Bump the nuget group with 23 updates#1511
Open
dependabot[bot] wants to merge 1 commit into
Open
Conversation
Bumps Aspire.Hosting.AppHost from 13.4.2 to 13.4.6 Bumps Aspire.Hosting.PostgreSQL from 13.4.2 to 13.4.6 Bumps Aspire.Hosting.Redis from 13.4.2 to 13.4.6 Bumps Basic.Reference.Assemblies from 1.8.8 to 1.8.9 Bumps csharpier from 1.2.6 to 1.3.0 Bumps dotnet-ef from 10.0.8 to 10.0.9 Bumps JetBrains.Annotations from 2025.2.4 to 2026.2.0 Bumps MessagePack from 3.1.6 to 3.1.7 Bumps MessagePack.AspNetCoreMvcFormatter from 3.1.6 to 3.1.7 Bumps Microsoft.AspNetCore.Authentication.JwtBearer from 10.0.8 to 10.0.9 Bumps Microsoft.AspNetCore.OpenApi from 10.0.8 to 10.0.9 Bumps Microsoft.AspNetCore.TestHost from 10.0.8 to 10.0.9 Bumps Microsoft.Extensions.Caching.StackExchangeRedis from 10.0.8 to 10.0.9 Bumps Microsoft.FeatureManagement from 4.5.0 to 4.6.0 Bumps Nerdbank.GitVersioning from 3.9.50 to 3.10.85 Bumps OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.15.3 to 1.16.0 Bumps OpenTelemetry.Extensions.Hosting from 1.15.3 to 1.16.0 Bumps OpenTelemetry.Instrumentation.AspNetCore from 1.15.2 to 1.16.0 Bumps OpenTelemetry.Instrumentation.Http from 1.15.1 to 1.16.0 Bumps Redis.OM from 1.2.0 to 1.3.0 Bumps Serilog.Settings.Configuration from 10.0.0 to 10.0.1 Bumps System.Text.Json from 10.0.8 to 10.0.9 Bumps Verify.XunitV3 from 31.19.0 to 31.20.0 --- updated-dependencies: - dependency-name: Aspire.Hosting.AppHost dependency-version: 13.4.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget - dependency-name: Aspire.Hosting.PostgreSQL dependency-version: 13.4.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget - dependency-name: Aspire.Hosting.Redis dependency-version: 13.4.6 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget - dependency-name: Basic.Reference.Assemblies dependency-version: 1.8.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget - dependency-name: csharpier dependency-version: 1.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget - dependency-name: dotnet-ef dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget - dependency-name: JetBrains.Annotations dependency-version: 2026.2.0 dependency-type: direct:production update-type: version-update:semver-major dependency-group: nuget - dependency-name: MessagePack dependency-version: 3.1.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget - dependency-name: MessagePack.AspNetCoreMvcFormatter dependency-version: 3.1.7 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget - dependency-name: Microsoft.AspNetCore.Authentication.JwtBearer dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget - dependency-name: Microsoft.AspNetCore.OpenApi dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget - dependency-name: Microsoft.AspNetCore.TestHost dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget - dependency-name: Microsoft.Extensions.Caching.StackExchangeRedis dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget - dependency-name: Microsoft.FeatureManagement dependency-version: 4.6.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget - dependency-name: Nerdbank.GitVersioning dependency-version: 3.10.85 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget - dependency-name: OpenTelemetry.Exporter.OpenTelemetryProtocol dependency-version: 1.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget - dependency-name: OpenTelemetry.Extensions.Hosting dependency-version: 1.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget - dependency-name: OpenTelemetry.Instrumentation.AspNetCore dependency-version: 1.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget - dependency-name: OpenTelemetry.Instrumentation.Http dependency-version: 1.16.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget - dependency-name: Redis.OM dependency-version: 1.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget - dependency-name: Serilog.Settings.Configuration dependency-version: 10.0.1 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget - dependency-name: System.Text.Json dependency-version: 10.0.9 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: nuget - dependency-name: Verify.XunitV3 dependency-version: 31.20.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: nuget ... Signed-off-by: dependabot[bot] <support@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updated Aspire.Hosting.AppHost from 13.4.2 to 13.4.6.
Release notes
Sourced from Aspire.Hosting.AppHost's releases.
13.4.6
What's New in Aspire 13.4.6
Patch release for Aspire 13.4 fixing polyglot AppHost code generation binding when CLI and SDK versions diverge, resource service port collision in
--isolatedmode, and a MongoDB.Driver dependency update.🐛 Fixes
🔗 Polyglot AppHost code generation silently failed when CLI and SDK versions diverged —
Aspire.TypeSystemused a floating strong-nameAssemblyVersionthat changed with every build. When the installed Aspire CLI was built at a different version than the AppHost's SDK, the CLR couldn't satisfy the strong-name bind and every code generator (TypeScript, Python, Java, Go, Rust) was silently dropped, surfacing asNo code generator found for language: <lang>. TheAssemblyVersionis now frozen at a stable constant so any compatible CLI/SDK pair on 13.4 binds successfully. Relates to #18110 and #17910. (#18160,@sebastienros)🔌 Multiple AppHosts started with
--isolatedcollided on the resource service port — Both instances tried to bind to the same fixed port fromASPIRE_RESOURCE_SERVICE_ENDPOINT_URL, causing an "address already in use" error on the second instance.DashboardServiceHostnow binds to port 0 on loopback whenRandomizePortsis true (set by--isolated), letting the OS assign a unique port per instance. (#18341,@JamesNK)🍃 MongoDB.Driver updated to 3.9.0 — Removes a wrongly pinned
SharpCompresstransitive dependency and uses the correctedSnappiertransitive. Fixes #17981. (#18279,@Falco20019)🏷️ Housekeeping
Full Changelog: v13.4.5...v13.4.6
Full commit: 87fe259e4fc244c599019a7b1304c85a1488f248
13.4.5
What's New in Aspire 13.4.5
Patch release for Aspire 13.4 clearing a transitive MessagePack security advisory, tightening CLI validation for Playwright configuration, and adding coding-agent detection to CLI telemetry.
🐛 Fixes
MessagePackFormatteror LZ4 — all StreamJsonRpc calls useSystemTextJsonFormatterover local Unix sockets — so the vulnerability was not reachable in practice. The bump clears the NU1903 warning for consumers of theAspire.Hostingpackage. (#18204,@mitchdenny)playwrightCliVersionvalues that are not valid SemVer 2.0 now fail fast with a clear diagnostic — Previously an invalid override (range expression, dist-tag likelatest, or av-prefixed string) would surface as a generic npm resolution failure. The value is now validated with strict SemVer parsing at startup; an error naming the configuration key and the offending value is emitted immediately. (#18205,@mitchdenny)copilot-cli. (#18240,@damianedwards)🏷️ Housekeeping
@microsoft/aspire-clinpm package README to be TypeScript-only — updated examples to the currentts-startertemplate (apphost.mts/aspire.mjs), added a backing-services snippet showingaspire addfor PostgreSQL and Redis, and documentedaspire dashboard runas a standalone dashboard option. (#18221,@adamint)Full Changelog: v13.4.4...v13.4.5
Full commit: 73114e86c64aeb9f3f3c7da8e37df1ae4281b27e
13.4.4
What's New in Aspire 13.4.4
Patch release for Aspire 13.4 with improved DCP connection reliability during request execution and consistent
ExcludeFromMcp()filtering across all CLI MCP tools.🐛 Fixes
@karolz-ms)ExcludeFromMcp()were not consistently filtered from CLI MCP tools — Resources with theresource.excludeFromMcpproperty were not excluded uniformly from all CLI MCP tool results.list_resources,list_console_logs,execute_resource_command,list_structured_logs,list_traces, andlist_trace_structured_logsall now honor the exclusion, preventing excluded resources and their telemetry from appearing in agent context. (#18150,@JamesNK)🏷️ Housekeeping
@adamratzman)Full Changelog: v13.4.3...v13.4.4
Full commit: ccc566c5ab3285c9beb8f38ede34734bb477c029
13.4.3
What's New in Aspire 13.4.3
Patch release for Aspire 13.4 with a fix for persistent container endpoint allocation regressions introduced in 13.4.
🐛 Fixes
isProxied: falseorWithEndpointProxySupport(false). Proxyless container endpoints with only atargetPortspecified now also resolve immediately to that port instead of waiting for delayed allocation. (#17960,@danegsta)🏷️ Housekeeping
Full Changelog: microsoft/aspire@v13.4.2...v13.4.3
Full commit: 4f218933552e18ff2874d1b6d5dc3fe671e3b6d9
Commits viewable in compare view.
Updated Aspire.Hosting.PostgreSQL from 13.4.2 to 13.4.6.
Release notes
Sourced from Aspire.Hosting.PostgreSQL's releases.
13.4.6
What's New in Aspire 13.4.6
Patch release for Aspire 13.4 fixing polyglot AppHost code generation binding when CLI and SDK versions diverge, resource service port collision in
--isolatedmode, and a MongoDB.Driver dependency update.🐛 Fixes
🔗 Polyglot AppHost code generation silently failed when CLI and SDK versions diverged —
Aspire.TypeSystemused a floating strong-nameAssemblyVersionthat changed with every build. When the installed Aspire CLI was built at a different version than the AppHost's SDK, the CLR couldn't satisfy the strong-name bind and every code generator (TypeScript, Python, Java, Go, Rust) was silently dropped, surfacing asNo code generator found for language: <lang>. TheAssemblyVersionis now frozen at a stable constant so any compatible CLI/SDK pair on 13.4 binds successfully. Relates to #18110 and #17910. (#18160,@sebastienros)🔌 Multiple AppHosts started with
--isolatedcollided on the resource service port — Both instances tried to bind to the same fixed port fromASPIRE_RESOURCE_SERVICE_ENDPOINT_URL, causing an "address already in use" error on the second instance.DashboardServiceHostnow binds to port 0 on loopback whenRandomizePortsis true (set by--isolated), letting the OS assign a unique port per instance. (#18341,@JamesNK)🍃 MongoDB.Driver updated to 3.9.0 — Removes a wrongly pinned
SharpCompresstransitive dependency and uses the correctedSnappiertransitive. Fixes #17981. (#18279,@Falco20019)🏷️ Housekeeping
Full Changelog: v13.4.5...v13.4.6
Full commit: 87fe259e4fc244c599019a7b1304c85a1488f248
13.4.5
What's New in Aspire 13.4.5
Patch release for Aspire 13.4 clearing a transitive MessagePack security advisory, tightening CLI validation for Playwright configuration, and adding coding-agent detection to CLI telemetry.
🐛 Fixes
MessagePackFormatteror LZ4 — all StreamJsonRpc calls useSystemTextJsonFormatterover local Unix sockets — so the vulnerability was not reachable in practice. The bump clears the NU1903 warning for consumers of theAspire.Hostingpackage. (#18204,@mitchdenny)playwrightCliVersionvalues that are not valid SemVer 2.0 now fail fast with a clear diagnostic — Previously an invalid override (range expression, dist-tag likelatest, or av-prefixed string) would surface as a generic npm resolution failure. The value is now validated with strict SemVer parsing at startup; an error naming the configuration key and the offending value is emitted immediately. (#18205,@mitchdenny)copilot-cli. (#18240,@damianedwards)🏷️ Housekeeping
@microsoft/aspire-clinpm package README to be TypeScript-only — updated examples to the currentts-startertemplate (apphost.mts/aspire.mjs), added a backing-services snippet showingaspire addfor PostgreSQL and Redis, and documentedaspire dashboard runas a standalone dashboard option. (#18221,@adamint)Full Changelog: v13.4.4...v13.4.5
Full commit: 73114e86c64aeb9f3f3c7da8e37df1ae4281b27e
13.4.4
What's New in Aspire 13.4.4
Patch release for Aspire 13.4 with improved DCP connection reliability during request execution and consistent
ExcludeFromMcp()filtering across all CLI MCP tools.🐛 Fixes
@karolz-ms)ExcludeFromMcp()were not consistently filtered from CLI MCP tools — Resources with theresource.excludeFromMcpproperty were not excluded uniformly from all CLI MCP tool results.list_resources,list_console_logs,execute_resource_command,list_structured_logs,list_traces, andlist_trace_structured_logsall now honor the exclusion, preventing excluded resources and their telemetry from appearing in agent context. (#18150,@JamesNK)🏷️ Housekeeping
@adamratzman)Full Changelog: v13.4.3...v13.4.4
Full commit: ccc566c5ab3285c9beb8f38ede34734bb477c029
13.4.3
What's New in Aspire 13.4.3
Patch release for Aspire 13.4 with a fix for persistent container endpoint allocation regressions introduced in 13.4.
🐛 Fixes
isProxied: falseorWithEndpointProxySupport(false). Proxyless container endpoints with only atargetPortspecified now also resolve immediately to that port instead of waiting for delayed allocation. (#17960,@danegsta)🏷️ Housekeeping
Full Changelog: microsoft/aspire@v13.4.2...v13.4.3
Full commit: 4f218933552e18ff2874d1b6d5dc3fe671e3b6d9
Commits viewable in compare view.
Updated Aspire.Hosting.Redis from 13.4.2 to 13.4.6.
Release notes
Sourced from Aspire.Hosting.Redis's releases.
13.4.6
What's New in Aspire 13.4.6
Patch release for Aspire 13.4 fixing polyglot AppHost code generation binding when CLI and SDK versions diverge, resource service port collision in
--isolatedmode, and a MongoDB.Driver dependency update.🐛 Fixes
🔗 Polyglot AppHost code generation silently failed when CLI and SDK versions diverged —
Aspire.TypeSystemused a floating strong-nameAssemblyVersionthat changed with every build. When the installed Aspire CLI was built at a different version than the AppHost's SDK, the CLR couldn't satisfy the strong-name bind and every code generator (TypeScript, Python, Java, Go, Rust) was silently dropped, surfacing asNo code generator found for language: <lang>. TheAssemblyVersionis now frozen at a stable constant so any compatible CLI/SDK pair on 13.4 binds successfully. Relates to #18110 and #17910. (#18160,@sebastienros)🔌 Multiple AppHosts started with
--isolatedcollided on the resource service port — Both instances tried to bind to the same fixed port fromASPIRE_RESOURCE_SERVICE_ENDPOINT_URL, causing an "address already in use" error on the second instance.DashboardServiceHostnow binds to port 0 on loopback whenRandomizePortsis true (set by--isolated), letting the OS assign a unique port per instance. (#18341,@JamesNK)🍃 MongoDB.Driver updated to 3.9.0 — Removes a wrongly pinned
SharpCompresstransitive dependency and uses the correctedSnappiertransitive. Fixes #17981. (#18279,@Falco20019)🏷️ Housekeeping
Full Changelog: v13.4.5...v13.4.6
Full commit: 87fe259e4fc244c599019a7b1304c85a1488f248
13.4.5
What's New in Aspire 13.4.5
Patch release for Aspire 13.4 clearing a transitive MessagePack security advisory, tightening CLI validation for Playwright configuration, and adding coding-agent detection to CLI telemetry.
🐛 Fixes
MessagePackFormatteror LZ4 — all StreamJsonRpc calls useSystemTextJsonFormatterover local Unix sockets — so the vulnerability was not reachable in practice. The bump clears the NU1903 warning for consumers of theAspire.Hostingpackage. (#18204,@mitchdenny)playwrightCliVersionvalues that are not valid SemVer 2.0 now fail fast with a clear diagnostic — Previously an invalid override (range expression, dist-tag likelatest, or av-prefixed string) would surface as a generic npm resolution failure. The value is now validated with strict SemVer parsing at startup; an error naming the configuration key and the offending value is emitted immediately. (#18205,@mitchdenny)copilot-cli. (#18240,@damianedwards)🏷️ Housekeeping
@microsoft/aspire-clinpm package README to be TypeScript-only — updated examples to the currentts-startertemplate (apphost.mts/aspire.mjs), added a backing-services snippet showingaspire addfor PostgreSQL and Redis, and documentedaspire dashboard runas a standalone dashboard option. (#18221,@adamint)Full Changelog: v13.4.4...v13.4.5
Full commit: 73114e86c64aeb9f3f3c7da8e37df1ae4281b27e
13.4.4
What's New in Aspire 13.4.4
Patch release for Aspire 13.4 with improved DCP connection reliability during request execution and consistent
ExcludeFromMcp()filtering across all CLI MCP tools.🐛 Fixes
@karolz-ms)ExcludeFromMcp()were not consistently filtered from CLI MCP tools — Resources with theresource.excludeFromMcpproperty were not excluded uniformly from all CLI MCP tool results.list_resources,list_console_logs,execute_resource_command,list_structured_logs,list_traces, andlist_trace_structured_logsall now honor the exclusion, preventing excluded resources and their telemetry from appearing in agent context. (#18150,@JamesNK)🏷️ Housekeeping
@adamratzman)Full Changelog: v13.4.3...v13.4.4
Full commit: ccc566c5ab3285c9beb8f38ede34734bb477c029
13.4.3
What's New in Aspire 13.4.3
Patch release for Aspire 13.4 with a fix for persistent container endpoint allocation regressions introduced in 13.4.
🐛 Fixes
isProxied: falseorWithEndpointProxySupport(false). Proxyless container endpoints with only atargetPortspecified now also resolve immediately to that port instead of waiting for delayed allocation. (#17960,@danegsta)🏷️ Housekeeping
Full Changelog: microsoft/aspire@v13.4.2...v13.4.3
Full commit: 4f218933552e18ff2874d1b6d5dc3fe671e3b6d9
Commits viewable in compare view.
Updated Basic.Reference.Assemblies from 1.8.8 to 1.8.9.
Release notes
Sourced from Basic.Reference.Assemblies's releases.
1.8.9
Create release 1.8.9
Commits viewable in compare view.
Updated csharpier from 1.2.6 to 1.3.0.
Release notes
Sourced from csharpier's releases.
1.3.0
1.3.0
Breaking Changes
Change xml formatting to return error when it runs into syntax error so it is consistent with c# #1854
Previously CSharpier treated an invalid xml file as a warning instead of an error. This was inconsistent with how it treated c# files.
Invalid c# or xml files are not treated as errors.
The
--compilation-errors-as-warningsargument has been renamed to--syntax-errors-as-warningsand can be used to return warnings instead of errors when encountering invalid files.What's Changed
Feature: Configurable whitespace handling for xml #1790
CSharpier now supports two types of xml whitespace formatting strict or ignore.
By default all xml except
xamloraxamlis treated as strict whitespace. See detailsFeature: Move closing bracket for xml elements to the same line. #1598
With strict xml whitespace handling, csharpier now keeps the closing bracket for an element on the same line instead of breaking it to a new line.
Feature: Support for csharpier-ignore with XML formatter #1788
CSharpier now supports
csharpier-ignorein xml files. See detailsFeature: Add MSBuild transitive and multi-target support #1833
CSharpier.MSBuild can now work as a transitive dependency.
Feature: allow checking formatting with cache #1830
The
csharpier checkcommand now supports a--use-cacheoption.Feature: remove dependency on Microsoft.AspNetCore.App #1508
Previously CSharpier required that Microsoft.AspNetCore.App be installed. CSharpier has been modified to use an HttpListener when it is run using
serverto remove the need for this dependency.Fix: csharpier-ignore comment removes linespaces before block #1867
CSharpier was removing blank lines before csharpier-ignore comments in some cases