.Net: Bump Aspire.Hosting.Azure.CognitiveServices from 13.0.0 to 13.3.0

[dependabot]

Updated Aspire.Hosting.Azure.CognitiveServices from 13.0.0 to 13.3.0.

Release notes

Sourced from Aspire.Hosting.Azure.CognitiveServices's releases.

13.3.0

Aspire 13.3.0

Aspire 13.3 is here! 🚀 This release is packed with new ways to deploy, debug, and build distributed apps — including aspire destroy, browser telemetry in the dashboard, Kubernetes deployment, first-class JavaScript publishing, and major TypeScript AppHost parity
improvements.

Highlights

• 🧹 Clean teardown — New aspire destroy tears down Azure, Kubernetes, and Docker Compose deployments, and pipeline summaries make deploy/publish/destroy runs easier to follow.
• 🔍 Frontend telemetry — Aspire.Hosting.Browsers captures browser console logs, network requests, and screenshots right in the Aspire dashboard.
• ☸️ Kubernetes deploy preview — aspire deploy can now generate Helm-based Kubernetes deployments, with first-class Ingress and Gateway API routing.
• 🟨 JavaScript publishing — New PublishAs* methods support static sites, Node servers, npm-script apps, Next.js, Vite, Bun, Yarn, and pnpm.
• 🌐 TypeScript AppHost parity — Unified withEnvironment, Docker Compose hooks, endpoint expressions, Azure Container Apps domains, and more close the gap with C# AppHosts.
• 🛠️ CLI upgrades — Run the standalone dashboard with aspire dashboard run, install the CLI as a NativeAOT dotnet tool, and search API docs from the terminal.
• ☁️ Azure goodness — New Azure Front Door, Network Security Perimeter, AKS, private endpoint, and Foundry Prompt Agent support.
• 🐳 Better containers — The Aspire container tunnel is now enabled by default for consistent host connectivity across Docker Desktop, Docker Engine, and Podman.

⚠️ Breaking changes

Notable breaking changes include --log-level becoming --pipeline-log-level, the dashboard MCP server being replaced by aspire agent init, dotnet new aspire-py-starter moving to aspire new aspire-py-starter, and several API shape updates across AKS,
Foundry, JavaScript diagnostics, and TypeScript AppHost helpers.

See the full list in the Aspire 13.3 breaking changes.

📖 Learn more

For the full details, examples, migration guidance, and everything new in this release, check out What's new in Aspire 13.3.

Thank you to all the community contributors who helped make Aspire 13.3 possible! 💜

13.2.4

Aspire 13.2.4

What's New in Aspire 13.2.4

Patch release addressing a security advisory in OpenTelemetry dependencies.

🐛 Fixes

• 🔒 Bumped OpenTelemetry dependencies to address CVE-2026-40894 (#​16420)

🏷️ Housekeeping

• 🚀 Bumped branding to
  13.2.4 (#​16436)

13.2.3

What's New in Aspire 13.2.3

Patch release focused on CLI packaging, signing, and reliability fixes.

🐛 Fixes

• 🛑 aspire stop now properly cleans up application containers on Windows (#​16123)
• 🔐 Fixed macOS signing, permissions, and certificate trust with improved CI verification (#​16053)
• ✍️ Fixed signing for the aspire-managed bundle payload (#​16211)
• 🎭 Fixed Playwright CLI provenance verification for the new tag format (#​16134)
• 🧭 Updated service discovery environment variables (#​16223)

🔧 Improvements

• 📊 Removed telemetry API data limits and refactored URL builders (#​16023)
• ⏱️ Increased native build + sign timeout to 60 minutes for reliability (#​16212)

🏷️ Housekeeping

• 🔖 Bumped branding to 13.2.3 (#​16181)
• 🧪 Temporarily disabled Verify CLI archive step on Windows while investigating (#​16276, #​16285)

13.2.2

This is a servicing release focused on bug fixes and platform improvements.

🐛 Bug Fixes

• Fix SqlClient runtime asset layout on Unix — Resolved an issue where Microsoft.Data.SqlClient failed to load correctly on macOS and Linux due to incorrect NuGet asset layout (#​15709)
• Fix IDE execution regressions for Azure Functions and class library projects — Backported fixes for
  13.2 regressions impacting IDE-based execution (#​15714)
• Fix NpmRunner multi-version output parsing — npm view returning multiple versions no longer breaks version resolution; also bumps @​playwright/cli to >=0.1.3 (#​15746)
• Skip name validation for internal resources — ProjectRebuilderResource, installer, and venv creator resources no longer fail the 64-char name limit since they're never deployed (#​15726, fixes #​15693)

🔒 Security & Certificates

• Use ASP.NET Core dev cert for DCP — Avoids ephemeral certificate trust issues by using the standard ASP.NET Core developer certificate (#​15718)
• Cache PFX dev certs on Windows and Linux — Prevents binary-level changes between runs for persistent container scenarios (#​15774)

🏗️ Infrastructure & Platform

• ARM64 CLI support — Added win-arm64 and linux-arm64 to the native CLI archive build matrix (#​15599)
• Update DCP to
  0.22.11 (#​15713)

💻 CLI Improvements

• Show anonymous dashboard URLs in aspire ps — The dashboard URL is now displayed even when running without authentication (#​15731

13.2.1

🐛 Bug Fixes

• 🖥️ CLI bundles for ARM & musl — win-arm64, linux-arm64, and linux-musl-x64 bundles now correctly include DCP instead of silently producing broken installs (#​15529)
• ⚡ aspire new in VS Code — Fixed a race where the workspace switch severed the CLI terminal before the agent init prompt could complete (#​15553)
• 🔗 Dashboard resource URLs — The describe command no longer produces broken dashboard links with a stray /login?t=... in the path (#​15495)
• 🌍 Guest AppHost env vars — Launch profile environment variables are now correctly forwarded to guest AppHosts (#​15637)
• 📦 Legacy settings migration — .aspire/settings.json → aspire.config.json migration was silently skipped in some scenarios; now works reliably (#​15526)
• 🔧 TypeScript AppHost restore — Fixed config resolution during TS AppHost restore (#​15625)
• 🎭 Playwright CLI on Windows — aspire agent init now correctly installs playwright-cli on Windows (#​15559)
• 📌 Emulator stability — Pinned Kusto emulator image and improved Cosmos DB emulator reliability (#​15504)

✨ Improvements

• 🏗️ Brownfield TypeScript aspire init — Running aspire init in existing JS/TS projects now smartly merges package.json — scripts, dependencies, and engines — with semver-aware conflict handling (#​15123)
• 🎯 Endpoint filtering — New ExcludeReferenceEndpoint property lets you filter specific endpoints from WithReference (#​15586)
• 🌐 More polyglot ATS APIs — Exported additional hosting APIs for TypeScript and Go AppHost authoring (#​15557)
• 🔍 Short trace ID support — The dashboard now resolves short trace IDs in addition to full-length ones (#​15613)
• ⚠️ Aspire.Hosting.NodeJs deprecated — Use Aspire.Hosting.JavaScript instead; the old package no longer appears in aspire add (#​15686)

13.2.0

Aspire 13.2

Aspire 13.2 brings major CLI enhancements, a new TypeScript AppHost (preview), dashboard data export/import, Microsoft Foundry integration, and multi-language improvements — all focused on making local development more streamlined for developers and AI coding agents
alike.

Highlights

• 🛠️ CLI overhaul — New commands including aspire start/stop/ps for detached mode, aspire describe for resource monitoring, aspire doctor for environment diagnostics, aspire secret for managing user secrets, aspire docs for browsing documentation from the terminal,
  and aspire agent (renamed from aspire mcp) for AI agent integration.
• 🌐 TypeScript AppHost (preview) — Write your apphost in TypeScript with createBuilder(), using the same app model concepts as C#. Full VS Code extension support included.
• 🧩 VS Code extension — Dedicated Aspire Activity Bar panel with live resource state, inline CodeLens with health status and actions, gutter decorations, and a new Getting Started walkthrough.
• 📊 Dashboard improvements — Bulk telemetry export/import, export environment variables as .env files, a new telemetry HTTP API, set parameters directly from the dashboard, and improved resource graph layout.
• 🤖 Microsoft Foundry — Replaces Azure AI Foundry integration with broader Aspire.Hosting.Foundry support including hosted agents and model deployments.
• 🔒 Azure Virtual Network & Private Endpoints — New Aspire.Hosting.Azure.Network integration for defining VNets, subnets, NAT gateways, NSGs, and private endpoints directly in your apphost.
• 🐳 Docker Compose publishing — Generate docker-compose.yaml from your app model with AddDockerComposeEnvironment.
• 📦 New integrations — Azure Data Lake Storage, MongoDB EF Core (Aspire.MongoDB.EntityFrameworkCore), Bun support for JS resources, and Certbot for automated SSL certificates.
• ⚡ App model — WithMcpServer for declaring MCP endpoints, rebuild command for project resources, contextual endpoint resolution, and improved secret/certificate handling.

⚠️ Breaking changes

Notable breaking changes include service discovery env vars now using endpoint scheme instead of name, aspire.config.json replacing split config files, AIFoundry → Foundry rename, WithSecretBuildArg → WithBuildSecret, and updated default Azure credential behavior.
See the full list of breaking changes.

📖 Learn more

For the full details on everything in this release, check out the What's new in Aspire 13.2 documentation.

Thank you to all the community contributors who helped make this release happen! 💜

13.1.3

What's Changed

• [release/13.1] Add installer publishing updates for 13.1.3 by @​radical in [release/13.1] Add installer publishing updates for 13.1.3 aspire#15158

Full Changelog: microsoft/aspire@v13.1.2...v13.1.3

13.1.2

What's Changed

• Bump patch version from 13.1.1 to 13.1.2 by @​Copilot in Bump patch version from 13.1.1 to 13.1.2 aspire#14699
• [release/13.1] Fix template version parsing for .NET 10.0 SDK separator change by @​JamesNK in [release/13.1] Fix template version parsing for .NET 10.0 SDK separator change aspire#14698
• Update pipeline images to non-deprecated pools by @​joperezr in Update pipeline images to non-deprecated pools aspire#14707

Full Changelog: microsoft/aspire@v13.1.1...v13.1.2

13.1.1

What's Changed

• [release/13.1] Ensure WithHostHttpsPort works when chained inline by @​github-actions[bot] in [release/13.1] Ensure WithHostHttpsPort works when chained inline aspire#13678
• [release/13.1] Escape backslashes in path string to discovered vite config by @​github-actions[bot] in [release/13.1] Escape backslashes in path string to discovered vite config aspire#13822
• [release/13.1] [Testing] Fixing bugs for sticky slot app settings by @​github-actions[bot] in [release/13.1] [Testing] Fixing bugs for sticky slot app settings aspire#13810
• [release/13.1] Fix AzureBicepResource file-not-found error when using templateFile with AzurePublishingContext by @​github-actions[bot] in [release/13.1] Fix AzureBicepResource file-not-found error when using templateFile with AzurePublishingContext aspire#14018
• [release/13.1] Filter dev certs without X509SubjectKeyIdentifierExtension when any cert has it by @​github-actions[bot] in [release/13.1] Filter dev certs without X509SubjectKeyIdentifierExtension when any cert has it aspire#13676
• [release/13.1] Fix Aspire.ProjectTemplates build failure from command line length limits by @​github-actions[bot] in [release/13.1] Fix Aspire.ProjectTemplates build failure from command line length limits aspire#14009
• [release/13.1] Update Azure.Identity package version to 1.17.1 by @​eerhardt in [release/13.1] Update Azure.Identity package version to 1.17.1 aspire#14251
• Bump patch version from 13.1.0 to 13.1.1 by @​Copilot in Bump patch version from 13.1.0 to 13.1.1 aspire#14329

Full Changelog: microsoft/aspire@v13.1.0...v13.1.1

13.1.0

We are excited to share that our 13.1.0 release of Aspire has shipped! All of the packages are available in NuGet.org now. Head over to https://aspire.dev/whats-new/aspire-13-1/ to find what's new in 13.1.0!

What's Changed

• Target net10.0 in client integrations by @​eerhardt in Target net10.0 in client integrations aspire#12500
• Fix DockerComposeEnvironment duplicating image names in .env file by @​Copilot in Fix DockerComposeEnvironment duplicating image names in .env file aspire#12310
• Replace apt-get with npm for Azure Functions Core Tools installation by @​Copilot in Replace apt-get with npm for Azure Functions Core Tools installation aspire#12537
• Improve flaky dashboard integration test by @​JamesNK in Improve flaky dashboard integration test aspire#12534
• Add README.md for the Aspire.Hosting.Azure.AppService package by @​ShilpiRach in Add README.md for the Aspire.Hosting.Azure.AppService package aspire#12528
• Add support to enable automatic scaling for App Service Environment by @​ShilpiRach in Add support to enable automatic scaling for App Service Environment aspire#12305
• Update to FluentUI 4.13.1 by @​JamesNK in Update to FluentUI 4.13.1 aspire#12532
• Skip playground projects in build-packages workflow by @​Copilot in Skip playground projects in build-packages workflow aspire#12547
• Allow HostUrl to remap both address and port by @​danegsta in Allow HostUrl to remap both address and port aspire#12521
• Refactor NodeJs Integration by @​eerhardt in Refactor NodeJs Integration aspire#12530
• Fix MCP endpoint with redirect HTTPS by @​JamesNK in Fix MCP endpoint with redirect HTTPS aspire#12556
• [main] Update dependencies from microsoft/usvc-apiserver by @​dotnet-maestro[bot] in [main] Update dependencies from microsoft/usvc-apiserver aspire#12540
• Refactor AddNodeApp by @​eerhardt in Refactor AddNodeApp aspire#12538
• Update Aspire branding from 13.0 to 13.1 by @​Copilot in Update Aspire branding from 13.0 to 13.1 aspire#12527
• Add annotation to specify custom base images for generated Dockerfiles by @​Copilot in Add annotation to specify custom base images for generated Dockerfiles aspire#12566
• Fix generating random MCP endpoint URL in templates by @​JamesNK in Fix generating random MCP endpoint URL in templates aspire#12558
• [CI] Add new Agent for disabling or quarantining tests by @​radical in [CI] Add new Agent for disabling or quarantining tests aspire#12570
• Add ExcludeFromMcp() resource extension by @​JamesNK in Add ExcludeFromMcp() resource extension aspire#12515
• Localized file check-in by OneLocBuild Task: Build definition ID 1309: Build ID 2828818 by @​dotnet-bot in Localized file check-in by OneLocBuild Task: Build definition ID 1309: Build ID 2828818 aspire#12546
• Register IPipelineOutputService in DI for pipeline output directory management by @​Copilot in Register IPipelineOutputService in DI for pipeline output directory management aspire#12563
• Add deploy support for Docker Compose by @​captainsafia in Add deploy support for Docker Compose aspire#12548
• Quarantine flaky test: AzureServiceBusEmulatorResourceGeneratesConfigJsonWithCustomizations by @​Copilot in Quarantine flaky test: AzureServiceBusEmulatorResourceGeneratesConfigJsonWithCustomizations aspire#12578
• Update connection properties for non-Azure resources by @​sebastienros in Update connection properties for non-Azure resources aspire#12583
• Filter to highest package version per channel in aspire add command by @​Copilot in Filter to highest package version per channel in aspire add command aspire#12553
• Log DCP messages at Debug/Trace level in AppHost by @​Copilot in Log DCP messages at Debug/Trace level in AppHost aspire#12533
• Add CLI self-update prompts to aspire update command by @​Copilot in Add CLI self-update prompts to aspire update command aspire#12395
• Fix golang and alpine images. by @​mitchdenny in Fix golang and alpine images. aspire#12592
• Replace ContainerTargetPlatform.AllLinux with LinuxAmd64 by @​Copilot in Replace ContainerTargetPlatform.AllLinux with LinuxAmd64 aspire#12596
• [main] Update dependencies from microsoft/usvc-apiserver by @​dotnet-maestro[bot] in [main] Update dependencies from microsoft/usvc-apiserver aspire#12610
• Make IReportingStep and IReportingTask completion idempotent by @​Copilot in Make IReportingStep and IReportingTask completion idempotent aspire#12602
• Show --log-level debug hint when pipeline fails by @​Copilot in Show --log-level debug hint when pipeline fails aspire#12603
• [main] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [main] Update dependencies from dotnet/arcade aspire#12622
• Rename app.py to main.py in template by @​eerhardt in Rename app.py to main.py in template aspire#12628
• bump extension version by @​adamint in bump extension version aspire#12623
• don't build apphost in cli when running in extension by @​adamint in don't build apphost in cli when running in extension aspire#12621
• Detect which version of yarn is being used by @​eerhardt in Detect which version of yarn is being used aspire#12633
• Fix duplicate key exception when using WithExplicitStart() on resources with environment callbacks by @​Copilot in Fix duplicate key exception when using WithExplicitStart() on resources with environment callbacks aspire#12604
• Support AddCSharpApp, fix some rough edges around project resources by @​adamint in Support AddCSharpApp, fix some rough edges around project resources aspire#12568
• Add missing namespace to CertificateAuthorityCollectionResource by @​danegsta in Add missing namespace to CertificateAuthorityCollectionResource aspire#12639
• Add ModelContextProtocol assemblies to signing list by @​joperezr in Add ModelContextProtocol assemblies to signing list aspire#12637
• Generate fallback Dockerfile for Python apps without UV by @​Copilot in Generate fallback Dockerfile for Python apps without UV aspire#12627
• Update/bump container image tags for hosting components by @​joperezr in Update/bump container image tags for hosting components aspire#12459
• Mark IDeveloperCertificateService experimental by @​danegsta in Mark IDeveloperCertificateService experimental aspire#12648
• Wait with exponential backoff for expected Executables by @​karolz-ms in Wait with exponential backoff for expected Executables aspire#12647
• Make ProcessCertificateTrustConfigAsync internal by @​danegsta in Make ProcessCertificateTrustConfigAsync internal aspire#12649
• Add test cases and ensure container cert override paths work by @​danegsta in Add test cases and ensure container cert override paths work aspire#12654
• Python hosting: Support .venv lookup by walking up parent directories by @​Copilot in Python hosting: Support .venv lookup by walking up parent directories aspire#12616
  ... (truncated)

13.0.2

This patch is updating our Project Templates for our Python starter app to ensure we depend on the latest version of React. This is out of an abundance of caution, as we don't depend on any of the react packages that were flagged as vulnerable in GHSA-fv66-9v8q-g76r.

What's Changed

• Bump patch version from 13.0.1 to 13.0.2 by @​Copilot in Bump patch version from 13.0.1 to 13.0.2 aspire#13324
• Update React and ReactDOM to version 19.2.1 across all projects by @​joperezr in Update React and ReactDOM to version 19.2.1 across all projects aspire#13325

Full Changelog: microsoft/aspire@v13.0.1...v13.0.2

13.0.1

What's Changed

• Merge internal changes by @​joperezr in Merge internal changes aspire#12896
• [release/13.0] Fix Azure roles resources always redeploying by @​github-actions[bot] in [release/13.0] Fix Azure roles resources always redeploying aspire#12903
• [release/13.0] Remove .py and .js files from being signed (#​13005) by @​eerhardt in [release/13.0] Remove .py and .js files from being signed (#13005) aspire#13032
• [release/13.0] Fix subscription ID not being disabled on Azure provisioning dialog by @​github-actions[bot] in [release/13.0] Fix subscription ID not being disabled on Azure provisioning dialog aspire#12913
• [release/13.0] Default OpenAISettings.EnableSensitiveTelemetryData to TelemetryHelpers.EnableSensitiveDataDefault by @​github-actions[bot] in [release/13.0] Default OpenAISettings.EnableSensitiveTelemetryData to TelemetryHelpers.EnableSensitiveDataDefault aspire#13017
• Bump patch version from 13.0.0 to 13.0.1 by @​Copilot in Bump patch version from 13.0.0 to 13.0.1 aspire#13167
• [release/13.0] EndpointReference evaluation should wait on missing AllocatedEndpoint (#​13074) by @​karolz-ms in [release/13.0] EndpointReference evaluation should wait on missing AllocatedEndpoint (#13074) aspire#13076
• [release/13.0] Update to Npgsql 10 by @​github-actions[bot] in [release/13.0] Update to Npgsql 10 aspire#13166
• [release/13.0] Update dependencies from microsoft/usvc-apiserver by @​danegsta in [release/13.0] Update dependencies from microsoft/usvc-apiserver aspire#13187

Full Changelog: microsoft/aspire@v13.0.0...v13.0.1

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[Copilot]

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

[github-actions]

Automated Code Review

Reviewers: 4 | Confidence: 89%

✓ Correctness

This is a straightforward minor version bump of Aspire.Hosting.Azure.CognitiveServices from 13.0.0 to 13.3.0. While this creates a version skew with other Aspire packages in the same file (Aspire.Hosting.AppHost and Aspire.Hosting.Azure.Search remain at 13.0.0), this is safe — NuGet's dependency resolution will pick the highest compatible version for shared transitive dependencies, and Aspire extension packages within the same major version are designed to be independently upgradable. No correctness issues found.

✓ Security Reliability

This is a straightforward minor version bump of Aspire.Hosting.Azure.CognitiveServices from 13.0.0 to 13.3.0 in the central package management file. The release notes indicate the update includes a security patch (CVE-2026-40894 in OpenTelemetry dependencies via 13.2.4) along with feature additions and bug fixes. No security or reliability concerns with this change.

✓ Test Coverage

This is a straightforward minor version bump of the Aspire.Hosting.Azure.CognitiveServices package from 13.0.0 to 13.3.0 in the central package management file. The package is only consumed by two sample/demo Aspire AppHost projects (ChatWithAgent.AppHost and ProcessFramework.Aspire.SignalR.AppHost), which are infrastructure orchestration projects without associated unit tests. No behavioral code in this repository is changed, so there is no new or modified behavior requiring test coverage.

✗ Design Approach

The dependency bump introduces version skew inside the repo’s Aspire AppHost stack without updating the corresponding AppHost package or SDK pins. The current codebase consistently keeps those hosting components on the same Aspire release, and both AppHost samples consume Aspire.Hosting.AppHost and Aspire.Hosting.Azure.CognitiveServices together, so bumping only one of them is a risky design change rather than a self-contained package refresh.

Flagged Issues

• This changes Aspire.Hosting.Azure.CognitiveServices to 13.3.0 while the same AppHost projects still pin Aspire.Hosting.AppHost and Aspire.AppHost.Sdk to 13.0.0. The repo's existing pattern is to keep the Aspire hosting stack aligned, so this PR should either update the matching AppHost pins too or leave this package on 13.0.0.

---

Automated review by dependabot[bot]'s agents

[github-actions]

This single-package bump creates a mixed Aspire hosting stack in the sample AppHosts: they still reference Aspire.Hosting.AppHost and Aspire.AppHost.Sdk at 13.0. The existing repo pattern is to keep these Aspire hosting components aligned, so please update the matching AppHost pins in the same change or keep this package at 13.0.0.