Skip to content

.Net: Bump Aspire.Hosting.AppHost from 13.0.0 to 13.3.0#13995

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/dotnet/Aspire.Hosting.AppHost-13.3.0
Open

.Net: Bump Aspire.Hosting.AppHost from 13.0.0 to 13.3.0#13995
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/dotnet/Aspire.Hosting.AppHost-13.3.0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 12, 2026

Updated Aspire.Hosting.AppHost from 13.0.0 to 13.3.0.

Release notes

Sourced from Aspire.Hosting.AppHost's releases.

13.3.0

Aspire 13.3.0

Aspire 13.3 is here! 🚀 This release is packed with new ways to deploy, debug, and build distributed apps — including aspire destroy, browser telemetry in the dashboard, Kubernetes deployment, first-class JavaScript publishing, and major TypeScript AppHost parity
improvements.

Highlights

  • 🧹 Clean teardown — New aspire destroy tears down Azure, Kubernetes, and Docker Compose deployments, and pipeline summaries make deploy/publish/destroy runs easier to follow.
  • 🔍 Frontend telemetryAspire.Hosting.Browsers captures browser console logs, network requests, and screenshots right in the Aspire dashboard.
  • ☸️ Kubernetes deploy previewaspire deploy can now generate Helm-based Kubernetes deployments, with first-class Ingress and Gateway API routing.
  • 🟨 JavaScript publishing — New PublishAs* methods support static sites, Node servers, npm-script apps, Next.js, Vite, Bun, Yarn, and pnpm.
  • 🌐 TypeScript AppHost parity — Unified withEnvironment, Docker Compose hooks, endpoint expressions, Azure Container Apps domains, and more close the gap with C# AppHosts.
  • 🛠️ CLI upgrades — Run the standalone dashboard with aspire dashboard run, install the CLI as a NativeAOT dotnet tool, and search API docs from the terminal.
  • ☁️ Azure goodness — New Azure Front Door, Network Security Perimeter, AKS, private endpoint, and Foundry Prompt Agent support.
  • 🐳 Better containers — The Aspire container tunnel is now enabled by default for consistent host connectivity across Docker Desktop, Docker Engine, and Podman.

⚠️ Breaking changes

Notable breaking changes include --log-level becoming --pipeline-log-level, the dashboard MCP server being replaced by aspire agent init, dotnet new aspire-py-starter moving to aspire new aspire-py-starter, and several API shape updates across AKS,
Foundry, JavaScript diagnostics, and TypeScript AppHost helpers.

See the full list in the Aspire 13.3 breaking changes.

📖 Learn more

For the full details, examples, migration guidance, and everything new in this release, check out What's new in Aspire 13.3.

Thank you to all the community contributors who helped make Aspire 13.3 possible! 💜

13.2.4

Aspire 13.2.4

What's New in Aspire 13.2.4

Patch release addressing a security advisory in OpenTelemetry dependencies.

🐛 Fixes

  • 🔒 Bumped OpenTelemetry dependencies to address CVE-2026-40894 (#​16420)

🏷️ Housekeeping

  • 🚀 Bumped branding to
    13.2.4 (#​16436)

13.2.3

What's New in Aspire 13.2.3

Patch release focused on CLI packaging, signing, and reliability fixes.

🐛 Fixes

  • 🛑 aspire stop now properly cleans up application containers on Windows (#​16123)
  • 🔐 Fixed macOS signing, permissions, and certificate trust with improved CI verification (#​16053)
  • ✍️ Fixed signing for the aspire-managed bundle payload (#​16211)
  • 🎭 Fixed Playwright CLI provenance verification for the new tag format (#​16134)
  • 🧭 Updated service discovery environment variables (#​16223)

🔧 Improvements

  • 📊 Removed telemetry API data limits and refactored URL builders (#​16023)
  • ⏱️ Increased native build + sign timeout to 60 minutes for reliability (#​16212)

🏷️ Housekeeping

  • 🔖 Bumped branding to 13.2.3 (#​16181)
  • 🧪 Temporarily disabled Verify CLI archive step on Windows while investigating (#​16276, #​16285)

13.2.2

This is a servicing release focused on bug fixes and platform improvements.

🐛 Bug Fixes

  • Fix SqlClient runtime asset layout on Unix — Resolved an issue where Microsoft.Data.SqlClient failed to load correctly on macOS and Linux due to incorrect NuGet asset layout (#​15709)
  • Fix IDE execution regressions for Azure Functions and class library projects — Backported fixes for
    13.2 regressions impacting IDE-based execution (#​15714)
  • Fix NpmRunner multi-version output parsing — npm view returning multiple versions no longer breaks version resolution; also bumps @​playwright/cli to >=0.1.3 (#​15746)
  • Skip name validation for internal resources — ProjectRebuilderResource, installer, and venv creator resources no longer fail the 64-char name limit since they're never deployed (#​15726, fixes #​15693)

🔒 Security & Certificates

  • Use ASP.NET Core dev cert for DCP — Avoids ephemeral certificate trust issues by using the standard ASP.NET Core developer certificate (#​15718)
  • Cache PFX dev certs on Windows and Linux — Prevents binary-level changes between runs for persistent container scenarios (#​15774)

🏗️ Infrastructure & Platform

  • ARM64 CLI support — Added win-arm64 and linux-arm64 to the native CLI archive build matrix (#​15599)
  • Update DCP to
    0.22.11 (#​15713)

💻 CLI Improvements

  • Show anonymous dashboard URLs in aspire ps — The dashboard URL is now displayed even when running without authentication (#​15731

13.2.1

🐛 Bug Fixes

  • 🖥️ CLI bundles for ARM & musl — win-arm64, linux-arm64, and linux-musl-x64 bundles now correctly include DCP instead of silently producing broken installs (#​15529)
  • ⚡ aspire new in VS Code — Fixed a race where the workspace switch severed the CLI terminal before the agent init prompt could complete (#​15553)
  • 🔗 Dashboard resource URLs — The describe command no longer produces broken dashboard links with a stray /login?t=... in the path (#​15495)
  • 🌍 Guest AppHost env vars — Launch profile environment variables are now correctly forwarded to guest AppHosts (#​15637)
  • 📦 Legacy settings migration — .aspire/settings.json → aspire.config.json migration was silently skipped in some scenarios; now works reliably (#​15526)
  • 🔧 TypeScript AppHost restore — Fixed config resolution during TS AppHost restore (#​15625)
  • 🎭 Playwright CLI on Windows — aspire agent init now correctly installs playwright-cli on Windows (#​15559)
  • 📌 Emulator stability — Pinned Kusto emulator image and improved Cosmos DB emulator reliability (#​15504)

✨ Improvements

  • 🏗️ Brownfield TypeScript aspire init — Running aspire init in existing JS/TS projects now smartly merges package.json — scripts, dependencies, and engines — with semver-aware conflict handling (#​15123)
  • 🎯 Endpoint filtering — New ExcludeReferenceEndpoint property lets you filter specific endpoints from WithReference (#​15586)
  • 🌐 More polyglot ATS APIs — Exported additional hosting APIs for TypeScript and Go AppHost authoring (#​15557)
  • 🔍 Short trace ID support — The dashboard now resolves short trace IDs in addition to full-length ones (#​15613)
  • ⚠️ Aspire.Hosting.NodeJs deprecated — Use Aspire.Hosting.JavaScript instead; the old package no longer appears in aspire add (#​15686)

13.2.0

Aspire 13.2

Aspire 13.2 brings major CLI enhancements, a new TypeScript AppHost (preview), dashboard data export/import, Microsoft Foundry integration, and multi-language improvements — all focused on making local development more streamlined for developers and AI coding agents
alike.

Highlights

  • 🛠️ CLI overhaul — New commands including aspire start/stop/ps for detached mode, aspire describe for resource monitoring, aspire doctor for environment diagnostics, aspire secret for managing user secrets, aspire docs for browsing documentation from the terminal,
    and aspire agent (renamed from aspire mcp) for AI agent integration.
  • 🌐 TypeScript AppHost (preview) — Write your apphost in TypeScript with createBuilder(), using the same app model concepts as C#. Full VS Code extension support included.
  • 🧩 VS Code extension — Dedicated Aspire Activity Bar panel with live resource state, inline CodeLens with health status and actions, gutter decorations, and a new Getting Started walkthrough.
  • 📊 Dashboard improvements — Bulk telemetry export/import, export environment variables as .env files, a new telemetry HTTP API, set parameters directly from the dashboard, and improved resource graph layout.
  • 🤖 Microsoft Foundry — Replaces Azure AI Foundry integration with broader Aspire.Hosting.Foundry support including hosted agents and model deployments.
  • 🔒 Azure Virtual Network & Private Endpoints — New Aspire.Hosting.Azure.Network integration for defining VNets, subnets, NAT gateways, NSGs, and private endpoints directly in your apphost.
  • 🐳 Docker Compose publishing — Generate docker-compose.yaml from your app model with AddDockerComposeEnvironment.
  • 📦 New integrations — Azure Data Lake Storage, MongoDB EF Core (Aspire.MongoDB.EntityFrameworkCore), Bun support for JS resources, and Certbot for automated SSL certificates.
  • ⚡ App model — WithMcpServer for declaring MCP endpoints, rebuild command for project resources, contextual endpoint resolution, and improved secret/certificate handling.

⚠️ Breaking changes

Notable breaking changes include service discovery env vars now using endpoint scheme instead of name, aspire.config.json replacing split config files, AIFoundry → Foundry rename, WithSecretBuildArg → WithBuildSecret, and updated default Azure credential behavior.
See the full list of breaking changes.

📖 Learn more

For the full details on everything in this release, check out the What's new in Aspire 13.2 documentation.

Thank you to all the community contributors who helped make this release happen! 💜

13.1.3

What's Changed

Full Changelog: microsoft/aspire@v13.1.2...v13.1.3

13.1.2

What's Changed

Full Changelog: microsoft/aspire@v13.1.1...v13.1.2

13.1.1

What's Changed

Full Changelog: microsoft/aspire@v13.1.0...v13.1.1

13.1.0

We are excited to share that our 13.1.0 release of Aspire has shipped! All of the packages are available in NuGet.org now. Head over to https://aspire.dev/whats-new/aspire-13-1/ to find what's new in 13.1.0!

What's Changed

13.0.2

This patch is updating our Project Templates for our Python starter app to ensure we depend on the latest version of React. This is out of an abundance of caution, as we don't depend on any of the react packages that were flagged as vulnerable in GHSA-fv66-9v8q-g76r.

What's Changed

Full Changelog: microsoft/aspire@v13.0.1...v13.0.2

13.0.1

What's Changed

Full Changelog: microsoft/aspire@v13.0.0...v13.0.1

Commits viewable in compare view.

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot
Bump Aspire.Hosting.AppHost from 13.0.0 to 13.3.0
63d36de 
---
updated-dependencies:
- dependency-name: Aspire.Hosting.AppHost
  dependency-version: 13.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Issue or Pull requests regarding .NET code dependencies Pull requests that update a dependency file. Used by Dependabot. labels May 12, 2026
Copilot AI review requested due to automatic review settings May 12, 2026 04:59
@dependabot dependabot Bot requested a review from a team as a code owner May 12, 2026 04:59
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file. Used by Dependabot. .NET Issue or Pull requests regarding .NET code labels May 12, 2026
Copilot AI reviewed May 12, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot encountered an error and was unable to review this pull request. You can try again by re-requesting a review.

@github-actions github-actions Bot changed the title Bump Aspire.Hosting.AppHost from 13.0.0 to 13.3.0 .Net: Bump Aspire.Hosting.AppHost from 13.0.0 to 13.3.0 May 12, 2026
github-actions[bot]
github-actions Bot reviewed May 12, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

@github-actions github-actions Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Automated Code Review

Reviewers: 4 | Confidence: 93%

✓ Correctness

This is a straightforward version bump of Aspire.Hosting.AppHost from 13.0.0 to 13.3.0 in the central package management file. No correctness issues found. The other Aspire.Hosting.* packages (Azure.CognitiveServices at 13.0.0, Azure.Search at 13.0) are separate hosting integration packages that don't need to be version-locked with the AppHost SDK package.

✓ Security Reliability

This is a minor version bump of Aspire.Hosting.AppHost from 13.0.0 to 13.3.0 in the central package management file. The package is only consumed by sample/demo AppHost projects. The upgrade path includes a security patch (13.2.4 addressing CVE-2026-40894). No security or reliability concerns with this change.

✓ Test Coverage

This is a straightforward dependency version bump of Aspire.Hosting.AppHost from 13.0.0 to 13.3.0 in the central package management file. The package is only consumed by three sample/demo AppHost projects under dotnet/samples/Demos/. There are no existing tests for these Aspire sample projects, which is typical and acceptable for demo code. No new behavior is being introduced that would require additional test coverage. The change is low-risk.

✗ Design Approach

The only design issue I found is that this PR updates Aspire.Hosting.AppHost in isolation, while the repo’s actual AppHost projects still pin the Aspire SDK and sibling hosting extensions to 13.0.0. That leaves the AppHost stack on a mixed 13.0/13.3 version set rather than following the repo’s existing aligned-version pattern.

Flagged Issues

  • Aspire.Hosting.AppHost is bumped to 13.3.0, but all AppHost projects still use <Sdk Name="Aspire.AppHost.Sdk" Version="13.0.0" /> (e.g. ChatWithAgent.AppHost.csproj:3, ProcessFramework.Aspire.AppHost.csproj:3, ProcessFramework.Aspire.SignalR.AppHost.csproj:3), and sibling Aspire hosting packages remain at 13.0.0 in Directory.Packages.props:11 and :15. This creates an inconsistent Aspire toolchain rather than moving to a coherent 13.3 baseline.

Automated review by dependabot[bot]'s agents

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@github-actions github-actions[bot] github-actions[bot] left review comments

Copilot code review Copilot Copilot left review comments

At least 2 approving reviews are required to merge this pull request.

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file. Used by Dependabot. .NET Issue or Pull requests regarding .NET code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant