ssepath to the root MCP endpoint — the same URL your server passes toMapMcp(). For example:With the default
HttpTransportMode.AutoDetecttransport mode, the client automatically tries Streamable HTTP first. You can also setTransportMode = HttpTransportMode.StreamableHttpexplicitly if you know the server supports it.Server-side migration. If you previously relied on
/ssebeing mapped automatically, you now needEnableLegacySse = true(suppressing theMCP9004warning) to keep serving those endpoints. The recommended path is to migrate all clients to Streamable HTTP and then removeEnableLegacySse.Transition period. If some clients still need SSE while others have already migrated to Streamable HTTP, set
EnableLegacySse = truewithStateless = false. Both transports are served simultaneously byMapMcp()— Streamable HTTP on the root endpoint and SSE on/sseand/message. Once all clients have migrated, removeEnableLegacySseand optionally switch toStateless = true.SSE (legacy — opt-in only)
Legacy SSE endpoints are now disabled by default and must be explicitly enabled via
HttpServerTransportOptions.EnableLegacySse. This is the primary reason they are disabled — the SSE transport has no built-in HTTP-level backpressure.The legacy SSE transport separates the request and response channels: clients POST JSON-RPC messages to
/messageand receive responses through a long-lived GET SSE stream on/sse. The POST endpoint returns 202 Accepted immediately after queuing the message — it does not wait for the handler to complete. This means there is no HTTP-level backpressure on handler concurrency, because each POST frees its connection immediately regardless of how long the handler runs.Internally, handlers are dispatched with a fire-and-forget pattern. A client can send unlimited POST requests to
/messagewhile keeping the GET stream open, and each one spawns a concurrent handler with no built-in limit.The GET stream does provide session lifetime bounds: handler cancellation tokens are linked to the GET request's
HttpContext.RequestAborted, so when the client disconnects the SSE stream, all in-flight handlers are cancelled. This is similar to SignalR's connection-bound lifetime model — but unlike SignalR, there is no per-client concurrency limit likeMaximumParallelInvocationsPerClient. The GET stream provides cleanup on disconnect, not rate-limiting during the connection.2. Obsolete 2-arg RequestContext constructor #1462
The
RequestContext(McpServer, JsonRpcRequest)constructor is now[Obsolete]with diagnosticMCP9003, producing build warnings. TheParamsproperty is also changed fromTParams?toTParams.Migration: Use the new 3-arg constructor:
new RequestContext(server, request, parameters).What's Changed
... (truncated)
Commits viewable in compare view.
Updated NetBricks from 2.0.3 to 2.0.4.
Release notes
Sourced from NetBricks's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated OpenTelemetry from 1.15.0 to 1.15.1.
Release notes
Sourced from OpenTelemetry's releases.
1.15.1
For highlights and announcements pertaining to this release see: Release Notes > 1.15.1.
The following changes are from the previous release 1.15.0.
NuGet: OpenTelemetry v1.15.1
Fixed
Tracer.StartSpan()leaving the new span asActivity.Currentwhenthe previous activity was stopped by another thread during span creation.
(#6257)
Fixed
OverflowExceptioninTraceIdRatioBasedSamplerwhen trace ID bytesproduced
long.MinValue.([#6928])
Fixed precision issues when using
Histogram<float>with customHistogramBucketBoundaries.(#6866)
Fixed a thread-safety issue in
LogRecordSharedPool.Rent().(#6833)
Fixed observable instruments (ObservableCounter, ObservableUpDownCounter,
ObservableGauge) continuing to export stale data points after a callback
stops reporting a series.
(#5950)
See CHANGELOG for details.
NuGet: OpenTelemetry.Api v1.15.1
specification,
which disallows empty baggage names and treats baggage names and values as case
sensitive.
(#6931)
See CHANGELOG for details.
NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.15.1
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.Console v1.15.1
No notable changes.
See CHANGELOG for details.
... (truncated)
1.15.1-beta.1
The following changes are from the previous release 1.15.0-beta.1.
NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.15.1-beta.1
1.15.1.(#7010)
See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.Prometheus.HttpListener v1.15.1-beta.1
1.15.1.(#7010)
See CHANGELOG for details.
NuGet: OpenTelemetry.Shims.OpenTracing v1.15.1-beta.1
This package is deprecated and it will stop receiving any updates in
March 2027. Use the OpenTelemetry API and SDK directly instead of the OpenTracing
shims.
(#6976)
Updated OpenTelemetry core component version(s) to
1.15.1.(#7010)
See CHANGELOG for details.
Commits viewable in compare view.
Updated OpenTelemetry.Extensions.Hosting from 1.15.0 to 1.15.1.
Release notes
Sourced from OpenTelemetry.Extensions.Hosting's releases.
1.15.1
For highlights and announcements pertaining to this release see: Release Notes > 1.15.1.
The following changes are from the previous release 1.15.0.
NuGet: OpenTelemetry v1.15.1
Fixed
Tracer.StartSpan()leaving the new span asActivity.Currentwhenthe previous activity was stopped by another thread during span creation.
(#6257)
Fixed
OverflowExceptioninTraceIdRatioBasedSamplerwhen trace ID bytesproduced
long.MinValue.([#6928])
Fixed precision issues when using
Histogram<float>with customHistogramBucketBoundaries.(#6866)
Fixed a thread-safety issue in
LogRecordSharedPool.Rent().(#6833)
Fixed observable instruments (ObservableCounter, ObservableUpDownCounter,
ObservableGauge) continuing to export stale data points after a callback
stops reporting a series.
(#5950)
See CHANGELOG for details.
NuGet: OpenTelemetry.Api v1.15.1
specification,
which disallows empty baggage names and treats baggage names and values as case
sensitive.
(#6931)
See CHANGELOG for details.
NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.15.1
No notable changes.
See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.Console v1.15.1
No notable changes.
See CHANGELOG for details.
... (truncated)
1.15.1-beta.1
The following changes are from the previous release 1.15.0-beta.1.
NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.15.1-beta.1
1.15.1.(#7010)
See CHANGELOG for details.
NuGet: OpenTelemetry.Exporter.Prometheus.HttpListener v1.15.1-beta.1
1.15.1.(#7010)
See CHANGELOG for details.
NuGet: OpenTelemetry.Shims.OpenTracing v1.15.1-beta.1
This package is deprecated and it will stop receiving any updates in
March 2027. Use the OpenTelemetry API and SDK directly instead of the OpenTracing
shims.
(#6976)
Updated OpenTelemetry core component version(s) to
1.15.1.(#7010)
See CHANGELOG for details.
Commits viewable in compare view.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions