chore(deps): update aspire to 13.2.4

[thomhurst]

This PR contains the following updates:

Package	Type	Update	Change
Aspire.AppHost.Sdk	msbuild-sdk	patch	13.2.3 → 13.2.4
Aspire.Hosting.AppHost	nuget	patch	13.2.3 → 13.2.4
Aspire.Hosting.PostgreSQL	nuget	patch	13.2.3 → 13.2.4
Aspire.Hosting.RabbitMQ	nuget	patch	13.2.3 → 13.2.4
Aspire.Hosting.Redis	nuget	patch	13.2.3 → 13.2.4
Aspire.Hosting.Testing	nuget	patch	13.2.3 → 13.2.4
Aspire.Npgsql.EntityFrameworkCore.PostgreSQL	nuget	patch	13.2.3 → 13.2.4
Aspire.StackExchange.Redis	nuget	patch	13.2.3 → 13.2.4
Aspire.StackExchange.Redis.OutputCaching	nuget	patch	13.2.3 → 13.2.4

---

Release Notes

microsoft/aspire (Aspire.AppHost.Sdk)

v13.2.4: Aspire 13.2.4

Aspire 13.2.4

What's New in Aspire 13.2.4

Patch release addressing a security advisory in OpenTelemetry dependencies.

🐛 Fixes

• 🔒 Bumped OpenTelemetry dependencies to address CVE-2026-40894 (#​16420)

🏷️ Housekeeping

• 🚀 Bumped branding to
  13.2.4 (#​16436)

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

[claude]

Dependency Update Review: Aspire 13.2.3 → 13.2.4

This is a Renovate-generated patch update for all Aspire packages (9 packages) from 13.2.3 to 13.2.4.

Security Context

This update is worth merging promptly. The 13.2.4 release is a security patch that bumps OpenTelemetry dependencies to address CVE-2026-40894. The PR description confirms this is the primary motivation for the release.

Change Quality

The diff is clean and consistent:

• Directory.Packages.props is updated for centrally managed packages.
• All project files that pin versions directly (TUnit.Aspire.Tests.AppHost, CloudShop.AppHost, template files, etc.) are updated in lockstep.
• No version mismatches between projects — all references move uniformly from 13.2.3 to 13.2.4.

Observations

One minor structural note (not a blocker): the TUnit.Templates content and the examples/CloudShop projects pin Aspire package versions directly in their .csproj files rather than deferring to Directory.Packages.props. This means future updates touch more files than necessary. Migrating those version references into central package management would reduce the surface area of PRs like this one, but that is a separate cleanup concern.

Verdict

The update is correct, consistent, and addresses a real security advisory. Auto-merge is appropriate here.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity

Metric	Results
Complexity	0

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}