Bump the production-dependencies group with 8 updates

[dependabot]

Updated Aspire.AppHost.Sdk from 13.2.2 to 13.3.0.

Release notes

Sourced from Aspire.AppHost.Sdk's releases.

13.3.0

Aspire 13.3.0

Aspire 13.3 is here! 🚀 This release is packed with new ways to deploy, debug, and build distributed apps — including aspire destroy, browser telemetry in the dashboard, Kubernetes deployment, first-class JavaScript publishing, and major TypeScript AppHost parity
improvements.

Highlights

• 🧹 Clean teardown — New aspire destroy tears down Azure, Kubernetes, and Docker Compose deployments, and pipeline summaries make deploy/publish/destroy runs easier to follow.
• 🔍 Frontend telemetry — Aspire.Hosting.Browsers captures browser console logs, network requests, and screenshots right in the Aspire dashboard.
• ☸️ Kubernetes deploy preview — aspire deploy can now generate Helm-based Kubernetes deployments, with first-class Ingress and Gateway API routing.
• 🟨 JavaScript publishing — New PublishAs* methods support static sites, Node servers, npm-script apps, Next.js, Vite, Bun, Yarn, and pnpm.
• 🌐 TypeScript AppHost parity — Unified withEnvironment, Docker Compose hooks, endpoint expressions, Azure Container Apps domains, and more close the gap with C# AppHosts.
• 🛠️ CLI upgrades — Run the standalone dashboard with aspire dashboard run, install the CLI as a NativeAOT dotnet tool, and search API docs from the terminal.
• ☁️ Azure goodness — New Azure Front Door, Network Security Perimeter, AKS, private endpoint, and Foundry Prompt Agent support.
• 🐳 Better containers — The Aspire container tunnel is now enabled by default for consistent host connectivity across Docker Desktop, Docker Engine, and Podman.

⚠️ Breaking changes

Notable breaking changes include --log-level becoming --pipeline-log-level, the dashboard MCP server being replaced by aspire agent init, dotnet new aspire-py-starter moving to aspire new aspire-py-starter, and several API shape updates across AKS,
Foundry, JavaScript diagnostics, and TypeScript AppHost helpers.

See the full list in the Aspire 13.3 breaking changes.

📖 Learn more

For the full details, examples, migration guidance, and everything new in this release, check out What's new in Aspire 13.3.

Thank you to all the community contributors who helped make Aspire 13.3 possible! 💜

13.2.4

Aspire 13.2.4

What's New in Aspire 13.2.4

Patch release addressing a security advisory in OpenTelemetry dependencies.

🐛 Fixes

• 🔒 Bumped OpenTelemetry dependencies to address CVE-2026-40894 (#​16420)

🏷️ Housekeeping

• 🚀 Bumped branding to
  13.2.4 (#​16436)

13.2.3

What's New in Aspire 13.2.3

Patch release focused on CLI packaging, signing, and reliability fixes.

🐛 Fixes

• 🛑 aspire stop now properly cleans up application containers on Windows (#​16123)
• 🔐 Fixed macOS signing, permissions, and certificate trust with improved CI verification (#​16053)
• ✍️ Fixed signing for the aspire-managed bundle payload (#​16211)
• 🎭 Fixed Playwright CLI provenance verification for the new tag format (#​16134)
• 🧭 Updated service discovery environment variables (#​16223)

🔧 Improvements

• 📊 Removed telemetry API data limits and refactored URL builders (#​16023)
• ⏱️ Increased native build + sign timeout to 60 minutes for reliability (#​16212)

🏷️ Housekeeping

• 🔖 Bumped branding to 13.2.3 (#​16181)
• 🧪 Temporarily disabled Verify CLI archive step on Windows while investigating (#​16276, #​16285)

Commits viewable in compare view.

Updated Aspire.Hosting.AppHost from 13.2.2 to 13.3.0.

Release notes

Sourced from Aspire.Hosting.AppHost's releases.

13.3.0

Aspire 13.3.0

Aspire 13.3 is here! 🚀 This release is packed with new ways to deploy, debug, and build distributed apps — including aspire destroy, browser telemetry in the dashboard, Kubernetes deployment, first-class JavaScript publishing, and major TypeScript AppHost parity
improvements.

Highlights

• 🧹 Clean teardown — New aspire destroy tears down Azure, Kubernetes, and Docker Compose deployments, and pipeline summaries make deploy/publish/destroy runs easier to follow.
• 🔍 Frontend telemetry — Aspire.Hosting.Browsers captures browser console logs, network requests, and screenshots right in the Aspire dashboard.
• ☸️ Kubernetes deploy preview — aspire deploy can now generate Helm-based Kubernetes deployments, with first-class Ingress and Gateway API routing.
• 🟨 JavaScript publishing — New PublishAs* methods support static sites, Node servers, npm-script apps, Next.js, Vite, Bun, Yarn, and pnpm.
• 🌐 TypeScript AppHost parity — Unified withEnvironment, Docker Compose hooks, endpoint expressions, Azure Container Apps domains, and more close the gap with C# AppHosts.
• 🛠️ CLI upgrades — Run the standalone dashboard with aspire dashboard run, install the CLI as a NativeAOT dotnet tool, and search API docs from the terminal.
• ☁️ Azure goodness — New Azure Front Door, Network Security Perimeter, AKS, private endpoint, and Foundry Prompt Agent support.
• 🐳 Better containers — The Aspire container tunnel is now enabled by default for consistent host connectivity across Docker Desktop, Docker Engine, and Podman.

⚠️ Breaking changes

Notable breaking changes include --log-level becoming --pipeline-log-level, the dashboard MCP server being replaced by aspire agent init, dotnet new aspire-py-starter moving to aspire new aspire-py-starter, and several API shape updates across AKS,
Foundry, JavaScript diagnostics, and TypeScript AppHost helpers.

See the full list in the Aspire 13.3 breaking changes.

📖 Learn more

For the full details, examples, migration guidance, and everything new in this release, check out What's new in Aspire 13.3.

Thank you to all the community contributors who helped make Aspire 13.3 possible! 💜

13.2.4

Aspire 13.2.4

What's New in Aspire 13.2.4

Patch release addressing a security advisory in OpenTelemetry dependencies.

🐛 Fixes

• 🔒 Bumped OpenTelemetry dependencies to address CVE-2026-40894 (#​16420)

🏷️ Housekeeping

• 🚀 Bumped branding to
  13.2.4 (#​16436)

13.2.3

What's New in Aspire 13.2.3

Patch release focused on CLI packaging, signing, and reliability fixes.

🐛 Fixes

• 🛑 aspire stop now properly cleans up application containers on Windows (#​16123)
• 🔐 Fixed macOS signing, permissions, and certificate trust with improved CI verification (#​16053)
• ✍️ Fixed signing for the aspire-managed bundle payload (#​16211)
• 🎭 Fixed Playwright CLI provenance verification for the new tag format (#​16134)
• 🧭 Updated service discovery environment variables (#​16223)

🔧 Improvements

• 📊 Removed telemetry API data limits and refactored URL builders (#​16023)
• ⏱️ Increased native build + sign timeout to 60 minutes for reliability (#​16212)

🏷️ Housekeeping

• 🔖 Bumped branding to 13.2.3 (#​16181)
• 🧪 Temporarily disabled Verify CLI archive step on Windows while investigating (#​16276, #​16285)

Commits viewable in compare view.

Updated Aspire.Hosting.AppHost from 13.2.4 to 13.3.0.

Release notes

Sourced from Aspire.Hosting.AppHost's releases.

13.3.0

Aspire 13.3.0

Aspire 13.3 is here! 🚀 This release is packed with new ways to deploy, debug, and build distributed apps — including aspire destroy, browser telemetry in the dashboard, Kubernetes deployment, first-class JavaScript publishing, and major TypeScript AppHost parity
improvements.

Highlights

• 🧹 Clean teardown — New aspire destroy tears down Azure, Kubernetes, and Docker Compose deployments, and pipeline summaries make deploy/publish/destroy runs easier to follow.
• 🔍 Frontend telemetry — Aspire.Hosting.Browsers captures browser console logs, network requests, and screenshots right in the Aspire dashboard.
• ☸️ Kubernetes deploy preview — aspire deploy can now generate Helm-based Kubernetes deployments, with first-class Ingress and Gateway API routing.
• 🟨 JavaScript publishing — New PublishAs* methods support static sites, Node servers, npm-script apps, Next.js, Vite, Bun, Yarn, and pnpm.
• 🌐 TypeScript AppHost parity — Unified withEnvironment, Docker Compose hooks, endpoint expressions, Azure Container Apps domains, and more close the gap with C# AppHosts.
• 🛠️ CLI upgrades — Run the standalone dashboard with aspire dashboard run, install the CLI as a NativeAOT dotnet tool, and search API docs from the terminal.
• ☁️ Azure goodness — New Azure Front Door, Network Security Perimeter, AKS, private endpoint, and Foundry Prompt Agent support.
• 🐳 Better containers — The Aspire container tunnel is now enabled by default for consistent host connectivity across Docker Desktop, Docker Engine, and Podman.

⚠️ Breaking changes

Notable breaking changes include --log-level becoming --pipeline-log-level, the dashboard MCP server being replaced by aspire agent init, dotnet new aspire-py-starter moving to aspire new aspire-py-starter, and several API shape updates across AKS,
Foundry, JavaScript diagnostics, and TypeScript AppHost helpers.

See the full list in the Aspire 13.3 breaking changes.

📖 Learn more

For the full details, examples, migration guidance, and everything new in this release, check out What's new in Aspire 13.3.

Thank you to all the community contributors who helped make Aspire 13.3 possible! 💜

Commits viewable in compare view.

Updated Aspire.Hosting.PostgreSQL from 13.2.4 to 13.3.0.

Release notes

Sourced from Aspire.Hosting.PostgreSQL's releases.

13.3.0

Aspire 13.3.0

Aspire 13.3 is here! 🚀 This release is packed with new ways to deploy, debug, and build distributed apps — including aspire destroy, browser telemetry in the dashboard, Kubernetes deployment, first-class JavaScript publishing, and major TypeScript AppHost parity
improvements.

Highlights

• 🧹 Clean teardown — New aspire destroy tears down Azure, Kubernetes, and Docker Compose deployments, and pipeline summaries make deploy/publish/destroy runs easier to follow.
• 🔍 Frontend telemetry — Aspire.Hosting.Browsers captures browser console logs, network requests, and screenshots right in the Aspire dashboard.
• ☸️ Kubernetes deploy preview — aspire deploy can now generate Helm-based Kubernetes deployments, with first-class Ingress and Gateway API routing.
• 🟨 JavaScript publishing — New PublishAs* methods support static sites, Node servers, npm-script apps, Next.js, Vite, Bun, Yarn, and pnpm.
• 🌐 TypeScript AppHost parity — Unified withEnvironment, Docker Compose hooks, endpoint expressions, Azure Container Apps domains, and more close the gap with C# AppHosts.
• 🛠️ CLI upgrades — Run the standalone dashboard with aspire dashboard run, install the CLI as a NativeAOT dotnet tool, and search API docs from the terminal.
• ☁️ Azure goodness — New Azure Front Door, Network Security Perimeter, AKS, private endpoint, and Foundry Prompt Agent support.
• 🐳 Better containers — The Aspire container tunnel is now enabled by default for consistent host connectivity across Docker Desktop, Docker Engine, and Podman.

⚠️ Breaking changes

Notable breaking changes include --log-level becoming --pipeline-log-level, the dashboard MCP server being replaced by aspire agent init, dotnet new aspire-py-starter moving to aspire new aspire-py-starter, and several API shape updates across AKS,
Foundry, JavaScript diagnostics, and TypeScript AppHost helpers.

See the full list in the Aspire 13.3 breaking changes.

📖 Learn more

For the full details, examples, migration guidance, and everything new in this release, check out What's new in Aspire 13.3.

Thank you to all the community contributors who helped make Aspire 13.3 possible! 💜

Commits viewable in compare view.

Updated Aspire.Hosting.Seq from 13.2.2 to 13.3.0.

Release notes

Sourced from Aspire.Hosting.Seq's releases.

13.3.0

Aspire 13.3.0

Aspire 13.3 is here! 🚀 This release is packed with new ways to deploy, debug, and build distributed apps — including aspire destroy, browser telemetry in the dashboard, Kubernetes deployment, first-class JavaScript publishing, and major TypeScript AppHost parity
improvements.

Highlights

• 🧹 Clean teardown — New aspire destroy tears down Azure, Kubernetes, and Docker Compose deployments, and pipeline summaries make deploy/publish/destroy runs easier to follow.
• 🔍 Frontend telemetry — Aspire.Hosting.Browsers captures browser console logs, network requests, and screenshots right in the Aspire dashboard.
• ☸️ Kubernetes deploy preview — aspire deploy can now generate Helm-based Kubernetes deployments, with first-class Ingress and Gateway API routing.
• 🟨 JavaScript publishing — New PublishAs* methods support static sites, Node servers, npm-script apps, Next.js, Vite, Bun, Yarn, and pnpm.
• 🌐 TypeScript AppHost parity — Unified withEnvironment, Docker Compose hooks, endpoint expressions, Azure Container Apps domains, and more close the gap with C# AppHosts.
• 🛠️ CLI upgrades — Run the standalone dashboard with aspire dashboard run, install the CLI as a NativeAOT dotnet tool, and search API docs from the terminal.
• ☁️ Azure goodness — New Azure Front Door, Network Security Perimeter, AKS, private endpoint, and Foundry Prompt Agent support.
• 🐳 Better containers — The Aspire container tunnel is now enabled by default for consistent host connectivity across Docker Desktop, Docker Engine, and Podman.

⚠️ Breaking changes

Notable breaking changes include --log-level becoming --pipeline-log-level, the dashboard MCP server being replaced by aspire agent init, dotnet new aspire-py-starter moving to aspire new aspire-py-starter, and several API shape updates across AKS,
Foundry, JavaScript diagnostics, and TypeScript AppHost helpers.

See the full list in the Aspire 13.3 breaking changes.

📖 Learn more

For the full details, examples, migration guidance, and everything new in this release, check out What's new in Aspire 13.3.

Thank you to all the community contributors who helped make Aspire 13.3 possible! 💜

13.2.4

Aspire 13.2.4

What's New in Aspire 13.2.4

Patch release addressing a security advisory in OpenTelemetry dependencies.

🐛 Fixes

• 🔒 Bumped OpenTelemetry dependencies to address CVE-2026-40894 (#​16420)

🏷️ Housekeeping

• 🚀 Bumped branding to
  13.2.4 (#​16436)

13.2.3

What's New in Aspire 13.2.3

Patch release focused on CLI packaging, signing, and reliability fixes.

🐛 Fixes

• 🛑 aspire stop now properly cleans up application containers on Windows (#​16123)
• 🔐 Fixed macOS signing, permissions, and certificate trust with improved CI verification (#​16053)
• ✍️ Fixed signing for the aspire-managed bundle payload (#​16211)
• 🎭 Fixed Playwright CLI provenance verification for the new tag format (#​16134)
• 🧭 Updated service discovery environment variables (#​16223)

🔧 Improvements

• 📊 Removed telemetry API data limits and refactored URL builders (#​16023)
• ⏱️ Increased native build + sign timeout to 60 minutes for reliability (#​16212)

🏷️ Housekeeping

• 🔖 Bumped branding to 13.2.3 (#​16181)
• 🧪 Temporarily disabled Verify CLI archive step on Windows while investigating (#​16276, #​16285)

Commits viewable in compare view.

Updated AWSSDK.S3 from 4.0.22.1 to 4.0.23.

Release notes

Sourced from AWSSDK.S3's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated AWSSDK.SimpleEmailV2 from 4.0.12.12 to 4.0.12.13.

Release notes

Sourced from AWSSDK.SimpleEmailV2's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.NET.Test.Sdk from 18.4.0 to 18.5.1.

Release notes

Sourced from Microsoft.NET.Test.Sdk's releases.

18.5.1

What's Changed

• Fix System.Collections.Immutable binding mismatch in Common.dll (rel/18.5) by @​nohwnd in Fix System.Collections.Immutable binding mismatch in Common.dll (rel/18.5) microsoft/vstest#15720
• Port verify-binding-redirects.ps1 to rel/18.5 by @​nohwnd in Port verify-binding-redirects.ps1 to rel/18.5 microsoft/vstest#15719
• Bump to 18.5.1 by @​nohwnd in Bump to 18.5.1 microsoft/vstest#15721

Full Changelog: microsoft/vstest@v18.5.0...v18.5.1

18.5.0

⚠️ Unlisted on Nuget, because of #​15718

What's Changed

• Add runtime configs by @​nohwnd in Add runtime configs microsoft/vstest#15377
• Add net8.0 target for TranslationLayer by @​nohwnd in Add net8.0 target for TranslationLayer microsoft/vstest#15375
• Determine architecture of remote process on windows by @​nohwnd in Determine architecture of remote process on windows microsoft/vstest#15396
• Updating System.Collections.Immutable package reference to version 9.0.0 by @​MSLukeWest in Updating System.Collections.Immutable package reference to version 9.0.0 microsoft/vstest#15392
• Dump via netcore tool on windows by @​nohwnd in Dump via netcore tool on windows microsoft/vstest#15397
• Fix answer file splitting by @​nohwnd in Fix answer file splitting microsoft/vstest#15381
• Run tests against vsix runner by @​nohwnd in Run tests against vsix runner microsoft/vstest#15419

Full Changelog: microsoft/vstest@v18.4.0...v18.5.0

Commits viewable in compare view.

Updated Twilio from 7.14.7 to 7.14.9.

Release notes

Sourced from Twilio's releases.

7.14.9

Release Notes

Conversations

• update actions api visibility

Memory

• 2026-05-07

• Content updates:
• include store api

Docs
NuGet

7.14.8

Release Notes

Library - Fix

• PR #​832: capturing parent exception JsonException. Thanks to @​sbansla!
• PR #​827: fixed date time deserializer. Thanks to @​sbansla!

Library - Chore

• PR #​831: updated domain. Thanks to @​sbansla!

Twiml

• Set recording_configuration_id attribute to public visibility in <Conference>, <Dial>, <Record> verbs and <Recording> noun

Api

• Add RecordingConfigurationId parameter for CreateCall, CreateCallRecording, CreateConferenceRecording, and CreateParticipant endpoints

Authy

• Changelog

• v1

• Added Authy API v1 under /v1 — initial onboarding of Public API (/v1/protected/*), Device API (/v1/json/*), and Dashboard API (/v1/dashboard/*) behind REST Proxy using transparent proxy mode.

Data-ingress

• 2026-04-21

• Content updates:
• Updated description for CreateDataSync
• Updated description for DeleteCloudAppDataset
• Updated description for DeleteWarehouseDataset

• 2026-04-20

• Minor updates (formatting, metadata)

• 2026-04-17

• updated operationId for dataplane APIs,Minor updates (formatting, metadata)

• 2026-04-15

• libraryVisibility to private

• 2026-04-14

• Added 1 new path(s):
• /v1/DataSyncs/Latest (GetLatestDataSyncs)

Memory

• 2026-04-21

• Content updates:
• Remove Prefer/Async-Operation headers

• 2026-04-21

• Content updates:
• Added 301 response for ListIdentifiers and GetIdentifier
• Added 308 response for DeleteProfile, CreateIdentifier, PatchIdentifier, and DeleteIdentifier

• 2026-04-14

• Modified 1 path(s):
• /v1/ControlPlane/Stores/{storeId} (added delete)
• Minor updates (formatting, metadata)

Voice
... (truncated)

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, nuget. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.