Skip to content

deps: Bump the all-nuget group with 27 updates#116

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/all-nuget-b023b4b242
Open

deps: Bump the all-nuget group with 27 updates#116
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/all-nuget-b023b4b242

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 15, 2026

Copy link
Copy Markdown
Contributor

Updated Aspire.Hosting.PostgreSQL from 13.4.2 to 13.4.4.

Release notes

Sourced from Aspire.Hosting.PostgreSQL's releases.

13.4.4

What's New in Aspire 13.4.4

Patch release for Aspire 13.4 with improved DCP connection reliability during request execution and consistent ExcludeFromMcp() filtering across all CLI MCP tools.

🐛 Fixes

  • 🔌 DCP requests could fail permanently when the connection dropped mid-request — If the underlying DCP channel closed while a request was in flight, the error was surfaced directly instead of being retried. Reconnection is now attempted as part of the DCP request retry path so transient disconnections recover automatically without surfacing errors. (#​18096, @​karolz-ms)
  • 🔍 Resources marked with ExcludeFromMcp() were not consistently filtered from CLI MCP tools — Resources with the resource.excludeFromMcp property were not excluded uniformly from all CLI MCP tool results. list_resources, list_console_logs, execute_resource_command, list_structured_logs, list_traces, and list_trace_structured_logs all now honor the exclusion, preventing excluded resources and their telemetry from appearing in agent context. (#​18150, @​JamesNK)

🏷️ Housekeeping

  • 📦 Improved npm CLI package metadata and hardened npm publish validation in the release pipeline. (#​18093, @​adamratzman)

Full Changelog: v13.4.3...v13.4.4

Full commit: ccc566c5ab3285c9beb8f38ede34734bb477c029

13.4.3

What's New in Aspire 13.4.3

Patch release for Aspire 13.4 with a fix for persistent container endpoint allocation regressions introduced in 13.4.

🐛 Fixes

  • 🔌 Persistent container endpoints had incorrect default behavior — Persistent containers were defaulting to proxyless endpoint behavior instead of the proxied behavior used by normal containers. This caused integrations that depend on endpoint allocation before resource startup (such as the KeyVault emulator) to fail. Persistent containers now default to proxied endpoints matching normal container behavior; opt out with isProxied: false or WithEndpointProxySupport(false). Proxyless container endpoints with only a targetPort specified now also resolve immediately to that port instead of waiting for delayed allocation. (#​17960, @​danegsta)

🏷️ Housekeeping

  • 🛠️ Unblocked WinGet manifest publishing on locked-down 1ES agents and updated manifest tags (#​17958)

Full Changelog: microsoft/aspire@v13.4.2...v13.4.3

Full commit: 4f218933552e18ff2874d1b6d5dc3fe671e3b6d9

Generated by Generate release notes for a new stable Aspire release · ● 4.7M

Commits viewable in compare view.

Updated Aspire.Hosting.RabbitMQ from 13.4.2 to 13.4.4.

Release notes

Sourced from Aspire.Hosting.RabbitMQ's releases.

13.4.4

What's New in Aspire 13.4.4

Patch release for Aspire 13.4 with improved DCP connection reliability during request execution and consistent ExcludeFromMcp() filtering across all CLI MCP tools.

🐛 Fixes

  • 🔌 DCP requests could fail permanently when the connection dropped mid-request — If the underlying DCP channel closed while a request was in flight, the error was surfaced directly instead of being retried. Reconnection is now attempted as part of the DCP request retry path so transient disconnections recover automatically without surfacing errors. (#​18096, @​karolz-ms)
  • 🔍 Resources marked with ExcludeFromMcp() were not consistently filtered from CLI MCP tools — Resources with the resource.excludeFromMcp property were not excluded uniformly from all CLI MCP tool results. list_resources, list_console_logs, execute_resource_command, list_structured_logs, list_traces, and list_trace_structured_logs all now honor the exclusion, preventing excluded resources and their telemetry from appearing in agent context. (#​18150, @​JamesNK)

🏷️ Housekeeping

  • 📦 Improved npm CLI package metadata and hardened npm publish validation in the release pipeline. (#​18093, @​adamratzman)

Full Changelog: v13.4.3...v13.4.4

Full commit: ccc566c5ab3285c9beb8f38ede34734bb477c029

13.4.3

What's New in Aspire 13.4.3

Patch release for Aspire 13.4 with a fix for persistent container endpoint allocation regressions introduced in 13.4.

🐛 Fixes

  • 🔌 Persistent container endpoints had incorrect default behavior — Persistent containers were defaulting to proxyless endpoint behavior instead of the proxied behavior used by normal containers. This caused integrations that depend on endpoint allocation before resource startup (such as the KeyVault emulator) to fail. Persistent containers now default to proxied endpoints matching normal container behavior; opt out with isProxied: false or WithEndpointProxySupport(false). Proxyless container endpoints with only a targetPort specified now also resolve immediately to that port instead of waiting for delayed allocation. (#​17960, @​danegsta)

🏷️ Housekeeping

  • 🛠️ Unblocked WinGet manifest publishing on locked-down 1ES agents and updated manifest tags (#​17958)

Full Changelog: microsoft/aspire@v13.4.2...v13.4.3

Full commit: 4f218933552e18ff2874d1b6d5dc3fe671e3b6d9

Generated by Generate release notes for a new stable Aspire release · ● 4.7M

Commits viewable in compare view.

Updated Aspire.Hosting.Redis from 13.4.2 to 13.4.4.

Release notes

Sourced from Aspire.Hosting.Redis's releases.

13.4.4

What's New in Aspire 13.4.4

Patch release for Aspire 13.4 with improved DCP connection reliability during request execution and consistent ExcludeFromMcp() filtering across all CLI MCP tools.

🐛 Fixes

  • 🔌 DCP requests could fail permanently when the connection dropped mid-request — If the underlying DCP channel closed while a request was in flight, the error was surfaced directly instead of being retried. Reconnection is now attempted as part of the DCP request retry path so transient disconnections recover automatically without surfacing errors. (#​18096, @​karolz-ms)
  • 🔍 Resources marked with ExcludeFromMcp() were not consistently filtered from CLI MCP tools — Resources with the resource.excludeFromMcp property were not excluded uniformly from all CLI MCP tool results. list_resources, list_console_logs, execute_resource_command, list_structured_logs, list_traces, and list_trace_structured_logs all now honor the exclusion, preventing excluded resources and their telemetry from appearing in agent context. (#​18150, @​JamesNK)

🏷️ Housekeeping

  • 📦 Improved npm CLI package metadata and hardened npm publish validation in the release pipeline. (#​18093, @​adamratzman)

Full Changelog: v13.4.3...v13.4.4

Full commit: ccc566c5ab3285c9beb8f38ede34734bb477c029

13.4.3

What's New in Aspire 13.4.3

Patch release for Aspire 13.4 with a fix for persistent container endpoint allocation regressions introduced in 13.4.

🐛 Fixes

  • 🔌 Persistent container endpoints had incorrect default behavior — Persistent containers were defaulting to proxyless endpoint behavior instead of the proxied behavior used by normal containers. This caused integrations that depend on endpoint allocation before resource startup (such as the KeyVault emulator) to fail. Persistent containers now default to proxied endpoints matching normal container behavior; opt out with isProxied: false or WithEndpointProxySupport(false). Proxyless container endpoints with only a targetPort specified now also resolve immediately to that port instead of waiting for delayed allocation. (#​17960, @​danegsta)

🏷️ Housekeeping

  • 🛠️ Unblocked WinGet manifest publishing on locked-down 1ES agents and updated manifest tags (#​17958)

Full Changelog: microsoft/aspire@v13.4.2...v13.4.3

Full commit: 4f218933552e18ff2874d1b6d5dc3fe671e3b6d9

Generated by Generate release notes for a new stable Aspire release · ● 4.7M

Commits viewable in compare view.

Updated Google.Protobuf from 3.35.0 to 3.35.1.

Release notes

Sourced from Google.Protobuf's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Grpc.Tools from 2.81.0 to 2.81.1.

Release notes

Sourced from Grpc.Tools's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.OpenApi from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.AspNetCore.OpenApi's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.EntityFrameworkCore's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.Design from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.EntityFrameworkCore.Design's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.EntityFrameworkCore.Sqlite from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.EntityFrameworkCore.Sqlite's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Caching.Abstractions from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Caching.Abstractions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Caching.Memory from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Caching.Memory's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Configuration's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration.Json from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Configuration.Json's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.DependencyInjection from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.DependencyInjection's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.DependencyInjection.Abstractions from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.DependencyInjection.Abstractions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Hosting from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Hosting's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Hosting.Abstractions from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Hosting.Abstractions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Http from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Http's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Http.Resilience from 10.6.0 to 10.7.0.

Release notes

Sourced from Microsoft.Extensions.Http.Resilience's releases.

10.7.0

v10.7.0 graduates the Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes package to stable. The package registers a Kubernetes-aware ResourceQuotaProvider that reads the pod's CPU and memory requests and limits and exposes them to Microsoft.Extensions.Diagnostics.ResourceMonitoring as baseline and maximum quotas, which then feed the request and limit dimensions of the published resource utilization metrics. The companion ResourceQuota and ResourceQuotaProvider types in Microsoft.Extensions.Diagnostics.ResourceMonitoring graduate to stable in the same change so that consumers can implement custom quota providers without taking an experimental dependency.

On the AI side, Microsoft.Extensions.AI.OpenAI moves to OpenAI 2.11.0 and fixes a deserialization bug in ToolJson.AdditionalProperties so that JSON Schema additionalProperties values shaped as sub-schema objects (for example {"type":"string"}) are preserved instead of throwing during deserialization. HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt graduate to stable since both values are consistently available across hosted-file providers, while Purpose and Scope remain experimental as provider-shaped vocabulary. FunctionInvokingChatClient drops a backward-compat path that auto-marked ToolApprovalResponseContent entries with InformationalOnly: true; consumers that need to continue accepting sessions serialized before #​7468 can use the sample ApprovalHistoryNormalizingChatClient middleware added in the test project.

Experimental API Changes

Now Stable

  • Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes package is now stable #​7253
  • Resource Monitoring ResourceQuota and ResourceQuotaProvider APIs are now stable (previously EXTEXP0008) #​7253
  • HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt are now stable (previously MEAI001) #​7513

What's Changed

AI

  • Graduate HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt #​7513 by @​jozkee (co-authored by @​Copilot)
  • Remove backward-compat InformationalOnly case from FICC; suggest middleware workaround #​7538 by @​jozkee (co-authored by @​Copilot)
  • Upgrade OpenAI package from 2.10.0 to 2.11.0 #​7544 by @​jozkee (co-authored by @​Copilot)
  • Fix ToolJson.AdditionalProperties to accept sub-schema objects #​7546 by @​jozkee (co-authored by @​Copilot)

Diagnostics, Health Checks, and Resource Monitoring

  • Move Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes to stable #​7253 by @​amadeuszl (co-authored by @​Copilot)

Repository Infrastructure Updates

  • [main] Update dependencies from dotnet/arcade #​7521
  • Bump dotnet-reportgenerator-globaltool from 5.5.9 to 5.5.10 #​7522
  • Bump dotnet-coverage from 18.6.2 to 18.7.0 #​7530
  • Bump PowerShell from 7.6.1 to 7.6.2 #​7531
  • Bump qs from 6.15.1 to 6.15.2 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7532
  • [main] Update dependencies from dotnet/arcade #​7534
  • Bump tmp from 0.2.5 to 0.2.6 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7537

Acknowledgements

  • @​ericstj submitted issue #​7509 (resolved by #​7544)
  • @​scottt732 submitted issue #​7540 (resolved by #​7546)
  • @​DeagleGross @​wtgodbe @​dariusclay @​evgenyfedorov2 @​peterwald @​PranavSenthilnathan @​shyamnamboodiripad @​stephentoub @​tarekgh reviewed pull requests

Full Changelog: dotnet/extensions@v10.6.0...v10.7.0

Commits viewable in compare view.

Updated Microsoft.Extensions.Logging.Abstractions from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Logging.Abstractions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Logging.Console from 10.0.8 to 10.0.9.

Release notes

Sourced from Microsoft.Extensions.Logging.Console's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.ServiceDiscovery from 10.6.0 to 10.7.0.

Release notes

Sourced from Microsoft.Extensions.ServiceDiscovery's releases.

10.7.0

v10.7.0 graduates the Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes package to stable. The package registers a Kubernetes-aware ResourceQuotaProvider that reads the pod's CPU and memory requests and limits and exposes them to Microsoft.Extensions.Diagnostics.ResourceMonitoring as baseline and maximum quotas, which then feed the request and limit dimensions of the published resource utilization metrics. The companion ResourceQuota and ResourceQuotaProvider types in Microsoft.Extensions.Diagnostics.ResourceMonitoring graduate to stable in the same change so that consumers can implement custom quota providers without taking an experimental dependency.

On the AI side, Microsoft.Extensions.AI.OpenAI moves to OpenAI 2.11.0 and fixes a deserialization bug in ToolJson.AdditionalProperties so that JSON Schema additionalProperties values shaped as sub-schema objects (for example {"type":"string"}) are preserved instead of throwing during deserialization. HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt graduate to stable since both values are consistently available across hosted-file providers, while Purpose and Scope remain experimental as provider-shaped vocabulary. FunctionInvokingChatClient drops a backward-compat path that auto-marked ToolApprovalResponseContent entries with InformationalOnly: true; consumers that need to continue accepting sessions serialized before #​7468 can use the sample ApprovalHistoryNormalizingChatClient middleware added in the test project.

Experimental API Changes

Now Stable

  • Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes package is now stable #​7253
  • Resource Monitoring ResourceQuota and ResourceQuotaProvider APIs are now stable (previously EXTEXP0008) #​7253
  • HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt are now stable (previously MEAI001) #​7513

What's Changed

AI

  • Graduate HostedFileContent.SizeInBytes and HostedFileContent.CreatedAt #​7513 by @​jozkee (co-authored by @​Copilot)
  • Remove backward-compat InformationalOnly case from FICC; suggest middleware workaround #​7538 by @​jozkee (co-authored by @​Copilot)
  • Upgrade OpenAI package from 2.10.0 to 2.11.0 #​7544 by @​jozkee (co-authored by @​Copilot)
  • Fix ToolJson.AdditionalProperties to accept sub-schema objects #​7546 by @​jozkee (co-authored by @​Copilot)

Diagnostics, Health Checks, and Resource Monitoring

  • Move Microsoft.Extensions.Diagnostics.ResourceMonitoring.Kubernetes to stable #​7253 by @​amadeuszl (co-authored by @​Copilot)

Repository Infrastructure Updates

  • [main] Update dependencies from dotnet/arcade #​7521
  • Bump dotnet-reportgenerator-globaltool from 5.5.9 to 5.5.10 #​7522
  • Bump dotnet-coverage from 18.6.2 to 18.7.0 #​7530
  • Bump PowerShell from 7.6.1 to 7.6.2 #​7531
  • Bump qs from 6.15.1 to 6.15.2 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7532
  • [main] Update dependencies from dotnet/arcade #​7534
  • Bump tmp from 0.2.5 to 0.2.6 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7537

Acknowledgements

  • @​ericstj submitted issue #​7509 (resolved by #​7544)
  • @​scottt732 submitted issue #​7540 (resolved by #​7546)
  • @​DeagleGross @​wtgodbe @​dariusclay @​evgenyfedorov2 @​peterwald @​PranavSenthilnathan @​shyamnamboodiripad @​stephentoub @​tarekgh reviewed pull requests

Full Changelog: dotnet/extensions@v10.6.0...v10.7.0

Commits viewable in compare view.

Updated OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.15.3 to 1.16.0.

Release notes

Sourced from OpenTelemetry.Exporter.OpenTelemetryProtocol's releases.

1.16.0

For highlights and announcements pertaining to this release see: Release Notes > 1.16.0.

The following changes are from the previous release 1.16.0-rc.1.

... (truncated)

1.16.0-rc.1

The following changes are from the previous release 1.15.3.

  • NuGet: OpenTelemetry v1.16.0-rc.1

    • Stop validating View-provided metric stream Name against the instrument
      name syntax, per
      spec clarification.
      (#​7300)

    • Fix incorrect validation of OTEL_BSP_* and OTEL_BLRP_* environment
      variables.
      (#​7187)

    • Fix observable instrument callbacks running once per reader instead of
      once per collection cycle.
      (#​7188)

    • Added exception safety for user-supplied ExemplarReservoir implementations.
      Exceptions thrown from Offer are now caught and logged rather than propagating
      out of Counter.Add/Histogram.Record.
      (#​7277)

    • Update OpenTelemetrySdkEventSource to support the W3C randomness flag.
      (#​7301)

    • Added ObservedTimestamp property to LogRecord.
      (#​6979)

    • Breaking Change Explicit histogram boundaries no longer allow more than
      10 million values.
      (#​7165)

    • Fixed a circular reference which could cause a LoggerProvider to fail to
      resolve when one of its dependencies depends on ILogger or ILoggerFactory.
      As part of this fix the LoggerProvider resolved from dependency injection
      is now created lazily when the first logger is created rather than when
      ILoggerProvider or ILoggerFactory is resolved. A consequence is that any
      invalid configuration now surfaces when the first log record is written instead
      of when the logging services are resolved.
      (#​7308)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.16.0-rc.1

    • Experimental (pre-release builds only):
      Add support for using environment variables as context propagation carriers.
      (#​7174)

    • Fix BaggagePropagator to correctly follow Key and Value Encoding rules as per
      ... (truncated)

1.16.0-beta.1

The following changes are from the previous release 1.15.3-beta.1.

  • NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.16.0-beta.1

    • Fixed scrape response cache freshness using monotonic time so it is not
      affected by NTP system clock adjustments.
      (#​7253)

    • Breaking Change Removed DisableTimestamp property from
      PrometheusAspNetCoreOptions.
      (#​7176)

    • Fixed the serialization of NaN, PositiveInfinity, and NegativeInfinity
      values in Prometheus metrics to be compliant with the specification.
      (#​7179)

    • Fixed loss of precision when serializing double and float values in
      Prometheus metrics to be compliant with the specification by using 17
      significant digits to represent such values.
      (#​7179)

    • Fix non-ASCII characters in metric names and unit strings not being sanitized
      correctly during Prometheus serialization.
      (#​7184)

    • Fix case where reader tracking could be reset while readers were still active.
      (#​7190)

    • Improve Accept header handling for format negotiation so OpenMetrics is
      selected correctly by considering whitespace and q weights.
      (#​7208)

    • Emit OpenMetrics exemplars for counters and histogram buckets.
      (#​7222)

    • Fix incorrect handling of untyped metrics when using OpenMetrics format.
      (#​7219)

    • Fix Prometheus/OpenMetrics serialization to emit metric and label names
      containing _ instead of dropping them and prefixing leading digits.
      Invalid characters are replaced with _ instead of being dropped.
      (#​7209)

    • Add escaping=underscores to the Accept header handling for content
      negotiation so OpenMetrics are handled correctly.
      (#​7209)

    • Omit histogram _sum and _count in OpenMetrics when negative bucket
      thresholds are present.
      (#​7221)
      ... (truncated)

Commits viewable in compare view.

Updated OpenTelemetry.Extensions.Hosting from 1.15.3 to 1.16.0.

Release notes

Sourced from OpenTelemetry.Extensions.Hosting's releases.

1.16.0

For highlights and announcements pertaining to this release see: Release Notes > 1.16.0.

The following changes are from the previous release 1.16.0-rc.1.

... (truncated)

1.16.0-rc.1

The following changes are from the previous release 1.15.3.

  • NuGet: OpenTelemetry v1.16.0-rc.1

    • Stop validating View-provided metric stream Name against the instrument
      name syntax, per
      spec clarification.
      (#​7300)

    • Fix incorrect validation of OTEL_BSP_* and OTEL_BLRP_* environment
      variables.
      (#​7187)

    • Fix observable instrument callbacks running once per reader instead of
      once per collection cycle.
      (#​7188)

    • Added exception safety for user-supplied ExemplarReservoir implementations.
      Exceptions thrown from Offer are now caught and logged rather than propagating
      out of Counter.Add/Histogram.Record.
      (#​7277)

    • Update OpenTelemetrySdkEventSource to support the W3C randomness flag.
      (#​7301)

    • Added ObservedTimestamp property to LogRecord.
      (#​6979)

    • Breaking Change Explicit histogram boundaries no longer allow more than
      10 million values.
      (#​7165)

    • Fixed a circular reference which could cause a LoggerProvider to fail to
      resolve when one of its dependencies depends on ILogger or ILoggerFactory.
      As part of this fix the LoggerProvider resolved from dependency injection
      is now created lazily when the first logger is created rather than when
      ILoggerProvider or ILoggerFactory is resolved. A consequence is that any
      invalid configuration now surfaces when the first log record is written instead
      of when the logging services are resolved.
      (#​7308)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.16.0-rc.1

    • Experimental (pre-release builds only):
      Add support for using environment variables as context propagation carriers.
      (#​7174)

    • Fix BaggagePropagator to correctly follow Key and Value Encoding rules as per
      ... (truncated)

1.16.0-beta.1

The following changes are from the previous release 1.15.3-beta.1.

  • NuGet: OpenTelemetry.Exporter.Prometheus.AspNetCore v1.16.0-beta.1

    • Fixed scrape response cache freshness using monotonic time so it is not
      affected by NTP system clock adjustments.
      (#​7253)

    • Breaking Change Removed DisableTimestamp property from
      PrometheusAspNetCoreOptions.
      (#​7176)

    • Fixed the serialization of NaN, PositiveInfinity, and NegativeInfinity
      values in Prometheus metrics to be compliant with the specification.
      (#​7179)

    • Fixed loss of precision when serializing double and float values in
      Prometheus metrics to be compliant with the specification by using 17
      significant digits to represent such values.
      (#​7179)

    • Fix non-ASCII characters in metric names and unit strings not being sanitized
      correctly during Prometheus serialization.
      (#​7184)

    • Fix case where reader tracking could be reset while readers were still active.
      (#​7190)

    • Improve Accept header handling for format negotiation so OpenMetrics is
      selected correctly by considering whitespace and q weights.
      (#​7208)

    • Emit OpenMetrics exemplars for counters and histogram buckets.
      (#​7222)

    • Fix incorrect handling of untyped metrics when using OpenMetrics format.
      (#​7219)

    • Fix Prometheus/OpenMetrics serialization to emit metric and label names
      containing _ instead of dropping them and prefixing leading digits.
      Invalid characters are replaced with _ instead of being dropped.
      (#​7209)

    • Add escaping=underscores to the Accept header handling for content
      negotiation so OpenMetrics are handled correctly.
      (#​7209)

    • Omit histogram _sum and _count in OpenMetrics when negative bucket
      thresholds are present.
      (#​7221)
      ... (truncated)

Commits viewable in compare view.

Updated PatternKit.Core from 0.147.1 to 0.147.2.

Release notes

Sourced from PatternKit.Core's releases.

0.147.2

What's Changed

Full Changelog: JerrettDavis/PatternKit@v0.147.1...v0.147.2

Commits viewable in compare view.

Updated Scalar.AspNetCore from 2.14.14 to 2.16.3.

Release notes

Sourced from Scalar.AspNetCore's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated SoapCore from 1.2.1.13 to 1.2.1.14.

Release notes

Sourced from SoapCore's releases.

1.2.1.14

What's Changed

New Contributors

Full Changelog: DigDes/SoapCore@v1.2.1.13...v1.2.1.14

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
deps: Bump the all-nuget group with 27 updates
e9de174 
Bumps Aspire.Hosting.PostgreSQL from 13.4.2 to 13.4.4
Bumps Aspire.Hosting.RabbitMQ from 13.4.2 to 13.4.4
Bumps Aspire.Hosting.Redis from 13.4.2 to 13.4.4
Bumps Google.Protobuf from 3.35.0 to 3.35.1
Bumps Grpc.Tools from 2.81.0 to 2.81.1
Bumps Microsoft.AspNetCore.OpenApi from 10.0.8 to 10.0.9
Bumps Microsoft.EntityFrameworkCore from 10.0.8 to 10.0.9
Bumps Microsoft.EntityFrameworkCore.Design from 10.0.8 to 10.0.9
Bumps Microsoft.EntityFrameworkCore.Sqlite from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.Caching.Abstractions from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.Caching.Memory from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.Configuration from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.Configuration.Json from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.DependencyInjection from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.DependencyInjection.Abstractions from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.Hosting from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.Hosting.Abstractions from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.Http from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.Http.Resilience from 10.6.0 to 10.7.0
Bumps Microsoft.Extensions.Logging.Abstractions from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.Logging.Console from 10.0.8 to 10.0.9
Bumps Microsoft.Extensions.ServiceDiscovery from 10.6.0 to 10.7.0
Bumps OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.15.3 to 1.16.0
Bumps OpenTelemetry.Extensions.Hosting from 1.15.3 to 1.16.0
Bumps PatternKit.Core from 0.147.1 to 0.147.2
Bumps Scalar.AspNetCore from 2.14.14 to 2.16.3
Bumps SoapCore from 1.2.1.13 to 1.2.1.14

---
updated-dependencies:
- dependency-name: Aspire.Hosting.PostgreSQL
  dependency-version: 13.4.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Aspire.Hosting.RabbitMQ
  dependency-version: 13.4.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Aspire.Hosting.Redis
  dependency-version: 13.4.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Google.Protobuf
  dependency-version: 3.35.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Grpc.Tools
  dependency-version: 2.81.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.AspNetCore.OpenApi
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.EntityFrameworkCore
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.EntityFrameworkCore.Design
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.EntityFrameworkCore.Sqlite
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Caching.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Caching.Memory
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Logging.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Configuration
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Configuration.Json
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.DependencyInjection
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.DependencyInjection.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Hosting
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Hosting.Abstractions
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Http
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Http.Resilience
  dependency-version: 10.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.Logging.Console
  dependency-version: 10.0.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Microsoft.Extensions.ServiceDiscovery
  dependency-version: 10.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-nuget
- dependency-name: OpenTelemetry.Exporter.OpenTelemetryProtocol
  dependency-version: 1.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-nuget
- dependency-name: OpenTelemetry.Extensions.Hosting
  dependency-version: 1.16.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-nuget
- dependency-name: PatternKit.Core
  dependency-version: 0.147.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
- dependency-name: Scalar.AspNetCore
  dependency-version: 2.16.3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: all-nuget
- dependency-name: SoapCore
  dependency-version: 1.2.1.14
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-nuget
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from JerrettDavis as a code owner June 15, 2026 09:34
@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

Test Results

0 tests   - 118   0 ✅  - 118   0s ⏱️ -6s
0 suites  -   2   0 💤 ±  0 
0 files    -   2   0 ❌ ±  0 

Results for commit e9de174. ± Comparison against base commit a73ae72.

@github-actions

github-actions Bot commented Jun 15, 2026

Copy link
Copy Markdown
Contributor

🔍 PR Validation Results

Version: 0.0.0-g11e655445b

📦 Detected NuGet Packages (0)

🚀 Detected Executables (0)

✅ Validation Steps

  • Build solution
  • Run unit tests
  • Run integration tests
  • Dry-run NuGet packaging
  • Dry-run executable publishing

📊 Artifacts

Dry-run artifacts have been uploaded and will be available for 7 days.

This comment was automatically generated by the PR validation workflow.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JerrettDavis JerrettDavis Awaiting requested review from JerrettDavis JerrettDavis is a code owner

Assignees

No one assigned

Labels

dependencies nuget size/s

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants