Skip to content

Bump the all-patch-and-minor group with 9 updates#5

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/src/Api/all-patch-and-minor-9cecc6cdcb
Closed

Bump the all-patch-and-minor group with 9 updates#5
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/src/Api/all-patch-and-minor-9cecc6cdcb

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026
edited
Loading

Updated Aspire.Hosting.AppHost from 13.2.2 to 13.2.4.

Release notes

Sourced from Aspire.Hosting.AppHost's releases.

13.2.4

Aspire 13.2.4

What's New in Aspire 13.2.4

Patch release addressing a security advisory in OpenTelemetry dependencies.

🐛 Fixes

  • 🔒 Bumped OpenTelemetry dependencies to address CVE-2026-40894 (#​16420)

🏷️ Housekeeping

  • 🚀 Bumped branding to
    13.2.4 (#​16436)

13.2.3

What's New in Aspire 13.2.3

Patch release focused on CLI packaging, signing, and reliability fixes.

🐛 Fixes

  • 🛑 aspire stop now properly cleans up application containers on Windows (#​16123)
  • 🔐 Fixed macOS signing, permissions, and certificate trust with improved CI verification (#​16053)
  • ✍️ Fixed signing for the aspire-managed bundle payload (#​16211)
  • 🎭 Fixed Playwright CLI provenance verification for the new tag format (#​16134)
  • 🧭 Updated service discovery environment variables (#​16223)

🔧 Improvements

  • 📊 Removed telemetry API data limits and refactored URL builders (#​16023)
  • ⏱️ Increased native build + sign timeout to 60 minutes for reliability (#​16212)

🏷️ Housekeeping

  • 🔖 Bumped branding to 13.2.3 (#​16181)
  • 🧪 Temporarily disabled Verify CLI archive step on Windows while investigating (#​16276, #​16285)

Commits viewable in compare view.

Updated Aspire.Hosting.Docker from 13.2.2 to 13.2.4.

Release notes

Sourced from Aspire.Hosting.Docker's releases.

13.2.4

Aspire 13.2.4

What's New in Aspire 13.2.4

Patch release addressing a security advisory in OpenTelemetry dependencies.

🐛 Fixes

  • 🔒 Bumped OpenTelemetry dependencies to address CVE-2026-40894 (#​16420)

🏷️ Housekeeping

  • 🚀 Bumped branding to
    13.2.4 (#​16436)

13.2.3

What's New in Aspire 13.2.3

Patch release focused on CLI packaging, signing, and reliability fixes.

🐛 Fixes

  • 🛑 aspire stop now properly cleans up application containers on Windows (#​16123)
  • 🔐 Fixed macOS signing, permissions, and certificate trust with improved CI verification (#​16053)
  • ✍️ Fixed signing for the aspire-managed bundle payload (#​16211)
  • 🎭 Fixed Playwright CLI provenance verification for the new tag format (#​16134)
  • 🧭 Updated service discovery environment variables (#​16223)

🔧 Improvements

  • 📊 Removed telemetry API data limits and refactored URL builders (#​16023)
  • ⏱️ Increased native build + sign timeout to 60 minutes for reliability (#​16212)

🏷️ Housekeeping

  • 🔖 Bumped branding to 13.2.3 (#​16181)
  • 🧪 Temporarily disabled Verify CLI archive step on Windows while investigating (#​16276, #​16285)

Commits viewable in compare view.

Updated Aspire.Hosting.MongoDB from 13.2.2 to 13.2.4.

Release notes

Sourced from Aspire.Hosting.MongoDB's releases.

13.2.4

Aspire 13.2.4

What's New in Aspire 13.2.4

Patch release addressing a security advisory in OpenTelemetry dependencies.

🐛 Fixes

  • 🔒 Bumped OpenTelemetry dependencies to address CVE-2026-40894 (#​16420)

🏷️ Housekeeping

  • 🚀 Bumped branding to
    13.2.4 (#​16436)

13.2.3

What's New in Aspire 13.2.3

Patch release focused on CLI packaging, signing, and reliability fixes.

🐛 Fixes

  • 🛑 aspire stop now properly cleans up application containers on Windows (#​16123)
  • 🔐 Fixed macOS signing, permissions, and certificate trust with improved CI verification (#​16053)
  • ✍️ Fixed signing for the aspire-managed bundle payload (#​16211)
  • 🎭 Fixed Playwright CLI provenance verification for the new tag format (#​16134)
  • 🧭 Updated service discovery environment variables (#​16223)

🔧 Improvements

  • 📊 Removed telemetry API data limits and refactored URL builders (#​16023)
  • ⏱️ Increased native build + sign timeout to 60 minutes for reliability (#​16212)

🏷️ Housekeeping

  • 🔖 Bumped branding to 13.2.3 (#​16181)
  • 🧪 Temporarily disabled Verify CLI archive step on Windows while investigating (#​16276, #​16285)

Commits viewable in compare view.

Updated Microsoft.AspNetCore.OpenApi from 10.0.6 to 10.0.7.

Release notes

Sourced from Microsoft.AspNetCore.OpenApi's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.15.2 to 1.15.3.

Release notes

Sourced from OpenTelemetry.Exporter.OpenTelemetryProtocol's releases.

1.15.3

For highlights and announcements pertaining to this release see: Release Notes > 1.15.3.

The following changes are from the previous release 1.15.2.

  • NuGet: OpenTelemetry v1.15.3

    • Fix resource leak in batch and periodic exporting task workers for Blazor/WASM.
      (#​7069)

    • Fixed LogRecord.LogLevel to preserve LogLevel.None and handle
      unspecified or out-of-range severities without returning invalid enum values.
      (#​7092)

    • Fixed OTEL_TRACES_SAMPLER_ARG handling to treat out-of-range, NaN, and
      infinite values as invalid and fall back to the default ratio when using
      traceidratio and parentbased_traceidratio samplers.
      (#​7103)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.15.3

    • Fix baggage and trace headers not respecting the maximum length in some cases.
      (#​7061)

    • Improve efficiency of parsing of baggage and B3 propagation headers.
      (#​7061)

    • Breaking change: Fixed tracestate parsing to reject keys that do not
      begin with a lowercase letter, including keys beginning with digits, to
      align with the W3C Trace Context specification.
      (#​7065)

    • Fixed BaggagePropagator to trim optional whitespace (OWS) around =
      separators when parsing the baggage header, as required by the
      W3C Baggage specification.
      (#​7009)

    • Fixed BaggagePropagator to strip baggage properties (e.g. ;metadata)
      from values when parsing the baggage header.
      (#​7009)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.15.3

    No notable changes.

    See CHANGELOG for details.

... (truncated)

1.15.3-beta.1

The following changes are from the previous release 1.15.2-beta.1.

Commits viewable in compare view.

Updated OpenTelemetry.Extensions.Hosting from 1.15.2 to 1.15.3.

Release notes

Sourced from OpenTelemetry.Extensions.Hosting's releases.

1.15.3

For highlights and announcements pertaining to this release see: Release Notes > 1.15.3.

The following changes are from the previous release 1.15.2.

  • NuGet: OpenTelemetry v1.15.3

    • Fix resource leak in batch and periodic exporting task workers for Blazor/WASM.
      (#​7069)

    • Fixed LogRecord.LogLevel to preserve LogLevel.None and handle
      unspecified or out-of-range severities without returning invalid enum values.
      (#​7092)

    • Fixed OTEL_TRACES_SAMPLER_ARG handling to treat out-of-range, NaN, and
      infinite values as invalid and fall back to the default ratio when using
      traceidratio and parentbased_traceidratio samplers.
      (#​7103)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api v1.15.3

    • Fix baggage and trace headers not respecting the maximum length in some cases.
      (#​7061)

    • Improve efficiency of parsing of baggage and B3 propagation headers.
      (#​7061)

    • Breaking change: Fixed tracestate parsing to reject keys that do not
      begin with a lowercase letter, including keys beginning with digits, to
      align with the W3C Trace Context specification.
      (#​7065)

    • Fixed BaggagePropagator to trim optional whitespace (OWS) around =
      separators when parsing the baggage header, as required by the
      W3C Baggage specification.
      (#​7009)

    • Fixed BaggagePropagator to strip baggage properties (e.g. ;metadata)
      from values when parsing the baggage header.
      (#​7009)

    See CHANGELOG for details.

  • NuGet: OpenTelemetry.Api.ProviderBuilderExtensions v1.15.3

    No notable changes.

    See CHANGELOG for details.

... (truncated)

1.15.3-beta.1

The following changes are from the previous release 1.15.2-beta.1.

Commits viewable in compare view.

Updated OpenTelemetry.Instrumentation.AspNetCore from 1.15.1 to 1.15.2.

Release notes

Sourced from OpenTelemetry.Instrumentation.AspNetCore's releases.

1.15.2

Commits viewable in compare view.

Updated OpenTelemetry.Instrumentation.Http from 1.15.0 to 1.15.1.

Release notes

Sourced from OpenTelemetry.Instrumentation.Http's releases.

1.15.1

1.15.1-beta.2

1.15.1-beta.1

1.15.1-alpha.1

Commits viewable in compare view.

Updated OpenTelemetry.Instrumentation.Runtime from 1.15.0 to 1.15.1.

Release notes

Sourced from OpenTelemetry.Instrumentation.Runtime's releases.

1.15.1

1.15.1-beta.2

1.15.1-beta.1

1.15.1-alpha.1

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the all-patch-and-minor group with 9 updates
a033dae 
Bumps Aspire.Hosting.AppHost from 13.2.2 to 13.2.4
Bumps Aspire.Hosting.Docker from 13.2.2 to 13.2.4
Bumps Aspire.Hosting.MongoDB from 13.2.2 to 13.2.4
Bumps Microsoft.AspNetCore.OpenApi from 10.0.6 to 10.0.7
Bumps OpenTelemetry.Exporter.OpenTelemetryProtocol from 1.15.2 to 1.15.3
Bumps OpenTelemetry.Extensions.Hosting from 1.15.2 to 1.15.3
Bumps OpenTelemetry.Instrumentation.AspNetCore from 1.15.1 to 1.15.2
Bumps OpenTelemetry.Instrumentation.Http from 1.15.0 to 1.15.1
Bumps OpenTelemetry.Instrumentation.Runtime from 1.15.0 to 1.15.1

---
updated-dependencies:
- dependency-name: Aspire.Hosting.AppHost
  dependency-version: 13.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-patch-and-minor
- dependency-name: Aspire.Hosting.Docker
  dependency-version: 13.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-patch-and-minor
- dependency-name: Aspire.Hosting.MongoDB
  dependency-version: 13.2.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-patch-and-minor
- dependency-name: Microsoft.AspNetCore.OpenApi
  dependency-version: 10.0.7
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-patch-and-minor
- dependency-name: OpenTelemetry.Exporter.OpenTelemetryProtocol
  dependency-version: 1.15.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-patch-and-minor
- dependency-name: OpenTelemetry.Extensions.Hosting
  dependency-version: 1.15.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-patch-and-minor
- dependency-name: OpenTelemetry.Instrumentation.AspNetCore
  dependency-version: 1.15.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-patch-and-minor
- dependency-name: OpenTelemetry.Instrumentation.Http
  dependency-version: 1.15.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-patch-and-minor
- dependency-name: OpenTelemetry.Instrumentation.Runtime
  dependency-version: 1.15.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: all-patch-and-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github Apr 27, 2026

Labels

The following labels could not be found: dependencies, nuget. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot Bot mentioned this pull request Apr 27, 2026
Closed
@sonarqubecloud
Copy link
Copy Markdown

sonarqubecloud Bot commented Apr 27, 2026

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot Bot commented on behalf of github May 4, 2026

Superseded by #7.

@dependabot dependabot Bot closed this May 4, 2026
@dependabot dependabot Bot deleted the dependabot/nuget/src/Api/all-patch-and-minor-9cecc6cdcb branch May 4, 2026 04:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants