(deps): Bump NUnit from 4.5.1 to 4.6.0#4939
Merged
Merged
Conversation
--- updated-dependencies: - dependency-name: NUnit dependency-version: 4.6.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
|
Contributor
Merge Queue Status
This pull request spent 40 minutes 19 seconds in the queue, including 39 minutes 36 seconds running CI. Required conditions to merge
|
Member
|
🎉 This issue has been resolved in version 6.8.0 🎉 Your GitReleaseManager bot 📦🚀 |
This was referenced Jul 1, 2026
This was referenced Jul 1, 2026
mpaulosky
added a commit
to mpaulosky/IssueTrackerApp
that referenced
this pull request
Jul 5, 2026
Updated [Aspire.Hosting.Redis](https://github.com/microsoft/aspire) from
13.4.2 to 13.4.6.
<details>
<summary>Release notes</summary>
_Sourced from [Aspire.Hosting.Redis's
releases](https://github.com/microsoft/aspire/releases)._
## 13.4.6
## What's New in Aspire 13.4.6
Patch release for Aspire 13.4 fixing polyglot AppHost code generation
binding when CLI and SDK versions diverge, resource service port
collision in `--isolated` mode, and a MongoDB.Driver dependency update.
### 🐛 Fixes
- 🔗 **Polyglot AppHost code generation silently failed when CLI and SDK
versions diverged** — `Aspire.TypeSystem` used a floating strong-name
`AssemblyVersion` that changed with every build. When the installed
Aspire CLI was built at a different version than the AppHost's SDK, the
CLR couldn't satisfy the strong-name bind and every code generator
(TypeScript, Python, Java, Go, Rust) was silently dropped, surfacing as
`No code generator found for language: <lang>`. The `AssemblyVersion` is
now frozen at a stable constant so any compatible CLI/SDK pair on 13.4
binds successfully. Relates to #18110 and #17910.
([#18160](https://github.com/microsoft/aspire/pull/18160),
`@sebastienros`)
- 🔌 **Multiple AppHosts started with `--isolated` collided on the
resource service port** — Both instances tried to bind to the same fixed
port from `ASPIRE_RESOURCE_SERVICE_ENDPOINT_URL`, causing an "address
already in use" error on the second instance. `DashboardServiceHost` now
binds to port 0 on loopback when `RandomizePorts` is true (set by
`--isolated`), letting the OS assign a unique port per instance.
([#18341](https://github.com/microsoft/aspire/pull/18341), `@JamesNK`)
- 🍃 **MongoDB.Driver updated to 3.9.0** — Removes a wrongly pinned
`SharpCompress` transitive dependency and uses the corrected `Snappier`
transitive. Fixes #17981.
([#18279](https://github.com/microsoft/aspire/pull/18279),
`@Falco20019`)
### 🏷️ Housekeeping
- 🚀 Bumped branding to 13.4.6
([#18343](https://github.com/microsoft/aspire/pull/18343))
---
_Full Changelog:
[v13.4.5...v13.4.6](https://github.com/microsoft/aspire/compare/v13.4.5...v13.4.6)_
_Full commit:
[87fe259e4fc244c599019a7b1304c85a1488f248](https://github.com/microsoft/aspire/commit/87fe259e4fc244c599019a7b1304c85a1488f248)_
> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27855270514) ·
131 AIC · ⌖ 13.5 AIC · ⊞ 37.4K
<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.60, model:
claude-sonnet-4.6, id: 27855270514, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27855270514 -->
## 13.4.5
## What's New in Aspire 13.4.5
Patch release for Aspire 13.4 clearing a transitive MessagePack security
advisory, tightening CLI validation for Playwright configuration, and
adding coding-agent detection to CLI telemetry.
### 🐛 Fixes
- 🛡️ **Bumped StreamJsonRpc to 2.25.29 to clear the MessagePack
GHSA-hv8m-jj95-wg3x (CVE-2026-48109) NU1903 advisory** — The transitive
MessagePack 2.5.192 dependency pulled in via StreamJsonRpc 2.22.23 fell
within the advisory's vulnerable LZ4 decompression range. Aspire does
not use `MessagePackFormatter` or LZ4 — all StreamJsonRpc calls use
`SystemTextJsonFormatter` over local Unix sockets — so the vulnerability
was not reachable in practice. The bump clears the NU1903 warning for
consumers of the `Aspire.Hosting` package.
([#18204](https://github.com/microsoft/aspire/pull/18204),
`@mitchdenny`)
- 🎭 **`playwrightCliVersion` values that are not valid SemVer 2.0 now
fail fast with a clear diagnostic** — Previously an invalid override
(range expression, dist-tag like `latest`, or a `v`-prefixed string)
would surface as a generic npm resolution failure. The value is now
validated with strict SemVer parsing at startup; an error naming the
configuration key and the offending value is emitted immediately.
([#18205](https://github.com/microsoft/aspire/pull/18205),
`@mitchdenny`)
- 🤖 **CLI telemetry now detects and reports the calling coding agent** —
When the Aspire CLI is invoked from inside a known coding agent
environment (GitHub Copilot CLI, VS Code Copilot agent, etc.) the agent
name is included in the main CLI telemetry event. GitHub Copilot CLI is
specifically identified as `copilot-cli`.
([#18240](https://github.com/microsoft/aspire/pull/18240),
`@damianedwards`)
### 🏷️ Housekeeping
- 📄 Refreshed the `@microsoft/aspire-cli` npm package README to be
TypeScript-only — updated examples to the current `ts-starter` template
(`apphost.mts` / `aspire.mjs`), added a backing-services snippet showing
`aspire add` for PostgreSQL and Redis, and documented `aspire dashboard
run` as a standalone dashboard option.
([#18221](https://github.com/microsoft/aspire/pull/18221), `@adamint`)
---
_Full Changelog:
[v13.4.4...v13.4.5](https://github.com/microsoft/aspire/compare/v13.4.4...v13.4.5)_
_Full commit:
[73114e86c64aeb9f3f3c7da8e37df1ae4281b27e](https://github.com/microsoft/aspire/commit/73114e86c64aeb9f3f3c7da8e37df1ae4281b27e)_
> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27667814104/agentic_workflow)
· ● 4.4M
<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.40, model:
claude-sonnet-4.6, id: 27667814104, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27667814104 -->
## 13.4.4
## What's New in Aspire 13.4.4
Patch release for Aspire 13.4 with improved DCP connection reliability
during request execution and consistent `ExcludeFromMcp()` filtering
across all CLI MCP tools.
### 🐛 Fixes
* 🔌 **DCP requests could fail permanently when the connection dropped
mid-request** — If the underlying DCP channel closed while a request was
in flight, the error was surfaced directly instead of being retried.
Reconnection is now attempted as part of the DCP request retry path so
transient disconnections recover automatically without surfacing errors.
([#18096](https://github.com/microsoft/aspire/pull/18096),
`@karolz-ms`)
* 🔍 **Resources marked with `ExcludeFromMcp()` were not consistently
filtered from CLI MCP tools** — Resources with the
`resource.excludeFromMcp` property were not excluded uniformly from all
CLI MCP tool results. `list_resources`, `list_console_logs`,
`execute_resource_command`, `list_structured_logs`, `list_traces`, and
`list_trace_structured_logs` all now honor the exclusion, preventing
excluded resources and their telemetry from appearing in agent context.
([#18150](https://github.com/microsoft/aspire/pull/18150), `@JamesNK`)
### 🏷️ Housekeeping
* 📦 Improved npm CLI package metadata and hardened npm publish
validation in the release pipeline.
([#18093](https://github.com/microsoft/aspire/pull/18093),
`@adamratzman`)
* * *
_Full Changelog:
[v13.4.3...v13.4.4](https://github.com/microsoft/aspire/compare/v13.4.3...v13.4.4)_
_Full commit:
[ccc566c5ab3285c9beb8f38ede34734bb477c029](https://github.com/microsoft/aspire/commit/ccc566c5ab3285c9beb8f38ede34734bb477c029)_
## 13.4.3
## What's New in Aspire 13.4.3
Patch release for Aspire 13.4 with a fix for persistent container
endpoint allocation regressions introduced in 13.4.
### 🐛 Fixes
- 🔌 **Persistent container endpoints had incorrect default behavior** —
Persistent containers were defaulting to proxyless endpoint behavior
instead of the proxied behavior used by normal containers. This caused
integrations that depend on endpoint allocation before resource startup
(such as the KeyVault emulator) to fail. Persistent containers now
default to proxied endpoints matching normal container behavior; opt out
with `isProxied: false` or `WithEndpointProxySupport(false)`. Proxyless
container endpoints with only a `targetPort` specified now also resolve
immediately to that port instead of waiting for delayed allocation.
(#17960, `@danegsta`)
### 🏷️ Housekeeping
- 🛠️ Unblocked WinGet manifest publishing on locked-down 1ES agents and
updated manifest tags (#17958)
---
*Full Changelog:
https://github.com/microsoft/aspire/compare/v13.4.2...v13.4.3*
*Full commit:
[4f218933552e18ff2874d1b6d5dc3fe671e3b6d9](https://github.com/microsoft/aspire/commit/4f218933552e18ff2874d1b6d5dc3fe671e3b6d9)*
> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27173824611/agentic_workflow)
· ● 4.7M
<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.40, model:
claude-sonnet-4.6, id: 27173824611, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27173824611 -->
Commits viewable in [compare
view](https://github.com/microsoft/aspire/compare/v13.4.2...v13.4.6).
</details>
Updated [Aspire.Hosting.Testing](https://github.com/microsoft/aspire)
from 13.4.2 to 13.4.6.
<details>
<summary>Release notes</summary>
_Sourced from [Aspire.Hosting.Testing's
releases](https://github.com/microsoft/aspire/releases)._
## 13.4.6
## What's New in Aspire 13.4.6
Patch release for Aspire 13.4 fixing polyglot AppHost code generation
binding when CLI and SDK versions diverge, resource service port
collision in `--isolated` mode, and a MongoDB.Driver dependency update.
### 🐛 Fixes
- 🔗 **Polyglot AppHost code generation silently failed when CLI and SDK
versions diverged** — `Aspire.TypeSystem` used a floating strong-name
`AssemblyVersion` that changed with every build. When the installed
Aspire CLI was built at a different version than the AppHost's SDK, the
CLR couldn't satisfy the strong-name bind and every code generator
(TypeScript, Python, Java, Go, Rust) was silently dropped, surfacing as
`No code generator found for language: <lang>`. The `AssemblyVersion` is
now frozen at a stable constant so any compatible CLI/SDK pair on 13.4
binds successfully. Relates to #18110 and #17910.
([#18160](https://github.com/microsoft/aspire/pull/18160),
`@sebastienros`)
- 🔌 **Multiple AppHosts started with `--isolated` collided on the
resource service port** — Both instances tried to bind to the same fixed
port from `ASPIRE_RESOURCE_SERVICE_ENDPOINT_URL`, causing an "address
already in use" error on the second instance. `DashboardServiceHost` now
binds to port 0 on loopback when `RandomizePorts` is true (set by
`--isolated`), letting the OS assign a unique port per instance.
([#18341](https://github.com/microsoft/aspire/pull/18341), `@JamesNK`)
- 🍃 **MongoDB.Driver updated to 3.9.0** — Removes a wrongly pinned
`SharpCompress` transitive dependency and uses the corrected `Snappier`
transitive. Fixes #17981.
([#18279](https://github.com/microsoft/aspire/pull/18279),
`@Falco20019`)
### 🏷️ Housekeeping
- 🚀 Bumped branding to 13.4.6
([#18343](https://github.com/microsoft/aspire/pull/18343))
---
_Full Changelog:
[v13.4.5...v13.4.6](https://github.com/microsoft/aspire/compare/v13.4.5...v13.4.6)_
_Full commit:
[87fe259e4fc244c599019a7b1304c85a1488f248](https://github.com/microsoft/aspire/commit/87fe259e4fc244c599019a7b1304c85a1488f248)_
> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27855270514) ·
131 AIC · ⌖ 13.5 AIC · ⊞ 37.4K
<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.60, model:
claude-sonnet-4.6, id: 27855270514, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27855270514 -->
## 13.4.5
## What's New in Aspire 13.4.5
Patch release for Aspire 13.4 clearing a transitive MessagePack security
advisory, tightening CLI validation for Playwright configuration, and
adding coding-agent detection to CLI telemetry.
### 🐛 Fixes
- 🛡️ **Bumped StreamJsonRpc to 2.25.29 to clear the MessagePack
GHSA-hv8m-jj95-wg3x (CVE-2026-48109) NU1903 advisory** — The transitive
MessagePack 2.5.192 dependency pulled in via StreamJsonRpc 2.22.23 fell
within the advisory's vulnerable LZ4 decompression range. Aspire does
not use `MessagePackFormatter` or LZ4 — all StreamJsonRpc calls use
`SystemTextJsonFormatter` over local Unix sockets — so the vulnerability
was not reachable in practice. The bump clears the NU1903 warning for
consumers of the `Aspire.Hosting` package.
([#18204](https://github.com/microsoft/aspire/pull/18204),
`@mitchdenny`)
- 🎭 **`playwrightCliVersion` values that are not valid SemVer 2.0 now
fail fast with a clear diagnostic** — Previously an invalid override
(range expression, dist-tag like `latest`, or a `v`-prefixed string)
would surface as a generic npm resolution failure. The value is now
validated with strict SemVer parsing at startup; an error naming the
configuration key and the offending value is emitted immediately.
([#18205](https://github.com/microsoft/aspire/pull/18205),
`@mitchdenny`)
- 🤖 **CLI telemetry now detects and reports the calling coding agent** —
When the Aspire CLI is invoked from inside a known coding agent
environment (GitHub Copilot CLI, VS Code Copilot agent, etc.) the agent
name is included in the main CLI telemetry event. GitHub Copilot CLI is
specifically identified as `copilot-cli`.
([#18240](https://github.com/microsoft/aspire/pull/18240),
`@damianedwards`)
### 🏷️ Housekeeping
- 📄 Refreshed the `@microsoft/aspire-cli` npm package README to be
TypeScript-only — updated examples to the current `ts-starter` template
(`apphost.mts` / `aspire.mjs`), added a backing-services snippet showing
`aspire add` for PostgreSQL and Redis, and documented `aspire dashboard
run` as a standalone dashboard option.
([#18221](https://github.com/microsoft/aspire/pull/18221), `@adamint`)
---
_Full Changelog:
[v13.4.4...v13.4.5](https://github.com/microsoft/aspire/compare/v13.4.4...v13.4.5)_
_Full commit:
[73114e86c64aeb9f3f3c7da8e37df1ae4281b27e](https://github.com/microsoft/aspire/commit/73114e86c64aeb9f3f3c7da8e37df1ae4281b27e)_
> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27667814104/agentic_workflow)
· ● 4.4M
<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.40, model:
claude-sonnet-4.6, id: 27667814104, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27667814104 -->
## 13.4.4
## What's New in Aspire 13.4.4
Patch release for Aspire 13.4 with improved DCP connection reliability
during request execution and consistent `ExcludeFromMcp()` filtering
across all CLI MCP tools.
### 🐛 Fixes
* 🔌 **DCP requests could fail permanently when the connection dropped
mid-request** — If the underlying DCP channel closed while a request was
in flight, the error was surfaced directly instead of being retried.
Reconnection is now attempted as part of the DCP request retry path so
transient disconnections recover automatically without surfacing errors.
([#18096](https://github.com/microsoft/aspire/pull/18096),
`@karolz-ms`)
* 🔍 **Resources marked with `ExcludeFromMcp()` were not consistently
filtered from CLI MCP tools** — Resources with the
`resource.excludeFromMcp` property were not excluded uniformly from all
CLI MCP tool results. `list_resources`, `list_console_logs`,
`execute_resource_command`, `list_structured_logs`, `list_traces`, and
`list_trace_structured_logs` all now honor the exclusion, preventing
excluded resources and their telemetry from appearing in agent context.
([#18150](https://github.com/microsoft/aspire/pull/18150), `@JamesNK`)
### 🏷️ Housekeeping
* 📦 Improved npm CLI package metadata and hardened npm publish
validation in the release pipeline.
([#18093](https://github.com/microsoft/aspire/pull/18093),
`@adamratzman`)
* * *
_Full Changelog:
[v13.4.3...v13.4.4](https://github.com/microsoft/aspire/compare/v13.4.3...v13.4.4)_
_Full commit:
[ccc566c5ab3285c9beb8f38ede34734bb477c029](https://github.com/microsoft/aspire/commit/ccc566c5ab3285c9beb8f38ede34734bb477c029)_
## 13.4.3
## What's New in Aspire 13.4.3
Patch release for Aspire 13.4 with a fix for persistent container
endpoint allocation regressions introduced in 13.4.
### 🐛 Fixes
- 🔌 **Persistent container endpoints had incorrect default behavior** —
Persistent containers were defaulting to proxyless endpoint behavior
instead of the proxied behavior used by normal containers. This caused
integrations that depend on endpoint allocation before resource startup
(such as the KeyVault emulator) to fail. Persistent containers now
default to proxied endpoints matching normal container behavior; opt out
with `isProxied: false` or `WithEndpointProxySupport(false)`. Proxyless
container endpoints with only a `targetPort` specified now also resolve
immediately to that port instead of waiting for delayed allocation.
(#17960, `@danegsta`)
### 🏷️ Housekeeping
- 🛠️ Unblocked WinGet manifest publishing on locked-down 1ES agents and
updated manifest tags (#17958)
---
*Full Changelog:
https://github.com/microsoft/aspire/compare/v13.4.2...v13.4.3*
*Full commit:
[4f218933552e18ff2874d1b6d5dc3fe671e3b6d9](https://github.com/microsoft/aspire/commit/4f218933552e18ff2874d1b6d5dc3fe671e3b6d9)*
> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27173824611/agentic_workflow)
· ● 4.7M
<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.40, model:
claude-sonnet-4.6, id: 27173824611, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27173824611 -->
Commits viewable in [compare
view](https://github.com/microsoft/aspire/compare/v13.4.2...v13.4.6).
</details>
Updated [Aspire.MongoDB.Driver](https://github.com/microsoft/aspire)
from 13.4.2 to 13.4.6.
<details>
<summary>Release notes</summary>
_Sourced from [Aspire.MongoDB.Driver's
releases](https://github.com/microsoft/aspire/releases)._
## 13.4.6
## What's New in Aspire 13.4.6
Patch release for Aspire 13.4 fixing polyglot AppHost code generation
binding when CLI and SDK versions diverge, resource service port
collision in `--isolated` mode, and a MongoDB.Driver dependency update.
### 🐛 Fixes
- 🔗 **Polyglot AppHost code generation silently failed when CLI and SDK
versions diverged** — `Aspire.TypeSystem` used a floating strong-name
`AssemblyVersion` that changed with every build. When the installed
Aspire CLI was built at a different version than the AppHost's SDK, the
CLR couldn't satisfy the strong-name bind and every code generator
(TypeScript, Python, Java, Go, Rust) was silently dropped, surfacing as
`No code generator found for language: <lang>`. The `AssemblyVersion` is
now frozen at a stable constant so any compatible CLI/SDK pair on 13.4
binds successfully. Relates to #18110 and #17910.
([#18160](https://github.com/microsoft/aspire/pull/18160),
`@sebastienros`)
- 🔌 **Multiple AppHosts started with `--isolated` collided on the
resource service port** — Both instances tried to bind to the same fixed
port from `ASPIRE_RESOURCE_SERVICE_ENDPOINT_URL`, causing an "address
already in use" error on the second instance. `DashboardServiceHost` now
binds to port 0 on loopback when `RandomizePorts` is true (set by
`--isolated`), letting the OS assign a unique port per instance.
([#18341](https://github.com/microsoft/aspire/pull/18341), `@JamesNK`)
- 🍃 **MongoDB.Driver updated to 3.9.0** — Removes a wrongly pinned
`SharpCompress` transitive dependency and uses the corrected `Snappier`
transitive. Fixes #17981.
([#18279](https://github.com/microsoft/aspire/pull/18279),
`@Falco20019`)
### 🏷️ Housekeeping
- 🚀 Bumped branding to 13.4.6
([#18343](https://github.com/microsoft/aspire/pull/18343))
---
_Full Changelog:
[v13.4.5...v13.4.6](https://github.com/microsoft/aspire/compare/v13.4.5...v13.4.6)_
_Full commit:
[87fe259e4fc244c599019a7b1304c85a1488f248](https://github.com/microsoft/aspire/commit/87fe259e4fc244c599019a7b1304c85a1488f248)_
> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27855270514) ·
131 AIC · ⌖ 13.5 AIC · ⊞ 37.4K
<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.60, model:
claude-sonnet-4.6, id: 27855270514, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27855270514 -->
## 13.4.5
## What's New in Aspire 13.4.5
Patch release for Aspire 13.4 clearing a transitive MessagePack security
advisory, tightening CLI validation for Playwright configuration, and
adding coding-agent detection to CLI telemetry.
### 🐛 Fixes
- 🛡️ **Bumped StreamJsonRpc to 2.25.29 to clear the MessagePack
GHSA-hv8m-jj95-wg3x (CVE-2026-48109) NU1903 advisory** — The transitive
MessagePack 2.5.192 dependency pulled in via StreamJsonRpc 2.22.23 fell
within the advisory's vulnerable LZ4 decompression range. Aspire does
not use `MessagePackFormatter` or LZ4 — all StreamJsonRpc calls use
`SystemTextJsonFormatter` over local Unix sockets — so the vulnerability
was not reachable in practice. The bump clears the NU1903 warning for
consumers of the `Aspire.Hosting` package.
([#18204](https://github.com/microsoft/aspire/pull/18204),
`@mitchdenny`)
- 🎭 **`playwrightCliVersion` values that are not valid SemVer 2.0 now
fail fast with a clear diagnostic** — Previously an invalid override
(range expression, dist-tag like `latest`, or a `v`-prefixed string)
would surface as a generic npm resolution failure. The value is now
validated with strict SemVer parsing at startup; an error naming the
configuration key and the offending value is emitted immediately.
([#18205](https://github.com/microsoft/aspire/pull/18205),
`@mitchdenny`)
- 🤖 **CLI telemetry now detects and reports the calling coding agent** —
When the Aspire CLI is invoked from inside a known coding agent
environment (GitHub Copilot CLI, VS Code Copilot agent, etc.) the agent
name is included in the main CLI telemetry event. GitHub Copilot CLI is
specifically identified as `copilot-cli`.
([#18240](https://github.com/microsoft/aspire/pull/18240),
`@damianedwards`)
### 🏷️ Housekeeping
- 📄 Refreshed the `@microsoft/aspire-cli` npm package README to be
TypeScript-only — updated examples to the current `ts-starter` template
(`apphost.mts` / `aspire.mjs`), added a backing-services snippet showing
`aspire add` for PostgreSQL and Redis, and documented `aspire dashboard
run` as a standalone dashboard option.
([#18221](https://github.com/microsoft/aspire/pull/18221), `@adamint`)
---
_Full Changelog:
[v13.4.4...v13.4.5](https://github.com/microsoft/aspire/compare/v13.4.4...v13.4.5)_
_Full commit:
[73114e86c64aeb9f3f3c7da8e37df1ae4281b27e](https://github.com/microsoft/aspire/commit/73114e86c64aeb9f3f3c7da8e37df1ae4281b27e)_
> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27667814104/agentic_workflow)
· ● 4.4M
<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.40, model:
claude-sonnet-4.6, id: 27667814104, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27667814104 -->
## 13.4.4
## What's New in Aspire 13.4.4
Patch release for Aspire 13.4 with improved DCP connection reliability
during request execution and consistent `ExcludeFromMcp()` filtering
across all CLI MCP tools.
### 🐛 Fixes
* 🔌 **DCP requests could fail permanently when the connection dropped
mid-request** — If the underlying DCP channel closed while a request was
in flight, the error was surfaced directly instead of being retried.
Reconnection is now attempted as part of the DCP request retry path so
transient disconnections recover automatically without surfacing errors.
([#18096](https://github.com/microsoft/aspire/pull/18096),
`@karolz-ms`)
* 🔍 **Resources marked with `ExcludeFromMcp()` were not consistently
filtered from CLI MCP tools** — Resources with the
`resource.excludeFromMcp` property were not excluded uniformly from all
CLI MCP tool results. `list_resources`, `list_console_logs`,
`execute_resource_command`, `list_structured_logs`, `list_traces`, and
`list_trace_structured_logs` all now honor the exclusion, preventing
excluded resources and their telemetry from appearing in agent context.
([#18150](https://github.com/microsoft/aspire/pull/18150), `@JamesNK`)
### 🏷️ Housekeeping
* 📦 Improved npm CLI package metadata and hardened npm publish
validation in the release pipeline.
([#18093](https://github.com/microsoft/aspire/pull/18093),
`@adamratzman`)
* * *
_Full Changelog:
[v13.4.3...v13.4.4](https://github.com/microsoft/aspire/compare/v13.4.3...v13.4.4)_
_Full commit:
[ccc566c5ab3285c9beb8f38ede34734bb477c029](https://github.com/microsoft/aspire/commit/ccc566c5ab3285c9beb8f38ede34734bb477c029)_
## 13.4.3
## What's New in Aspire 13.4.3
Patch release for Aspire 13.4 with a fix for persistent container
endpoint allocation regressions introduced in 13.4.
### 🐛 Fixes
- 🔌 **Persistent container endpoints had incorrect default behavior** —
Persistent containers were defaulting to proxyless endpoint behavior
instead of the proxied behavior used by normal containers. This caused
integrations that depend on endpoint allocation before resource startup
(such as the KeyVault emulator) to fail. Persistent containers now
default to proxied endpoints matching normal container behavior; opt out
with `isProxied: false` or `WithEndpointProxySupport(false)`. Proxyless
container endpoints with only a `targetPort` specified now also resolve
immediately to that port instead of waiting for delayed allocation.
(#17960, `@danegsta`)
### 🏷️ Housekeeping
- 🛠️ Unblocked WinGet manifest publishing on locked-down 1ES agents and
updated manifest tags (#17958)
---
*Full Changelog:
https://github.com/microsoft/aspire/compare/v13.4.2...v13.4.3*
*Full commit:
[4f218933552e18ff2874d1b6d5dc3fe671e3b6d9](https://github.com/microsoft/aspire/commit/4f218933552e18ff2874d1b6d5dc3fe671e3b6d9)*
> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27173824611/agentic_workflow)
· ● 4.7M
<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.40, model:
claude-sonnet-4.6, id: 27173824611, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27173824611 -->
Commits viewable in [compare
view](https://github.com/microsoft/aspire/compare/v13.4.2...v13.4.6).
</details>
Updated
[Aspire.StackExchange.Redis](https://github.com/microsoft/aspire) from
13.4.2 to 13.4.6.
<details>
<summary>Release notes</summary>
_Sourced from [Aspire.StackExchange.Redis's
releases](https://github.com/microsoft/aspire/releases)._
## 13.4.6
## What's New in Aspire 13.4.6
Patch release for Aspire 13.4 fixing polyglot AppHost code generation
binding when CLI and SDK versions diverge, resource service port
collision in `--isolated` mode, and a MongoDB.Driver dependency update.
### 🐛 Fixes
- 🔗 **Polyglot AppHost code generation silently failed when CLI and SDK
versions diverged** — `Aspire.TypeSystem` used a floating strong-name
`AssemblyVersion` that changed with every build. When the installed
Aspire CLI was built at a different version than the AppHost's SDK, the
CLR couldn't satisfy the strong-name bind and every code generator
(TypeScript, Python, Java, Go, Rust) was silently dropped, surfacing as
`No code generator found for language: <lang>`. The `AssemblyVersion` is
now frozen at a stable constant so any compatible CLI/SDK pair on 13.4
binds successfully. Relates to #18110 and #17910.
([#18160](https://github.com/microsoft/aspire/pull/18160),
`@sebastienros`)
- 🔌 **Multiple AppHosts started with `--isolated` collided on the
resource service port** — Both instances tried to bind to the same fixed
port from `ASPIRE_RESOURCE_SERVICE_ENDPOINT_URL`, causing an "address
already in use" error on the second instance. `DashboardServiceHost` now
binds to port 0 on loopback when `RandomizePorts` is true (set by
`--isolated`), letting the OS assign a unique port per instance.
([#18341](https://github.com/microsoft/aspire/pull/18341), `@JamesNK`)
- 🍃 **MongoDB.Driver updated to 3.9.0** — Removes a wrongly pinned
`SharpCompress` transitive dependency and uses the corrected `Snappier`
transitive. Fixes #17981.
([#18279](https://github.com/microsoft/aspire/pull/18279),
`@Falco20019`)
### 🏷️ Housekeeping
- 🚀 Bumped branding to 13.4.6
([#18343](https://github.com/microsoft/aspire/pull/18343))
---
_Full Changelog:
[v13.4.5...v13.4.6](https://github.com/microsoft/aspire/compare/v13.4.5...v13.4.6)_
_Full commit:
[87fe259e4fc244c599019a7b1304c85a1488f248](https://github.com/microsoft/aspire/commit/87fe259e4fc244c599019a7b1304c85a1488f248)_
> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27855270514) ·
131 AIC · ⌖ 13.5 AIC · ⊞ 37.4K
<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.60, model:
claude-sonnet-4.6, id: 27855270514, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27855270514 -->
## 13.4.5
## What's New in Aspire 13.4.5
Patch release for Aspire 13.4 clearing a transitive MessagePack security
advisory, tightening CLI validation for Playwright configuration, and
adding coding-agent detection to CLI telemetry.
### 🐛 Fixes
- 🛡️ **Bumped StreamJsonRpc to 2.25.29 to clear the MessagePack
GHSA-hv8m-jj95-wg3x (CVE-2026-48109) NU1903 advisory** — The transitive
MessagePack 2.5.192 dependency pulled in via StreamJsonRpc 2.22.23 fell
within the advisory's vulnerable LZ4 decompression range. Aspire does
not use `MessagePackFormatter` or LZ4 — all StreamJsonRpc calls use
`SystemTextJsonFormatter` over local Unix sockets — so the vulnerability
was not reachable in practice. The bump clears the NU1903 warning for
consumers of the `Aspire.Hosting` package.
([#18204](https://github.com/microsoft/aspire/pull/18204),
`@mitchdenny`)
- 🎭 **`playwrightCliVersion` values that are not valid SemVer 2.0 now
fail fast with a clear diagnostic** — Previously an invalid override
(range expression, dist-tag like `latest`, or a `v`-prefixed string)
would surface as a generic npm resolution failure. The value is now
validated with strict SemVer parsing at startup; an error naming the
configuration key and the offending value is emitted immediately.
([#18205](https://github.com/microsoft/aspire/pull/18205),
`@mitchdenny`)
- 🤖 **CLI telemetry now detects and reports the calling coding agent** —
When the Aspire CLI is invoked from inside a known coding agent
environment (GitHub Copilot CLI, VS Code Copilot agent, etc.) the agent
name is included in the main CLI telemetry event. GitHub Copilot CLI is
specifically identified as `copilot-cli`.
([#18240](https://github.com/microsoft/aspire/pull/18240),
`@damianedwards`)
### 🏷️ Housekeeping
- 📄 Refreshed the `@microsoft/aspire-cli` npm package README to be
TypeScript-only — updated examples to the current `ts-starter` template
(`apphost.mts` / `aspire.mjs`), added a backing-services snippet showing
`aspire add` for PostgreSQL and Redis, and documented `aspire dashboard
run` as a standalone dashboard option.
([#18221](https://github.com/microsoft/aspire/pull/18221), `@adamint`)
---
_Full Changelog:
[v13.4.4...v13.4.5](https://github.com/microsoft/aspire/compare/v13.4.4...v13.4.5)_
_Full commit:
[73114e86c64aeb9f3f3c7da8e37df1ae4281b27e](https://github.com/microsoft/aspire/commit/73114e86c64aeb9f3f3c7da8e37df1ae4281b27e)_
> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27667814104/agentic_workflow)
· ● 4.4M
<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.40, model:
claude-sonnet-4.6, id: 27667814104, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27667814104 -->
## 13.4.4
## What's New in Aspire 13.4.4
Patch release for Aspire 13.4 with improved DCP connection reliability
during request execution and consistent `ExcludeFromMcp()` filtering
across all CLI MCP tools.
### 🐛 Fixes
* 🔌 **DCP requests could fail permanently when the connection dropped
mid-request** — If the underlying DCP channel closed while a request was
in flight, the error was surfaced directly instead of being retried.
Reconnection is now attempted as part of the DCP request retry path so
transient disconnections recover automatically without surfacing errors.
([#18096](https://github.com/microsoft/aspire/pull/18096),
`@karolz-ms`)
* 🔍 **Resources marked with `ExcludeFromMcp()` were not consistently
filtered from CLI MCP tools** — Resources with the
`resource.excludeFromMcp` property were not excluded uniformly from all
CLI MCP tool results. `list_resources`, `list_console_logs`,
`execute_resource_command`, `list_structured_logs`, `list_traces`, and
`list_trace_structured_logs` all now honor the exclusion, preventing
excluded resources and their telemetry from appearing in agent context.
([#18150](https://github.com/microsoft/aspire/pull/18150), `@JamesNK`)
### 🏷️ Housekeeping
* 📦 Improved npm CLI package metadata and hardened npm publish
validation in the release pipeline.
([#18093](https://github.com/microsoft/aspire/pull/18093),
`@adamratzman`)
* * *
_Full Changelog:
[v13.4.3...v13.4.4](https://github.com/microsoft/aspire/compare/v13.4.3...v13.4.4)_
_Full commit:
[ccc566c5ab3285c9beb8f38ede34734bb477c029](https://github.com/microsoft/aspire/commit/ccc566c5ab3285c9beb8f38ede34734bb477c029)_
## 13.4.3
## What's New in Aspire 13.4.3
Patch release for Aspire 13.4 with a fix for persistent container
endpoint allocation regressions introduced in 13.4.
### 🐛 Fixes
- 🔌 **Persistent container endpoints had incorrect default behavior** —
Persistent containers were defaulting to proxyless endpoint behavior
instead of the proxied behavior used by normal containers. This caused
integrations that depend on endpoint allocation before resource startup
(such as the KeyVault emulator) to fail. Persistent containers now
default to proxied endpoints matching normal container behavior; opt out
with `isProxied: false` or `WithEndpointProxySupport(false)`. Proxyless
container endpoints with only a `targetPort` specified now also resolve
immediately to that port instead of waiting for delayed allocation.
(#17960, `@danegsta`)
### 🏷️ Housekeeping
- 🛠️ Unblocked WinGet manifest publishing on locked-down 1ES agents and
updated manifest tags (#17958)
---
*Full Changelog:
https://github.com/microsoft/aspire/compare/v13.4.2...v13.4.3*
*Full commit:
[4f218933552e18ff2874d1b6d5dc3fe671e3b6d9](https://github.com/microsoft/aspire/commit/4f218933552e18ff2874d1b6d5dc3fe671e3b6d9)*
> Generated by [Generate release notes for a new stable Aspire
release](https://github.com/microsoft/aspire/actions/runs/27173824611/agentic_workflow)
· ● 4.7M
<!-- gh-aw-agentic-workflow: Generate release notes for a new stable
Aspire release, engine: copilot, version: 1.0.40, model:
claude-sonnet-4.6, id: 27173824611, workflow_id: release-notes-generate,
run: https://github.com/microsoft/aspire/actions/runs/27173824611 -->
Commits viewable in [compare
view](https://github.com/microsoft/aspire/compare/v13.4.2...v13.4.6).
</details>
Updated
[Auth0.AspNetCore.Authentication](https://github.com/auth0/auth0-aspnetcore-authentication)
from 1.7.0 to 1.8.0.
<details>
<summary>Release notes</summary>
_Sourced from [Auth0.AspNetCore.Authentication's
releases](https://github.com/auth0/auth0-aspnetcore-authentication/releases)._
## 1.8.0
**Added**
- **Multi-Resource Refresh Token (MRRT) support**
[\#249](https://github.com/auth0/auth0-aspnetcore-authentication/pull/249),
[\#251](https://github.com/auth0/auth0-aspnetcore-authentication/pull/251)
([kailash-b](https://github.com/kailash-b)) - applications can now
obtain access tokens for additional audiences and scopes on demand by
exchanging the session's refresh token, without forcing the user through
another interactive login.
- New `HttpContext.GetAccessTokenAsync(AccessTokenRequest)` extension
returns an access token for a requested audience and/or scope, served
from the session cache when possible and otherwise via a refresh-token
exchange.
- Configure default scopes per audience with
`Auth0WebAppWithAccessTokenOptions.ScopeByAudience`.
- The new `OnAccessTokenRefreshFailed` event surfaces refresh failures,
letting callers distinguish terminal failures (warranting re-login) from
transient ones.
- **MFA challenge handling** - when a refresh requires MFA, a new
`MfaRequiredException` surfaces the challenge, and
`IAuthenticationApiClient` (registered via
`WithAuthenticationApiClient()`) lets the application complete OTP, OOB,
or recovery-code grants and manage authenticators.
- **Configurable access-token expiration leeway**
[\#247](https://github.com/auth0/auth0-aspnetcore-authentication/pull/247)
([kailash-b](https://github.com/kailash-b)) - new
`Auth0WebAppWithAccessTokenOptions.AccessTokenExpirationLeeway`
(`TimeSpan`, default 60s) controls how far ahead of expiry the SDK
proactively refreshes the access token. Previously hard-coded to 60
seconds; the default preserves prior behavior. Applies to both primary
and additional (MRRT) cached tokens, and only takes effect when
`UseRefreshTokens` is enabled.
- **Configurable server-side session store**
[\#246](https://github.com/auth0/auth0-aspnetcore-authentication/pull/246)
([kailash-b](https://github.com/kailash-b)) - new `WithSessionStore`
method on `Auth0WebAppAuthenticationBuilder` stores the authentication
session server-side (via `ITicketStore`) instead of in the cookie. It
attaches the store to the SDK's own resolved cookie scheme, so it works
even with a custom `CookieAuthenticationScheme`. Two overloads are
provided: `WithSessionStore<TStore>()` (resolved from DI) and
`WithSessionStore(ITicketStore instance)`. Opt-in and additive; the
default stateless cookie session is unchanged.
**Fixed**
- **Remove duplicate trailing slash from `client_assertion` audience**
[\#236](https://github.com/auth0/auth0-aspnetcore-authentication/pull/236)
([samjetski](https://github.com/samjetski)) - fixes a regression
introduced in 1.7.0 (#206) where the Private Key JWT client assertion
`aud` claim was built as `https://{tenant}//` (double slash), causing
Auth0's `/oauth/token` endpoint to reject the assertion with `401
invalid_client` and leaving affected apps (any using
`ClientAssertionSecurityKey`) in a callback loop.
- **Wire `OnValidatePrincipal` to the configured cookie scheme**
[\#248](https://github.com/auth0/auth0-aspnetcore-authentication/pull/248)
([kailash-b](https://github.com/kailash-b)) - fixes a scheme mismatch
where the access-token refresh hook was registered against the default
`"Cookies"` scheme rather than the configured
`CookieAuthenticationScheme`.
**Security**
- **Bump dependencies**
[\#250](https://github.com/auth0/auth0-aspnetcore-authentication/pull/250)
([kailash-b](https://github.com/kailash-b)) - consolidates several
Dependabot bumps (supersedes #240, #242, #243, #244):
`Microsoft.IdentityModel.Protocols.OpenIdConnect` 8.18.0 → 8.19.1,
`Microsoft.AspNetCore.Mvc.Testing` 10.0.8 → 10.0.9,
`Microsoft.AspNetCore.Mvc.ViewFeatures` 2.3.10 → 2.3.11,
`System.Text.Encodings.Web` 10.0.8 → 10.0.9.
- **Pin GitHub Actions to commit SHAs**
[\#241](https://github.com/auth0/auth0-aspnetcore-authentication/pull/241)
([jcchavezs](https://github.com/jcchavezs)) - pins all third-party
actions in the workflow files to commit SHAs for improved supply-chain
security and reproducibility.
## 1.7.1
**Security**
- chore: Upgrade dependencies
[\#237](https://github.com/auth0/auth0-aspnetcore-authentication/pull/237)
([kailash-b](https://github.com/kailash-b))
- chore(deps): Bump System.Text.Encodings.Web from 10.0.6 to 10.0.7
[\#228](https://github.com/auth0/auth0-aspnetcore-authentication/pull/228)
([dependabot[bot]](https://github.com/apps/dependabot))
- chore(deps): Bump Microsoft.AspNetCore.Mvc.Testing from 10.0.6 to
10.0.7
[\#227](https://github.com/auth0/auth0-aspnetcore-authentication/pull/227)
([dependabot[bot]](https://github.com/apps/dependabot))
- chore(deps): Bump Microsoft.NET.Test.Sdk from 18.4.0 to 18.5.1
[\#229](https://github.com/auth0/auth0-aspnetcore-authentication/pull/229)
([dependabot[bot]](https://github.com/apps/dependabot))
- chore(deps): Bump Microsoft.IdentityModel.Protocols.OpenIdConnect from
8.17.0 to 8.18.0
[\#230](https://github.com/auth0/auth0-aspnetcore-authentication/pull/230)
([dependabot[bot]](https://github.com/apps/dependabot))
- chore(deps): Bump System.Text.Encodings.Web from 10.0.5 to 10.0.6
[\#225](https://github.com/auth0/auth0-aspnetcore-authentication/pull/225)
([dependabot[bot]](https://github.com/apps/dependabot))
- chore(deps): Bump Microsoft.AspNetCore.Mvc.Testing from 10.0.5 to
10.0.6
[\#224](https://github.com/auth0/auth0-aspnetcore-authentication/pull/224)
([dependabot[bot]](https://github.com/apps/dependabot))
- chore(deps): Bump Microsoft.NET.Test.Sdk from 18.3.0 to 18.4.0
[\#222](https://github.com/auth0/auth0-aspnetcore-authentication/pull/222)
([dependabot[bot]](https://github.com/apps/dependabot))
- chore(deps): Bump Microsoft.IdentityModel.Protocols.OpenIdConnect from
8.16.0 to 8.17.0
[\#221](https://github.com/auth0/auth0-aspnetcore-authentication/pull/221)
([dependabot[bot]](https://github.com/apps/dependabot))
Commits viewable in [compare
view](https://github.com/auth0/auth0-aspnetcore-authentication/compare/1.7.0...1.8.0).
</details>
Updated [Auth0.ManagementApi](https://github.com/auth0/auth0.net) from
8.4.0 to 8.6.0.
<details>
<summary>Release notes</summary>
_Sourced from [Auth0.ManagementApi's
releases](https://github.com/auth0/auth0.net/releases)._
## 8.6.0
**Breaking Changes**
- User date fields: `CreatedAt`, `UpdatedAt`, `MultifactorLastModified`,
`LastLogin`, and `LastPasswordReset` on the user response types
(`GetUserResponseContent`, `CreateUserResponseContent`,
`UpdateUserResponseContent`, `UserResponseSchema`) are now plain
`DateTime?` instead of the `UserDateSchema` union. The `UserDateSchema`
type and its `UserDateSchemaExtensions` (`ToDateTime`) helpers have been
removed — callers can drop `.ToDateTime()` and use the value directly
[\#1037](https://github.com/auth0/auth0.net/pull/1037)
([fern-api[bot]](https://github.com/apps/fern-api))
- User identity IDs: The `UserId` property on `UserIdentitySchema` and
`DeleteUserIdentityResponseContentItem` is now the `UserId` union type
instead of `string`, allowing string or numeric user identifiers
[\#1037](https://github.com/auth0/auth0.net/pull/1037)
([fern-api[bot]](https://github.com/apps/fern-api))
- Native Social Login: `NativeSocialLogin` on
`UpdateClientRequestContent` is now `Optional<NativeSocialLoginPatch?>`
(with new `NativeSocialLoginPatch`, `NativeSocialLoginApplePatch`,
`NativeSocialLoginFacebookPatch`, and `NativeSocialLoginGooglePatch`
types) to support partial PATCH semantics
[\#1037](https://github.com/auth0/auth0.net/pull/1037)
([fern-api[bot]](https://github.com/apps/fern-api))
- FedCM Login: `FedcmLogin` on `UpdateClientRequestContent` is now
`Optional<FedCmLoginPatch?>` (with new `FedCmLoginPatch` and
`FedCmLoginGooglePatch` types) to support partial PATCH semantics
[\#1037](https://github.com/auth0/auth0.net/pull/1037)
([fern-api[bot]](https://github.com/apps/fern-api))
**Added**
- Phone Provider Protection: Added
`AttackProtection.PhoneProviderProtection` sub-client with `GetAsync()`
and `PatchAsync()` to read and update the tenant's phone provider
protection configuration, plus
`PatchPhoneProviderProtectionRequestContent`,
`GetPhoneProviderProtectionResponseContent`,
`PatchPhoneProviderProtectionResponseContent`, and the
`PhoneProviderProtectionBackoffStrategyEnum` (`exponential`/`none`) type
[\#1037](https://github.com/auth0/auth0.net/pull/1037)
([fern-api[bot]](https://github.com/apps/fern-api))
- Cross-App Access: Added `CrossAppAccessRequestingApp` type (with
`Active`) and a `CrossAppAccessRequestingApp` property to the OIDC and
Okta connection request/response types
(`CreateConnectionRequestContentOidc`,
`CreateConnectionRequestContentOkta`,
`UpdateConnectionRequestContentOidc`,
`UpdateConnectionRequestContentOkta`, `ConnectionResponseContentOidc`,
`ConnectionResponseContentOkta`, `ConnectionForList`, and the connection
response types) [\#1037](https://github.com/auth0/auth0.net/pull/1037)
([fern-api[bot]](https://github.com/apps/fern-api))
- Token Vault Privileged Access: Added `TokenVaultPrivilegedAccess`
property to client types —
`ClientTokenVaultPrivilegedAccessWithPublicKey` (with `Credentials` and
`IpAllowlist`) on `CreateClientRequestContent`, and
`ClientTokenVaultPrivilegedAccessWithCredentialId` on
`UpdateClientRequestContent`, `Client`, and the client response types
[\#1037](https://github.com/auth0/auth0.net/pull/1037)
([fern-api[bot]](https://github.com/apps/fern-api))
- Email Templates: Added `auth_email_by_code` (`AuthEmailByCode`) value
to `EmailTemplateNameEnum`
[\#1037](https://github.com/auth0/auth0.net/pull/1037)
([fern-api[bot]](https://github.com/apps/fern-api))
## 8.5.0
**Added**
- Tenant Security Headers: Added `SecurityHeaders`
(`TenantSettingsNullableSecurityHeaders`) property to
`UpdateTenantSettingsRequestContent`,
`GetTenantSettingsResponseContent`, and
`UpdateTenantSettingsResponseContent` for configuring Content Security
Policy and XSS protection at the tenant level
[\#1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
- Content Security Policy: Added `ContentSecurityPolicyConfig`,
`CspPolicy`, `CspPolicyMode` (`enforcing`/`reporting`), `CspFlag`
(`upgrade-insecure-requests`/`block-all-mixed-content`),
`CspPolicyReporting`, `CspReportingInfrastructure`, `CspReportTo`, and
`CspReportToEndpoint` types to model CSP directives, flags, and
reporting endpoints
[\#1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
- XSS Protection: Added `XssProtectionConfig` and `XssProtectionMode`
(`block`) types to configure the `X-XSS-Protection` response header
[\#1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
- Tenant Settings: Added minute-granularity session lifetime fields
`SessionLifetimeInMinutes`, `IdleSessionLifetimeInMinutes`,
`EphemeralSessionLifetimeInMinutes`, and
`IdleEphemeralSessionLifetimeInMinutes` on
`UpdateTenantSettingsRequestContent` (each mutually exclusive with its
hours-based counterpart)
[\#1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
- Tenant Settings: Added `IncludeSessionMetadataInTenantLogs` (`bool?`)
on tenant settings request/response types to include session metadata in
`slo` and OIDC back-channel logout tenant logs
[\#1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
- Connections: Added `IdTokenSessionExpirySupported` (`bool?`) property
to `ConnectionOptionsCommonOidc`, `ConnectionOptionsOidc`,
`ConnectionOptionsOkta`, `ConnectionPropertiesOptions`, and
`UpdateConnectionOptions`
[\#1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
- Client My Organization: Added `InvitationLandingClientId` property to
`ClientMyOrganizationPostConfiguration`,
`ClientMyOrganizationPatchConfiguration`, and
`ClientMyOrganizationResponseConfiguration`
[\#1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
- Enums: Added `Experiment` value to `AculContextEnum`, and
`Confirmation` value to `PromptGroupNameEnum` and `ScreenGroupNameEnum`
[\#1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
**Removed**
- Branding Identifiers: Removed the `Identifiers` property (and the
`BrandingIdentifiers` / `UpdateBrandingIdentifiers` types) from
`UpdateBrandingRequestContent`, `GetBrandingResponseContent`, and
`UpdateBrandingResponseContent`. **Breaking change**
[\#1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
- Branding Phone Enums: Removed the `BrandingPhoneMaskingEnum`,
`UpdateBrandingPhoneMaskingEnum`, and
`UpdateBrandingPhoneFormattingEnum` types. **Breaking change**
[\#1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
**Changed**
- Phone Templates: The `Id` property on `PhoneTemplate`,
`GetPhoneTemplateResponseContent`, `CreatePhoneTemplateResponseContent`,
`UpdatePhoneTemplateResponseContent`, and
`ResetPhoneTemplateResponseContent` is now optional/nullable (`string?`)
instead of `required`. **Breaking change**
[\#1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
- Refresh Tokens: Clarified `RevokeRefreshTokensRequestContent.ClientId`
semantics — it must be paired with `UserId` and can be narrowed further
with `Audience`, rather than revoking all of a client's tokens
[\#1030](https://github.com/auth0/auth0.net/pull/1030)
([fern-api[bot]](https://github.com/apps/fern-api))
Commits viewable in [compare
view](https://github.com/auth0/auth0.net/compare/mgmt-8.4.0...mgmt-8.6.0).
</details>
Updated [gitversion.tool](https://github.com/GitTools/GitVersion) from
6.7.0 to 6.8.1.
<details>
<summary>Release notes</summary>
_Sourced from [gitversion.tool's
releases](https://github.com/GitTools/GitVersion/releases)._
## 6.8.1
As part of this release we had [18
commits](https://github.com/GitTools/GitVersion/compare/6.8.0...6.8.1)
which resulted in [9
issues](https://github.com/GitTools/GitVersion/milestone/87?closed=1)
being closed.
__Bug__
- [__!5005__](https://github.com/GitTools/GitVersion/pull/5005) ci: fix
homebrew publish — drop --fork-org (gittools-bot is a user) by
[arturcic](https://github.com/arturcic)
__Dependencies__
- [__!5006__](https://github.com/GitTools/GitVersion/pull/5006)
build(deps): bump devcontainers/dotnet from `da953a3` to `be5bd89` in
/.devcontainer by [dependabot[bot]](https://github.com/apps/dependabot)
- [__!5015__](https://github.com/GitTools/GitVersion/pull/5015)
chore(deps): consolidate Dependabot config and enable devcontainer
feature updates by [arturcic](https://github.com/arturcic)
- [__!5016__](https://github.com/GitTools/GitVersion/pull/5016) (build
deps): bump the codeql group across 1 directory with 3 updates by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!5020__](https://github.com/GitTools/GitVersion/pull/5020) (deps):
Bump the microsoft group with 3 updates by
[dependabot[bot]](https://github.com/apps/dependabot)
__Improvements__
- [__!5004__](https://github.com/GitTools/GitVersion/pull/5004) ci:
replace homebrew bump action with brew bump-formula-pr by
[arturcic](https://github.com/arturcic)
- [__#5007__](https://github.com/GitTools/GitVersion/issues/5007)
[ISSUE]: GitLab CI: Merge Request pipelines use source branch instead of
CI_MERGE_REQUEST_REF_PATH by
[JDanRibeiro](https://github.com/JDanRibeiro) resolved in
[__!5008__](https://github.com/GitTools/GitVersion/pull/5008) by
[JDanRibeiro](https://github.com/JDanRibeiro)
- [__#5009__](https://github.com/GitTools/GitVersion/issues/5009)
[ISSUE]: Using environment variable with label can produce Semver
incompatible labels by
[robertcoltheart](https://github.com/robertcoltheart) resolved in
[__!5010__](https://github.com/GitTools/GitVersion/pull/5010) by
[robertcoltheart](https://github.com/robertcoltheart)
__Contributors__
4 contributors made this release possible.
<a href="/arturcic"><img
src="https://avatars.githubusercontent.com/u/1760506?v=4" alt="arturcic"
height="32" width="32"/></a> <a
href="/apps/dependabot"><img
src="https://avatars.githubusercontent.com/in/29110?v=4"
alt="dependabot[bot]" height="32" width="32"/></a> <a
href="/JDanRibeiro"><img
src="https://avatars.githubusercontent.com/u/86156563?v=4"
alt="JDanRibeiro" height="32" width="32"/></a> <a
href="/robertcoltheart"><img
src="https://avatars.githubusercontent.com/u/13191652?v=4"
alt="robertcoltheart" height="32" width="32"/></a>
## 6.8.0
As part of this release we had [248
commits](https://github.com/GitTools/GitVersion/compare/6.7.0...6.8.0)
which resulted in [86
issues](https://github.com/GitTools/GitVersion/milestone/86?closed=1)
being closed.
__Bug__
- [__#4976__](https://github.com/GitTools/GitVersion/issues/4976)
[ISSUE]: {BranchName} format strings for label not working by
[moppa](https://github.com/moppa) resolved in
[__!4977__](https://github.com/GitTools/GitVersion/pull/4977) by
[robertcoltheart](https://github.com/robertcoltheart)
__Dependencies__
- [__!4893__](https://github.com/GitTools/GitVersion/pull/4893) (build
deps): Bump mislav/bump-homebrew-formula-action from 3 to 4 in
/.github/workflows by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4894__](https://github.com/GitTools/GitVersion/pull/4894) (deps):
Bump coverlet.MTP from 8.0.0 to 8.0.1 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4896__](https://github.com/GitTools/GitVersion/pull/4896) (deps):
Bump Scriban from 7.0.0 to 7.0.3 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4897__](https://github.com/GitTools/GitVersion/pull/4897) (docs
deps): Bump picomatch from 2.3.1 to 2.3.2 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4900__](https://github.com/GitTools/GitVersion/pull/4900) (deps):
Bump Scriban from 7.0.3 to 7.0.5 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4902__](https://github.com/GitTools/GitVersion/pull/4902) (build
deps): Bump codecov/codecov-action from 5 to 6 in /.github/workflows by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4903__](https://github.com/GitTools/GitVersion/pull/4903) (deps):
Bump Scriban from 7.0.5 to 7.0.6 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4908__](https://github.com/GitTools/GitVersion/pull/4908) (deps):
Bump JsonSchema.Net.Generation from 7.1.3 to 7.2.0 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4909__](https://github.com/GitTools/GitVersion/pull/4909) (deps):
Bump the microsoft group with 1 update by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4911__](https://github.com/GitTools/GitVersion/pull/4911) (build
deps): Bump gittools/cicd from 1 to 2 in /.github/workflows by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4913__](https://github.com/GitTools/GitVersion/pull/4913) (deps):
Bump Scriban from 7.0.6 to 7.1.0 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4914__](https://github.com/GitTools/GitVersion/pull/4914) (deps):
Bump System.IO.Abstractions from 22.1.0 to 22.1.1 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4915__](https://github.com/GitTools/GitVersion/pull/4915) (deps):
Bump JsonSchema.Net.Generation from 7.2.0 to 7.3.0 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4916__](https://github.com/GitTools/GitVersion/pull/4916) (deps):
Bump JsonSchema.Net.Generation from 7.2.0 to 7.3.4 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4917__](https://github.com/GitTools/GitVersion/pull/4917) (deps):
Bump JsonSchema.Net.Generation from 7.2.0 to 7.3.6 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4919__](https://github.com/GitTools/GitVersion/pull/4919) (sdk):
Bump dotnet-sdk from 10.0.201 to 10.0.202 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4920__](https://github.com/GitTools/GitVersion/pull/4920) (deps):
Bump the microsoft group with 11 updates by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4921__](https://github.com/GitTools/GitVersion/pull/4921) (deps):
Bump NUnit3TestAdapter from 6.1.0 to 6.2.0 by
[arturcic](https://github.com/arturcic)
- [__!4922__](https://github.com/GitTools/GitVersion/pull/4922) (sdk):
Bump dotnet-sdk from 10.0.202 to 10.0.203 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4923__](https://github.com/GitTools/GitVersion/pull/4923) (deps):
Bump coverlet.MTP from 8.0.1 to 10.0.0 by
[arturcic](https://github.com/arturcic)
- [__!4924__](https://github.com/GitTools/GitVersion/pull/4924) (deps):
Bump the microsoft group with 12 updates by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4925__](https://github.com/GitTools/GitVersion/pull/4925) (deps):
Bump SharpYaml from 3.4.0 to 3.7.0 by
[arturcic](https://github.com/arturcic)
- [__!4926__](https://github.com/GitTools/GitVersion/pull/4926) (deps):
Bump the microsoft group with 1 update by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4928__](https://github.com/GitTools/GitVersion/pull/4928) (deps):
Bump the analyzers group with 1 update by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4929__](https://github.com/GitTools/GitVersion/pull/4929) (deps):
Bump NUnit from 4.5.1 to 4.6.0 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4930__](https://github.com/GitTools/GitVersion/pull/4930) (build
deps): Bump test-summary/action from 2.4 to 2.6 in /.github/workflows by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4931__](https://github.com/GitTools/GitVersion/pull/4931) (deps):
Bump Cake.Incubator from 10.0.0 to 11.0.0 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4934__](https://github.com/GitTools/GitVersion/pull/4934) (build
deps): Bump gittools/cicd from 2 to 5 in /.github/workflows by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4935__](https://github.com/GitTools/GitVersion/pull/4935) (deps):
Bump the microsoft group with 8 updates by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4936__](https://github.com/GitTools/GitVersion/pull/4936) (sdk):
Bump dotnet-sdk from 10.0.203 to 10.0.300 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4937__](https://github.com/GitTools/GitVersion/pull/4937) (deps):
Bump the microsoft group with 4 updates by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4938__](https://github.com/GitTools/GitVersion/pull/4938) (deps):
Bump Scriban from 7.1.0 to 7.2.0 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4939__](https://github.com/GitTools/GitVersion/pull/4939) (deps):
Bump NUnit from 4.5.1 to 4.6.0 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4941__](https://github.com/GitTools/GitVersion/pull/4941) (deps):
Bump SharpYaml from 3.7.0 to 3.7.1 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4942__](https://github.com/GitTools/GitVersion/pull/4942) (deps):
Bump JsonSchema.Net.Generation from 7.3.6 to 7.3.7 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4943__](https://github.com/GitTools/GitVersion/pull/4943) (deps):
Bump coverlet.MTP from 10.0.0 to 10.0.1 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4945__](https://github.com/GitTools/GitVersion/pull/4945) (deps):
Bump NUnit from 4.6.0 to 4.6.1 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4946__](https://github.com/GitTools/GitVersion/pull/4946) (deps):
Bump NUnit from 4.6.0 to 4.6.1 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4948__](https://github.com/GitTools/GitVersion/pull/4948) (deps):
Bump the microsoft group with 1 update by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4949__](https://github.com/GitTools/GitVersion/pull/4949) (deps):
Bump Cake.Frosting from 6.1.0 to 6.2.0 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4950__](https://github.com/GitTools/GitVersion/pull/4950) (deps):
Bump JsonSchema.Net.Generation from 7.3.7 to 7.3.8 by
[dependabot[bot]](https://github.com/apps/dependabot)
- [__!4951__](https://github.com/GitTools/GitVersion/pull/4951) (deps):
Bump Scriban from 7.2.0 to 7.2.1 by
[dependabot[bot]](https://github.com/apps/dependabot)
... (truncated)
Commits viewable in [compare
view](https://github.com/GitTools/GitVersion/compare/6.7.0...6.8.1).
</details>
Updated [MediatR](https://github.com/LuckyPennySoftware/MediatR) from
14.1.0 to 14.2.0.
<details>
<summary>Release notes</summary>
_Sourced from [MediatR's
releases](https://github.com/LuckyPennySoftware/MediatR/releases)._
## 14.2.0
## What's Changed
* Fix license validation deadlock when called from sync context by
@jbogard in https://github.com/LuckyPennySoftware/MediatR/pull/1165
* Reporting test results by @jbogard in
https://github.com/LuckyPennySoftware/MediatR/pull/1166
* Attach NuGet packages and SBOM to GitHub Release by @jbogard in
https://github.com/LuckyPennySoftware/MediatR/pull/1169
* Treat blank license key as unconfigured (#1170) by @jbogard in
https://github.com/LuckyPennySoftware/MediatR/pull/1171
* ci: publish fork-PR test reports via workflow_run by @jbogard in
https://github.com/LuckyPennySoftware/MediatR/pull/1173
* Run license validation off the Mediator construction path by @jbogard
in https://github.com/LuckyPennySoftware/MediatR/pull/1174
* Support license key via environment variable fallback by @jbogard in
https://github.com/LuckyPennySoftware/MediatR/pull/1175
**Full Changelog**:
https://github.com/LuckyPennySoftware/MediatR/compare/v14.1.0...v14.2.0
Commits viewable in [compare
view](https://github.com/LuckyPennySoftware/MediatR/compare/v14.1.0...v14.2.0).
</details>
Updated
[Microsoft.AspNetCore.Mvc.Testing](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.
<details>
<summary>Release notes</summary>
_Sourced from [Microsoft.AspNetCore.Mvc.Testing's
releases](https://github.com/dotnet/dotnet/releases)._
No release notes found for this version range.
Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>
Updated [Microsoft.AspNetCore.OpenApi](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.
<details>
<summary>Release notes</summary>
_Sourced from [Microsoft.AspNetCore.OpenApi's
releases](https://github.com/dotnet/dotnet/releases)._
No release notes found for this version range.
Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>
Updated
[Microsoft.AspNetCore.SignalR.Client](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.
<details>
<summary>Release notes</summary>
_Sourced from [Microsoft.AspNetCore.SignalR.Client's
releases](https://github.com/dotnet/dotnet/releases)._
No release notes found for this version range.
Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>
Updated
[Microsoft.Extensions.Caching.StackExchangeRedis](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.
<details>
<summary>Release notes</summary>
_Sourced from [Microsoft.Extensions.Caching.StackExchangeRedis's
releases](https://github.com/dotnet/dotnet/releases)._
No release notes found for this version range.
Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>
Updated
[Microsoft.Extensions.Configuration](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.
<details>
<summary>Release notes</summary>
_Sourced from [Microsoft.Extensions.Configuration's
releases](https://github.com/dotnet/dotnet/releases)._
No release notes found for this version range.
Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>
Updated
[Microsoft.Extensions.Configuration.Abstractions](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.
<details>
<summary>Release notes</summary>
_Sourced from [Microsoft.Extensions.Configuration.Abstractions's
releases](https://github.com/dotnet/dotnet/releases)._
No release notes found for this version range.
Commits viewable in [compare
view](https://github.com/dotnet/dotnet/commits).
</details>
Updated
[Microsoft.Extensions.Configuration.Binder](https://github.com/dotnet/dotnet)
from 10.0.8 to 10.0.9.
<details>
<summary>Release notes</summary>
_Sourced from [Microsoft.Extensions.Configuration.Binder…
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.



Updated NUnit from 4.5.1 to 4.6.0.
Release notes
Sourced from NUnit's releases.
4.6.0
See release notes for details.
Commits viewable in compare view.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)