Skip to content

(deps): Bump Scriban from 7.0.5 to 7.0.6#4903

Merged
mergify[bot] merged 1 commit into
mainfrom
dependabot/nuget/new-cli/Scriban-7.0.6
Apr 7, 2026
Merged

(deps): Bump Scriban from 7.0.5 to 7.0.6#4903
mergify[bot] merged 1 commit into
mainfrom
dependabot/nuget/new-cli/Scriban-7.0.6

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Mar 29, 2026

Copy link
Copy Markdown
Contributor

Pinned Scriban at 7.0.6.

Release notes

Sourced from Scriban's releases.

7.0.6

Changes

🐛 Bug Fixes

  • Fix runtime polyfills (#​665) (37f226ac)

🧰 Misc

  • Document TemplateContext runtime controls (32ce64cd)
  • Use GitHub alerts in documentation (5946a931)
  • Remove H1 headings from site docs (73895d33)

Full Changelog: 7.0.5...7.0.6

Published with dotnet-releaser

Commits viewable in compare view.

@dependabot dependabot Bot added this to the 6.x milestone Mar 29, 2026
@dependabot dependabot Bot added the dependencies Pull requests that update a dependency file label Mar 29, 2026
@dependabot dependabot Bot force-pushed the dependabot/nuget/new-cli/Scriban-7.0.6 branch from aa0b970 to b5c71da Compare April 7, 2026 12:49
---
updated-dependencies:
- dependency-name: Scriban
  dependency-version: 7.0.6
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@arturcic arturcic force-pushed the dependabot/nuget/new-cli/Scriban-7.0.6 branch from b5c71da to 4b7b6a9 Compare April 7, 2026 12:54
@sonarqubecloud

sonarqubecloud Bot commented Apr 7, 2026

Copy link
Copy Markdown

@arturcic

arturcic commented Apr 7, 2026

Copy link
Copy Markdown
Member

@Mergifyio queue

@mergify mergify Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automatic approval for Dependabot update.

@mergify mergify Bot added the queued label Apr 7, 2026
@mergify

mergify Bot commented Apr 7, 2026

Copy link
Copy Markdown
Contributor

Merge Queue Status

  • Entered queue2026-04-07 13:28 UTC · Rule: default
  • Checks skipped · PR is already up-to-date
  • Merged2026-04-07 13:29 UTC · at 4b7b6a9621f661ad5b6b266470c31a72e4b6cf18

This pull request spent 15 seconds in the queue, including 2 seconds running CI.

Required conditions to merge
  • #approved-reviews-by >= 1 [🛡 GitHub repository ruleset rule main branch rule]
  • #changes-requested-reviews-by = 0 [🛡 GitHub repository ruleset rule main branch rule]
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = DotNet Format
    • check-neutral = DotNet Format
    • check-skipped = DotNet Format
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = Release
    • check-neutral = Release
    • check-skipped = Release
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = Build & Test (new-cli)
    • check-neutral = Build & Test (new-cli)
    • check-skipped = Build & Test (new-cli)
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = Build & Package / macos-26
    • check-neutral = Build & Package / macos-26
    • check-skipped = Build & Package / macos-26
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = Build & Package / ubuntu-24.04
    • check-neutral = Build & Package / ubuntu-24.04
    • check-skipped = Build & Package / ubuntu-24.04
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = Build & Package / windows-2025-vs2026
    • check-neutral = Build & Package / windows-2025-vs2026
    • check-skipped = Build & Package / windows-2025-vs2026
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = Test / macos-26 - net10.0
    • check-neutral = Test / macos-26 - net10.0
    • check-skipped = Test / macos-26 - net10.0
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = Test / macos-26 - net8.0
    • check-neutral = Test / macos-26 - net8.0
    • check-skipped = Test / macos-26 - net8.0
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = Test / macos-26 - net9.0
    • check-neutral = Test / macos-26 - net9.0
    • check-skipped = Test / macos-26 - net9.0
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = Test / ubuntu-24.04 - net10.0
    • check-neutral = Test / ubuntu-24.04 - net10.0
    • check-skipped = Test / ubuntu-24.04 - net10.0
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = Test / ubuntu-24.04 - net8.0
    • check-neutral = Test / ubuntu-24.04 - net8.0
    • check-skipped = Test / ubuntu-24.04 - net8.0
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = Test / ubuntu-24.04 - net9.0
    • check-neutral = Test / ubuntu-24.04 - net9.0
    • check-skipped = Test / ubuntu-24.04 - net9.0
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = Test / windows-2025-vs2026 - net10.0
    • check-neutral = Test / windows-2025-vs2026 - net10.0
    • check-skipped = Test / windows-2025-vs2026 - net10.0
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = Test / windows-2025-vs2026 - net8.0
    • check-neutral = Test / windows-2025-vs2026 - net8.0
    • check-skipped = Test / windows-2025-vs2026 - net8.0
  • any of [🛡 GitHub repository ruleset rule main branch rule]:
    • check-success = Test / windows-2025-vs2026 - net9.0
    • check-neutral = Test / windows-2025-vs2026 - net9.0
    • check-skipped = Test / windows-2025-vs2026 - net9.0

@mergify mergify Bot merged commit c38c769 into main Apr 7, 2026
123 checks passed
@mergify mergify Bot deleted the dependabot/nuget/new-cli/Scriban-7.0.6 branch April 7, 2026 13:29
@mergify

mergify Bot commented Apr 7, 2026

Copy link
Copy Markdown
Contributor

Merge Queue Status

  • 🟠 Waiting for queue conditions
  • ⏳ Enter queue
  • ⏳ Run checks
  • ⏳ Merge
Required conditions to enter a queue
  • -closed [📌 queue requirement]
  • -conflict [📌 queue requirement]
  • -draft [📌 queue requirement]
  • any of [📌 queue -> configuration change requirements]:
    • -mergify-configuration-changed
    • check-success = Configuration changed
  • any of [📌 queue requirement]:
    • check-neutral = Mergify Merge Protections
    • check-skipped = Mergify Merge Protections
    • check-success = Mergify Merge Protections
  • any of [🔀 queue conditions]:
    • all of [📌 queue conditions of queue rule default]:
      • #approved-reviews-by >= 1 [🛡 GitHub repository ruleset rule main branch rule]
      • #changes-requested-reviews-by = 0 [🛡 GitHub repository ruleset rule main branch rule]
      • check-success=Build & Test (new-cli)
      • check-success=DotNet Format
      • check-success=Release
      • any of [🛡 GitHub repository ruleset rule main branch rule]:
        • check-success = DotNet Format
        • check-neutral = DotNet Format
        • check-skipped = DotNet Format
      • any of [🛡 GitHub repository ruleset rule main branch rule]:
        • check-success = Release
        • check-neutral = Release
        • check-skipped = Release
      • any of [🛡 GitHub repository ruleset rule main branch rule]:
        • check-success = Build & Test (new-cli)
        • check-neutral = Build & Test (new-cli)
        • check-skipped = Build & Test (new-cli)
      • any of [🛡 GitHub repository ruleset rule main branch rule]:
        • check-success = Build & Package / macos-26
        • check-neutral = Build & Package / macos-26
        • check-skipped = Build & Package / macos-26
      • any of [🛡 GitHub repository ruleset rule main branch rule]:
        • check-success = Build & Package / ubuntu-24.04
        • check-neutral = Build & Package / ubuntu-24.04
        • check-skipped = Build & Package / ubuntu-24.04
      • any of [🛡 GitHub repository ruleset rule main branch rule]:
        • check-success = Build & Package / windows-2025-vs2026
        • check-neutral = Build & Package / windows-2025-vs2026
        • check-skipped = Build & Package / windows-2025-vs2026
      • any of [🛡 GitHub repository ruleset rule main branch rule]:
        • check-success = Test / macos-26 - net10.0
        • check-neutral = Test / macos-26 - net10.0
        • check-skipped = Test / macos-26 - net10.0
      • any of [🛡 GitHub repository ruleset rule main branch rule]:
        • check-success = Test / macos-26 - net8.0
        • check-neutral = Test / macos-26 - net8.0
        • check-skipped = Test / macos-26 - net8.0
      • any of [🛡 GitHub repository ruleset rule main branch rule]:
        • check-success = Test / macos-26 - net9.0
        • check-neutral = Test / macos-26 - net9.0
        • check-skipped = Test / macos-26 - net9.0
      • any of [🛡 GitHub repository ruleset rule main branch rule]:
        • check-success = Test / ubuntu-24.04 - net10.0
        • check-neutral = Test / ubuntu-24.04 - net10.0
        • check-skipped = Test / ubuntu-24.04 - net10.0
      • any of [🛡 GitHub repository ruleset rule main branch rule]:
        • check-success = Test / ubuntu-24.04 - net8.0
        • check-neutral = Test / ubuntu-24.04 - net8.0
        • check-skipped = Test / ubuntu-24.04 - net8.0
      • any of [🛡 GitHub repository ruleset rule main branch rule]:
        • check-success = Test / ubuntu-24.04 - net9.0
        • check-neutral = Test / ubuntu-24.04 - net9.0
        • check-skipped = Test / ubuntu-24.04 - net9.0
      • any of [🛡 GitHub repository ruleset rule main branch rule]:
        • check-success = Test / windows-2025-vs2026 - net10.0
        • check-neutral = Test / windows-2025-vs2026 - net10.0
        • check-skipped = Test / windows-2025-vs2026 - net10.0
      • any of [🛡 GitHub repository ruleset rule main branch rule]:
        • check-success = Test / windows-2025-vs2026 - net8.0
        • check-neutral = Test / windows-2025-vs2026 - net8.0
        • check-skipped = Test / windows-2025-vs2026 - net8.0
      • any of [🛡 GitHub repository ruleset rule main branch rule]:
        • check-success = Test / windows-2025-vs2026 - net9.0
        • check-neutral = Test / windows-2025-vs2026 - net9.0
        • check-skipped = Test / windows-2025-vs2026 - net9.0

@mergify mergify Bot removed the queued label Apr 7, 2026
@arturcic arturcic modified the milestones: 6.x, 6.8.0 Jun 30, 2026
@arturcic

Copy link
Copy Markdown
Member

🎉 This issue has been resolved in version 6.8.0 🎉
The release is available on:

Your GitReleaseManager bot 📦🚀

This was referenced Jul 1, 2026
mpaulosky added a commit to mpaulosky/IssueTrackerApp that referenced this pull request Jul 5, 2026
Updated [Aspire.Hosting.Redis](https://github.com/microsoft/aspire) from
13.4.2 to 13.4.6.

<details>
<summary>Release notes</summary>

_Sourced from [Aspire.Hosting.Redis's
releases](https://github.com/microsoft/aspire/releases)._

## 13.4.6

## What's New in Aspire 13.4.6

Patch release for Aspire 13.4 fixing polyglot AppHost code generation
binding when CLI and SDK versions diverge, resource service port
collision in `--isolated` mode, and a MongoDB.Driver dependency update.

### 🐛 Fixes

- 🔗 **Polyglot AppHost code generation silently failed when CLI and SDK
versions diverged** — `Aspire.TypeSystem` used a floating strong-name
`AssemblyVersion` that changed with every build. When the installed
Aspire CLI was built at a different version than the AppHost's SDK, the
CLR couldn't satisfy the strong-name bind and every code generator
(TypeScript, Python, Java, Go, Rust) was silently dropped, surfacing as
`No code generator found for language: <lang>`. The `AssemblyVersion` is
now frozen at a stable constant so any compatible CLI/SDK pair on 13.4
binds successfully. Relates to #​18110 and #​17910.
([#​18160](https://github.com/microsoft/aspire/pull/18160),
`@​sebastienros`)

- 🔌 **Multiple AppHosts started with `--isolated` collided on the
resource service port** — Both instances tried to bind to the same fixed
port from `ASPIRE_RESOURCE_SERVICE_ENDPOINT_URL`, causing an "address
already in use" error on the second instance. `DashboardServiceHost` now
binds to port 0 on loopback when `RandomizePorts` is true (set by
`--isolated`), letting the OS assign a unique port per instance.
([#​18341](https://github.com/microsoft/aspire/pull/18341), `@​JamesNK`)

- 🍃 **MongoDB.Driver updated to 3.9.0** — Removes a wrongly pinned
`SharpCompress` transitive dependency and uses the corrected `Snappier`
transitive. Fixes #​17981.
([#​18279](https://github.com/microsoft/aspire/pull/18279),
`@​Falco20019`)

### 🏷️ Housekeeping

- 🚀 Bumped branding to 13.4.6
([#​18343](https://github.com/microsoft/aspire/pull/18343))

---

_Full Changelog:
[v13.4.5...v13.4.6](https://github.com/microsoft/aspire/compare/v13.4.5...v13.4.6)_

_Full commit:
[87fe259e4fc244c599019a7b1304c85a1488f248](https://github.com/microsoft/aspire/commit/87fe259e4fc244c599019a7b1304c85a1488f248)_

> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27855270514) ·
131 AIC · ⌖ 13.5 AIC · ⊞ 37.4K

<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.60, model:
claude-sonnet-4.6, id: 27855270514, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27855270514 -->

## 13.4.5

## What's New in Aspire 13.4.5

Patch release for Aspire 13.4 clearing a transitive MessagePack security
advisory, tightening CLI validation for Playwright configuration, and
adding coding-agent detection to CLI telemetry.

### 🐛 Fixes

- 🛡️ **Bumped StreamJsonRpc to 2.25.29 to clear the MessagePack
GHSA-hv8m-jj95-wg3x (CVE-2026-48109) NU1903 advisory** — The transitive
MessagePack 2.5.192 dependency pulled in via StreamJsonRpc 2.22.23 fell
within the advisory's vulnerable LZ4 decompression range. Aspire does
not use `MessagePackFormatter` or LZ4 — all StreamJsonRpc calls use
`SystemTextJsonFormatter` over local Unix sockets — so the vulnerability
was not reachable in practice. The bump clears the NU1903 warning for
consumers of the `Aspire.Hosting` package.
([#​18204](https://github.com/microsoft/aspire/pull/18204),
`@​mitchdenny`)
- 🎭 **`playwrightCliVersion` values that are not valid SemVer 2.0 now
fail fast with a clear diagnostic** — Previously an invalid override
(range expression, dist-tag like `latest`, or a `v`-prefixed string)
would surface as a generic npm resolution failure. The value is now
validated with strict SemVer parsing at startup; an error naming the
configuration key and the offending value is emitted immediately.
([#​18205](https://github.com/microsoft/aspire/pull/18205),
`@​mitchdenny`)
- 🤖 **CLI telemetry now detects and reports the calling coding agent** —
When the Aspire CLI is invoked from inside a known coding agent
environment (GitHub Copilot CLI, VS Code Copilot agent, etc.) the agent
name is included in the main CLI telemetry event. GitHub Copilot CLI is
specifically identified as `copilot-cli`.
([#​18240](https://github.com/microsoft/aspire/pull/18240),
`@​damianedwards`)

### 🏷️ Housekeeping

- 📄 Refreshed the `@​microsoft/aspire-cli` npm package README to be
TypeScript-only — updated examples to the current `ts-starter` template
(`apphost.mts` / `aspire.mjs`), added a backing-services snippet showing
`aspire add` for PostgreSQL and Redis, and documented `aspire dashboard
run` as a standalone dashboard option.
([#​18221](https://github.com/microsoft/aspire/pull/18221), `@​adamint`)

---

_Full Changelog:
[v13.4.4...v13.4.5](https://github.com/microsoft/aspire/compare/v13.4.4...v13.4.5)_

_Full commit:
[73114e86c64aeb9f3f3c7da8e37df1ae4281b27e](https://github.com/microsoft/aspire/commit/73114e86c64aeb9f3f3c7da8e37df1ae4281b27e)_

> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27667814104/agentic_workflow)
· ● 4.4M

<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.40, model:
claude-sonnet-4.6, id: 27667814104, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27667814104 -->

## 13.4.4

## What's New in Aspire 13.4.4

Patch release for Aspire 13.4 with improved DCP connection reliability
during request execution and consistent `ExcludeFromMcp()` filtering
across all CLI MCP tools.

### 🐛 Fixes

* 🔌 **DCP requests could fail permanently when the connection dropped
mid-request** — If the underlying DCP channel closed while a request was
in flight, the error was surfaced directly instead of being retried.
Reconnection is now attempted as part of the DCP request retry path so
transient disconnections recover automatically without surfacing errors.
([#​18096](https://github.com/microsoft/aspire/pull/18096),
`@​karolz-ms`)
* 🔍 **Resources marked with `ExcludeFromMcp()` were not consistently
filtered from CLI MCP tools** — Resources with the
`resource.excludeFromMcp` property were not excluded uniformly from all
CLI MCP tool results. `list_resources`, `list_console_logs`,
`execute_resource_command`, `list_structured_logs`, `list_traces`, and
`list_trace_structured_logs` all now honor the exclusion, preventing
excluded resources and their telemetry from appearing in agent context.
([#​18150](https://github.com/microsoft/aspire/pull/18150), `@​JamesNK`)

### 🏷️ Housekeeping

* 📦 Improved npm CLI package metadata and hardened npm publish
validation in the release pipeline.
([#​18093](https://github.com/microsoft/aspire/pull/18093),
`@​adamratzman`)

* * *

_Full Changelog:
[v13.4.3...v13.4.4](https://github.com/microsoft/aspire/compare/v13.4.3...v13.4.4)_

_Full commit:
[ccc566c5ab3285c9beb8f38ede34734bb477c029](https://github.com/microsoft/aspire/commit/ccc566c5ab3285c9beb8f38ede34734bb477c029)_


## 13.4.3

## What's New in Aspire 13.4.3

Patch release for Aspire 13.4 with a fix for persistent container
endpoint allocation regressions introduced in 13.4.

