Skip to content

Bump Aspire.Hosting.Azure.CosmosDB and 17 others#27

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/nuget/src/minor-and-patch-ec7ade921d
Open

Bump Aspire.Hosting.Azure.CosmosDB and 17 others#27
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/nuget/src/minor-and-patch-ec7ade921d

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 12, 2026

Updated Aspire.Hosting.Azure.CosmosDB from 13.2.0 to 13.3.0.

Release notes

Sourced from Aspire.Hosting.Azure.CosmosDB's releases.

13.3.0

Aspire 13.3.0

Aspire 13.3 is here! 🚀 This release is packed with new ways to deploy, debug, and build distributed apps — including aspire destroy, browser telemetry in the dashboard, Kubernetes deployment, first-class JavaScript publishing, and major TypeScript AppHost parity
improvements.

Highlights

  • 🧹 Clean teardown — New aspire destroy tears down Azure, Kubernetes, and Docker Compose deployments, and pipeline summaries make deploy/publish/destroy runs easier to follow.
  • 🔍 Frontend telemetryAspire.Hosting.Browsers captures browser console logs, network requests, and screenshots right in the Aspire dashboard.
  • ☸️ Kubernetes deploy previewaspire deploy can now generate Helm-based Kubernetes deployments, with first-class Ingress and Gateway API routing.
  • 🟨 JavaScript publishing — New PublishAs* methods support static sites, Node servers, npm-script apps, Next.js, Vite, Bun, Yarn, and pnpm.
  • 🌐 TypeScript AppHost parity — Unified withEnvironment, Docker Compose hooks, endpoint expressions, Azure Container Apps domains, and more close the gap with C# AppHosts.
  • 🛠️ CLI upgrades — Run the standalone dashboard with aspire dashboard run, install the CLI as a NativeAOT dotnet tool, and search API docs from the terminal.
  • ☁️ Azure goodness — New Azure Front Door, Network Security Perimeter, AKS, private endpoint, and Foundry Prompt Agent support.
  • 🐳 Better containers — The Aspire container tunnel is now enabled by default for consistent host connectivity across Docker Desktop, Docker Engine, and Podman.

⚠️ Breaking changes

Notable breaking changes include --log-level becoming --pipeline-log-level, the dashboard MCP server being replaced by aspire agent init, dotnet new aspire-py-starter moving to aspire new aspire-py-starter, and several API shape updates across AKS,
Foundry, JavaScript diagnostics, and TypeScript AppHost helpers.

See the full list in the Aspire 13.3 breaking changes.

📖 Learn more

For the full details, examples, migration guidance, and everything new in this release, check out What's new in Aspire 13.3.

Thank you to all the community contributors who helped make Aspire 13.3 possible! 💜

13.2.4

Aspire 13.2.4

What's New in Aspire 13.2.4

Patch release addressing a security advisory in OpenTelemetry dependencies.

🐛 Fixes

  • 🔒 Bumped OpenTelemetry dependencies to address CVE-2026-40894 (#​16420)

🏷️ Housekeeping

  • 🚀 Bumped branding to
    13.2.4 (#​16436)

13.2.3

What's New in Aspire 13.2.3

Patch release focused on CLI packaging, signing, and reliability fixes.

🐛 Fixes

  • 🛑 aspire stop now properly cleans up application containers on Windows (#​16123)
  • 🔐 Fixed macOS signing, permissions, and certificate trust with improved CI verification (#​16053)
  • ✍️ Fixed signing for the aspire-managed bundle payload (#​16211)
  • 🎭 Fixed Playwright CLI provenance verification for the new tag format (#​16134)
  • 🧭 Updated service discovery environment variables (#​16223)

🔧 Improvements

  • 📊 Removed telemetry API data limits and refactored URL builders (#​16023)
  • ⏱️ Increased native build + sign timeout to 60 minutes for reliability (#​16212)

🏷️ Housekeeping

  • 🔖 Bumped branding to 13.2.3 (#​16181)
  • 🧪 Temporarily disabled Verify CLI archive step on Windows while investigating (#​16276, #​16285)

13.2.2

This is a servicing release focused on bug fixes and platform improvements.

🐛 Bug Fixes

  • Fix SqlClient runtime asset layout on Unix — Resolved an issue where Microsoft.Data.SqlClient failed to load correctly on macOS and Linux due to incorrect NuGet asset layout (#​15709)
  • Fix IDE execution regressions for Azure Functions and class library projects — Backported fixes for
    13.2 regressions impacting IDE-based execution (#​15714)
  • Fix NpmRunner multi-version output parsing — npm view returning multiple versions no longer breaks version resolution; also bumps @​playwright/cli to >=0.1.3 (#​15746)
  • Skip name validation for internal resources — ProjectRebuilderResource, installer, and venv creator resources no longer fail the 64-char name limit since they're never deployed (#​15726, fixes #​15693)

🔒 Security & Certificates

  • Use ASP.NET Core dev cert for DCP — Avoids ephemeral certificate trust issues by using the standard ASP.NET Core developer certificate (#​15718)
  • Cache PFX dev certs on Windows and Linux — Prevents binary-level changes between runs for persistent container scenarios (#​15774)

🏗️ Infrastructure & Platform

  • ARM64 CLI support — Added win-arm64 and linux-arm64 to the native CLI archive build matrix (#​15599)
  • Update DCP to
    0.22.11 (#​15713)

💻 CLI Improvements

  • Show anonymous dashboard URLs in aspire ps — The dashboard URL is now displayed even when running without authentication (#​15731

13.2.1

🐛 Bug Fixes

  • 🖥️ CLI bundles for ARM & musl — win-arm64, linux-arm64, and linux-musl-x64 bundles now correctly include DCP instead of silently producing broken installs (#​15529)
  • ⚡ aspire new in VS Code — Fixed a race where the workspace switch severed the CLI terminal before the agent init prompt could complete (#​15553)
  • 🔗 Dashboard resource URLs — The describe command no longer produces broken dashboard links with a stray /login?t=... in the path (#​15495)
  • 🌍 Guest AppHost env vars — Launch profile environment variables are now correctly forwarded to guest AppHosts (#​15637)
  • 📦 Legacy settings migration — .aspire/settings.json → aspire.config.json migration was silently skipped in some scenarios; now works reliably (#​15526)
  • 🔧 TypeScript AppHost restore — Fixed config resolution during TS AppHost restore (#​15625)
  • 🎭 Playwright CLI on Windows — aspire agent init now correctly installs playwright-cli on Windows (#​15559)
  • 📌 Emulator stability — Pinned Kusto emulator image and improved Cosmos DB emulator reliability (#​15504)

✨ Improvements

  • 🏗️ Brownfield TypeScript aspire init — Running aspire init in existing JS/TS projects now smartly merges package.json — scripts, dependencies, and engines — with semver-aware conflict handling (#​15123)
  • 🎯 Endpoint filtering — New ExcludeReferenceEndpoint property lets you filter specific endpoints from WithReference (#​15586)
  • 🌐 More polyglot ATS APIs — Exported additional hosting APIs for TypeScript and Go AppHost authoring (#​15557)
  • 🔍 Short trace ID support — The dashboard now resolves short trace IDs in addition to full-length ones (#​15613)
  • ⚠️ Aspire.Hosting.NodeJs deprecated — Use Aspire.Hosting.JavaScript instead; the old package no longer appears in aspire add (#​15686)

Commits viewable in compare view.

Updated Aspire.Hosting.Redis from 13.2.0 to 13.3.0.

Release notes

Sourced from Aspire.Hosting.Redis's releases.

13.3.0

Aspire 13.3.0

Aspire 13.3 is here! 🚀 This release is packed with new ways to deploy, debug, and build distributed apps — including aspire destroy, browser telemetry in the dashboard, Kubernetes deployment, first-class JavaScript publishing, and major TypeScript AppHost parity
improvements.

Highlights

  • 🧹 Clean teardown — New aspire destroy tears down Azure, Kubernetes, and Docker Compose deployments, and pipeline summaries make deploy/publish/destroy runs easier to follow.
  • 🔍 Frontend telemetryAspire.Hosting.Browsers captures browser console logs, network requests, and screenshots right in the Aspire dashboard.
  • ☸️ Kubernetes deploy previewaspire deploy can now generate Helm-based Kubernetes deployments, with first-class Ingress and Gateway API routing.
  • 🟨 JavaScript publishing — New PublishAs* methods support static sites, Node servers, npm-script apps, Next.js, Vite, Bun, Yarn, and pnpm.
  • 🌐 TypeScript AppHost parity — Unified withEnvironment, Docker Compose hooks, endpoint expressions, Azure Container Apps domains, and more close the gap with C# AppHosts.
  • 🛠️ CLI upgrades — Run the standalone dashboard with aspire dashboard run, install the CLI as a NativeAOT dotnet tool, and search API docs from the terminal.
  • ☁️ Azure goodness — New Azure Front Door, Network Security Perimeter, AKS, private endpoint, and Foundry Prompt Agent support.
  • 🐳 Better containers — The Aspire container tunnel is now enabled by default for consistent host connectivity across Docker Desktop, Docker Engine, and Podman.

⚠️ Breaking changes

Notable breaking changes include --log-level becoming --pipeline-log-level, the dashboard MCP server being replaced by aspire agent init, dotnet new aspire-py-starter moving to aspire new aspire-py-starter, and several API shape updates across AKS,
Foundry, JavaScript diagnostics, and TypeScript AppHost helpers.

See the full list in the Aspire 13.3 breaking changes.

📖 Learn more

For the full details, examples, migration guidance, and everything new in this release, check out What's new in Aspire 13.3.

Thank you to all the community contributors who helped make Aspire 13.3 possible! 💜

13.2.4

Aspire 13.2.4

What's New in Aspire 13.2.4

Patch release addressing a security advisory in OpenTelemetry dependencies.

🐛 Fixes

  • 🔒 Bumped OpenTelemetry dependencies to address CVE-2026-40894 (#​16420)

🏷️ Housekeeping

  • 🚀 Bumped branding to
    13.2.4 (#​16436)

13.2.3

What's New in Aspire 13.2.3

Patch release focused on CLI packaging, signing, and reliability fixes.

🐛 Fixes

  • 🛑 aspire stop now properly cleans up application containers on Windows (#​16123)
  • 🔐 Fixed macOS signing, permissions, and certificate trust with improved CI verification (#​16053)
  • ✍️ Fixed signing for the aspire-managed bundle payload (#​16211)
  • 🎭 Fixed Playwright CLI provenance verification for the new tag format (#​16134)
  • 🧭 Updated service discovery environment variables (#​16223)

🔧 Improvements

  • 📊 Removed telemetry API data limits and refactored URL builders (#​16023)
  • ⏱️ Increased native build + sign timeout to 60 minutes for reliability (#​16212)

🏷️ Housekeeping

  • 🔖 Bumped branding to 13.2.3 (#​16181)
  • 🧪 Temporarily disabled Verify CLI archive step on Windows while investigating (#​16276, #​16285)

13.2.2

This is a servicing release focused on bug fixes and platform improvements.

🐛 Bug Fixes

  • Fix SqlClient runtime asset layout on Unix — Resolved an issue where Microsoft.Data.SqlClient failed to load correctly on macOS and Linux due to incorrect NuGet asset layout (#​15709)
  • Fix IDE execution regressions for Azure Functions and class library projects — Backported fixes for
    13.2 regressions impacting IDE-based execution (#​15714)
  • Fix NpmRunner multi-version output parsing — npm view returning multiple versions no longer breaks version resolution; also bumps @​playwright/cli to >=0.1.3 (#​15746)
  • Skip name validation for internal resources — ProjectRebuilderResource, installer, and venv creator resources no longer fail the 64-char name limit since they're never deployed (#​15726, fixes #​15693)

🔒 Security & Certificates

  • Use ASP.NET Core dev cert for DCP — Avoids ephemeral certificate trust issues by using the standard ASP.NET Core developer certificate (#​15718)
  • Cache PFX dev certs on Windows and Linux — Prevents binary-level changes between runs for persistent container scenarios (#​15774)

🏗️ Infrastructure & Platform

  • ARM64 CLI support — Added win-arm64 and linux-arm64 to the native CLI archive build matrix (#​15599)
  • Update DCP to
    0.22.11 (#​15713)

💻 CLI Improvements

  • Show anonymous dashboard URLs in aspire ps — The dashboard URL is now displayed even when running without authentication (#​15731

13.2.1

🐛 Bug Fixes

  • 🖥️ CLI bundles for ARM & musl — win-arm64, linux-arm64, and linux-musl-x64 bundles now correctly include DCP instead of silently producing broken installs (#​15529)
  • ⚡ aspire new in VS Code — Fixed a race where the workspace switch severed the CLI terminal before the agent init prompt could complete (#​15553)
  • 🔗 Dashboard resource URLs — The describe command no longer produces broken dashboard links with a stray /login?t=... in the path (#​15495)
  • 🌍 Guest AppHost env vars — Launch profile environment variables are now correctly forwarded to guest AppHosts (#​15637)
  • 📦 Legacy settings migration — .aspire/settings.json → aspire.config.json migration was silently skipped in some scenarios; now works reliably (#​15526)
  • 🔧 TypeScript AppHost restore — Fixed config resolution during TS AppHost restore (#​15625)
  • 🎭 Playwright CLI on Windows — aspire agent init now correctly installs playwright-cli on Windows (#​15559)
  • 📌 Emulator stability — Pinned Kusto emulator image and improved Cosmos DB emulator reliability (#​15504)

✨ Improvements

  • 🏗️ Brownfield TypeScript aspire init — Running aspire init in existing JS/TS projects now smartly merges package.json — scripts, dependencies, and engines — with semver-aware conflict handling (#​15123)
  • 🎯 Endpoint filtering — New ExcludeReferenceEndpoint property lets you filter specific endpoints from WithReference (#​15586)
  • 🌐 More polyglot ATS APIs — Exported additional hosting APIs for TypeScript and Go AppHost authoring (#​15557)
  • 🔍 Short trace ID support — The dashboard now resolves short trace IDs in addition to full-length ones (#​15613)
  • ⚠️ Aspire.Hosting.NodeJs deprecated — Use Aspire.Hosting.JavaScript instead; the old package no longer appears in aspire add (#​15686)

Commits viewable in compare view.

Updated Aspire.Microsoft.Azure.Cosmos from 13.2.0 to 13.3.0.

Release notes

Sourced from Aspire.Microsoft.Azure.Cosmos's releases.

13.3.0

Aspire 13.3.0

Aspire 13.3 is here! 🚀 This release is packed with new ways to deploy, debug, and build distributed apps — including aspire destroy, browser telemetry in the dashboard, Kubernetes deployment, first-class JavaScript publishing, and major TypeScript AppHost parity
improvements.

Highlights

  • 🧹 Clean teardown — New aspire destroy tears down Azure, Kubernetes, and Docker Compose deployments, and pipeline summaries make deploy/publish/destroy runs easier to follow.
  • 🔍 Frontend telemetryAspire.Hosting.Browsers captures browser console logs, network requests, and screenshots right in the Aspire dashboard.
  • ☸️ Kubernetes deploy previewaspire deploy can now generate Helm-based Kubernetes deployments, with first-class Ingress and Gateway API routing.
  • 🟨 JavaScript publishing — New PublishAs* methods support static sites, Node servers, npm-script apps, Next.js, Vite, Bun, Yarn, and pnpm.
  • 🌐 TypeScript AppHost parity — Unified withEnvironment, Docker Compose hooks, endpoint expressions, Azure Container Apps domains, and more close the gap with C# AppHosts.
  • 🛠️ CLI upgrades — Run the standalone dashboard with aspire dashboard run, install the CLI as a NativeAOT dotnet tool, and search API docs from the terminal.
  • ☁️ Azure goodness — New Azure Front Door, Network Security Perimeter, AKS, private endpoint, and Foundry Prompt Agent support.
  • 🐳 Better containers — The Aspire container tunnel is now enabled by default for consistent host connectivity across Docker Desktop, Docker Engine, and Podman.

⚠️ Breaking changes

Notable breaking changes include --log-level becoming --pipeline-log-level, the dashboard MCP server being replaced by aspire agent init, dotnet new aspire-py-starter moving to aspire new aspire-py-starter, and several API shape updates across AKS,
Foundry, JavaScript diagnostics, and TypeScript AppHost helpers.

See the full list in the Aspire 13.3 breaking changes.

📖 Learn more

For the full details, examples, migration guidance, and everything new in this release, check out What's new in Aspire 13.3.

Thank you to all the community contributors who helped make Aspire 13.3 possible! 💜

13.2.4

Aspire 13.2.4

What's New in Aspire 13.2.4

Patch release addressing a security advisory in OpenTelemetry dependencies.

🐛 Fixes

  • 🔒 Bumped OpenTelemetry dependencies to address CVE-2026-40894 (#​16420)

🏷️ Housekeeping

  • 🚀 Bumped branding to
    13.2.4 (#​16436)

13.2.3

What's New in Aspire 13.2.3

Patch release focused on CLI packaging, signing, and reliability fixes.

🐛 Fixes

  • 🛑 aspire stop now properly cleans up application containers on Windows (#​16123)
  • 🔐 Fixed macOS signing, permissions, and certificate trust with improved CI verification (#​16053)
  • ✍️ Fixed signing for the aspire-managed bundle payload (#​16211)
  • 🎭 Fixed Playwright CLI provenance verification for the new tag format (#​16134)
  • 🧭 Updated service discovery environment variables (#​16223)

🔧 Improvements

  • 📊 Removed telemetry API data limits and refactored URL builders (#​16023)
  • ⏱️ Increased native build + sign timeout to 60 minutes for reliability (#​16212)

🏷️ Housekeeping

  • 🔖 Bumped branding to 13.2.3 (#​16181)
  • 🧪 Temporarily disabled Verify CLI archive step on Windows while investigating (#​16276, #​16285)

13.2.2

This is a servicing release focused on bug fixes and platform improvements.

🐛 Bug Fixes

  • Fix SqlClient runtime asset layout on Unix — Resolved an issue where Microsoft.Data.SqlClient failed to load correctly on macOS and Linux due to incorrect NuGet asset layout (#​15709)
  • Fix IDE execution regressions for Azure Functions and class library projects — Backported fixes for
    13.2 regressions impacting IDE-based execution (#​15714)
  • Fix NpmRunner multi-version output parsing — npm view returning multiple versions no longer breaks version resolution; also bumps @​playwright/cli to >=0.1.3 (#​15746)
  • Skip name validation for internal resources — ProjectRebuilderResource, installer, and venv creator resources no longer fail the 64-char name limit since they're never deployed (#​15726, fixes #​15693)

🔒 Security & Certificates

  • Use ASP.NET Core dev cert for DCP — Avoids ephemeral certificate trust issues by using the standard ASP.NET Core developer certificate (#​15718)
  • Cache PFX dev certs on Windows and Linux — Prevents binary-level changes between runs for persistent container scenarios (#​15774)

🏗️ Infrastructure & Platform

  • ARM64 CLI support — Added win-arm64 and linux-arm64 to the native CLI archive build matrix (#​15599)
  • Update DCP to
    0.22.11 (#​15713)

💻 CLI Improvements

  • Show anonymous dashboard URLs in aspire ps — The dashboard URL is now displayed even when running without authentication (#​15731

13.2.1

🐛 Bug Fixes

  • 🖥️ CLI bundles for ARM & musl — win-arm64, linux-arm64, and linux-musl-x64 bundles now correctly include DCP instead of silently producing broken installs (#​15529)
  • ⚡ aspire new in VS Code — Fixed a race where the workspace switch severed the CLI terminal before the agent init prompt could complete (#​15553)
  • 🔗 Dashboard resource URLs — The describe command no longer produces broken dashboard links with a stray /login?t=... in the path (#​15495)
  • 🌍 Guest AppHost env vars — Launch profile environment variables are now correctly forwarded to guest AppHosts (#​15637)
  • 📦 Legacy settings migration — .aspire/settings.json → aspire.config.json migration was silently skipped in some scenarios; now works reliably (#​15526)
  • 🔧 TypeScript AppHost restore — Fixed config resolution during TS AppHost restore (#​15625)
  • 🎭 Playwright CLI on Windows — aspire agent init now correctly installs playwright-cli on Windows (#​15559)
  • 📌 Emulator stability — Pinned Kusto emulator image and improved Cosmos DB emulator reliability (#​15504)

✨ Improvements

  • 🏗️ Brownfield TypeScript aspire init — Running aspire init in existing JS/TS projects now smartly merges package.json — scripts, dependencies, and engines — with semver-aware conflict handling (#​15123)
  • 🎯 Endpoint filtering — New ExcludeReferenceEndpoint property lets you filter specific endpoints from WithReference (#​15586)
  • 🌐 More polyglot ATS APIs — Exported additional hosting APIs for TypeScript and Go AppHost authoring (#​15557)
  • 🔍 Short trace ID support — The dashboard now resolves short trace IDs in addition to full-length ones (#​15613)
  • ⚠️ Aspire.Hosting.NodeJs deprecated — Use Aspire.Hosting.JavaScript instead; the old package no longer appears in aspire add (#​15686)

Commits viewable in compare view.

Updated Aspire.StackExchange.Redis from 13.2.0 to 13.3.0.

Release notes

Sourced from Aspire.StackExchange.Redis's releases.

13.3.0

Aspire 13.3.0

Aspire 13.3 is here! 🚀 This release is packed with new ways to deploy, debug, and build distributed apps — including aspire destroy, browser telemetry in the dashboard, Kubernetes deployment, first-class JavaScript publishing, and major TypeScript AppHost parity
improvements.

Highlights

  • 🧹 Clean teardown — New aspire destroy tears down Azure, Kubernetes, and Docker Compose deployments, and pipeline summaries make deploy/publish/destroy runs easier to follow.
  • 🔍 Frontend telemetryAspire.Hosting.Browsers captures browser console logs, network requests, and screenshots right in the Aspire dashboard.
  • ☸️ Kubernetes deploy previewaspire deploy can now generate Helm-based Kubernetes deployments, with first-class Ingress and Gateway API routing.
  • 🟨 JavaScript publishing — New PublishAs* methods support static sites, Node servers, npm-script apps, Next.js, Vite, Bun, Yarn, and pnpm.
  • 🌐 TypeScript AppHost parity — Unified withEnvironment, Docker Compose hooks, endpoint expressions, Azure Container Apps domains, and more close the gap with C# AppHosts.
  • 🛠️ CLI upgrades — Run the standalone dashboard with aspire dashboard run, install the CLI as a NativeAOT dotnet tool, and search API docs from the terminal.
  • ☁️ Azure goodness — New Azure Front Door, Network Security Perimeter, AKS, private endpoint, and Foundry Prompt Agent support.
  • 🐳 Better containers — The Aspire container tunnel is now enabled by default for consistent host connectivity across Docker Desktop, Docker Engine, and Podman.

⚠️ Breaking changes

Notable breaking changes include --log-level becoming --pipeline-log-level, the dashboard MCP server being replaced by aspire agent init, dotnet new aspire-py-starter moving to aspire new aspire-py-starter, and several API shape updates across AKS,
Foundry, JavaScript diagnostics, and TypeScript AppHost helpers.

See the full list in the Aspire 13.3 breaking changes.

📖 Learn more

For the full details, examples, migration guidance, and everything new in this release, check out What's new in Aspire 13.3.

Thank you to all the community contributors who helped make Aspire 13.3 possible! 💜

13.2.4

Aspire 13.2.4

What's New in Aspire 13.2.4

Patch release addressing a security advisory in OpenTelemetry dependencies.

🐛 Fixes

  • 🔒 Bumped OpenTelemetry dependencies to address CVE-2026-40894 (#​16420)

🏷️ Housekeeping

  • 🚀 Bumped branding to
    13.2.4 (#​16436)

13.2.3

What's New in Aspire 13.2.3

Patch release focused on CLI packaging, signing, and reliability fixes.

🐛 Fixes

  • 🛑 aspire stop now properly cleans up application containers on Windows (#​16123)
  • 🔐 Fixed macOS signing, permissions, and certificate trust with improved CI verification (#​16053)
  • ✍️ Fixed signing for the aspire-managed bundle payload (#​16211)
  • 🎭 Fixed Playwright CLI provenance verification for the new tag format (#​16134)
  • 🧭 Updated service discovery environment variables (#​16223)

🔧 Improvements

  • 📊 Removed telemetry API data limits and refactored URL builders (#​16023)
  • ⏱️ Increased native build + sign timeout to 60 minutes for reliability (#​16212)

🏷️ Housekeeping

  • 🔖 Bumped branding to 13.2.3 (#​16181)
  • 🧪 Temporarily disabled Verify CLI archive step on Windows while investigating (#​16276, #​16285)

13.2.2

This is a servicing release focused on bug fixes and platform improvements.

🐛 Bug Fixes

  • Fix SqlClient runtime asset layout on Unix — Resolved an issue where Microsoft.Data.SqlClient failed to load correctly on macOS and Linux due to incorrect NuGet asset layout (#​15709)
  • Fix IDE execution regressions for Azure Functions and class library projects — Backported fixes for
    13.2 regressions impacting IDE-based execution (#​15714)
  • Fix NpmRunner multi-version output parsing — npm view returning multiple versions no longer breaks version resolution; also bumps @​playwright/cli to >=0.1.3 (#​15746)
  • Skip name validation for internal resources — ProjectRebuilderResource, installer, and venv creator resources no longer fail the 64-char name limit since they're never deployed (#​15726, fixes #​15693)

🔒 Security & Certificates

  • Use ASP.NET Core dev cert for DCP — Avoids ephemeral certificate trust issues by using the standard ASP.NET Core developer certificate (#​15718)
  • Cache PFX dev certs on Windows and Linux — Prevents binary-level changes between runs for persistent container scenarios (#​15774)

🏗️ Infrastructure & Platform

  • ARM64 CLI support — Added win-arm64 and linux-arm64 to the native CLI archive build matrix (#​15599)
  • Update DCP to
    0.22.11 (#​15713)

💻 CLI Improvements

  • Show anonymous dashboard URLs in aspire ps — The dashboard URL is now displayed even when running without authentication (#​15731

13.2.1

🐛 Bug Fixes

  • 🖥️ CLI bundles for ARM & musl — win-arm64, linux-arm64, and linux-musl-x64 bundles now correctly include DCP instead of silently producing broken installs (#​15529)
  • ⚡ aspire new in VS Code — Fixed a race where the workspace switch severed the CLI terminal before the agent init prompt could complete (#​15553)
  • 🔗 Dashboard resource URLs — The describe command no longer produces broken dashboard links with a stray /login?t=... in the path (#​15495)
  • 🌍 Guest AppHost env vars — Launch profile environment variables are now correctly forwarded to guest AppHosts (#​15637)
  • 📦 Legacy settings migration — .aspire/settings.json → aspire.config.json migration was silently skipped in some scenarios; now works reliably (#​15526)
  • 🔧 TypeScript AppHost restore — Fixed config resolution during TS AppHost restore (#​15625)
  • 🎭 Playwright CLI on Windows — aspire agent init now correctly installs playwright-cli on Windows (#​15559)
  • 📌 Emulator stability — Pinned Kusto emulator image and improved Cosmos DB emulator reliability (#​15504)

✨ Improvements

  • 🏗️ Brownfield TypeScript aspire init — Running aspire init in existing JS/TS projects now smartly merges package.json — scripts, dependencies, and engines — with semver-aware conflict handling (#​15123)
  • 🎯 Endpoint filtering — New ExcludeReferenceEndpoint property lets you filter specific endpoints from WithReference (#​15586)
  • 🌐 More polyglot ATS APIs — Exported additional hosting APIs for TypeScript and Go AppHost authoring (#​15557)
  • 🔍 Short trace ID support — The dashboard now resolves short trace IDs in addition to full-length ones (#​15613)
  • ⚠️ Aspire.Hosting.NodeJs deprecated — Use Aspire.Hosting.JavaScript instead; the old package no longer appears in aspire add (#​15686)

Commits viewable in compare view.

Updated Azure.Identity from 1.19.0 to 1.21.0.

Release notes

Sourced from Azure.Identity's releases.

No release notes found for this version range.

Commits viewable in compare view.

Pinned Azure.Monitor.OpenTelemetry.AspNetCore at 1.5.0.

Release notes

Sourced from Azure.Monitor.OpenTelemetry.AspNetCore's releases.

1.5.0

1.5.0 (2026-04-30)

Features Added

  • Add ability to specify EnableStandardMetrics and EnablePerformanceCounters
    (#​56438)

Breaking Changes

  • Default Sampler Changed: The default sampling behavior has been changed from
    ApplicationInsightsSampler with 100% sampling (all traces sampled) to
    RateLimitedSampler with 5.0 traces per second. This change significantly
    reduces telemetry volume for high-traffic applications and provides better
    cost optimization out of the box.
    Impact: Applications with more than 5 requests per second will see fewer
    traces exported by default.
    Migration: To maintain the previous behavior (100% sampling), explicitly
    configure the sampler:
// Option 1: Set SamplingRatio and clear TracesPerSecond
builder.Services.AddOpenTelemetry()
    .UseAzureMonitor(options =>
    {
        options.SamplingRatio = 1.0f;
        options.TracesPerSecond = null;
    });
// Option 2: Use environment variables
// OTEL_TRACES_SAMPLER=microsoft.fixed_percentage
// OTEL_TRACES_SAMPLER_ARG=1.0

Bugs Fixed

  • Fixed an issue where Azure Container Apps instances were showing VM instance GUIDs
    instead of replica names in the Role Instance field.
    (#​54586)

1.5.0-beta.1

1.5.0-beta.1 (2026-04-28)

Features Added

1.4.2

1.4.2 (2026-04-28)

Other Changes

  • Upgraded dependent Azure.Core to 1.54.0.
  • Upgraded dependent Azure.ResourceManager to 1.14.0.

1.4.1

1.4.1 (2026-04-27)

Other Changes

  • Upgraded dependent Azure.Core to 1.54.0.
  • Upgraded dependent Azure.ResourceManager to 1.14.0.

Commits viewable in compare view.

Updated Microsoft.Agents.AI.Purview from 1.0.0-rc4 to 1.0.0-rc6.

Release notes

Sourced from Microsoft.Agents.AI.Purview's releases.

1.0.0-rc5

What's Changed

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Mvc.Testing from 10.0.5 to 10.0.7.

Release notes

Sourced from Microsoft.AspNetCore.Mvc.Testing's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.OpenApi from 10.0.5 to 10.0.7.

Release notes

Sourced from Microsoft.AspNetCore.OpenApi's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration from 10.0.5 to 10.0.7.

Release notes

Sourced from Microsoft.Extensions.Configuration's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.DependencyInjection from 10.0.5 to 10.0.7.

Release notes

Sourced from Microsoft.Extensions.DependencyInjection's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Diagnostics.Testing from 10.4.0 to 10.5.0.

Release notes

Sourced from Microsoft.Extensions.Diagnostics.Testing's releases.

10.5.0

HTTP Logging Middleware APIs in Microsoft.AspNetCore.Diagnostics.Middleware are now stable. This release also transfers Microsoft.Extensions.VectorData.Abstractions and Microsoft.Extensions.VectorData.ConformanceTests from the Semantic Kernel repository into dotnet/extensions, jumping from 10.1.0 to 10.5.0 for consistent versioning. The release also delivers fixes across the AI libraries, AI Evaluation, and Service Discovery.

Breaking Changes

  1. Rename VectorStoreVectorAttribute constructor parameter #​7460
    • The Dimensions parameter was renamed to dimensions (lowercase). This is a source-breaking change only — binary compatibility is preserved.
    • If you use the named argument syntax new VectorStoreVectorAttribute(Dimensions: 1536), update it to new VectorStoreVectorAttribute(dimensions: 1536).

Experimental API Changes

Now Stable

  • HTTP Logging Middleware APIs are now stable (previously EXTEXP0013): AddHttpLogEnricher<T>, IHttpLogEnricher, and RequestHeadersLogEnricherOptions.HeadersDataClasses #​7380

What's Changed

AI

  • Fix OpenAIResponsesChatClient to respect "store":false in responses #​7417 by @​stephentoub
  • Fix InvalidOperationException in CoalesceWebSearchToolCallContent #​7419 by @​stephentoub
  • Handle F# optional parameters in AIFunctionFactory schema generation #​7439 by @​eiriktsarpalis
  • Fix ComputerCallResponseItem using Item.Id instead of CallId #​7446 by @​jozkee
  • Fix HostedFileContent with image MIME type sent as input_file instead of input_image #​7438 by @​stephentoub (co-authored by @​copilot)
  • Guard Activity.Current restore with null check in OpenTelemetry streaming clients #​7443 by @​stephentoub (co-authored by @​copilot)
  • Enable stateless mode in remote MCP server template (released as v1.2.0 on 2026-04-01) #​7441 by @​jeffhandley

Vector Data

  • Move Microsoft.Extensions.VectorData.Abstractions over from Semantic Kernel #​7434 by @​roji
  • Rename VectorStoreVectorAttribute dimensions constructor parameter #​7460 by @​roji

AI Evaluation

  • Add Path Validation for DiskBasedResponseCache and DiskBasedResultStore #​7397 by @​peterwald
  • Update brace-expansion for CVE-2026-33750 #​7457 by @​SamMonoRT

ASP.NET Core Extensions

  • Removing experimental attribute from Http logging middleware #​7380 by @​mariamgerges

Service Discovery

  • Implement RFC6761 reserved DNS names handling #​6924 by @​rzikm

Documentation Updates

  • Remove per-library CHANGELOG.md files #​7413 by @​jeffhandley

Test Improvements

... (truncated)

10.4.1

This release of the Microsoft.Extensions.AI packages adds new experimental APIs for Realtime client sessions and Text-to-Speech, along with OpenTelemetry and middleware improvements.

Packages in this release

Package Version
Microsoft.Extensions.AI.Abstractions 10.4.1
Microsoft.Extensions.AI 10.4.1
Microsoft.Extensions.AI.OpenAI 10.4.1

Experimental API Changes

New Experimental APIs

  • New experimental API: Realtime Client Sessions #​7285 and #​7399
  • New experimental API: Text-to-Speech Client #​7381

Changes to Experimental APIs

  • Hosted File Download Stream: write-path methods now explicitly throw NotSupportedException #​7394

What's Changed

AI

  • Add ITextToSpeechClient abstraction, middleware, and OpenAI implementation #​7381 by @​stephentoub
  • Realtime Client Proposal #​7285 by @​tarekgh
  • Add VoiceActivityDetection options to realtime session abstractions #​7399 by @​tarekgh
  • Make UriContent mediaType parameter optional with inference from URI file extension #​7398 by @​stephentoub (co-authored by @​Copilot)
  • Emit gen_ai.client.operation.exception via ILogger LoggerMessage on OpenTelemetry instrumentation classes #​7379 by @​stephentoub (co-authored by @​Copilot)
  • Support invoke_workflow as an equivalent parent span to invoke_agent in FunctionInvokingChatClient #​7382 by @​stephentoub (co-authored by @​Copilot)
  • Make HostedFileDownloadStream explicitly read-only #​7394 by @​stephentoub (co-authored by @​Copilot)

Documentation Updates

  • Document JSON schema derivation for return types in AIFunctionFactory #​7400 by @​stephentoub (co-authored by @​Copilot)

Test Improvements

  • Fix test warnings #​7369 by @​jozkee
  • Add tests for JSON deserialization of serializable types #​7373 by @​stephentoub (co-authored by @​Copilot)

Repository Infrastructure Updates

  • Update Package Validation Baseline to 10.4.0 #​7389 by @​jeffhandley (co-authored by @​Copilot)
  • Update ModelContextProtocol libraries to version 1.0.0 #​7340 by @​stephentoub (co-authored by @​Copilot)

Acknowledgements

  • @​eiriktsarpalis @​ericstj @​CodeBlanch @​lmolkova @​adamsitnik @​joperezr reviewed pull requests
    ... (truncated)

Commits viewable in compare view.

Pinned Microsoft.Extensions.Http.Resilience at 10.5.0.

Release notes

Sourced from Microsoft.Extensions.Http.Resilience's releases.

10.5.0

HTTP Logging Middleware APIs in Microsoft.AspNetCore.Diagnostics.Middleware are now stable. This release also transfers Microsoft.Extensions.VectorData.Abstractions and Microsoft.Extensions.VectorData.ConformanceTests from the Semantic Kernel repository into dotnet/extensions, jumping from 10.1.0 to 10.5.0 for consistent versioning. The release also delivers fixes across the AI libraries, AI Evaluation, and Service Discovery.

Breaking Changes

  1. Rename VectorStoreVectorAttribute constructor parameter #​7460
    • The Dimensions parameter was renamed to dimensions (lowercase). This is a source-breaking change only — binary compatibility is preserved.
    • If you use the named argument syntax new VectorStoreVectorAttribute(Dimensions: 1536), update it to new VectorStoreVectorAttribute(dimensions: 1536).

Experimental API Changes

Now Stable

  • HTTP Logging Middleware APIs are now stable (previously EXTEXP0013): AddHttpLogEnricher<T>, IHttpLogEnricher, and RequestHeadersLogEnricherOptions.HeadersDataClasses #​7380

What's Changed

AI

  • Fix OpenAIResponsesChatClient to respect "store":false in responses #​7417 by @​stephentoub
  • Fix InvalidOperationException in CoalesceWebSearchToolCallContent #​7419 by @​stephentoub
  • Handle F# optional parameters in AIFunctionFactory schema generation #​7439 by @​eiriktsarpalis
  • Fix ComputerCallResponseItem using Item.Id instead of CallId #​7446 by @​jozkee
  • Fix HostedFileContent with image MIME type sent as input_file instead of input_image #​7438 by @​stephentoub (co-authored by @​copilot)
  • Guard Activity.Current restore with null check in OpenTelemetry streaming clients #​7443 by @​stephentoub (co-authored by @​copilot)
  • Enable stateless mode in remote MCP server template (released as v1.2.0 on 2026-04-01) #​7441 by @​jeffhandley

Vector Data

  • Move Microsoft.Extensions.VectorData.Abstractions over from Semantic Kernel #​7434 by @​roji
  • Rename VectorStoreVectorAttribute dimensions constructor parameter #​7460 by @​roji

AI Evaluation

  • Add Path Validation for DiskBasedResponseCache and DiskBasedResultStore #​7397 by @​peterwald
  • Update brace-expansion for CVE-2026-33750 #​7457 by @​SamMonoRT

ASP.NET Core Extensions

  • Removing experimental attribute from Http logging middleware #​7380 by @​mariamgerges

Service Discovery

  • Implement RFC6761 reserved DNS names handling #​6924 by @​rzikm

Documentation Updates

  • Remove per-library CHANGELOG.md files #​7413 by @​jeffhandley

Test Improvements

... (truncated)

10.4.1

This release of the Microsoft.Extensions.AI packages adds new experimental APIs for Realtime client sessions and Text-to-Speech, along with OpenTelemetry and middleware improvements.

Packages in this release

Package Version
Microsoft.Extensions.AI.Abstractions 10.4.1
Microsoft.Extensions.AI 10.4.1
Microsoft.Extensions.AI.OpenAI 10.4.1

Experimental API Changes

New Experimental APIs

  • New experimental API: Realtime Client Sessions #​7285 and #​7399
  • New experimental API: Text-to-Speech Client #​7381

Changes to Experimental APIs

  • Hosted File Download Stream: write-path methods now explicitly throw NotSupportedException #​7394

What's Changed

AI

  • Add ITextToSpeechClient abstraction, middleware, and OpenAI implementation #​7381 by @​stephentoub
  • Realtime Client Proposal #​7285 by @​tarekgh
  • Add VoiceActivityDetection options to realtime session abstractions #​7399 by @​tarekgh
  • Make UriContent mediaType parameter optional with inference from URI file extension #​7398 by @​stephentoub (co-authored by @​Copilot)
  • Emit gen_ai.client.operation.exception via ILogger LoggerMessage on OpenTelemetry instrumentation classes #​7379 by @​stephentoub (co-authored by @​Copilot)
  • Support invoke_workflow as an equivalent parent span to invoke_agent in FunctionInvokingChatClient #​7382 by @​stephentoub (co-authored by @​Copilot)
  • Make HostedFileDownloadStream explicitly read-only #​7394 by @​stephentoub (co-authored by @​Copilot)

Documentation Updates

  • Document JSON schema derivation for return types in AIFunctionFactory #​7400 by @​stephentoub (co-authored by @​Copilot)

Test Improvements

  • Fix test warnings #​7369 by @​jozkee
  • Add tests for JSON deserialization of serializable types #​7373 by @​stephentoub (co-authored by @​Copilot)

Repository Infrastructure Updates

  • Update Package Validation Baseline to 10.4.0 #​7389 by @​jeffhandley (co-authored by @​Copilot)
  • Update ModelContextProtocol libraries to version 1.0.0 #​7340 by @​stephentoub (co-authored by @​Copilot)

Acknowledgements

  • @​eiriktsarpalis @​ericstj @​CodeBlanch @​lmolkova @​adamsitnik @​joperezr reviewed pull requests
    ... (truncated)

Commits viewable in compare view.

Updated Microsoft.Extensions.Logging from 10.0.5 to 10.0.6.

Release notes

Sourced from Microsoft.Extensions.Logging's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Logging from 10.0.5 to 10.0.7.

Release notes

Sourced from Microsoft.Extensions.Logging's releases.

No release notes found for this version range.

Commits viewable in compare view.

Pinned Microsoft.Extensions.ServiceDiscovery at 10.5.0.

Release notes

Sourced from Microsoft.Extensions.ServiceDiscovery's releases.

10.5.0

HTTP Logging Middleware APIs in Microsoft.AspNetCore.Diagnostics.Middleware are now stable. This release also transfers Microsoft.Extensions.VectorData.Abstractions and Microsoft.Extensions.VectorData.ConformanceTests from the Semantic Kernel repository into dotnet/extensions, jumping from 10.1.0 to 10.5.0 for consistent versioning. The release also delivers fixes across the AI libraries, AI Evaluation, and Service Discovery.

Breaking Changes

  1. Rename VectorStoreVectorAttribute constructor parameter #​7460
    • The Dimensions parameter was renamed to dimensions (lowercase). This is a source-breaking change only — binary compatibility is preserved.
    • If you use the named argument syntax new VectorStoreVectorAttribute(Dimensions: 1536), update it to new VectorStoreVectorAttribute(dimensions: 1536).

Experimental API Changes

Now Stable

  • HTTP Logging Middleware APIs are now stable (previously EXTEXP0013): AddHttpLogEnricher<T>, IHttpLogEnricher, and RequestHeadersLogEnricherOptions.HeadersDataClasses #​7380

What's Changed

AI

  • Fix OpenAIResponsesChatClient to respect "store":false in responses #​7417 by @​stephentoub
  • Fix InvalidOperationException in CoalesceWebSearchToolCallContent #​7419 by @​stephentoub
  • Handle F# optional parameters in AIFunctionFactory schema generation #​7439 by @​eiriktsarpalis
  • Fix ComputerCallResponseItem using Item.Id instead of CallId #​7446 by @​jozkee
  • Fix HostedFileContent with image MIME type sent as input_file instead of input_image #​7438 by @​stephentoub (co-authored by @​copilot)
  • Guard Activity.Current restore with null check in OpenTelemetry streaming clients #​7443 by @​stephentoub (co-authored by @​copilot)
  • Enable stateless mode in remote MCP server template (released as v1.2.0 on 2026-04-01) #​7441 by @​jeffhandley

Vector Data

  • Move Microsoft.Extensions.VectorData.Abstractions over from Semantic Kernel #​7434 by @​roji
  • Rename VectorStoreVectorAttribute dimensions constructor parameter #​7460 by @​roji

AI Evaluation

  • Add Path Validation for DiskBasedResponseCache and DiskBasedResultStore #​7397 by @​peterwald
  • Update brace-expansion for CVE-2026-33750 #​7457 by @​SamMonoRT

ASP.NET Core Extensions

  • Removing experimental attribute from Http logging middleware #​7380 by @​mariamgerges

Service Discovery

  • Implement RFC6761 reserved DNS names handling #​6924 by @​rzikm

Documentation Updates

  • Remove per-library CHANGELOG.md files #​7413 by @​jeffhandley

Test Improvements

... (truncated)

10.4.1

This release of the Microsoft.Extensions.AI packages adds new experimental APIs for Realtime client sessions and Text-to-Speech, along with OpenTelemetry and middleware improvements.

Packages in this release

Package Version
Microsoft.Extensions.AI.Abstractions 10.4.1
Microsoft.Extensions.AI 10.4.1
Microsoft.Extensions.AI.OpenAI 10.4.1

Experimental API Changes

New Experimental APIs

  • New experimental API: Realtime Client Sessions #​7285 and #​7399
  • New experimental API: Text-to-Speech Client #​7381

Changes to Experimental APIs

  • Hosted File Download Stream: write-path methods now explicitly throw NotSupportedException #​7394

What's Changed

AI

  • Add ITextToSpeechClient abstraction, middleware, and OpenAI implementation #​7381 by @​stephentoub
  • Realtime Client Proposal #​7285 by @​tarekgh
  • Add VoiceActivityDetection options to realtime session abstractions #​7399 by @​tarekgh
  • Make UriContent mediaType parameter optional with inference from URI file extension #​7398 by @​stephentoub (co-authored by @​Copilot)
  • Emit gen_ai.client.operation.exception via ILogger LoggerMessage on OpenTelemetry instrumentation classes #​7379 by @​stephentoub (co-authored by @​Copilot)
  • Support invoke_workflow as an equivalent parent span to invoke_agent in FunctionInvokingChatClient #​7382 by @​stephentoub (co-authored by @​Copilot)
  • Make HostedFileDownloadStream explicitly read-only #​7394 by @​stephentoub (co-authored by @​Copilot)

Documentation Updates

  • Document JSON schema derivation for return types in AIFunctionFactory #​7400 by @​stephentoub (co-authored by @​Copilot)

Test Improvements

  • Fix test warnings #​7369 by @​jozkee
  • Add tests for JSON deserialization of serializable types #​7373 by @​stephentoub (co-authored by @​Copilot)

Repository Infrastructure Updates

  • Update Package Validation Baseline to 10.4.0 #​7389 by @​jeffhandley (co-authored by @​Copilot)
  • Update ModelContextProtocol libraries to version 1.0.0 #​7340 by @​stephentoub (co-authored by @​Copilot)

Acknowledgements

  • @​eiriktsarpalis @​ericstj @​CodeBlanch @​lmolkova @​adamsitnik @​joperezr reviewed pull requests
    ... (truncated)

Commits viewable in compare view.

Updated Microsoft.Identity.Web from 4.6.0 to 4.9.0.

Release notes

Sourced from Microsoft.Identity.Web's releases.

4.9.0

New features

  • Sidecar: per-route override gating. New Sidecar:AllowOverrides configuration section provides explicit, per-route control over whether optionsOverride.* query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. optionsOverride.BaseUrl is unconditionally rejected on all routes as a hardening measure. See #​3794.

Bug fixes

  • Fix AccountController.Challenge redirect URI validation to reject percent-encoded protocol-relative bypasses (%2F%2F, %5C%2F, etc.) that could be decoded by misconfigured reverse proxies. See #​3792.

Behavior changes

  • DownstreamApi: reserved header filtering. Headers supplied via DownstreamApiOptions.ExtraHeaderParameters whose names match reserved HTTP headers (Authorization, Host, Content-Length, Proxy-Authorization, Sec-*, Proxy-*, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (ReservedHeaderIgnored / DuplicateHeaderIgnored) is emitted so operators can spot misconfigurations. No exception is thrown. See #​3793.

Dependencies updates

  • Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.* 8.0.x minimum on older TFMs. Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on Microsoft.Extensions.DependencyInjection.Abstractions 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a CS0433 type collision with the previously-pinned Microsoft.Extensions.DependencyInjection 2.1.0. Rather than patch individual packages, the entire Microsoft.Extensions.* stack on these older TFMs has been bumped to 8.0.x, closing several 5-year version gaps and aligning with the net8.0 baseline. If your application targets net462, net472, or netstandard2.0, your resolved Microsoft.Extensions.* versions will increase (e.g., Extensions.Http 3.1.3 → 8.0.0, Extensions.DependencyInjection 2.1.0 → 8.0.0, Extensions.Caching.Memory 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See #​3787.
  • Bump System.Text.Json 8.0.5 → 8.0.6 (CVE-2024-43485). See #​3787.
  • Bump Microsoft.AspNetCore.DataProtection to 10.0.7 for CVE fix on net10.0. See #​3796.
  • Bump OpenTelemetry.Exporter.OpenTelemetryProtocol 1.14.0 → 1.15.3. See #​3788.

Full Changelog: AzureAD/microsoft-identity-web@4.8.0...4.9.0

4.8.0

What's Changed

New Contributors

Full Changelog: AzureAD/microsoft-identity-web@4.6.0...4.8.0

4.7.0

4.7.0

Bug fixes

  • Updates to Microsoft.Identity.Abstractions 12.0.0 to revert breaking changes introduced in Abstractions 11.0.0. (On .NET 10 target, Certificate extension method in CredentialDescription was reverted to normal property.) See #​3767.

Commits viewable in compare view.

Pinned OpenTelemetry.Exporter.OpenTelemetryProtocol at 1.15.3.

Release notes

Sourced from OpenTelemetry.Exporter.OpenTelemetryProtocol's releases.

1.15.3

For highlights and announcements pertaining to this release see: Release Notes > 1.15.3.

The following changes are from the previous release 1.15.2.

Description has been truncated

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a reb...

Description has been truncated

@dependabot
Bump Aspire.Hosting.Azure.CosmosDB and 17 others
525f29d 
Bumps Aspire.Hosting.Azure.CosmosDB from 13.2.0 to 13.3.0
Bumps Aspire.Hosting.Redis from 13.2.0 to 13.3.0
Bumps Aspire.Microsoft.Azure.Cosmos from 13.2.0 to 13.3.0
Bumps Aspire.StackExchange.Redis from 13.2.0 to 13.3.0
Bumps Azure.Identity from 1.19.0 to 1.21.0
Bumps Azure.Monitor.OpenTelemetry.AspNetCore from 1.4.0 to 1.5.0
Bumps Microsoft.Agents.AI.Purview from 1.0.0-rc4 to 1.0.0-rc6
Bumps Microsoft.AspNetCore.Mvc.Testing from 10.0.5 to 10.0.7
Bumps Microsoft.AspNetCore.OpenApi from 10.0.5 to 10.0.7
Bumps Microsoft.Extensions.Configuration from 10.0.5 to 10.0.7
Bumps Microsoft.Extensions.DependencyInjection from 10.0.5 to 10.0.7
Bumps Microsoft.Extensions.Diagnostics.Testing from 10.4.0 to 10.5.0
Bumps Microsoft.Extensions.Http.Resilience from 10.4.0 to 10.5.0
Bumps Microsoft.Extensions.Logging to 10.0.6, 10.0.7
Bumps Microsoft.Extensions.ServiceDiscovery from 10.4.0 to 10.5.0
Bumps Microsoft.Identity.Web from 4.6.0 to 4.9.0
Bumps OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.15.0 to 1.15.3
Bumps OpenTelemetry.Instrumentation.Runtime from 1.15.0 to 1.15.1

---
updated-dependencies:
- dependency-name: Aspire.Hosting.Azure.CosmosDB
  dependency-version: 13.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Azure.Identity
  dependency-version: 1.21.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Aspire.Hosting.Redis
  dependency-version: 13.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Aspire.Microsoft.Azure.Cosmos
  dependency-version: 13.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Aspire.StackExchange.Redis
  dependency-version: 13.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Azure.Monitor.OpenTelemetry.AspNetCore
  dependency-version: 1.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Agents.AI.Purview
  dependency-version: 1.0.0-rc6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.AspNetCore.Mvc.Testing
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.AspNetCore.OpenApi
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Extensions.Configuration
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Extensions.DependencyInjection
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Extensions.Diagnostics.Testing
  dependency-version: 10.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Extensions.Logging
  dependency-version: 10.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Extensions.Http.Resilience
  dependency-version: 10.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Extensions.Logging
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Extensions.ServiceDiscovery
  dependency-version: 10.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: Microsoft.Identity.Web
  dependency-version: 4.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: minor-and-patch
- dependency-name: OpenTelemetry.Exporter.OpenTelemetryProtocol
  dependency-version: 1.15.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
- dependency-name: OpenTelemetry.Instrumentation.Runtime
  dependency-version: 1.15.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: minor-and-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels May 12, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants