chore(deps): update nuget minor/patch updates

[renovate]

ℹ️ Note

This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Change	Age	Confidence	Type	Update
Aspire.Hosting.AppHost	13.1.3 → 13.3.5			nuget	minor
Cake.Frosting (source)	6.1.0 → 6.2.0			nuget	minor
CliWrap	3.10.0 → 3.10.1			nuget	patch
JsonSchema.Net	9.1.3 → 9.2.1			nuget	minor
Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore (source)	10.0.5 → 10.0.8			nuget	patch
Microsoft.AspNetCore.Identity.EntityFrameworkCore (source)	10.0.5 → 10.0.8			nuget	patch
Microsoft.CodeCoverage	18.3.0 → 18.5.1			nuget	minor
Microsoft.EntityFrameworkCore.Sqlite (source)	10.0.5 → 10.0.8			nuget	patch
Microsoft.EntityFrameworkCore.Tools (source)	10.0.5 → 10.0.8			nuget	patch
Microsoft.Extensions.DependencyInjection (source)	10.0.5 → 10.0.8			nuget	patch
Microsoft.Extensions.DependencyInjection.Abstractions (source)	10.0.5 → 10.0.8			nuget	patch
Microsoft.Extensions.FileProviders.Embedded (source)	10.0.5 → 10.0.8			nuget	patch
Microsoft.Extensions.Http.Resilience (source)	10.4.0 → 10.6.0			nuget	minor
Microsoft.Extensions.ServiceDiscovery (source)	10.4.0 → 10.6.0			nuget	minor
Microsoft.NET.Test.Sdk	18.3.0 → 18.5.1			nuget	minor
Microsoft.Playwright	1.58.0 → 1.60.0			nuget	minor
Microsoft.SourceLink.GitHub	10.0.201 → 10.0.300			nuget	patch
OpenTelemetry.Exporter.OpenTelemetryProtocol (source)	1.15.0 → 1.15.3			nuget	patch
OpenTelemetry.Extensions.Hosting (source)	1.15.0 → 1.15.3			nuget	patch
OpenTelemetry.Instrumentation.AspNetCore (source)	1.15.1 → 1.15.2			nuget	patch
OpenTelemetry.Instrumentation.Http (source)	1.15.0 → 1.15.1			nuget	patch
OpenTelemetry.Instrumentation.Runtime (source)	1.15.0 → 1.15.1			nuget	patch
Spectre.Console	0.54.0 → 0.55.2			nuget	minor
Spectre.Console.Cli	0.53.1 → 0.55.0			nuget	minor
dotnet-sdk	10.0.201 → 10.0.300			dotnet-sdk	patch

---

Release Notes

microsoft/aspire (Aspire.Hosting.AppHost)

v13.3.5: Aspire 13.3.5

What's New in Aspire 13.3.5

Patch release for Aspire 13.3 with fixes for the Azure provisioning location prompt and an Aspire CLI named-pipe timeout on Linux with .NET SDK 10.0.300.

🐛 Fixes

• 📍 Azure provisioning location prompt not populated — Selecting an existing resource group during aspire publish now correctly populates dependent server-controlled fields (such as Location). Previously, server-provided values for disabled inputs were discarded, leaving those fields blank. (#​17278, backported via #​17291)
• 🔧 Aspire CLI named-pipe timeout on Linux with .NET SDK 10.0.300 — The Aspire CLI was forcing DOTNET_CLI_USE_MSBUILD_SERVER=1 for all dotnet run/dotnet build invocations. On Linux with SDK 10.0.300 this caused a named-pipe timeout that prevented aspire run from building the AppHost. The forced override has been removed so the SDK chooses MSBuild server behavior. Fixes #​16849. (#​17313, backported via #​17314)

🏷️ Housekeeping

• ⬆️ Skipped log publish for WinGet/Homebrew installer pipeline jobs to fix Prepare Installers stage failures (#​17134)
• 🚀 Bumped branding to 13.3.5 (#​17315)

---

Full Changelog: microsoft/aspire@v13.3.4...v13.3.5

Full commit: 70b33bcb5f64c75e3ab6f57616545f35bd43dc81

Generated by Generate release notes for a new stable Aspire release · ● 4.3M

v13.3.4: Aspire 13.3.4

What's New in Aspire 13.3.4

Patch release for Aspire 13.3 with a fix for the Aspire skill description exceeding agent host limits.

🐛 Fixes

• 📝 Aspire skill description too long for agent hosts — The SKILL.md generated by aspire agent init included a frontmatter description that exceeded the 1024-character limit enforced by agent hosts such as Codex and Copilot CLI, causing the Aspire skill to fail to load. The bundled skill description has been shortened to stay within the limit. (#​17183, backported via #​17188)

🏷️ Housekeeping

• 🚀 Bumped branding to 13.3.4 (#​17215)

---

Full commit: 75080796af797483231a9da2d1642b5130617565

Generated by Generate release notes for a new stable Aspire release · ● 3.6M

v13.3.3: Aspire 13.3.3

What's New in Aspire 13.3.3

Patch release for Aspire 13.3 with fixes for debug log level leaking into user resources, Keycloak HTTPS endpoint token invalidation, and endpoint materialization in HostResourceWithEndpoints.

🐛 Fixes

• 🔇 Debug log level leaking into user resources — Logging__LogLevel__Default=Debug set by the app host was being inherited by all user resources, silently changing their logging verbosity. The app host now uses ASPIRE_APPHOST_LOGLEVEL instead, which is scoped to Aspire processes only. (#​17071, backported via #​17078)
• 🔑 Keycloak HTTPS primary endpoint — Fixed a regression where Keycloak tokens became invalid after an app host restart because the HTTPS endpoint port was dynamic. When developer certificates are enabled, Keycloak's primary endpoint is now upgraded to HTTPS directly, and the endpoint name is set to http to enable standard http+https:// service discovery URLs. (#​17058, backported via #​17063)
• 🔌 Endpoint materialization in HostResourceWithEndpoints — Endpoints configured via HostResourceWithEndpoints are now correctly materialized, ensuring endpoint resolution and service discovery work as expected. (#​17091, backported via #​17092)

🏷️ Housekeeping

• ⬆️ Bumped DCP (Microsoft.DeveloperControlPlane) from 0.23.5 → 0.23.6 — includes fixes for Kubernetes OpenAPI generator types that caused [SHOULD NOT HAPPEN] failed to update managedFields errors. (#​17070)
• 🚀 Bumped branding to 13.3.3 (#​17088)

---

Full commit: a4615e7c6def6cba4703cdbd84009cd3da9a261b

v13.3.2: Aspire 13.3.2

What's New in Aspire 13.3.2

Patch release for Aspire 13.3 with a fix for container tunnel startup when tunnel-dependent containers use WaitFor().

🐛 Fixes

• 🚇 Fix WaitFor() for tunnel-dependent containers — The container tunnel implementation that shipped in Aspire 13.3 deadlocked at startup when tunnel-using containers waited on other resources, because resource waits blocked ResourceStarting before the tunnel initialization could complete. Container and tunnel startup have been refactored to cooperate correctly, and additional tunnel-dependent containers can now be started at any point during the application lifecycle. Also improves error reporting for container tunnel failures. (#​16988, backported via #​16993)

🏷️ Housekeeping

• 🚀 Bumped branding to 13.3.2 (#​17053)

v13.3.1: Aspire 13.3.1

Aspire 13.3.1

What's New in Aspire 13.3.1

Patch release for Aspire 13.3 with a regression fix for aspire run and a DCP bump.

🐛 Fixes

• 🏃 aspire run compute environment validation — Skip compute environment validation in run mode so customers no longer hit Resource '<name>' is configured to publish as an Azure Container App, but there are no 'AzureContainerAppEnvironmentResource' resources. Ensure you have added one by calling 'AddAzureContainerAppEnvironment'. errors during local runs. The check is now only performed in publish mode, matching pre-13.3 behavior. (#​16945, backported via #​16952)

🏷️ Housekeeping

• ⬆️ Bumped DCP (Microsoft.DeveloperControlPlane) from 0.23.4 → 0.23.5 (#​16944)
• 🌐 Updated localization resources (#​16602)
• 🚀 Bumped branding to 13.3.1 (#​16951)

v13.3.0: Aspire 13.3.0

Aspire 13.3.0

Aspire 13.3 is here! 🚀 This release is packed with new ways to deploy, debug, and build distributed apps — including aspire destroy, browser telemetry in the dashboard, Kubernetes deployment, first-class JavaScript publishing, and major TypeScript AppHost parity
improvements.

Highlights

• 🧹 Clean teardown — New aspire destroy tears down Azure, Kubernetes, and Docker Compose deployments, and pipeline summaries make deploy/publish/destroy runs easier to follow.
• 🔍 Frontend telemetry — Aspire.Hosting.Browsers captures browser console logs, network requests, and screenshots right in the Aspire dashboard.
• ☸️ Kubernetes deploy preview — aspire deploy can now generate Helm-based Kubernetes deployments, with first-class Ingress and Gateway API routing.
• 🟨 JavaScript publishing — New PublishAs* methods support static sites, Node servers, npm-script apps, Next.js, Vite, Bun, Yarn, and pnpm.
• 🌐 TypeScript AppHost parity — Unified withEnvironment, Docker Compose hooks, endpoint expressions, Azure Container Apps domains, and more close the gap with C# AppHosts.
• 🛠️ CLI upgrades — Run the standalone dashboard with aspire dashboard run, install the CLI as a NativeAOT dotnet tool, and search API docs from the terminal.
• ☁️ Azure goodness — New Azure Front Door, Network Security Perimeter, AKS, private endpoint, and Foundry Prompt Agent support.
• 🐳 Better containers — The Aspire container tunnel is now enabled by default for consistent host connectivity across Docker Desktop, Docker Engine, and Podman.

⚠️ Breaking changes

Notable breaking changes include --log-level becoming --pipeline-log-level, the dashboard MCP server being replaced by aspire agent init, dotnet new aspire-py-starter moving to aspire new aspire-py-starter, and several API shape updates across AKS,
Foundry, JavaScript diagnostics, and TypeScript AppHost helpers.

See the full list in the Aspire 13.3 breaking changes.

📖 Learn more

For the full details, examples, migration guidance, and everything new in this release, check out What's new in Aspire 13.3.

Thank you to all the community contributors who helped make Aspire 13.3 possible! 💜

v13.2.4: Aspire 13.2.4

Aspire 13.2.4

What's New in Aspire 13.2.4

Patch release addressing a security advisory in OpenTelemetry dependencies.

🐛 Fixes

• 🔒 Bumped OpenTelemetry dependencies to address CVE-2026-40894 (#​16420)

🏷️ Housekeeping

• 🚀 Bumped branding to
  13.2.4 (#​16436)

v13.2.3: Aspire 13.2.3

What's New in Aspire 13.2.3

Patch release focused on CLI packaging, signing, and reliability fixes.

🐛 Fixes

• 🛑 aspire stop now properly cleans up application containers on Windows (#​16123)
• 🔐 Fixed macOS signing, permissions, and certificate trust with improved CI verification (#​16053)
• ✍️ Fixed signing for the aspire-managed bundle payload (#​16211)
• 🎭 Fixed Playwright CLI provenance verification for the new tag format (#​16134)
• 🧭 Updated service discovery environment variables (#​16223)

🔧 Improvements

• 📊 Removed telemetry API data limits and refactored URL builders (#​16023)
• ⏱️ Increased native build + sign timeout to 60 minutes for reliability (#​16212)

🏷️ Housekeeping

• 🔖 Bumped branding to 13.2.3 (#​16181)
• 🧪 Temporarily disabled Verify CLI archive step on Windows while investigating (#​16276, #​16285)

v13.2.2: Aspire 13.2.2

This is a servicing release focused on bug fixes and platform improvements.

🐛 Bug Fixes

• Fix SqlClient runtime asset layout on Unix — Resolved an issue where Microsoft.Data.SqlClient failed to load correctly on macOS and Linux due to incorrect NuGet asset layout (#​15709)
• Fix IDE execution regressions for Azure Functions and class library projects — Backported fixes for
  13.2 regressions impacting IDE-based execution (#​15714)
• Fix NpmRunner multi-version output parsing — npm view returning multiple versions no longer breaks version resolution; also bumps @​playwright/cli to >=0.1.3 (#​15746)
• Skip name validation for internal resources — ProjectRebuilderResource, installer, and venv creator resources no longer fail the 64-char name limit since they're never deployed (#​15726, fixes #​15693)

🔒 Security & Certificates

• Use ASP.NET Core dev cert for DCP — Avoids ephemeral certificate trust issues by using the standard ASP.NET Core developer certificate (#​15718)
• Cache PFX dev certs on Windows and Linux — Prevents binary-level changes between runs for persistent container scenarios (#​15774)

🏗️ Infrastructure & Platform

• ARM64 CLI support — Added win-arm64 and linux-arm64 to the native CLI archive build matrix (#​15599)
• Update DCP to
  0.22.11 (#​15713)

💻 CLI Improvements

• Show anonymous dashboard URLs in aspire ps — The dashboard URL is now displayed even when running without authentication (#​15731

v13.2.1: Aspire 13.2.1

🐛 Bug Fixes

• 🖥️ CLI bundles for ARM & musl — win-arm64, linux-arm64, and linux-musl-x64 bundles now correctly include DCP instead of silently producing broken installs (#​15529)
• ⚡ aspire new in VS Code — Fixed a race where the workspace switch severed the CLI terminal before the agent init prompt could complete (#​15553)
• 🔗 Dashboard resource URLs — The describe command no longer produces broken dashboard links with a stray /login?t=... in the path (#​15495)
• 🌍 Guest AppHost env vars — Launch profile environment variables are now correctly forwarded to guest AppHosts (#​15637)
• 📦 Legacy settings migration — .aspire/settings.json → aspire.config.json migration was silently skipped in some scenarios; now works reliably (#​15526)
• 🔧 TypeScript AppHost restore — Fixed config resolution during TS AppHost restore (#​15625)
• 🎭 Playwright CLI on Windows — aspire agent init now correctly installs playwright-cli on Windows (#​15559)
• 📌 Emulator stability — Pinned Kusto emulator image and improved Cosmos DB emulator reliability (#​15504)

✨ Improvements

• 🏗️ Brownfield TypeScript aspire init — Running aspire init in existing JS/TS projects now smartly merges package.json — scripts, dependencies, and engines — with semver-aware conflict handling (#​15123)
• 🎯 Endpoint filtering — New ExcludeReferenceEndpoint property lets you filter specific endpoints from WithReference (#​15586)
• 🌐 More polyglot ATS APIs — Exported additional hosting APIs for TypeScript and Go AppHost authoring (#​15557)
• 🔍 Short trace ID support — The dashboard now resolves short trace IDs in addition to full-length ones (#​15613)
• ⚠️ Aspire.Hosting.NodeJs deprecated — Use Aspire.Hosting.JavaScript instead; the old package no longer appears in aspire add (#​15686)

v13.2.0: Aspire 13.2.0

Aspire 13.2

Aspire 13.2 brings major CLI enhancements, a new TypeScript AppHost (preview), dashboard data export/import, Microsoft Foundry integration, and multi-language improvements — all focused on making local development more streamlined for developers and AI coding agents
alike.

Highlights

• 🛠️ CLI overhaul — New commands including aspire start/stop/ps for detached mode, aspire describe for resource monitoring, aspire doctor for environment diagnostics, aspire secret for managing user secrets, aspire docs for browsing documentation from the terminal,
  and aspire agent (renamed from aspire mcp) for AI agent integration.
• 🌐 TypeScript AppHost (preview) — Write your apphost in TypeScript with createBuilder(), using the same app model concepts as C#. Full VS Code extension support included.
• 🧩 VS Code extension — Dedicated Aspire Activity Bar panel with live resource state, inline CodeLens with health status and actions, gutter decorations, and a new Getting Started walkthrough.
• 📊 Dashboard improvements — Bulk telemetry export/import, export environment variables as .env files, a new telemetry HTTP API, set parameters directly from the dashboard, and improved resource graph layout.
• 🤖 Microsoft Foundry — Replaces Azure AI Foundry integration with broader Aspire.Hosting.Foundry support including hosted agents and model deployments.
• 🔒 Azure Virtual Network & Private Endpoints — New Aspire.Hosting.Azure.Network integration for defining VNets, subnets, NAT gateways, NSGs, and private endpoints directly in your apphost.
• 🐳 Docker Compose publishing — Generate docker-compose.yaml from your app model with AddDockerComposeEnvironment.
• 📦 New integrations — Azure Data Lake Storage, MongoDB EF Core (Aspire.MongoDB.EntityFrameworkCore), Bun support for JS resources, and Certbot for automated SSL certificates.
• ⚡ App model — WithMcpServer for declaring MCP endpoints, rebuild command for project resources, contextual endpoint resolution, and improved secret/certificate handling.

⚠️ Breaking changes

Notable breaking changes include service discovery env vars now using endpoint scheme instead of name, aspire.config.json replacing split config files, AIFoundry → Foundry rename, WithSecretBuildArg → WithBuildSecret, and updated default Azure credential behavior.
See the full list of breaking changes.

📖 Learn more

For the full details on everything in this release, check out the What's new in Aspire 13.2 documentation.

Thank you to all the community contributors who helped make this release happen! 💜

cake-build/cake (Cake.Frosting)

v6.2.0

• #​4840 Add RWX as a build provider.
• #​4832 Update Microsoft.Extensions.DependencyInjection to 9.0.16 (net9.0) & 10.0.8 (net10.0).
• #​4830 Update Microsoft.IdentityModel.JsonWebTokens to 8.18.0.
• #​4822 Update Spectre.Console to 0.55.2.
• #​4820 Update Basic.Reference.Assemblies.* to 1.8.8.
• #​4794 Update NuGet.* packages dependencies to avoid transitive package vulnerable warnings.
• #​4784 Update Spectre.Console.* to 0.55.0.
• #​4776 Microsoft.IdentityModel.JsonWebTokens to 8.17.0.
• #​4771 Update System.Security.Cryptography.Pkcs to 9.0.14 & 10.0.5 (net9.0&net10.0).
• #​4769 Update Microsoft.Extensions.DependencyInjection to 9.0.14 & 10.0.5 (net9.0&net10.0).
• #​4765 Update Autofac to 9.1.0.
• #​4763 Update Microsoft.CodeAnalysis.CSharp.Scripting to 5.3.0.
• #​4442 Frosting DirectoryPath + ConvertableFilePath combines strings instead of paths.
• #​4158 Cannot specify empty properties when using DotNetBuild.
• #​2101 CakeReportPrinter should be disabled in Verbosity = Quiet.
• #​4834 .NET Tool installer switch from --add-source to --source for .NET 9 & 10.
• #​4456 DotNetMSBuild alias generates extra verbosity argument.
• #​4454 Impossible to retrieve package versions list with DotNetSearchPackage.
• #​4324 When running multiple targets, common dependent tasks are executed twice.
• #​4066 SetupContext.TasksToExecute only lists tasks related to first target when calling RunTargets.
• #​2666 GetFiles() using Glob curly braces gives empty result.

Tyrrrz/CliWrap (CliWrap)

v3.10.1

Compare Source

What's Changed

• Throw if failed to kill process during cancellation by @​Tyrrrz in #​308
• Bump the nuget group with 4 updates by @​dependabot[bot] in #​314
• Migrate to Centralized NuGet Package Management (CPM) by @​Copilot in #​319
• Bump the nuget group with 6 updates by @​dependabot[bot] in #​320
• Remove explicit Microsoft.SourceLink.GitHub package reference by @​Copilot in #​321
• Use LibraryImport instead of DllImport for proper AOT support by @​Copilot in #​323

New Contributors

• @​Copilot made their first contribution in #​319

Full Changelog: Tyrrrz/CliWrap@3.10...3.10.1

dotnet/dotnet (Microsoft.AspNetCore.Diagnostics.EntityFrameworkCore)

v10.0.8

v10.0.7

v10.0.6

microsoft/vstest (Microsoft.CodeCoverage)

v18.5.1

What's Changed

• Fix System.Collections.Immutable binding mismatch in Common.dll (rel/18.5) by @​nohwnd in #​15720
• Port verify-binding-redirects.ps1 to rel/18.5 by @​nohwnd in #​15719
• Bump to 18.5.1 by @​nohwnd in #​15721

Full Changelog: microsoft/vstest@v18.5.0...v18.5.1

v18.5.0

⚠️ Unlisted on Nuget, because of #​15718

What's Changed

• Add runtime configs by @​nohwnd in #​15377
• Add net8.0 target for TranslationLayer by @​nohwnd in #​15375
• Determine architecture of remote process on windows by @​nohwnd in #​15396
• Updating System.Collections.Immutable package reference to version 9.0.0 by @​MSLukeWest in #​15392
• Dump via netcore tool on windows by @​nohwnd in #​15397
• Fix answer file splitting by @​nohwnd in #​15381
• Run tests against vsix runner by @​nohwnd in #​15419

Full Changelog: microsoft/vstest@v18.4.0...v18.5.0

v18.4.0

What's Changed

• Add LoongArch64 support by @​stdmnpkg in #​15359

• Refactor Condition evaluation by @​Youssef1313 in #​15357

• Adding info on extensions points part 1 by @​nohwnd in #​15360

• Add option to ask for uploading code QL before the standard window ends by @​nohwnd in #​15373

• Update runtime versions by @​nohwnd in #​15372

• Fix .NET 10 regression for traits by @​Youssef1313 in #​15370

• Update target frameworks to net10.0 and net11.0 by @​dotnet-maestro[bot] in #​15349

• Fix names in pipeline matrix so we don't have to align them by @​nohwnd in #​15365

• Update SECURITY.md by @​Youssef1313 in #​15342

New Contributors

• @​stdmnpkg made their first contribution in #​15359

Full Changelog: microsoft/vstest@v18.3.0...v18.4.0

dotnet/extensions (Microsoft.Extensions.Http.Resilience)

v10.6.0

Version 10.6.0 stabilizes the response continuation token and background-response APIs in Microsoft.Extensions.AI.Abstractions. Most other AI work for May shipped in 10.5.1; this monthly release rolls those changes up alongside dependency updates and a small Resource Monitoring cleanup.

Experimental API Changes

Now Stable

• ResponseContinuationToken and background-response APIs are now stable (previously MEAI001) #​7512

What's Changed

AI

• Stabilize ResponseContinuationToken / background-response APIs #​7512 by @​jozkee (co-authored by @​Copilot)

Repository Infrastructure Updates

• Update version to 10.6.0 #​7458 by @​jeffhandley
• [main] Update dependencies from dotnet/arcade #​7451
• Bump follow-redirects from 1.15.11 to 1.16.0 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/tasks/PublishAIEvaluationReport #​7469
• Merge release/10.5 into main #​7470 by @​jeffhandley
• Bump microsoft.visualstudio.slngen.tool from 12.0.13 to 12.0.32 #​7484
• Bump postcss from 8.5.9 to 8.5.12 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7494
• Bump dotnet-reportgenerator-globaltool from 5.5.7 to 5.5.9 #​7504
• Rename release-notes skill to write-release-notes #​7511 by @​jeffhandley (co-authored by @​Copilot)

Acknowledgements

• @​wtgodbe @​tarekgh @​peterwald @​JeremyLikness @​eiriktsarpalis @​ericstj @​evgenyfedorov2 reviewed pull requests

Full Changelog: dotnet/extensions@v10.5.2...v10.6.0

v10.5.0

HTTP Logging Middleware APIs in Microsoft.AspNetCore.Diagnostics.Middleware are now stable. This release also transfers Microsoft.Extensions.VectorData.Abstractions and Microsoft.Extensions.VectorData.ConformanceTests from the Semantic Kernel repository into dotnet/extensions, jumping from 10.1.0 to 10.5.0 for consistent versioning. The release also delivers fixes across the AI libraries, AI Evaluation, and Service Discovery.

Breaking Changes

1. Rename VectorStoreVectorAttribute constructor parameter #​7460
   • The Dimensions parameter was renamed to dimensions (lowercase). This is a source-breaking change only — binary compatibility is preserved.
   • If you use the named argument syntax new VectorStoreVectorAttribute(Dimensions: 1536), update it to new VectorStoreVectorAttribute(dimensions: 1536).

Experimental API Changes

Now Stable

• HTTP Logging Middleware APIs are now stable (previously EXTEXP0013): AddHttpLogEnricher<T>, IHttpLogEnricher, and RequestHeadersLogEnricherOptions.HeadersDataClasses #​7380

What's Changed

AI

• Fix OpenAIResponsesChatClient to respect "store":false in responses #​7417 by @​stephentoub
• Fix InvalidOperationException in CoalesceWebSearchToolCallContent #​7419 by @​stephentoub
• Handle F# optional parameters in AIFunctionFactory schema generation #​7439 by @​eiriktsarpalis
• Fix ComputerCallResponseItem using Item.Id instead of CallId #​7446 by @​jozkee
• Fix HostedFileContent with image MIME type sent as input_file instead of input_image #​7438 by @​stephentoub (co-authored by @​copilot)
• Guard Activity.Current restore with null check in OpenTelemetry streaming clients #​7443 by @​stephentoub (co-authored by @​copilot)
• Enable stateless mode in remote MCP server template (released as v1.2.0 on 2026-04-01) #​7441 by @​jeffhandley

Vector Data

• Move Microsoft.Extensions.VectorData.Abstractions over from Semantic Kernel #​7434 by @​roji
• Rename VectorStoreVectorAttribute dimensions constructor parameter #​7460 by @​roji

AI Evaluation

• Add Path Validation for DiskBasedResponseCache and DiskBasedResultStore #​7397 by @​peterwald
• Update brace-expansion for CVE-2026-33750 #​7457 by @​SamMonoRT

ASP.NET Core Extensions

• Removing experimental attribute from Http logging middleware #​7380 by @​mariamgerges

Service Discovery

• Implement RFC6761 reserved DNS names handling #​6924 by @​rzikm

Documentation Updates

• Remove per-library CHANGELOG.md files #​7413 by @​jeffhandley

Test Improvements

• Fix SqliteVectorStoreWriterTests hang: reduce test record count and use conditional MaxTopCount #​7360 by @​stephentoub (co-authored by @​copilot)

Repository Infrastructure Updates

• Bump minimatch and azure-pipelines-task-lib in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7361
• Remove stale user-level .npmrc instead of npmAuthenticate #​7366 by @​ilonatommy
• [main] Update dependencies from dotnet/arcade #​7374
• Use env vars in build.ps1 to bypass stale agent npm config #​7376 by @​ilonatommy
• Add a Release-Notes skill #​7390 by @​jeffhandley
• Enable CFSClean* policies for extensions-ci-official pipeline #​7403 by @​mmitche
• Fix CG alerts for Microsoft.Bcl.Memory #​7418 by @​wtgodbe
• Bump flatted from 3.3.3 to 3.4.2 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7421
• [main] Update dependencies from dotnet/arcade #​7422
• Bump picomatch from 2.3.1 to 2.3.2 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7427
• Bump picomatch in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7429
• Stop using Mariner 2 images #​7431 by @​wtgodbe
• [main] Update dependencies from dotnet/arcade #​7435
• Bump brace-expansion from 1.1.12 to 1.1.13 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7440
• Bump lodash from 4.17.23 to 4.18.1 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7455
• Bump vite from 6.4.1 to 6.4.2 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7456
• Correctly publish MEVD.ConformanceTests as nuget packages #​7459 by @​roji
• Update ApiChief baselines for MEAI and MEVD #​7461 by @​jeffhandley
• Upgrade to OpenAI 2.10.0 #​7450 by @​stephentoub
• Use shared DiagnosticIds constants for MEVD experimental APIs #​7462 by @​jeffhandley

Acknowledgements

• @​shyamnamboodiripad @​rogerbarreto @​ReubenBond @​evgenyfedorov2 @​tarekgh reviewed pull requests

Full Changelog: dotnet/extensions@v10.4.1...v10.5.0

microsoft/playwright-dotnet (Microsoft.Playwright)

v1.60.0

💬 Custom assertion messages

Expect() overloads now accept a custom message that is prepended to any failure, giving extra context in test reports:

await Expect(page.Locator("#status"), "Should be logged in").ToBeVisibleAsync();

When the assertion fails, the message is prefixed:

Should be logged in
Locator expected to be visible

🌐 HAR recording on Tracing

Tracing.StartHarAsync() / Tracing.StopHarAsync() expose HAR recording as a first-class tracing API, with the same Content, Mode and UrlFilter options as RecordHar:

await context.Tracing.StartHarAsync("trace.har");
var page = await context.NewPageAsync();
await page.GotoAsync("https://playwright.dev");
await context.Tracing.StopHarAsync();

🪝 Drop API

New Locator.DropAsync() simulates an external drag-and-drop of files or clipboard-like data onto an element. Playwright dispatches dragenter, dragover, and drop with a synthetic [DataTransfer] in the page context — works cross-browser and is great for testing upload zones:

await page.Locator("#dropzone").DropAsync(new() {
    Files = new FilePayload() {
        Name = "note.txt",
        MimeType = "text/plain",
        Buffer = Encoding.UTF8.GetBytes("hello"),
    },
});

await page.Locator("#dropzone").DropAsync(new() {
    Data = new Dictionary<string, string> {
        ["text/plain"] = "hello world",
        ["text/uri-list"] = "https://example.com",
    },
});

🎯 Aria snapshots

• Expect(page).ToMatchAriaSnapshotAsync() now works on a Page, in addition to a Locator — equivalent to asserting against Page.Locator("body").
• New Boxes option on Locator.AriaSnapshotAsync() / Page.AriaSnapshotAsync() appends each element's bounding box as [box=x,y,width,height], useful for AI consumption.

New APIs

Browser, Context and Page

• Event Browser.Context — fired when a new context is created on the browser.
• BrowserContext now mirrors lifecycle events from its pages: BrowserContext.Download, BrowserContext.FrameAttached, BrowserContext.FrameDetached, BrowserContext.FrameNavigated, BrowserContext.PageClose, BrowserContext.PageLoad.
• Page now implements IAsyncDisposable — pages can be used with await using for automatic cleanup.

Locators and Assertions

• New option Description in Page.GetByRole() / Locator.GetByRole() / Frame.GetByRole() / FrameLocator.GetByRole() for matching the accessible description.
• New option Pseudo in Expect(locator).ToHaveCSSAsync() reads computed styles from ::before or ::after.
• New option Style in [Locator.HighlightAsync()](https://playwright.dev/dotnet/docs/api

✂ Note

PR body was truncated to here.

---

Configuration

📅 Schedule: (in timezone Europe/Brussels)

• Branch creation
  • "before 9am on Saturday"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.