### 🐛 Fixes

- 🔌 **Persistent container endpoints had incorrect default behavior** —
Persistent containers were defaulting to proxyless endpoint behavior
instead of the proxied behavior used by normal containers. This caused
integrations that depend on endpoint allocation before resource startup
(such as the KeyVault emulator) to fail. Persistent containers now
default to proxied endpoints matching normal container behavior; opt out
with `isProxied: false` or `WithEndpointProxySupport(false)`. Proxyless
container endpoints with only a `targetPort` specified now also resolve
immediately to that port instead of waiting for delayed allocation.
(#​17960, `@​danegsta`)

### 🏷️ Housekeeping

- 🛠️ Unblocked WinGet manifest publishing on locked-down 1ES agents and
updated manifest tags (#​17958)

---
*Full Changelog:
https://github.com/microsoft/aspire/compare/v13.4.2...v13.4.3*

*Full commit:
[4f218933552e18ff2874d1b6d5dc3fe671e3b6d9](https://github.com/microsoft/aspire/commit/4f218933552e18ff2874d1b6d5dc3fe671e3b6d9)*

> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27173824611/agentic_workflow)
· ● 4.7M

<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.40, model:
claude-sonnet-4.6, id: 27173824611, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27173824611 -->

Commits viewable in [compare
view](https://github.com/microsoft/aspire/compare/v13.4.2...v13.4.6).
</details>

Updated [Aspire.Hosting.Testing](https://github.com/microsoft/aspire)
from 13.4.2 to 13.4.6.

<details>
<summary>Release notes</summary>

_Sourced from [Aspire.Hosting.Testing's
releases](https://github.com/microsoft/aspire/releases)._

## 13.4.6

## What's New in Aspire 13.4.6

Patch release for Aspire 13.4 fixing polyglot AppHost code generation
binding when CLI and SDK versions diverge, resource service port
collision in `--isolated` mode, and a MongoDB.Driver dependency update.

### 🐛 Fixes

- 🔗 **Polyglot AppHost code generation silently failed when CLI and SDK
versions diverged** — `Aspire.TypeSystem` used a floating strong-name
`AssemblyVersion` that changed with every build. When the installed
Aspire CLI was built at a different version than the AppHost's SDK, the
CLR couldn't satisfy the strong-name bind and every code generator
(TypeScript, Python, Java, Go, Rust) was silently dropped, surfacing as
`No code generator found for language: <lang>`. The `AssemblyVersion` is
now frozen at a stable constant so any compatible CLI/SDK pair on 13.4
binds successfully. Relates to #​18110 and #​17910.
([#​18160](https://github.com/microsoft/aspire/pull/18160),
`@​sebastienros`)

- 🔌 **Multiple AppHosts started with `--isolated` collided on the
resource service port** — Both instances tried to bind to the same fixed
port from `ASPIRE_RESOURCE_SERVICE_ENDPOINT_URL`, causing an "address
already in use" error on the second instance. `DashboardServiceHost` now
binds to port 0 on loopback when `RandomizePorts` is true (set by
`--isolated`), letting the OS assign a unique port per instance.
([#​18341](https://github.com/microsoft/aspire/pull/18341), `@​JamesNK`)

- 🍃 **MongoDB.Driver updated to 3.9.0** — Removes a wrongly pinned
`SharpCompress` transitive dependency and uses the corrected `Snappier`
transitive. Fixes #​17981.
([#​18279](https://github.com/microsoft/aspire/pull/18279),
`@​Falco20019`)

### 🏷️ Housekeeping

- 🚀 Bumped branding to 13.4.6
([#​18343](https://github.com/microsoft/aspire/pull/18343))

---

_Full Changelog:
[v13.4.5...v13.4.6](https://github.com/microsoft/aspire/compare/v13.4.5...v13.4.6)_

_Full commit:
[87fe259e4fc244c599019a7b1304c85a1488f248](https://github.com/microsoft/aspire/commit/87fe259e4fc244c599019a7b1304c85a1488f248)_

> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27855270514) ·
131 AIC · ⌖ 13.5 AIC · ⊞ 37.4K

<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.60, model:
claude-sonnet-4.6, id: 27855270514, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27855270514 -->

## 13.4.5

## What's New in Aspire 13.4.5

Patch release for Aspire 13.4 clearing a transitive MessagePack security
advisory, tightening CLI validation for Playwright configuration, and
adding coding-agent detection to CLI telemetry.

### 🐛 Fixes

- 🛡️ **Bumped StreamJsonRpc to 2.25.29 to clear the MessagePack
GHSA-hv8m-jj95-wg3x (CVE-2026-48109) NU1903 advisory** — The transitive
MessagePack 2.5.192 dependency pulled in via StreamJsonRpc 2.22.23 fell
within the advisory's vulnerable LZ4 decompression range. Aspire does
not use `MessagePackFormatter` or LZ4 — all StreamJsonRpc calls use
`SystemTextJsonFormatter` over local Unix sockets — so the vulnerability
was not reachable in practice. The bump clears the NU1903 warning for
consumers of the `Aspire.Hosting` package.
([#​18204](https://github.com/microsoft/aspire/pull/18204),
`@​mitchdenny`)
- 🎭 **`playwrightCliVersion` values that are not valid SemVer 2.0 now
fail fast with a clear diagnostic** — Previously an invalid override
(range expression, dist-tag like `latest`, or a `v`-prefixed string)
would surface as a generic npm resolution failure. The value is now
validated with strict SemVer parsing at startup; an error naming the
configuration key and the offending value is emitted immediately.
([#​18205](https://github.com/microsoft/aspire/pull/18205),
`@​mitchdenny`)
- 🤖 **CLI telemetry now detects and reports the calling coding agent** —
When the Aspire CLI is invoked from inside a known coding agent
environment (GitHub Copilot CLI, VS Code Copilot agent, etc.) the agent
name is included in the main CLI telemetry event. GitHub Copilot CLI is
specifically identified as `copilot-cli`.
([#​18240](https://github.com/microsoft/aspire/pull/18240),
`@​damianedwards`)

### 🏷️ Housekeeping

- 📄 Refreshed the `@​microsoft/aspire-cli` npm package README to be
TypeScript-only — updated examples to the current `ts-starter` template
(`apphost.mts` / `aspire.mjs`), added a backing-services snippet showing
`aspire add` for PostgreSQL and Redis, and documented `aspire dashboard
run` as a standalone dashboard option.
([#​18221](https://github.com/microsoft/aspire/pull/18221), `@​adamint`)

---

_Full Changelog:
[v13.4.4...v13.4.5](https://github.com/microsoft/aspire/compare/v13.4.4...v13.4.5)_

_Full commit:
[73114e86c64aeb9f3f3c7da8e37df1ae4281b27e](https://github.com/microsoft/aspire/commit/73114e86c64aeb9f3f3c7da8e37df1ae4281b27e)_

> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27667814104/agentic_workflow)
· ● 4.4M

<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.40, model:
claude-sonnet-4.6, id: 27667814104, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27667814104 -->

## 13.4.4

## What's New in Aspire 13.4.4

Patch release for Aspire 13.4 with improved DCP connection reliability
during request execution and consistent `ExcludeFromMcp()` filtering
across all CLI MCP tools.

### 🐛 Fixes

* 🔌 **DCP requests could fail permanently when the connection dropped
mid-request** — If the underlying DCP channel closed while a request was
in flight, the error was surfaced directly instead of being retried.
Reconnection is now attempted as part of the DCP request retry path so
transient disconnections recover automatically without surfacing errors.
([#​18096](https://github.com/microsoft/aspire/pull/18096),
`@​karolz-ms`)
* 🔍 **Resources marked with `ExcludeFromMcp()` were not consistently
filtered from CLI MCP tools** — Resources with the
`resource.excludeFromMcp` property were not excluded uniformly from all
CLI MCP tool results. `list_resources`, `list_console_logs`,
`execute_resource_command`, `list_structured_logs`, `list_traces`, and
`list_trace_structured_logs` all now honor the exclusion, preventing
excluded resources and their telemetry from appearing in agent context.
([#​18150](https://github.com/microsoft/aspire/pull/18150), `@​JamesNK`)

### 🏷️ Housekeeping

* 📦 Improved npm CLI package metadata and hardened npm publish
validation in the release pipeline.
([#​18093](https://github.com/microsoft/aspire/pull/18093),
`@​adamratzman`)

* * *

_Full Changelog:
[v13.4.3...v13.4.4](https://github.com/microsoft/aspire/compare/v13.4.3...v13.4.4)_

_Full commit:
[ccc566c5ab3285c9beb8f38ede34734bb477c029](https://github.com/microsoft/aspire/commit/ccc566c5ab3285c9beb8f38ede34734bb477c029)_


## 13.4.3

## What's New in Aspire 13.4.3

Patch release for Aspire 13.4 with a fix for persistent container
endpoint allocation regressions introduced in 13.4.

### 🐛 Fixes

- 🔌 **Persistent container endpoints had incorrect default behavior** —
Persistent containers were defaulting to proxyless endpoint behavior
instead of the proxied behavior used by normal containers. This caused
integrations that depend on endpoint allocation before resource startup
(such as the KeyVault emulator) to fail. Persistent containers now
default to proxied endpoints matching normal container behavior; opt out
with `isProxied: false` or `WithEndpointProxySupport(false)`. Proxyless
container endpoints with only a `targetPort` specified now also resolve
immediately to that port instead of waiting for delayed allocation.
(#​17960, `@​danegsta`)

### 🏷️ Housekeeping

- 🛠️ Unblocked WinGet manifest publishing on locked-down 1ES agents and
updated manifest tags (#​17958)

---
*Full Changelog:
https://github.com/microsoft/aspire/compare/v13.4.2...v13.4.3*

*Full commit:
[4f218933552e18ff2874d1b6d5dc3fe671e3b6d9](https://github.com/microsoft/aspire/commit/4f218933552e18ff2874d1b6d5dc3fe671e3b6d9)*

> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27173824611/agentic_workflow)
· ● 4.7M

<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.40, model:
claude-sonnet-4.6, id: 27173824611, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27173824611 -->

Commits viewable in [compare
view](https://github.com/microsoft/aspire/compare/v13.4.2...v13.4.6).
</details>

Updated [Aspire.MongoDB.Driver](https://github.com/microsoft/aspire)
from 13.4.2 to 13.4.6.

<details>
<summary>Release notes</summary>

_Sourced from [Aspire.MongoDB.Driver's
releases](https://github.com/microsoft/aspire/releases)._

## 13.4.6

## What's New in Aspire 13.4.6

Patch release for Aspire 13.4 fixing polyglot AppHost code generation
binding when CLI and SDK versions diverge, resource service port
collision in `--isolated` mode, and a MongoDB.Driver dependency update.

### 🐛 Fixes

- 🔗 **Polyglot AppHost code generation silently failed when CLI and SDK
versions diverged** — `Aspire.TypeSystem` used a floating strong-name
`AssemblyVersion` that changed with every build. When the installed
Aspire CLI was built at a different version than the AppHost's SDK, the
CLR couldn't satisfy the strong-name bind and every code generator
(TypeScript, Python, Java, Go, Rust) was silently dropped, surfacing as
`No code generator found for language: <lang>`. The `AssemblyVersion` is
now frozen at a stable constant so any compatible CLI/SDK pair on 13.4
binds successfully. Relates to #​18110 and #​17910.
([#​18160](https://github.com/microsoft/aspire/pull/18160),
`@​sebastienros`)

- 🔌 **Multiple AppHosts started with `--isolated` collided on the
resource service port** — Both instances tried to bind to the same fixed
port from `ASPIRE_RESOURCE_SERVICE_ENDPOINT_URL`, causing an "address
already in use" error on the second instance. `DashboardServiceHost` now
binds to port 0 on loopback when `RandomizePorts` is true (set by
`--isolated`), letting the OS assign a unique port per instance.
([#​18341](https://github.com/microsoft/aspire/pull/18341), `@​JamesNK`)

- 🍃 **MongoDB.Driver updated to 3.9.0** — Removes a wrongly pinned
`SharpCompress` transitive dependency and uses the corrected `Snappier`
transitive. Fixes #​17981.
([#​18279](https://github.com/microsoft/aspire/pull/18279),
`@​Falco20019`)

### 🏷️ Housekeeping

- 🚀 Bumped branding to 13.4.6
([#​18343](https://github.com/microsoft/aspire/pull/18343))

---

_Full Changelog:
[v13.4.5...v13.4.6](https://github.com/microsoft/aspire/compare/v13.4.5...v13.4.6)_

_Full commit:
[87fe259e4fc244c599019a7b1304c85a1488f248](https://github.com/microsoft/aspire/commit/87fe259e4fc244c599019a7b1304c85a1488f248)_

> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27855270514) ·
131 AIC · ⌖ 13.5 AIC · ⊞ 37.4K

<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.60, model:
claude-sonnet-4.6, id: 27855270514, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27855270514 -->

## 13.4.5

## What's New in Aspire 13.4.5

Patch release for Aspire 13.4 clearing a transitive MessagePack security
advisory, tightening CLI validation for Playwright configuration, and
adding coding-agent detection to CLI telemetry.

### 🐛 Fixes

- 🛡️ **Bumped StreamJsonRpc to 2.25.29 to clear the MessagePack
GHSA-hv8m-jj95-wg3x (CVE-2026-48109) NU1903 advisory** — The transitive
MessagePack 2.5.192 dependency pulled in via StreamJsonRpc 2.22.23 fell
within the advisory's vulnerable LZ4 decompression range. Aspire does
not use `MessagePackFormatter` or LZ4 — all StreamJsonRpc calls use
`SystemTextJsonFormatter` over local Unix sockets — so the vulnerability
was not reachable in practice. The bump clears the NU1903 warning for
consumers of the `Aspire.Hosting` package.
([#​18204](https://github.com/microsoft/aspire/pull/18204),
`@​mitchdenny`)
- 🎭 **`playwrightCliVersion` values that are not valid SemVer 2.0 now
fail fast with a clear diagnostic** — Previously an invalid override
(range expression, dist-tag like `latest`, or a `v`-prefixed string)
would surface as a generic npm resolution failure. The value is now
validated with strict SemVer parsing at startup; an error naming the
configuration key and the offending value is emitted immediately.
([#​18205](https://github.com/microsoft/aspire/pull/18205),
`@​mitchdenny`)
- 🤖 **CLI telemetry now detects and reports the calling coding agent** —
When the Aspire CLI is invoked from inside a known coding agent
environment (GitHub Copilot CLI, VS Code Copilot agent, etc.) the agent
name is included in the main CLI telemetry event. GitHub Copilot CLI is
specifically identified as `copilot-cli`.
([#​18240](https://github.com/microsoft/aspire/pull/18240),
`@​damianedwards`)

### 🏷️ Housekeeping

- 📄 Refreshed the `@​microsoft/aspire-cli` npm package README to be
TypeScript-only — updated examples to the current `ts-starter` template
(`apphost.mts` / `aspire.mjs`), added a backing-services snippet showing
`aspire add` for PostgreSQL and Redis, and documented `aspire dashboard
run` as a standalone dashboard option.
([#​18221](https://github.com/microsoft/aspire/pull/18221), `@​adamint`)

---

_Full Changelog:
[v13.4.4...v13.4.5](https://github.com/microsoft/aspire/compare/v13.4.4...v13.4.5)_

_Full commit:
[73114e86c64aeb9f3f3c7da8e37df1ae4281b27e](https://github.com/microsoft/aspire/commit/73114e86c64aeb9f3f3c7da8e37df1ae4281b27e)_

> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27667814104/agentic_workflow)
· ● 4.4M

<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.40, model:
claude-sonnet-4.6, id: 27667814104, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27667814104 -->

## 13.4.4

## What's New in Aspire 13.4.4

Patch release for Aspire 13.4 with improved DCP connection reliability
during request execution and consistent `ExcludeFromMcp()` filtering
across all CLI MCP tools.

### 🐛 Fixes

* 🔌 **DCP requests could fail permanently when the connection dropped
mid-request** — If the underlying DCP channel closed while a request was
in flight, the error was surfaced directly instead of being retried.
Reconnection is now attempted as part of the DCP request retry path so
transient disconnections recover automatically without surfacing errors.
([#​18096](https://github.com/microsoft/aspire/pull/18096),
`@​karolz-ms`)
* 🔍 **Resources marked with `ExcludeFromMcp()` were not consistently
filtered from CLI MCP tools** — Resources with the
`resource.excludeFromMcp` property were not excluded uniformly from all
CLI MCP tool results. `list_resources`, `list_console_logs`,
`execute_resource_command`, `list_structured_logs`, `list_traces`, and
`list_trace_structured_logs` all now honor the exclusion, preventing
excluded resources and their telemetry from appearing in agent context.
([#​18150](https://github.com/microsoft/aspire/pull/18150), `@​JamesNK`)

### 🏷️ Housekeeping

* 📦 Improved npm CLI package metadata and hardened npm publish
validation in the release pipeline.
([#​18093](https://github.com/microsoft/aspire/pull/18093),
`@​adamratzman`)

* * *

_Full Changelog:
[v13.4.3...v13.4.4](https://github.com/microsoft/aspire/compare/v13.4.3...v13.4.4)_

_Full commit:
[ccc566c5ab3285c9beb8f38ede34734bb477c029](https://github.com/microsoft/aspire/commit/ccc566c5ab3285c9beb8f38ede34734bb477c029)_


## 13.4.3

## What's New in Aspire 13.4.3

Patch release for Aspire 13.4 with a fix for persistent container
endpoint allocation regressions introduced in 13.4.

### 🐛 Fixes

- 🔌 **Persistent container endpoints had incorrect default behavior** —
Persistent containers were defaulting to proxyless endpoint behavior
instead of the proxied behavior used by normal containers. This caused
integrations that depend on endpoint allocation before resource startup
(such as the KeyVault emulator) to fail. Persistent containers now
default to proxied endpoints matching normal container behavior; opt out
with `isProxied: false` or `WithEndpointProxySupport(false)`. Proxyless
container endpoints with only a `targetPort` specified now also resolve
immediately to that port instead of waiting for delayed allocation.
(#​17960, `@​danegsta`)

### 🏷️ Housekeeping

- 🛠️ Unblocked WinGet manifest publishing on locked-down 1ES agents and
updated manifest tags (#​17958)

---
*Full Changelog:
https://github.com/microsoft/aspire/compare/v13.4.2...v13.4.3*

*Full commit:
[4f218933552e18ff2874d1b6d5dc3fe671e3b6d9](https://github.com/microsoft/aspire/commit/4f218933552e18ff2874d1b6d5dc3fe671e3b6d9)*

> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27173824611/agentic_workflow)
· ● 4.7M

<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.40, model:
claude-sonnet-4.6, id: 27173824611, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27173824611 -->

Commits viewable in [compare
view](https://github.com/microsoft/aspire/compare/v13.4.2...v13.4.6).
</details>

Updated
[Aspire.StackExchange.Redis](https://github.com/microsoft/aspire) from
13.4.2 to 13.4.6.

<details>
<summary>Release notes</summary>

_Sourced from [Aspire.StackExchange.Redis's
releases](https://github.com/microsoft/aspire/releases)._

## 13.4.6

## What's New in Aspire 13.4.6

Patch release for Aspire 13.4 fixing polyglot AppHost code generation
binding when CLI and SDK versions diverge, resource service port
collision in `--isolated` mode, and a MongoDB.Driver dependency update.

### 🐛 Fixes

- 🔗 **Polyglot AppHost code generation silently failed when CLI and SDK
versions diverged** — `Aspire.TypeSystem` used a floating strong-name
`AssemblyVersion` that changed with every build. When the installed
Aspire CLI was built at a different version than the AppHost's SDK, the
CLR couldn't satisfy the strong-name bind and every code generator
(TypeScript, Python, Java, Go, Rust) was silently dropped, surfacing as
`No code generator found for language: <lang>`. The `AssemblyVersion` is
now frozen at a stable constant so any compatible CLI/SDK pair on 13.4
binds successfully. Relates to #​18110 and #​17910.
([#​18160](https://github.com/microsoft/aspire/pull/18160),
`@​sebastienros`)

- 🔌 **Multiple AppHosts started with `--isolated` collided on the
resource service port** — Both instances tried to bind to the same fixed
port from `ASPIRE_RESOURCE_SERVICE_ENDPOINT_URL`, causing an "address
already in use" error on the second instance. `DashboardServiceHost` now
binds to port 0 on loopback when `RandomizePorts` is true (set by
`--isolated`), letting the OS assign a unique port per instance.
([#​18341](https://github.com/microsoft/aspire/pull/18341), `@​JamesNK`)

- 🍃 **MongoDB.Driver updated to 3.9.0** — Removes a wrongly pinned
`SharpCompress` transitive dependency and uses the corrected `Snappier`
transitive. Fixes #​17981.
([#​18279](https://github.com/microsoft/aspire/pull/18279),
`@​Falco20019`)

### 🏷️ Housekeeping

- 🚀 Bumped branding to 13.4.6
([#​18343](https://github.com/microsoft/aspire/pull/18343))

---

_Full Changelog:
[v13.4.5...v13.4.6](https://github.com/microsoft/aspire/compare/v13.4.5...v13.4.6)_

_Full commit:
[87fe259e4fc244c599019a7b1304c85a1488f248](https://github.com/microsoft/aspire/commit/87fe259e4fc244c599019a7b1304c85a1488f248)_

> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27855270514) ·
131 AIC · ⌖ 13.5 AIC · ⊞ 37.4K

<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.60, model:
claude-sonnet-4.6, id: 27855270514, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27855270514 -->

## 13.4.5

## What's New in Aspire 13.4.5

Patch release for Aspire 13.4 clearing a transitive MessagePack security
advisory, tightening CLI validation for Playwright configuration, and
adding coding-agent detection to CLI telemetry.

### 🐛 Fixes

- 🛡️ **Bumped StreamJsonRpc to 2.25.29 to clear the MessagePack
GHSA-hv8m-jj95-wg3x (CVE-2026-48109) NU1903 advisory** — The transitive
MessagePack 2.5.192 dependency pulled in via StreamJsonRpc 2.22.23 fell
within the advisory's vulnerable LZ4 decompression range. Aspire does
not use `MessagePackFormatter` or LZ4 — all StreamJsonRpc calls use
`SystemTextJsonFormatter` over local Unix sockets — so the vulnerability
was not reachable in practice. The bump clears the NU1903 warning for
consumers of the `Aspire.Hosting` package.
([#​18204](https://github.com/microsoft/aspire/pull/18204),
`@​mitchdenny`)
- 🎭 **`playwrightCliVersion` values that are not valid SemVer 2.0 now
fail fast with a clear diagnostic** — Previously an invalid override
(range expression, dist-tag like `latest`, or a `v`-prefixed string)
would surface as a generic npm resolution failure. The value is now
validated with strict SemVer parsing at startup; an error naming the
configuration key and the offending value is emitted immediately.
([#​18205](https://github.com/microsoft/aspire/pull/18205),
`@​mitchdenny`)
- 🤖 **CLI telemetry now detects and reports the calling coding agent** —
When the Aspire CLI is invoked from inside a known coding agent
environment (GitHub Copilot CLI, VS Code Copilot agent, etc.) the agent
name is included in the main CLI telemetry event. GitHub Copilot CLI is
specifically identified as `copilot-cli`.
([#​18240](https://github.com/microsoft/aspire/pull/18240),
`@​damianedwards`)

### 🏷️ Housekeeping

- 📄 Refreshed the `@​microsoft/aspire-cli` npm package README to be
TypeScript-only — updated examples to the current `ts-starter` template
(`apphost.mts` / `aspire.mjs`), added a backing-services snippet showing
`aspire add` for PostgreSQL and Redis, and documented `aspire dashboard
run` as a standalone dashboard option.
([#​18221](https://github.com/microsoft/aspire/pull/18221), `@​adamint`)

---

_Full Changelog:
[v13.4.4...v13.4.5](https://github.com/microsoft/aspire/compare/v13.4.4...v13.4.5)_

_Full commit:
[73114e86c64aeb9f3f3c7da8e37df1ae4281b27e](https://github.com/microsoft/aspire/commit/73114e86c64aeb9f3f3c7da8e37df1ae4281b27e)_

> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27667814104/agentic_workflow)
· ● 4.4M

<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.40, model:
claude-sonnet-4.6, id: 27667814104, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27667814104 -->

## 13.4.4

## What's New in Aspire 13.4.4

Patch release for Aspire 13.4 with improved DCP connection reliability
during request execution and consistent `ExcludeFromMcp()` filtering
across all CLI MCP tools.

### 🐛 Fixes

* 🔌 **DCP requests could fail permanently when the connection dropped
mid-request** — If the underlying DCP channel closed while a request was
in flight, the error was surfaced directly instead of being retried.
Reconnection is now attempted as part of the DCP request retry path so
transient disconnections recover automatically without surfacing errors.
([#​18096](https://github.com/microsoft/aspire/pull/18096),
`@​karolz-ms`)
* 🔍 **Resources marked with `ExcludeFromMcp()` were not consistently
filtered from CLI MCP tools** — Resources with the
`resource.excludeFromMcp` property were not excluded uniformly from all
CLI MCP tool results. `list_resources`, `list_console_logs`,
`execute_resource_command`, `list_structured_logs`, `list_traces`, and
`list_trace_structured_logs` all now honor the exclusion, preventing
excluded resources and their telemetry from appearing in agent context.
([#​18150](https://github.com/microsoft/aspire/pull/18150), `@​JamesNK`)

### 🏷️ Housekeeping

* 📦 Improved npm CLI package metadata and hardened npm publish
validation in the release pipeline.
([#​18093](https://github.com/microsoft/aspire/pull/18093),
`@​adamratzman`)

* * *

_Full Changelog:
[v13.4.3...v13.4.4](https://github.com/microsoft/aspire/compare/v13.4.3...v13.4.4)_

_Full commit:
[ccc566c5ab3285c9beb8f38ede34734bb477c029](https://github.com/microsoft/aspire/commit/ccc566c5ab3285c9beb8f38ede34734bb477c029)_


## 13.4.3

## What's New in Aspire 13.4.3

Patch release for Aspire 13.4 with a fix for persistent container
endpoint allocation regressions introduced in 13.4.

### 🐛 Fixes

- 🔌 **Persistent container endpoints had incorrect default behavior** —
Persistent containers were defaulting to proxyless endpoint behavior
instead of the proxied behavior used by normal containers. This caused
integrations that depend on endpoint allocation before resource startup
(such as the KeyVault emulator) to fail. Persistent containers now
default to proxied endpoints matching normal container behavior; opt out
with `isProxied: false` or `WithEndpointProxySupport(false)`. Proxyless
container endpoints with only a `targetPort` specified now also resolve
immediately to that port instead of waiting for delayed allocation.
(#​17960, `@​danegsta`)

### 🏷️ Housekeeping

- 🛠️ Unblocked WinGet manifest publishing on locked-down 1ES agents and
updated manifest tags (#​17958)

---
*Full Changelog:
https://github.com/microsoft/aspire/compare/v13.4.2...v13.4.3*

*Full commit:
[4f218933552e18ff2874d1b6d5dc3fe671e3b6d9](https://github.com/microsoft/aspire/commit/4f218933552e18ff2874d1b6d5dc3fe671e3b6d9)*

> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27173824611/agentic_workflow)
· ● 4.7M

<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.40, model:
claude-sonnet-4.6, id: 27173824611, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27173824611 -->

Commits viewable in [compare
view](https://github.com/microsoft/aspire/compare/v13.4.2...v13.4.6).
</details>

Updated
[Auth0.AspNetCore.Authentication](https://github.com/auth0/auth0-aspnetcore-authentication)
from 1.7.0 to 1.8.0.

<details>
<summary>Release notes</summary>

_Sourced from [Auth0.AspNetCore.Authentication's
releases](https://github.com/auth0/auth0-aspnetcore-authentication/releases)._

## 1.8.0

**Added**

- **Multi-Resource Refresh Token (MRRT) support**
[\#​249](https://github.com/auth0/auth0-aspnetcore-authentication/pull/249),
[\#​251](https://github.com/auth0/auth0-aspnetcore-authentication/pull/251)
([kailash-b](https://github.com/kailash-b)) - applications can now
obtain access tokens for additional audiences and scopes on demand by
exchanging the session's refresh token, without forcing the user through
another interactive login.
- New `HttpContext.GetAccessTokenAsync(AccessTokenRequest)` extension
returns an access token for a requested audience and/or scope, served
from the session cache when possible and otherwise via a refresh-token
exchange.
- Configure default scopes per audience with
`Auth0WebAppWithAccessTokenOptions.ScopeByAudience`.
- The new `OnAccessTokenRefreshFailed` event surfaces refresh failures,
letting callers distinguish terminal failures (warranting re-login) from
transient ones.
- **MFA challenge handling** - when a refresh requires MFA, a new
`MfaRequiredException` surfaces the challenge, and
`IAuthenticationApiClient` (registered via
`WithAuthenticationApiClient()`) lets the application complete OTP, OOB,
or recovery-code grants and manage authenticators.
- **Configurable access-token expiration leeway**
[\#​247](https://github.com/auth0/auth0-aspnetcore-authentication/pull/247)
([kailash-b](https://github.com/kailash-b)) - new
`Auth0WebAppWithAccessTokenOptions.AccessTokenExpirationLeeway`
(`TimeSpan`, default 60s) controls how far ahead of expiry the SDK
proactively refreshes the access token. Previously hard-coded to 60
seconds; the default preserves prior behavior. Applies to both primary
and additional (MRRT) cached tokens, and only takes effect when
`UseRefreshTokens` is enabled.
- **Configurable server-side session store**
[\#​246](https://github.com/auth0/auth0-aspnetcore-authentication/pull/246)
([kailash-b](https://github.com/kailash-b)) - new `WithSessionStore`
method on `Auth0WebAppAuthenticationBuilder` stores the authentication
session server-side (via `ITicketStore`) instead of in the cookie. It
attaches the store to the SDK's own resolved cookie scheme, so it works
even with a custom `CookieAuthenticationScheme`. Two overloads are
provided: `WithSessionStore<TStore>()` (resolved from DI) and
`WithSessionStore(ITicketStore instance)`. Opt-in and additive; the
default stateless cookie session is unchanged.

**Fixed**

- **Remove duplicate trailing slash from `client_assertion` audience**
[\#​236](https://github.com/auth0/auth0-aspnetcore-authentication/pull/236)
([samjetski](https://github.com/samjetski)) - fixes a regression
introduced in 1.7.0 (#​206) where the Private Key JWT client assertion
`aud` claim was built as `https://{tenant}//` (double slash), causing
Auth0's `/oauth/token` endpoint to reject the assertion with `401
invalid_client` and leaving affected apps (any using
`ClientAssertionSecurityKey`) in a callback loop.
- **Wire `OnValidatePrincipal` to the configured cookie scheme**
[\#​248](https://github.com/auth0/auth0-aspnetcore-authentication/pull/248)
([kailash-b](https://github.com/kailash-b)) - fixes a scheme mismatch
where the access-token refresh hook was registered against the default
`"Cookies"` scheme rather than the configured
`CookieAuthenticationScheme`.

**Security**

- **Bump dependencies**
[\#​250](https://github.com/auth0/auth0-aspnetcore-authentication/pull/250)
([kailash-b](https://github.com/kailash-b)) - consolidates several
Dependabot bumps (supersedes #​240, #​242, #​243, #​244):
`Microsoft.IdentityModel.Protocols.OpenIdConnect` 8.18.0 → 8.19.1,
`Microsoft.AspNetCore.Mvc.Testing` 10.0.8 → 10.0.9,
`Microsoft.AspNetCore.Mvc.ViewFeatures` 2.3.10 → 2.3.11,
`System.Text.Encodings.Web` 10.0.8 → 10.0.9.
- **Pin GitHub Actions to commit SHAs**
[\#​241](https://github.com/auth0/auth0-aspnetcore-authentication/pull/241)
([jcchavezs](https://github.com/jcchavezs)) - pins all third-party
actions in the workflow files to commit SHAs for improved supply-chain
security and reproducibility.

## 1.7.1


**Security**
- chore: Upgrade dependencies
[\#​237](https://github.com/auth0/auth0-aspnetcore-authentication/pull/237)
([kailash-b](https://github.com/kailash-b))
- chore(deps): Bump System.Text.Encodings.Web from 10.0.6 to 10.0.7
[\#​228](https://github.com/auth0/auth0-aspnetcore-authentication/pull/228)
([dependabot[bot]](https://github.com/apps/dependabot))
- chore(deps): Bump Microsoft.AspNetCore.Mvc.Testing from 10.0.6 to
10.0.7
[\#​227](https://github.com/auth0/auth0-aspnetcore-authentication/pull/227)
([dependabot[bot]](https://github.com/apps/dependabot))
- chore(deps): Bump Microsoft.NET.Test.Sdk from 18.4.0 to 18.5.1
[\#​229](https://github.com/auth0/auth0-aspnetcore-authentication/pull/229)
([dependabot[bot]](https://github.com/apps/dependabot))
- chore(deps): Bump Microsoft.IdentityModel.Protocols.OpenIdConnect from
8.17.0 to 8.18.0
[\#​230](https://github.com/auth0/auth0-aspnetcore-authentication/pull/230)
([dependabot[bot]](https://github.com/apps/dependabot))
- chore(deps): Bump System.Text.Encodings.Web from 10.0.5 to 10.0.6
[\#​225](https://github.com/auth0/auth0-aspnetcore-authentication/pull/225)
([dependabot[bot]](https://github.com/apps/dependabot))
- chore(deps): Bump Microsoft.AspNetCore.Mvc.Testing from 10.0.5 to
10.0.6
[\#​224](https://github.com/auth0/auth0-aspnetcore-authentication/pull/224)
([dependabot[bot]](https://github.com/apps/dependabot))
- chore(deps): Bump Microsoft.NET.Test.Sdk from 18.3.0 to 18.4.0
[\#​222](https://github.com/auth0/auth0-aspnetcore-authentication/pull/222)
([dependabot[bot]](https://github.com/apps/dependabot))
- chore(deps): Bump Microsoft.IdentityModel.Protocols.OpenIdConnect from
8.16.0 to 8.17.0
[\#​221](https://github.com/auth0/auth0-aspnetcore-authentication/pull/221)
([dependabot[bot]](https://github.com/apps/dependabot))


Commits viewable in [compare
view](https://github.com/auth0/auth0-aspnetcore-authentication/compare/1.7.0...1.8.0).
</details>

Updated [Auth0.ManagementApi](https://github.com/auth0/auth0.net) from
8.4.0 to 8.6.0.

<details>
<summary>Release notes</summary>

_Sourced from [Auth0.ManagementApi's
releases](https://github.com/auth0/auth0.net/releases)._

## 8.6.0

**Breaking Changes**
- User date fields: `CreatedAt`, `UpdatedAt`, `MultifactorLastModified`,
`LastLogin`, and `LastPasswordReset` on the user response types
(`GetUserResponseContent`, `CreateUserResponseContent`,
`UpdateUserResponseContent`, `UserResponseSchema`) are now plain
`DateTime?` instead of the `UserDateSchema` union. The `UserDateSchema`
type and its `UserDateSchemaExtensions` (`ToDateTime`) helpers have been
removed — callers can drop `.ToDateTime()` and use the value directly
[\#​1037](https://github.com/auth0/auth0.net/pull/1037)
([fern-api[bot]](https://github.com/apps/fern-api))
- User identity IDs: The `UserId` property on `UserIdentitySchema` and
`DeleteUserIdentityResponseContentItem` is now the `UserId` union type
instead of `string`, allowing string or numeric user identifiers
[\#​1037](https://github.com/auth0/auth0.net/pull/1037)
([fern-api[bot]](https://github.com/apps/fern-api))
- Native Social Login: `NativeSocialLogin` on
`UpdateClientRequestContent` is now `Optional<NativeSocialLoginPatch?>`
(with new `NativeSocialLoginPatch`, `NativeSocialLoginApplePatch`,
`NativeSocialLoginFacebookPatch`, and `NativeSocialLoginGooglePatch`
types) to support partial PATCH semantics
[\#​1037](https://github.com/auth0/auth0.net/pull/1037)
([fern-api[bot]](https://github.com/apps/fern-api))
- FedCM Login: `FedcmLogin` on `UpdateClientRequestContent` is now
`Optional<FedCmLoginPatch?>` (with new `FedCmLoginPatch` and
`FedCmLoginGooglePatch` types) to support partial PATCH semantics
[\#​1037](https://github.com/auth0/auth0.net/pull/1037)
([fern-api[bot]](https://github.com/apps/fern-api))

**Added**
- Phone Provider Protection: Added
`AttackProtection.PhoneProviderProtection` sub-client with `GetAsync()`
and `PatchAsync()` to read and update the tenant's phone provider
protection configuration, plus
`PatchPhoneProviderProtectionRequestContent`,
`GetPhoneProviderProtectionResponseContent`,
`PatchPhoneProviderProtectionResponseContent`, and the
`PhoneProviderProtectionBackoffStrategyEnum` (`exponential`/`none`) type
[\#​1037](https://github.com/auth0/auth0.net/pull/1037)
([fern-api[bot]](https://github.com/apps/fern-api))
- Cross-App Access: Added `CrossAppAccessRequestingApp` type (with
`Active`) and a `CrossAppAccessRequestingApp` property to the OIDC and
Okta connection request/response types
(`CreateConnectionRequestContentOidc`,
`CreateConnectionRequestContentOkta`,
`UpdateConnectionRequestContentOidc`,
`UpdateConnectionRequestContentOkta`, `ConnectionResponseContentOidc`,
`ConnectionResponseContentOkta`, `ConnectionForList`, and the connection
response types) [\#​1037](https://github.com/auth0/auth0.net/pull/1037)
([fern-api[bot]](https://github.com/apps/fern-api))
- Token Vault Privileged Access: Added `TokenVaultPrivilegedAccess`
property to client types —
`ClientTokenVaultPrivilegedAccessWithPublicKey` (with `Credentials` and
`IpAllowlist`) on `CreateClientRequestContent`, and
`ClientTokenVaultPrivilegedAccessWithCredentialId` on
`UpdateClientRequestContent`, `Client`, and the client response types
[\#​1037](https://github.com/auth0/auth0.net/pull/1037)
([fern-api[bot]](https://github.com/apps/fern-api))
- Email Templates: Added `auth_email_by_code` (`AuthEmailByCode`) value
to `EmailTemplateNameEnum`
[\#​1037](https://github.com/auth0/auth0.net/pull/1037)
([fern-api[bot]](https://github.com/apps/fern-api))

## 8.5.0

**Added**
- Tenant Security Headers: Added `SecurityHeaders`
(`TenantSettingsNullableSecurityHeaders`) property to
`UpdateTenantSettingsRequestContent`,
`GetTenantSettingsResponseContent`, and
`UpdateTenantSettingsResponseContent` for configuring Content Security
Policy and XSS protection at the tenant level
[\#​1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
- Content Security Policy: Added `ContentSecurityPolicyConfig`,
`CspPolicy`, `CspPolicyMode` (`enforcing`/`reporting`), `CspFlag`
(`upgrade-insecure-requests`/`block-all-mixed-content`),
`CspPolicyReporting`, `CspReportingInfrastructure`, `CspReportTo`, and
`CspReportToEndpoint` types to model CSP directives, flags, and
reporting endpoints
[\#​1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
- XSS Protection: Added `XssProtectionConfig` and `XssProtectionMode`
(`block`) types to configure the `X-XSS-Protection` response header
[\#​1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
- Tenant Settings: Added minute-granularity session lifetime fields
`SessionLifetimeInMinutes`, `IdleSessionLifetimeInMinutes`,
`EphemeralSessionLifetimeInMinutes`, and
`IdleEphemeralSessionLifetimeInMinutes` on
`UpdateTenantSettingsRequestContent` (each mutually exclusive with its
hours-based counterpart)
[\#​1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
- Tenant Settings: Added `IncludeSessionMetadataInTenantLogs` (`bool?`)
on tenant settings request/response types to include session metadata in
`slo` and OIDC back-channel logout tenant logs
[\#​1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
- Connections: Added `IdTokenSessionExpirySupported` (`bool?`) property
to `ConnectionOptionsCommonOidc`, `ConnectionOptionsOidc`,
`ConnectionOptionsOkta`, `ConnectionPropertiesOptions`, and
`UpdateConnectionOptions`
[\#​1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
- Client My Organization: Added `InvitationLandingClientId` property to
`ClientMyOrganizationPostConfiguration`,
`ClientMyOrganizationPatchConfiguration`, and
`ClientMyOrganizationResponseConfiguration`
[\#​1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
- Enums: Added `Experiment` value to `AculContextEnum`, and
`Confirmation` value to `PromptGroupNameEnum` and `ScreenGroupNameEnum`
[\#​1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))

**Removed**
- Branding Identifiers: Removed the `Identifiers` property (and the
`BrandingIdentifiers` / `UpdateBrandingIdentifiers` types) from
`UpdateBrandingRequestContent`, `GetBrandingResponseContent`, and
`UpdateBrandingResponseContent`. **Breaking change**
[\#​1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
- Branding Phone Enums: Removed the `BrandingPhoneMaskingEnum`,
`UpdateBrandingPhoneMaskingEnum`, and
`UpdateBrandingPhoneFormattingEnum` types. **Breaking change**
[\#​1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))

**Changed**
- Phone Templates: The `Id` property on `PhoneTemplate`,
`GetPhoneTemplateResponseContent`, `CreatePhoneTemplateResponseContent`,
`UpdatePhoneTemplateResponseContent`, and
`ResetPhoneTemplateResponseContent` is now optional/nullable (`string?`)
instead of `required`. **Breaking change**
[\#​1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
- Refresh Tokens: Clarified `RevokeRefreshTokensRequestContent.ClientId`
semantics — it must be paired with `UserId` and can be narrowed further
with `Audience`, rather than revoking all of a client's tokens
[\#​1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))


Commits viewable in [compare
view](https://github.com/auth0/auth0.net/compare/mgmt-8.4.0...mgmt-8.6.0).
</details>

Updated [gitversion.tool](https://github.com/GitTools/GitVersion) from
6.7.0 to 6.8.1.

<details>
<summary>Release notes</summary>

_Sourced from [gitversion.tool's
releases](https://github.com/GitTools/GitVersion/releases)._

## 6.8.1

As part of this release we had [18
commits](https://github.com/GitTools/GitVersion/compare/6.8.0...6.8.1)
which resulted in [9
issues](https://github.com/GitTools/GitVersion/milestone/87?closed=1)
being closed.

__Bug__

- [__!5005__](https://github.com/GitTools/GitVersion/pull/5005) ci: fix
homebrew publish — drop --fork-org (gittools-bot is a user) by
[arturcic](https://github.com/arturcic)

__Dependencies__

- [__!5006__](https://github.com/GitTools/GitVersion/pull/5006)
build(deps): bump devcontainers/dotnet from `da953a3` to `be5bd89` in
/.devcontainer by [dependabot[bot]](https://github.com/apps/dependabot)
- [__!5015__](https://github.com/GitTools/GitVersion/pull/5015)
chore(deps): consolidate Dependabot config and enable devcontainer
feature updates by [arturcic](https://github.com/arturcic)
- [__!5016__](https://github.com/GitTools/GitVersion/pull/5016) (build
deps): bump the codeql group across 1 directory with 3 updates by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!5020__](https://github.com/GitTools/GitVersion/pull/5020) (deps):
Bump the microsoft group with 3 updates by
[dependabot[bot]](https://github.com/apps/dependabot)

__Improvements__

- [__!5004__](https://github.com/GitTools/GitVersion/pull/5004) ci:
replace homebrew bump action with brew bump-formula-pr by
[arturcic](https://github.com/arturcic)
- [__#​5007__](https://github.com/GitTools/GitVersion/issues/5007)
[ISSUE]: GitLab CI: Merge Request pipelines use source branch instead of
CI_MERGE_REQUEST_REF_PATH by
[JDanRibeiro](https://github.com/JDanRibeiro) resolved in
[__!5008__](https://github.com/GitTools/GitVersion/pull/5008) by
[JDanRibeiro](https://github.com/JDanRibeiro)
- [__#​5009__](https://github.com/GitTools/GitVersion/issues/5009)
[ISSUE]: Using environment variable with label can produce Semver
incompatible labels by
[robertcoltheart](https://github.com/robertcoltheart) resolved in
[__!5010__](https://github.com/GitTools/GitVersion/pull/5010) by
[robertcoltheart](https://github.com/robertcoltheart)

__Contributors__

4 contributors made this release possible.

<a href="/arturcic"><img
src="https://avatars.githubusercontent.com/u/1760506?v=4" alt="arturcic"
height="32" width="32"/></a> <a
href="/apps/dependabot"><img
src="https://avatars.githubusercontent.com/in/29110?v=4"
alt="dependabot[bot]" height="32" width="32"/></a> <a
href="/JDanRibeiro"><img
src="https://avatars.githubusercontent.com/u/86156563?v=4"
alt="JDanRibeiro" height="32" width="32"/></a> <a
href="/robertcoltheart"><img
src="https://avatars.githubusercontent.com/u/13191652?v=4"
alt="robertcoltheart" height="32" width="32"/></a>


## 6.8.0

As part of this release we had [248
commits](https://github.com/GitTools/GitVersion/compare/6.7.0...6.8.0)
which resulted in [86
issues](https://github.com/GitTools/GitVersion/milestone/86?closed=1)
being closed.

__Bug__

- [__#​4976__](https://github.com/GitTools/GitVersion/issues/4976)
[ISSUE]: {BranchName} format strings for label not working by
[moppa](https://github.com/moppa) resolved in
[__!4977__](https://github.com/GitTools/GitVersion/pull/4977) by
[robertcoltheart](https://github.com/robertcoltheart)

__Dependencies__

- [__!4893__](https://github.com/GitTools/GitVersion/pull/4893) (build
deps): Bump mislav/bump-homebrew-formula-action from 3 to 4 in
/.github/workflows by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4894__](https://github.com/GitTools/GitVersion/pull/4894) (deps):
Bump coverlet.MTP from 8.0.0 to 8.0.1 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4896__](https://github.com/GitTools/GitVersion/pull/4896) (deps):
Bump Scriban from 7.0.0 to 7.0.3 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4897__](https://github.com/GitTools/GitVersion/pull/4897) (docs
deps): Bump picomatch from 2.3.1 to 2.3.2 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4900__](https://github.com/GitTools/GitVersion/pull/4900) (deps):
Bump Scriban from 7.0.3 to 7.0.5 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4902__](https://github.com/GitTools/GitVersion/pull/4902) (build
deps): Bump codecov/codecov-action from 5 to 6 in /.github/workflows by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4903__](https://github.com/GitTools/GitVersion/pull/4903) (deps):
Bump Scriban from 7.0.5 to 7.0.6 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4908__](https://github.com/GitTools/GitVersion/pull/4908) (deps):
Bump JsonSchema.Net.Generation from 7.1.3 to 7.2.0 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4909__](https://github.com/GitTools/GitVersion/pull/4909) (deps):
Bump the microsoft group with 1 update by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4911__](https://github.com/GitTools/GitVersion/pull/4911) (build
deps): Bump gittools/cicd from 1 to 2 in /.github/workflows by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4913__](https://github.com/GitTools/GitVersion/pull/4913) (deps):
Bump Scriban from 7.0.6 to 7.1.0 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4914__](https://github.com/GitTools/GitVersion/pull/4914) (deps):
Bump System.IO.Abstractions from 22.1.0 to 22.1.1 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4915__](https://github.com/GitTools/GitVersion/pull/4915) (deps):
Bump JsonSchema.Net.Generation from 7.2.0 to 7.3.0 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4916__](https://github.com/GitTools/GitVersion/pull/4916) (deps):
Bump JsonSchema.Net.Generation from 7.2.0 to 7.3.4 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4917__](https://github.com/GitTools/GitVersion/pull/4917) (deps):
Bump JsonSchema.Net.Generation from 7.2.0 to 7.3.6 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4919__](https://github.com/GitTools/GitVersion/pull/4919) (sdk):
Bump dotnet-sdk from 10.0.201 to 10.0.202 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4920__](https://github.com/GitTools/GitVersion/pull/4920) (deps):
Bump the microsoft group with 11 updates by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4921__](https://github.com/GitTools/GitVersion/pull/4921) (deps):
Bump NUnit3TestAdapter from 6.1.0 to 6.2.0 by
[arturcic](https://github.com/arturcic)
- [__!4922__](https://github.com/GitTools/GitVersion/pull/4922) (sdk):
Bump dotnet-sdk from 10.0.202 to 10.0.203 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4923__](https://github.com/GitTools/GitVersion/pull/4923) (deps):
Bump coverlet.MTP from 8.0.1 to 10.0.0 by
[arturcic](https://github.com/arturcic)
- [__!4924__](https://github.com/GitTools/GitVersion/pull/4924) (deps):
Bump the microsoft group with 12 updates by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4925__](https://github.com/GitTools/GitVersion/pull/4925) (deps):
Bump SharpYaml from 3.4.0 to 3.7.0 by
[arturcic](https://github.com/arturcic)
- [__!4926__](https://github.com/GitTools/GitVersion/pull/4926) (deps):
Bump the microsoft group with 1 update by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4928__](https://github.com/GitTools/GitVersion/pull/4928) (deps):
Bump the analyzers group with 1 update by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4929__](https://github.com/GitTools/GitVersion/pull/4929) (deps):
Bump NUnit from 4.5.1 to 4.6.0 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4930__](https://github.com/GitTools/GitVersion/pull/4930) (build
deps): Bump test-summary/action from 2.4 to 2.6 in /.github/workflows by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4931__](https://github.com/GitTools/GitVersion/pull/4931) (deps):
Bump Cake.Incubator from 10.0.0 to 11.0.0 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4934__](https://github.com/GitTools/GitVersion/pull/4934) (build
deps): Bump gittools/cicd from 2 to 5 in /.github/workflows by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4935__](https://github.com/GitTools/GitVersion/pull/4935) (deps):
Bump the microsoft group with 8 updates by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4936__](https://github.com/GitTools/GitVersion/pull/4936) (sdk):
Bump dotnet-sdk from 10.0.203 to 10.0.300 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4937__](https://github.com/GitTools/GitVersion/pull/4937) (deps):
Bump the microsoft group with 4 updates by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4938__](https://github.com/GitTools/GitVersion/pull/4938) (deps):
Bump Scriban from 7.1.0 to 7.2.0 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4939__](https://github.com/GitTools/GitVersion/pull/4939) (deps):
Bump NUnit from 4.5.1 to 4.6.0 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4941__](https://github.com/GitTools/GitVersion/pull/4941) (deps):
Bump SharpYaml from 3.7.0 to 3.7.1 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4942__](https://github.com/GitTools/GitVersion/pull/4942) (deps):
Bump JsonSchema.Net.Generation from 7.3.6 to 7.3.7 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4943__](https://github.com/GitTools/GitVersion/pull/4943) (deps):
Bump coverlet.MTP from 10.0.0 to 10.0.1 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4945__](https://github.com/GitTools/GitVersion/pull/4945) (deps):
Bump NUnit from 4.6.0 to 4.6.1 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4946__](https://github.com/GitTools/GitVersion/pull/4946) (deps):
Bump NUnit from 4.6.0 to 4.6.1 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4948__](https://github.com/GitTools/GitVersion/pull/4948) (deps):
Bump the microsoft group with 1 update by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4949__](https://github.com/GitTools/GitVersion/pull/4949) (deps):
Bump Cake.Frosting from 6.1.0 to 6.2.0 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4950__](https://github.com/GitTools/GitVersion/pull/4950) (deps):
Bump JsonSchema.Net.Generation from 7.3.7 to 7.3.8 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4951__](https://github.com/GitTools/GitVersion/pull/4951) (deps):
Bump Scriban from 7.2.0 to 7.2.1 by
[dependabot[bot]](https://github.com/apps/dependabot)
 ... (truncated)

Commits viewable in [compare
view](https://github.com/GitTools/GitVersion/compare/6.7.0...6.8.1).
</details>

Updated [MediatR](https://github.com/LuckyPennySoftware/MediatR) from
14.1.0 to 14.2.0.

<details>
<summary>Release notes</summary>

_Sourced from [MediatR's
releases](https://github.com/LuckyPennySoftware/MediatR/releases)._

## 14.2.0

## What's Changed
* Fix license validation deadlock when called from sync context by
@​jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1165
* Reporting test results by @​jbogard in
https://github.com/LuckyPennySoftware/MediatR/pull/1166
* Attach NuGet packages and SBOM to GitHub Release by @​jbogard in
https://github.com/LuckyPennySoftware/MediatR/pull/1169
* Treat blank license key as unconfigured (#​1170) by @​jbogard in
https://github.com/LuckyPennySoftware/MediatR/pull/1171
* ci: publish fork-PR test reports via workflow_run by @​jbogard in
https://github.com/LuckyPennySoftware/MediatR/pull/1173
* Run license validation off the Mediator construction path by @​jbogard
in https://github.com/LuckyPennySoftware/MediatR/pull/1174
* Support license key via environment variable fallback by @​jbogard in
https://github.com/LuckyPennySoftware/MediatR/pull/1175


**Full Changelog**:
https://github.com/LuckyPennySoftware/MediatR/compare/v14.1.0...v14.2.0

Commits viewable in [compare
view](https://github.com/LuckyPennySoftware/MediatR/compare/v14.1.0...v14.2.0).
</details>

Updated
[Microsoft.AspNetCore.Mvc.Testing](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.AspNetCore.Mvc.Testing's
releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>

Updated [Microsoft.AspNetCore.OpenApi](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.AspNetCore.OpenApi's
releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>

Updated
[Microsoft.AspNetCore.SignalR.Client](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.AspNetCore.SignalR.Client's
releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>

Updated
[Microsoft.Extensions.Caching.StackExchangeRedis](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.Extensions.Caching.StackExchangeRedis's
releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>

Updated
[Microsoft.Extensions.Configuration](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.Extensions.Configuration's
releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>

Updated
[Microsoft.Extensions.Configuration.Abstractions](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.Extensions.Configuration.Abstractions's
releases](https://github.com/dotnet/dotnet/releases)._

No release notes found for this version range.

Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>

Updated
[Microsoft.Extensions.Configuration.Binder](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.

<details>
<summary>Release notes</summary>

_Sourced from [Microsoft.Extensions.Configuration.Binder…
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant