Skip to content

Bump the nuget-minor-patch group with 6 updates#9

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/nuget-minor-patch-df0c2b553d
Open

Bump the nuget-minor-patch group with 6 updates#9
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/nuget-minor-patch-df0c2b553d

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown

Updated AndreGoepel.Marten.Identity.Blazor from 1.0.0 to 1.1.0.

Release notes

Sourced from AndreGoepel.Marten.Identity.Blazor's releases.

1.1.0

First stable 1.1 release. Hardens the sign-in flow and the security posture of the library.

Security

  • Sign-in handoff moved into the request body (#​40): the single-use handle is POSTed same-origin instead of travelling in the URL — keeping it out of access logs, browser history and Referer, and preventing cross-site sign-in (login CSRF / session fixation). Sets Referrer-Policy: no-referrer.
  • Login fix (#​55): the handoff POST no longer trips the host's UseAntiforgery(). These middleware endpoints are guarded by a same-origin check plus the single-use handle; the deferred antiforgery validation is cleared before the form is read, so login works across host render modes (incl. global InteractiveServer + prerender).
  • Default-deny readiness + domain-layer invariants (#​41).
  • Unique active role names via a partial unique index.
  • First root user is created with LockoutEnabled = false; root user automatically receives the Administrator role, with a single-root safeguard.

Supply chain

  • SHA-pinned GitHub Actions, NuGet lockfiles with locked-mode CI restore, Testcontainers image pinned by digest, vulnerability scan in CI, Dependabot + auto lockfile sync.

Dependencies

  • Radzen.Blazor 11.x.

Upgrade from 1.0.x is recommended; older versions are deprecated.

1.1.0-preview3

What's Changed

Full Changelog: andregoepel/marten-identity@v1.1.0-preview2...v1.1.0-preview3

1.1.0-preview2

What's Changed

Full Changelog: andregoepel/marten-identity@v1.1.0-preview1...v1.1.0-preview2

1.1.0-preview1

What's Changed

New Contributors

Full Changelog: andregoepel/marten-identity@v1.0.2...v1.1.0-preview1

Commits viewable in compare view.

Updated Aspire.Hosting.Docker from 13.3.5 to 13.4.6.

Release notes

Sourced from Aspire.Hosting.Docker's releases.

13.4.6

What's New in Aspire 13.4.6

Patch release for Aspire 13.4 fixing polyglot AppHost code generation binding when CLI and SDK versions diverge, resource service port collision in --isolated mode, and a MongoDB.Driver dependency update.

🐛 Fixes

  • 🔗 Polyglot AppHost code generation silently failed when CLI and SDK versions divergedAspire.TypeSystem used a floating strong-name AssemblyVersion that changed with every build. When the installed Aspire CLI was built at a different version than the AppHost's SDK, the CLR couldn't satisfy the strong-name bind and every code generator (TypeScript, Python, Java, Go, Rust) was silently dropped, surfacing as No code generator found for language: <lang>. The AssemblyVersion is now frozen at a stable constant so any compatible CLI/SDK pair on 13.4 binds successfully. Relates to #​18110 and #​17910. (#​18160, @​sebastienros)

  • 🔌 Multiple AppHosts started with --isolated collided on the resource service port — Both instances tried to bind to the same fixed port from ASPIRE_RESOURCE_SERVICE_ENDPOINT_URL, causing an "address already in use" error on the second instance. DashboardServiceHost now binds to port 0 on loopback when RandomizePorts is true (set by --isolated), letting the OS assign a unique port per instance. (#​18341, @​JamesNK)

  • 🍃 MongoDB.Driver updated to 3.9.0 — Removes a wrongly pinned SharpCompress transitive dependency and uses the corrected Snappier transitive. Fixes #​17981. (#​18279, @​Falco20019)

🏷️ Housekeeping


Full Changelog: v13.4.5...v13.4.6

Full commit: 87fe259e4fc244c599019a7b1304c85a1488f248

Generated by Generate release notes for a new stable Aspire release · 131 AIC · ⌖ 13.5 AIC · ⊞ 37.4K

13.4.5

What's New in Aspire 13.4.5

Patch release for Aspire 13.4 clearing a transitive MessagePack security advisory, tightening CLI validation for Playwright configuration, and adding coding-agent detection to CLI telemetry.

🐛 Fixes

  • 🛡️ Bumped StreamJsonRpc to 2.25.29 to clear the MessagePack GHSA-hv8m-jj95-wg3x (CVE-2026-48109) NU1903 advisory — The transitive MessagePack 2.5.192 dependency pulled in via StreamJsonRpc 2.22.23 fell within the advisory's vulnerable LZ4 decompression range. Aspire does not use MessagePackFormatter or LZ4 — all StreamJsonRpc calls use SystemTextJsonFormatter over local Unix sockets — so the vulnerability was not reachable in practice. The bump clears the NU1903 warning for consumers of the Aspire.Hosting package. (#​18204, @​mitchdenny)
  • 🎭 playwrightCliVersion values that are not valid SemVer 2.0 now fail fast with a clear diagnostic — Previously an invalid override (range expression, dist-tag like latest, or a v-prefixed string) would surface as a generic npm resolution failure. The value is now validated with strict SemVer parsing at startup; an error naming the configuration key and the offending value is emitted immediately. (#​18205, @​mitchdenny)
  • 🤖 CLI telemetry now detects and reports the calling coding agent — When the Aspire CLI is invoked from inside a known coding agent environment (GitHub Copilot CLI, VS Code Copilot agent, etc.) the agent name is included in the main CLI telemetry event. GitHub Copilot CLI is specifically identified as copilot-cli. (#​18240, @​damianedwards)

🏷️ Housekeeping

  • 📄 Refreshed the @​microsoft/aspire-cli npm package README to be TypeScript-only — updated examples to the current ts-starter template (apphost.mts / aspire.mjs), added a backing-services snippet showing aspire add for PostgreSQL and Redis, and documented aspire dashboard run as a standalone dashboard option. (#​18221, @​adamint)

Full Changelog: v13.4.4...v13.4.5

Full commit: 73114e86c64aeb9f3f3c7da8e37df1ae4281b27e

Generated by Generate release notes for a new stable Aspire release · ● 4.4M

13.4.4

What's New in Aspire 13.4.4

Patch release for Aspire 13.4 with improved DCP connection reliability during request execution and consistent ExcludeFromMcp() filtering across all CLI MCP tools.

🐛 Fixes

  • 🔌 DCP requests could fail permanently when the connection dropped mid-request — If the underlying DCP channel closed while a request was in flight, the error was surfaced directly instead of being retried. Reconnection is now attempted as part of the DCP request retry path so transient disconnections recover automatically without surfacing errors. (#​18096, @​karolz-ms)
  • 🔍 Resources marked with ExcludeFromMcp() were not consistently filtered from CLI MCP tools — Resources with the resource.excludeFromMcp property were not excluded uniformly from all CLI MCP tool results. list_resources, list_console_logs, execute_resource_command, list_structured_logs, list_traces, and list_trace_structured_logs all now honor the exclusion, preventing excluded resources and their telemetry from appearing in agent context. (#​18150, @​JamesNK)

🏷️ Housekeeping

  • 📦 Improved npm CLI package metadata and hardened npm publish validation in the release pipeline. (#​18093, @​adamratzman)

Full Changelog: v13.4.3...v13.4.4

Full commit: ccc566c5ab3285c9beb8f38ede34734bb477c029

13.4.3

What's New in Aspire 13.4.3

Patch release for Aspire 13.4 with a fix for persistent container endpoint allocation regressions introduced in 13.4.

🐛 Fixes

  • 🔌 Persistent container endpoints had incorrect default behavior — Persistent containers were defaulting to proxyless endpoint behavior instead of the proxied behavior used by normal containers. This caused integrations that depend on endpoint allocation before resource startup (such as the KeyVault emulator) to fail. Persistent containers now default to proxied endpoints matching normal container behavior; opt out with isProxied: false or WithEndpointProxySupport(false). Proxyless container endpoints with only a targetPort specified now also resolve immediately to that port instead of waiting for delayed allocation. (#​17960, @​danegsta)

🏷️ Housekeeping

  • 🛠️ Unblocked WinGet manifest publishing on locked-down 1ES agents and updated manifest tags (#​17958)

Full Changelog: microsoft/aspire@v13.4.2...v13.4.3

Full commit: 4f218933552e18ff2874d1b6d5dc3fe671e3b6d9

Generated by Generate release notes for a new stable Aspire release · ● 4.7M

13.4.2

What's New in Aspire 13.4.2

Patch release for Aspire 13.4 with a fix for Redis persistent container deadlock on startup when using TLS.

🐛 Fixes

  • 🔴 Redis with WithLifetime(ContainerLifetime.Persistent) could deadlock on startup — Redis TLS startup arguments used the public/allocated host ports instead of the internal target ports. When the public port differed from the target port (or was not yet allocated) the container would listen on an unexpected port and become unreachable. The TLS and non-TLS startup arguments now bind to target ports, matching what Redis expects internally. Fixes #​17822. (#​17827, backported via #​17850, @​danegsta)

🏷️ Housekeeping

  • 🚀 Bumped branding to 13.4.2 (#​17876)

Full Changelog: microsoft/aspire@v13.4.1...v13.4.2

Full commit: d7d0b6759ce4b936c76bc4775814d27db560dd6d

Generated by Generate release notes for a new stable Aspire release · ● 5M

13.4.1

What's New in Aspire 13.4.1

Patch release for Aspire 13.4 with fixes for explicit-start resource lifecycle callbacks, Redis persistent container startup, proxyless endpoint allocation, and a duplicated profiles block in the empty C# AppHost template.

🐛 Fixes

  • ⏱️ Explicit-start resources triggered lifecycle callbacks too early — Session-scoped resources marked with WithExplicitStart() were having their execution configuration callbacks (environment variables, arguments, certificates) evaluated at AppHost startup instead of at manual start. This meant user-interaction callbacks such as WithEnvironment(ctx => PromptForValueAsync(...)) were called before the user triggered the resource. DCP registration is now deferred until the user manually starts the resource; persistent explicit-start resources still register immediately but patch the existing DCP record to Start = true rather than deleting and recreating it. Fixes #​17813. (#​17825, backported via #​17826, @​danegsta)
  • 🔴 Redis with WithLifetime(ContainerLifetime.Persistent) could deadlock on startup — Redis TLS startup arguments used the public/allocated host ports instead of the internal target ports. When the public port differed from the target port (or was not yet allocated) the container would listen on an unexpected port and become unreachable. The TLS and non-TLS startup arguments now bind to target ports, matching what Redis expects internally. Fixes #​17822. (#​17827, backported via #​17850, @​danegsta)
  • 🔌 Proxyless container endpoint could hang when resolved before container creation — Referencing a proxyless container endpoint in an environment variable callback (before the container port spec was finalized) could deadlock. An on-demand allocation path now commits the target port as the fallback host port in that case; once BuildContainerPorts runs, normal DCP dynamic port assignment takes over for any later resolution. (#​17851, backported via #​17859, @​danegsta)
  • 📄 Empty C# AppHost template emitted duplicate profiles blockaspire new aspire-empty on 13.4 produced an aspire.config.json with a profiles block that duplicated the content already present in apphost.run.json, causing redundant launch configuration. The embedded template now contains only the required appHost.path binding; profile configuration lives exclusively in apphost.run.json. Fixes #​17660. (#​17781, backported via #​17820, @​mitchdenny)

🏷️ Housekeeping

  • 📦 Added Aspire CLI npm package to the release pipeline so the npm distribution is published as part of stable releases. (#​17297, backported via #​17766, @​adamint)
  • 🚀 Bumped branding to 13.4.1 (#​17819)

Full Changelog: microsoft/aspire@v13.4.0...v13.4.1

Full commit: cf985fa817dd5863e7f62eb74fa1725ab5069ed2

Generated by Generate release notes for a new stable Aspire release · ● 1.0.40

Generated by Generate release notes for a new stable Aspire release · ● 3.9M

13.4.0

Aspire 13.4.0

Aspire 13.4 brings major improvements to Foundry hosted agents, the Aspire skills system, CLI reliability, and TypeScript AppHost stability — with cross-compute-environment deployment now working end-to-end and TypeScript AppHost support — Aspire's polyglot story — reaching general availability (GA).

Highlights

  • 🎉 TypeScript AppHost is now GA — First introduced as a preview in an earlier version of Aspire, the TypeScript AppHost — Aspire's polyglot story — has reached the quality bar for general availability and is now officially supported for production use alongside C#. As part of GA, the experimental markers on the Azure TypeScript AppHost (ATS) APIs have been removed and the ATS surface area is stable for 13.4.
  • 🤖 Foundry hosted agents — Protocol selection (responses / invocations) is now configurable from both C# and TypeScript AppHosts. Cross-compute-environment deployments (e.g., a Foundry hosted agent + an AKS consumer) now wire up correctly: endpoint resolution and the required Azure AI User RBAC role assignment on the Foundry account are generated automatically — no manual az role assignment create steps needed.
  • 🛠️ Aspire skills catalog from bundleaspire agent init now drives its installable skill catalog from the bundle manifest, surfacing all six bundled skills (previously only three were visible). An embedded snapshot means the full catalog is available even in airgapped / disconnected environments.
  • 🔧 CLI reliability — Multiple CLI fixes: implicit-channel discovery restored, aspire stop no longer falsely reports failure on Unix, aspire ps no longer includes raw resource data (use aspire describe for detailed state), aspire new prefers the current CLI template version, friendly error for aspire do --list-steps without a step argument, and improved --search option description with documentation link.
  • ⌨️ TypeScript AppHost — Fixed a deadlock that occurred when lazy options callbacks invoked async methods; dev-localhost resource service URLs are now accepted for local development without extra configuration.
  • 📊 Dashboard — Summary log formatting improved for readability, dotnet watch dashboard auto-launch signal restored, and dynamic-port handling fixed for DistributedApplicationTestingBuilder.
  • ☸️ Kubernetes — The Helm CLI minimum version (≥ 4.2.0) is now validated before a Kubernetes deploy, giving a clear error instead of a cryptic failure.
  • ⚠️ Aspire.Hosting.Blazor ships as preview in 13.4 — A packaging issue with the Blazor gateway scripts means the package is intentionally marked preview for this release. Full stable support is targeted for 13.5.

⚠️ Notable changes

  • aspire ps no longer includes raw resource data in its output. Use aspire describe <resource> to inspect detailed resource state.
  • Foundry hosted agent builder API shape updated — see #​17545 and #​17669 for the updated C# and TypeScript signatures.
  • Aspire.Hosting.Blazor is preview-versioned in 13.4 (SuppressFinalPackageVersion=true). A fix for the addBlazorGateway gateway script resolution error in TypeScript AppHosts is tracked in #​17685.

📖 Learn more

For the full details on everything in this release, check out the What's new in Aspire 13.4 documentation.

Thank you to all the community contributors who helped make Aspire 13.4 possible! 💜


Full Changelog: microsoft/aspire@v13.3.5...v13.4.0

Full commit: becb48e2d61099e35ae336d527d3875e928d6594

Generated by Generate release notes for a new stable Aspire release · ● 6.5M

Commits viewable in compare view.

Updated Aspire.Hosting.PostgreSQL from 13.3.5 to 13.4.6.

Release notes

Sourced from Aspire.Hosting.PostgreSQL's releases.

13.4.6

What's New in Aspire 13.4.6

Patch release for Aspire 13.4 fixing polyglot AppHost code generation binding when CLI and SDK versions diverge, resource service port collision in --isolated mode, and a MongoDB.Driver dependency update.

🐛 Fixes

  • 🔗 Polyglot AppHost code generation silently failed when CLI and SDK versions divergedAspire.TypeSystem used a floating strong-name AssemblyVersion that changed with every build. When the installed Aspire CLI was built at a different version than the AppHost's SDK, the CLR couldn't satisfy the strong-name bind and every code generator (TypeScript, Python, Java, Go, Rust) was silently dropped, surfacing as No code generator found for language: <lang>. The AssemblyVersion is now frozen at a stable constant so any compatible CLI/SDK pair on 13.4 binds successfully. Relates to #​18110 and #​17910. (#​18160, @​sebastienros)

  • 🔌 Multiple AppHosts started with --isolated collided on the resource service port — Both instances tried to bind to the same fixed port from ASPIRE_RESOURCE_SERVICE_ENDPOINT_URL, causing an "address already in use" error on the second instance. DashboardServiceHost now binds to port 0 on loopback when RandomizePorts is true (set by --isolated), letting the OS assign a unique port per instance. (#​18341, @​JamesNK)

  • 🍃 MongoDB.Driver updated to 3.9.0 — Removes a wrongly pinned SharpCompress transitive dependency and uses the corrected Snappier transitive. Fixes #​17981. (#​18279, @​Falco20019)

🏷️ Housekeeping


Full Changelog: v13.4.5...v13.4.6

Full commit: 87fe259e4fc244c599019a7b1304c85a1488f248

Generated by Generate release notes for a new stable Aspire release · 131 AIC · ⌖ 13.5 AIC · ⊞ 37.4K

13.4.5

What's New in Aspire 13.4.5

Patch release for Aspire 13.4 clearing a transitive MessagePack security advisory, tightening CLI validation for Playwright configuration, and adding coding-agent detection to CLI telemetry.

🐛 Fixes

  • 🛡️ Bumped StreamJsonRpc to 2.25.29 to clear the MessagePack GHSA-hv8m-jj95-wg3x (CVE-2026-48109) NU1903 advisory — The transitive MessagePack 2.5.192 dependency pulled in via StreamJsonRpc 2.22.23 fell within the advisory's vulnerable LZ4 decompression range. Aspire does not use MessagePackFormatter or LZ4 — all StreamJsonRpc calls use SystemTextJsonFormatter over local Unix sockets — so the vulnerability was not reachable in practice. The bump clears the NU1903 warning for consumers of the Aspire.Hosting package. (#​18204, @​mitchdenny)
  • 🎭 playwrightCliVersion values that are not valid SemVer 2.0 now fail fast with a clear diagnostic — Previously an invalid override (range expression, dist-tag like latest, or a v-prefixed string) would surface as a generic npm resolution failure. The value is now validated with strict SemVer parsing at startup; an error naming the configuration key and the offending value is emitted immediately. (#​18205, @​mitchdenny)
  • 🤖 CLI telemetry now detects and reports the calling coding agent — When the Aspire CLI is invoked from inside a known coding agent environment (GitHub Copilot CLI, VS Code Copilot agent, etc.) the agent name is included in the main CLI telemetry event. GitHub Copilot CLI is specifically identified as copilot-cli. (#​18240, @​damianedwards)

🏷️ Housekeeping

  • 📄 Refreshed the @​microsoft/aspire-cli npm package README to be TypeScript-only — updated examples to the current ts-starter template (apphost.mts / aspire.mjs), added a backing-services snippet showing aspire add for PostgreSQL and Redis, and documented aspire dashboard run as a standalone dashboard option. (#​18221, @​adamint)

Full Changelog: v13.4.4...v13.4.5

Full commit: 73114e86c64aeb9f3f3c7da8e37df1ae4281b27e

Generated by Generate release notes for a new stable Aspire release · ● 4.4M

13.4.4

What's New in Aspire 13.4.4

Patch release for Aspire 13.4 with improved DCP connection reliability during request execution and consistent ExcludeFromMcp() filtering across all CLI MCP tools.

🐛 Fixes

  • 🔌 DCP requests could fail permanently when the connection dropped mid-request — If the underlying DCP channel closed while a request was in flight, the error was surfaced directly instead of being retried. Reconnection is now attempted as part of the DCP request retry path so transient disconnections recover automatically without surfacing errors. (#​18096, @​karolz-ms)
  • 🔍 Resources marked with ExcludeFromMcp() were not consistently filtered from CLI MCP tools — Resources with the resource.excludeFromMcp property were not excluded uniformly from all CLI MCP tool results. list_resources, list_console_logs, execute_resource_command, list_structured_logs, list_traces, and list_trace_structured_logs all now honor the exclusion, preventing excluded resources and their telemetry from appearing in agent context. (#​18150, @​JamesNK)

🏷️ Housekeeping

  • 📦 Improved npm CLI package metadata and hardened npm publish validation in the release pipeline. (#​18093, @​adamratzman)

Full Changelog: v13.4.3...v13.4.4

Full commit: ccc566c5ab3285c9beb8f38ede34734bb477c029

13.4.3

What's New in Aspire 13.4.3

Patch release for Aspire 13.4 with a fix for persistent container endpoint allocation regressions introduced in 13.4.

🐛 Fixes

  • 🔌 Persistent container endpoints had incorrect default behavior — Persistent containers were defaulting to proxyless endpoint behavior instead of the proxied behavior used by normal containers. This caused integrations that depend on endpoint allocation before resource startup (such as the KeyVault emulator) to fail. Persistent containers now default to proxied endpoints matching normal container behavior; opt out with isProxied: false or WithEndpointProxySupport(false). Proxyless container endpoints with only a targetPort specified now also resolve immediately to that port instead of waiting for delayed allocation. (#​17960, @​danegsta)

🏷️ Housekeeping

  • 🛠️ Unblocked WinGet manifest publishing on locked-down 1ES agents and updated manifest tags (#​17958)

Full Changelog: microsoft/aspire@v13.4.2...v13.4.3

Full commit: 4f218933552e18ff2874d1b6d5dc3fe671e3b6d9

Generated by Generate release notes for a new stable Aspire release · ● 4.7M

13.4.2

What's New in Aspire 13.4.2

Patch release for Aspire 13.4 with a fix for Redis persistent container deadlock on startup when using TLS.

🐛 Fixes

  • 🔴 Redis with WithLifetime(ContainerLifetime.Persistent) could deadlock on startup — Redis TLS startup arguments used the public/allocated host ports instead of the internal target ports. When the public port differed from the target port (or was not yet allocated) the container would listen on an unexpected port and become unreachable. The TLS and non-TLS startup arguments now bind to target ports, matching what Redis expects internally. Fixes #​17822. (#​17827, backported via #​17850, @​danegsta)

🏷️ Housekeeping

  • 🚀 Bumped branding to 13.4.2 (#​17876)

Full Changelog: microsoft/aspire@v13.4.1...v13.4.2

Full commit: d7d0b6759ce4b936c76bc4775814d27db560dd6d

Generated by Generate release notes for a new stable Aspire release · ● 5M

13.4.1

What's New in Aspire 13.4.1

Patch release for Aspire 13.4 with fixes for explicit-start resource lifecycle callbacks, Redis persistent container startup, proxyless endpoint allocation, and a duplicated profiles block in the empty C# AppHost template.

🐛 Fixes

  • ⏱️ Explicit-start resources triggered lifecycle callbacks too early — Session-scoped resources marked with WithExplicitStart() were having their execution configuration callbacks (environment variables, arguments, certificates) evaluated at AppHost startup instead of at manual start. This meant user-interaction callbacks such as WithEnvironment(ctx => PromptForValueAsync(...)) were called before the user triggered the resource. DCP registration is now deferred until the user manually starts the resource; persistent explicit-start resources still register immediately but patch the existing DCP record to Start = true rather than deleting and recreating it. Fixes #​17813. (#​17825, backported via #​17826, @​danegsta)
  • 🔴 Redis with WithLifetime(ContainerLifetime.Persistent) could deadlock on startup — Redis TLS startup arguments used the public/allocated host ports instead of the internal target ports. When the public port differed from the target port (or was not yet allocated) the container would listen on an unexpected port and become unreachable. The TLS and non-TLS startup arguments now bind to target ports, matching what Redis expects internally. Fixes #​17822. (#​17827, backported via #​17850, @​danegsta)
  • 🔌 Proxyless container endpoint could hang when resolved before container creation — Referencing a proxyless container endpoint in an environment variable callback (before the container port spec was finalized) could deadlock. An on-demand allocation path now commits the target port as the fallback host port in that case; once BuildContainerPorts runs, normal DCP dynamic port assignment takes over for any later resolution. (#​17851, backported via #​17859, @​danegsta)
  • 📄 Empty C# AppHost template emitted duplicate profiles blockaspire new aspire-empty on 13.4 produced an aspire.config.json with a profiles block that duplicated the content already present in apphost.run.json, causing redundant launch configuration. The embedded template now contains only the required appHost.path binding; profile configuration lives exclusively in apphost.run.json. Fixes #​17660. (#​17781, backported via #​17820, @​mitchdenny)

🏷️ Housekeeping

  • 📦 Added Aspire CLI npm package to the release pipeline so the npm distribution is published as part of stable releases. (#​17297, backported via #​17766, @​adamint)
  • 🚀 Bumped branding to 13.4.1 (#​17819)

Full Changelog: microsoft/aspire@v13.4.0...v13.4.1

Full commit: cf985fa817dd5863e7f62eb74fa1725ab5069ed2

Generated by Generate release notes for a new stable Aspire release · ● 1.0.40

Generated by Generate release notes for a new stable Aspire release · ● 3.9M

13.4.0

Aspire 13.4.0

Aspire 13.4 brings major improvements to Foundry hosted agents, the Aspire skills system, CLI reliability, and TypeScript AppHost stability — with cross-compute-environment deployment now working end-to-end and TypeScript AppHost support — Aspire's polyglot story — reaching general availability (GA).

Highlights

  • 🎉 TypeScript AppHost is now GA — First introduced as a preview in an earlier version of Aspire, the TypeScript AppHost — Aspire's polyglot story — has reached the quality bar for general availability and is now officially supported for production use alongside C#. As part of GA, the experimental markers on the Azure TypeScript AppHost (ATS) APIs have been removed and the ATS surface area is stable for 13.4.
  • 🤖 Foundry hosted agents — Protocol selection (responses / invocations) is now configurable from both C# and TypeScript AppHosts. Cross-compute-environment deployments (e.g., a Foundry hosted agent + an AKS consumer) now wire up correctly: endpoint resolution and the required Azure AI User RBAC role assignment on the Foundry account are generated automatically — no manual az role assignment create steps needed.
  • 🛠️ Aspire skills catalog from bundleaspire agent init now drives its installable skill catalog from the bundle manifest, surfacing all six bundled skills (previously only three were visible). An embedded snapshot means the full catalog is available even in airgapped / disconnected environments.
  • 🔧 CLI reliability — Multiple CLI fixes: implicit-channel discovery restored, aspire stop no longer falsely reports failure on Unix, aspire ps no longer includes raw resource data (use aspire describe for detailed state), aspire new prefers the current CLI template version, friendly error for aspire do --list-steps without a step argument, and improved --search option description with documentation link.
  • ⌨️ TypeScript AppHost — Fixed a deadlock that occurred when lazy options callbacks invoked async methods; dev-localhost resource service URLs are now accepted for local development without extra configuration.
  • 📊 Dashboard — Summary log formatting improved for readability, dotnet watch dashboard auto-launch signal restored, and dynamic-port handling fixed for DistributedApplicationTestingBuilder.
  • ☸️ Kubernetes — The Helm CLI minimum version (≥ 4.2.0) is now validated before a Kubernetes deploy, giving a clear error instead of a cryptic failure.
  • ⚠️ Aspire.Hosting.Blazor ships as preview in 13.4 — A packaging issue with the Blazor gateway scripts means the package is intentionally marked preview for this release. Full stable support is targeted for 13.5.

⚠️ Notable changes

  • aspire ps no longer includes raw resource data in its output. Use aspire describe <resource> to inspect detailed resource state.
  • Foundry hosted agent builder API shape updated — see #​17545 and #​17669 for the updated C# and TypeScript signatures.
  • Aspire.Hosting.Blazor is preview-versioned in 13.4 (SuppressFinalPackageVersion=true). A fix for the addBlazorGateway gateway script resolution error in TypeScript AppHosts is tracked in #​17685.

📖 Learn more

For the full details on everything in this release, check out the What's new in Aspire 13.4 documentation.

Thank you to all the community contributors who helped make Aspire 13.4 possible! 💜


Full Changelog: microsoft/aspire@v13.3.5...v13.4.0

Full commit: becb48e2d61099e35ae336d527d3875e928d6594

Generated by Generate release notes for a new stable Aspire release · ● 6.5M

Commits viewable in compare view.

Updated Marten from 9.0.2 to 9.10.0.

Release notes

Sourced from Marten's releases.

9.10.0

The new option might help the async daemon perform better in the face of concurrency exceptions on event appending with the QuickAppend option. It's opt in to avoid folks needing to do schema migrations

What's Changed

New Contributors

Full Changelog: JasperFx/marten@V9.9.1...V9.10.0

9.9.1

This will be a valuable upgrade for anyone who experiences a high degree of optimistic concurrency failures while using QuickAppend options, which is the default behavior in V9. This will help stop gaps in the event sequence, which in turn will make the Async Daemon healthier.

Also though, see Wolverine for help in preventing concurrent access in the first place

What's Changed

Full Changelog: JasperFx/marten@V9.9.0...V9.9.1

9.9.0

What's Changed

Full Changelog: JasperFx/marten@V9.8.2...V9.9.0

9.8.2

Couple bug reports related to the Daemon, one performance related for folks using the archived partitioning on the event store

What's Changed

Full Changelog: JasperFx/marten@V9.8.1...V9.8.2

9.8.1

This might impact folks migrating from Marten 8 to Marten 9. Strictly an issue with database migrations

What's Changed

Full Changelog: JasperFx/marten@V9.8.0...V9.8.1

9.8.0

This was pretty well 100% about CritterWatch. The new APIs are all to support CritterWatch

What's Changed

Full Changelog: JasperFx/marten@V9.7.5...V9.8.0

9.7.5

What's Changed

Full Changelog: JasperFx/marten@V9.7.4...V9.7.5

9.7.4

What's Changed

Full Changelog: JasperFx/marten@V9.7.3...V9.7.4

9.7.3

Small release. Couple fixes for daemon resiliency and CritterWatch administration actions

What's Changed

Full Changelog: JasperFx/marten@V9.7.2...V9.7.3

9.7.2

What's Changed

Full Changelog: JasperFx/marten@V9.7.1...V9.7.2

9.7.1

What's Changed

Full Changelog: JasperFx/marten@V9.7.0...V9.7.1

9.7.0

There's a few bug fixes, and the new functionality is really for CritterWatch.

What's Changed

Full Changelog: JasperFx/marten@V9.6.0...V9.7.0

9.6.0

There's a couple tenant aware APIs that are new, so this had to be a minor point bump. The majority of the work in this release was stress testing projection rebuilds and ensuring there was never any concurrent access of un-thread safe dictionaries inside of the async daemon that happened as a side effect of 9.0 changes.

What's Changed

Full Changelog: JasperFx/marten@V9.5.3...V9.6.0

9.5.3

This is a little optimization to the new 9.* code that eliminated the runtime codegen, and a fix for the daemon being a little vulnerable to concurrency in its internals -- which is also an optimization here.

What's Changed

Full Changelog: JasperFx/marten@9.5.2...V9.5.3

9.5.2

Bug fixes

  • #​4619 (#​4632) — mt_archive_stream emits explicit column lists in its INSERT…SELECT, surviving ALTER TABLE ADD COLUMN migrations that reorder the physical column layout (previously failed with 42804 after a column was added to mt_events).
  • #​4625 (#​4633) — BulkInsertEventsAsync writes mt_streams.type from the StreamAction's AggregateType, restoring UseMandatoryStreamTypeDeclaration support on the bulk path.
  • #​4641 (#​4646) — AddMartenManagedTenantsAsync no longer leaves a half-installed schema under AutoCreate.None. The admin call eagerly applies the events feature via a per-feature CreateMigrationAsync + scoped CreateOrUpdate apply, so the next append succeeds end-to-end on a virgin schema (previously failed with 42P01 / 42883).
  • #​4645 (#​4647) — DCB non-HStore tag query JOIN now includes e.tenant_id = t.tenant_id, eliminating own-event duplication under per-tenant sequences with UseTenantPartitionedEvents.

Test coverage

  • #​4617 closed — full TenantPartitionedEventsTests project (~170 tests across 50 files) covering append / read / projections / admin / DCB / async daemon / regressions under UseTenantPartitionedEvents.
  • Three projection coverage gaps closed: #​4650 (FlatTableProjection), #​4651 (DetermineActionAsync), #​4652 (doc-tables-NOT-partitioned-by-default invariant).
  • #​4649 investigated and pinned as documented intentional asymmetry — AutoCreate.CreateOnly continues to work via the lazy schema-apply path, by design (no SUT change needed).

Known follow-up — NOT in this release

  • #​4648AddGlobalProjection × UseTenantPartitionedEvents fails MT002 because the global event decorator writes to the *DEFAULT* tenant slot, which can't be a Postgres partition suffix. Test pin is in master asserting the throw; the underlying fix requires either routing global-aggregate events through a sibling non-partitioned table or reserving a default-tenant partition suffix. Marked as an enhancement, deferred to a later release.

🤖 Release notes assembled with Claude Code

9.5.1

What's Changed

Full Changelog: JasperFx/marten@V9.5.0...V9.5.1

9.5.0

The minor point bump here is because of some CritterWatch related features, otherwise this is all bug fixes

What's Changed

New Contributors

Full Changelog: JasperFx/marten@V9.4.0...V9.5.0

9.4.0

Marten 9.4.0

Per-tenant event partitioning and a tenant-aware async projection daemon (#​4596 / CritterWatch#​209). Built on JasperFx 2.5.0.

Highlights

  • Per-tenant event partitioning — opt in with opts.Events.UseTenantPartitionedEvents = true. On top of conjoined event tenancy, Marten partitions mt_events / mt_streams by tenant_id (native PostgreSQL LIST partitioning), gives each tenant its own event sequence (mt_events_sequence_{suffix}), and keys mt_event_progression by (name, tenant_id). Removes the single shared event store as a scalability bottleneck across tenants.
  • Tenant-aware async daemon — vectorized per-tenant high-water detection (one query per database reports the high-water position for every active tenant), per-tenant projection rebuild isolation, and cross-tenant rebuild fan-out.
  • Composite single-pass rebuild executor — read-once / fan-out rebuild for composite projections, with progression keyed on the composite's single {Name}:All shard.

Constraints for per-tenant partitioning

Validated at DocumentStore construction:

  • Requires Events.TenancyStyle = TenancyStyle.Conjoined.
  • Requires a quick append mode (EventAppendMode.Quick / QuickWithServerTimestamps); EventAppendMode.Rich is out of scope.
  • Cannot currently be combined with Events.UseArchivedStreamPartitioning (sub-partitioning by both tenant_id and is_archived is a planned follow-up).

The flag defaults to false; existing stores keep the global append path byte-for-byte.

Dependencies

  • Consumes the released JasperFx 2.5.0 packages (per-tenant partitioning surface, tenant-aware daemon abstractions, composite rebuild executor, and the SubscriptionAgent optimized-rebuild double-load fix).

Documentation

9.3.5

What's Changed

Full Changelog: JasperFx/marten@V9.3.4...V9.3.5

9.3.4

What's Changed

New Contributors

Full Changelog: JasperFx/marten@V9.3.3...V9.3.4

9.3.3

What's Changed

Full Changelog: JasperFx/marten@V9.3.2...V9.3.3

9.3.2

What's Changed

Full Changelog: JasperFx/marten@V9.3.1...V9.3.2

9.3.1

Marten 9.3.1

Fix release — bumps all four JasperFx.* dependencies to 2.2.1.

Package From To
JasperFx 2.2.0 2.2.1
JasperFx.Events 2.2.0 2.2.1
JasperFx.Events.SourceGenerator 2.2.0 2.2.1
JasperFx.SourceGenerator 2.2.0 2.2.1

No Marten-side code changes — straight dependency bump (#​4585).

Full Changelog: JasperFx/marten@V9.3.0...V9.3.1

9.3.0

Marten 9.3.0

The big-ticket items in this release are binary event serialization (#​4515) and the PostGIS + pgvector companion packages lifted into the Marten repo from CritterWatch.

Major

  • Binary event serialization for the event store (#​4515 — landed across #​4578, #​4581, #​4583, #​4584). Opt individual event types into a binary wire format (MemoryPack out of the box, or any IEventBinarySerializer you bring) on a per-event-type basis. JSON-serialized and binary-serialized events coexist in the same mt_events table so the feature can be turned on in an existing system with no migration of existing data. Works on every EventAppendMode (Rich + Quick + QuickWithServerTimestamps) and through BulkEventAppender. New optional NuGet: Marten.MemoryPack. See the binary-serialization docs for the design, registration, and the versioned-event-types schema-evolution recommendation.

  • PostGIS + pgvector companion packages (#​4576). Two new optional NuGets imported from CritterWatch:

    • Marten.PostGISUsePostGIS() opt-in that enables the postgis extension on every database Marten manages (multi-tenant aware), wires NetTopologySuite + GeoJSON serialization, and exposes four spatial query helpers (NearestToAsync, WithinDistanceAsync, ContainingAsync, IntersectingAsync). See the PostGIS docs.
    • Marten.PgVectorUsePgVector() opt-in that enables the vector extension on every database (also addresses #​2515 — extensions in tenant databases). VectorSearchAsync for similarity search plus an embedding-aware VectorProjection base class. See the pgvector docs.

Fixes

  • #​4575: CreatedAt.MapTo() regression in v9 (#​4577). The closed-shape storage rewrite ported every other metadata-column read-back but missed mt_created_at; this restores the v8 behavior where a [CreatedAt]-annotated / m.CreatedAt.MapTo(...)-mapped member is populated after a load.

Build / Release

  • Pack target updated (#​4582). Marten.PostGIS, Marten.PgVector, and Marten.MemoryPack are now included in the Nuke Pack target — without this they would silently never reach NuGet. 9 packages ship in 9.3.0 (up from 6): Marten, Marten.Newtonsoft, Marten.NodaTime, Marten.AspNetCore, Marten.EntityFrameworkCore, Marten.SourceGenerator, Marten.PostGIS, Marten.PgVector, Marten.MemoryPack.

  • Weasel 9.0.2 dependency bump (JasperFx/weasel#​299). Fixes PostgresqlMigrator.executeWithConcurrencyRetryAsync to reopen a Closed/Broken connection between retry attempts — eliminates the intermittent Connection is not open failure surfaced under concurrent migration races.

Documentation updates

Pages added or updated in 9.3.0:

Local docker

The local docker-compose.yml (from #​4576) layers postgresql-17-postgis-3 + postgresql-17-pgvector on the official multi-arch postgres:17 image so the Marten test suite can exercise the new extensions locally. PLv8 was dropped — Marten core SQL no longer requires it.

Full Changelog: JasperFx/marten@V9.2.1...V9.3.0

9.2.1

What's Changed

Description has been truncated

Dependabot will resolve any conflicts wi...

Description has been truncated

Bumps AndreGoepel.Marten.Identity.Blazor from 1.0.0 to 1.1.0
Bumps Aspire.Hosting.Docker from 13.3.5 to 13.4.6
Bumps Aspire.Hosting.PostgreSQL from 13.3.5 to 13.4.6
Bumps Marten to 9.10.0, 9.12.0
Bumps Microsoft.NET.Test.Sdk from 18.5.1 to 18.7.0
Bumps Radzen.Blazor from 10.4.4 to 11.0.4

---
updated-dependencies:
- dependency-name: AndreGoepel.Marten.Identity.Blazor
  dependency-version: 1.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget-minor-patch
- dependency-name: Marten
  dependency-version: 9.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget-minor-patch
- dependency-name: Radzen.Blazor
  dependency-version: 11.0.4
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: nuget-minor-patch
- dependency-name: Aspire.Hosting.Docker
  dependency-version: 13.4.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget-minor-patch
- dependency-name: Aspire.Hosting.PostgreSQL
  dependency-version: 13.4.6
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget-minor-patch
- dependency-name: Marten
  dependency-version: 9.12.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget-minor-patch
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-version: 18.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code labels Jul 2, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants