Bump Microsoft.SemanticKernel from 1.72.0 to 1.74.0#944
Open
dependabot[bot] wants to merge 870 commits intomainfrom
Open
Bump Microsoft.SemanticKernel from 1.72.0 to 1.74.0#944dependabot[bot] wants to merge 870 commits intomainfrom
dependabot[bot] wants to merge 870 commits intomainfrom
Conversation
…arp.Web (#728) Bumps dotnet/sdk from 9.0.202 to 9.0.203. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…arp.Web (#729) Bumps dotnet/sdk from 9.0.203 to 9.0.300. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…arp.Web (#737) Bumps dotnet/sdk from 9.0.300 to 9.0.301. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…nd .NET Profiler (#741) This PR integrates Azure Application Insights with OpenTelemetry and the .NET Profiler to provide comprehensive monitoring and performance profiling for the ASP.NET Core application. ## Changes Made ### Package Dependencies - Added `Azure.Monitor.OpenTelemetry.AspNetCore` (v1.3.0) for OpenTelemetry integration - Added `Microsoft.ApplicationInsights.Profiler.AspNetCore` (v2.6.0) for .NET Profiler support ### Configuration Updates - **Program.cs**: Added OpenTelemetry configuration with `UseAzureMonitor()` - **Program.cs**: Added Application Insights telemetry services with `AddApplicationInsightsTelemetry()` - **Program.cs**: Added Service Profiler with `AddServiceProfiler()` - **Program.cs**: Added required using statement for `Azure.Monitor.OpenTelemetry.AspNetCore` ### Environment Configuration - The application now automatically reads the `APPLICATIONINSIGHTS_CONNECTION_STRING` environment variable - All logs and exceptions are automatically sent to Application Insights - Compatible with containerized deployment using the existing Dockerfile ### Documentation & Testing - **README.md**: Updated with `APPLICATIONINSIGHTS_CONNECTION_STRING` environment variable documentation - **README.md**: Updated .NET SDK requirement to 9.0 - **ApplicationInsightsTests.cs**: Added basic integration tests to verify Application Insights services are properly registered ## Runtime Configuration Set the following environment variable to enable Application Insights: ```bash APPLICATIONINSIGHTS_CONNECTION_STRING="InstrumentationKey=your-instrumentation-key-here;IngestionEndpoint=https://region.in.applicationinsights.azure.com/;LiveEndpoint=https://region.livediagnostics.monitor.azure.com/" ``` ## Benefits - **Telemetry**: Automatic collection of requests, dependencies, exceptions, and custom metrics - **Logging**: All application logs are sent to Application Insights - **Profiling**: .NET Profiler provides detailed performance insights - **Monitoring**: OpenTelemetry integration provides distributed tracing - **Container Support**: Works seamlessly in containerized environments This implementation follows Microsoft's best practices from the official documentation for OpenTelemetry and Application Insights integration. Fixes #740. > [!WARNING] > > <details> > <summary>Firewall rules blocked me from connecting to one or more addresses</summary> > > #### I tried to connect to the following addresses, but was blocked by firewall rules: > > - `download.visualstudio.microsoft.com` > - Triggering command: `wget REDACTED -O dotnet-sdk.tar.gz ` (dns block) > > If you need me to access, download, or install something from one of these locations, you can either: > > - Configure [Actions setup steps](https://gh.io/copilot/actions-setup-steps) to set up my environment, which run before the firewall is enabled > - Add the appropriate URLs or hosts to my [firewall allow list](https://gh.io/copilot/firewall-config) > > </details> <!-- START COPILOT CODING AGENT TIPS --> --- 💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click [here](https://survey.alchemer.com/s3/8343779/Copilot-Coding-agent) to start the survey. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: BenjaminMichaelis <22186029+BenjaminMichaelis@users.noreply.github.com> Co-authored-by: Benjamin Michaelis <git@relay.benjamin.michaelis.net>
Ensures Application Insights is configured only if a connection string is available. Adds logging to warn when the connection string is missing, disabling telemetry collection.
Specifies the Azure Monitor connection string directly in the OpenTelemetry configuration. This allows the application to connect to the correct Azure Monitor instance, which improves telemetry data routing.
## Description Added progress percent to top of page. I want to iterate on this feature with some of the following possible changes: - Perhaps add page number field to Tooling side for the following reasons: - More intuitive to enter page number to navigate to it - Easier to read/remember than a percentage - More accurate - Add ability to navigate to percent/page number - Add same functionality to tooltip as the following issue suggests Fixes IntelliTect-dev/EssentialCSharp.Tooling#442 ### Ensure that your pull request has followed all the steps below: - [x] Code compilation - [x] Created tests which fail without the change (if possible) - [x] All tests passing - [x] Extended the README / documentation, if necessary --------- Co-authored-by: Benjamin Michaelis <git@relay.benjamin.michaelis.net>
…arp.Web (#755) Bumps dotnet/sdk from 9.0.301 to 9.0.302. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…757) ## Problem Pages with `rid` query parameter (e.g., `/guidelines?rid=abc123`) were returning blank content with HTTP 200 status, while the same pages without the parameter worked correctly. ## Root Cause The `ReferralMiddleware` was processing referral tracking but failing to continue the request pipeline when a `rid` parameter was present. The middleware was missing the critical `await _Next(context);` call after referral processing, causing the request to terminate early. ## Before (Broken): ```csharp public async Task InvokeAsync(HttpContext context, IReferralService referralService, UserManager<EssentialCSharpWebUser> userManager) { string? referralId = query["rid"]; if (string.IsNullOrWhiteSpace(referralId)) { await _Next(context); // ✓ Continues pipeline when NO rid return; } // Process referral tracking referralService.TrackReferralAsync(referralId, claimsUser); // ❌ MISSING: await _Next(context); // Pipeline stops here when rid exists! } ``` ## After (Fixed): ```csharp public async Task InvokeAsync(HttpContext context, IReferralService referralService, UserManager<EssentialCSharpWebUser> userManager) { string? referralId = query["rid"]; if (string.IsNullOrWhiteSpace(referralId)) { await _Next(context); return; } try { // Process referral tracking referralService.TrackReferralAsync(referralId, claimsUser); } catch (Exception ex) { _logger.LogError(ex, "Failed to track referral ID {ReferralId}", referralId); } // ✅ FIXED: Always continue the pipeline await _Next(context); } ``` ## Changes Made 1. **Critical Fix**: Added missing `await _Next(context);` call after referral processing 2. **Error Resilience**: Added try-catch around referral tracking to prevent exceptions from breaking page rendering 3. **Logging Enhancement**: Added structured error logging for debugging referral tracking issues 4. **Test Coverage**: Added comprehensive tests to verify the fix works for all scenarios ## Verification ✅ `/guidelines?rid=abc123` now renders content correctly ✅ `/about?rid=user-ref` now renders content correctly ✅ Referral tracking functionality preserved ✅ Error scenarios handled gracefully ✅ Backward compatibility maintained ## Test Cases Added - Pages with valid rid parameters return content - Pages with empty/whitespace rid parameters work correctly - Pages with non-rid parameters continue to work - Error scenarios are logged but don't break page rendering Fixes #756. <!-- START COPILOT CODING AGENT TIPS --> --- 💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click [here](https://survey.alchemer.com/s3/8343779/Copilot-Coding-agent) to start the survey. --------- Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com> Co-authored-by: BenjaminMichaelis <22186029+BenjaminMichaelis@users.noreply.github.com> Co-authored-by: Benjamin Michaelis <git@relay.benjamin.michaelis.net> Co-authored-by: Keboo <952248+Keboo@users.noreply.github.com>
…arp.Web (#762) Bumps dotnet/sdk from 9.0.302 to 9.0.303. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Implements sitemap generation to improve SEO and site discoverability. - Introduces `DotnetSitemapGenerator` package for creating sitemap XML. - Dynamically generates routes from controllers, excluding Identity routes. - Adds static routes and site mappings from content. - Ensures sitemap health by validating canonical links. Part 1 of #754
A bunch of files were just deleted :) Fixes #168 Fixes IntelliTect-dev/EssentialCSharp.Tooling#901 <details> <summary>PR Summary</summary> This pull request introduces significant enhancements to integrate Azure OpenAI services and vector search capabilities into the project. Key changes include adding dependencies for AI and vector search tools, creating new services for AI chat and search functionality, and defining models and configurations to support these features. ### Dependency and Configuration Updates: * [`Directory.Packages.props`](diffhunk://#diff-5baf5f9e448ad54ab25a091adee0da05d4d228481c9200518fcb1b53a65d4156R39-R47): Added new package dependencies, including `Microsoft.SemanticKernel`, `ModelContextProtocol`, and `System.CommandLine`, to enable AI and vector search functionality. * [`EssentialCSharp.Chat.Common.csproj`](diffhunk://#diff-f4e3de9b154fa0162fee1cd9a75b70d7ffff3b3ca7b34028a3a36b2345a0bca8R1-R20): Configured project properties and added package references for Azure OpenAI and vector search integration. ### AI Service Implementation: * [`EssentialCSharp.Chat.Shared/Services/AIChatService.cs`](diffhunk://#diff-2e3a8204c3630d2aad08cd1583dd37bb97b89bebdb390cd9684fbdd60615f710R1-R348): Introduced `AIChatService`, which handles AI chat completions using Azure OpenAI. It supports both single and streaming responses, contextual prompt enrichment via vector search, and function call execution. * [`EssentialCSharp.Chat.Shared/Services/AISearchService.cs`](diffhunk://#diff-ab2dec801c787671ce9cf9e09dec9932c670b5f54e02f866a094bccc27e399a8R1-R27): Added `AISearchService` to execute vector searches on book content chunks using embeddings generated by the `EmbeddingService`. ### Data Models and Extensions: * [`EssentialCSharp.Chat.Shared/Models/BookContentChunk.cs`](diffhunk://#diff-6c4785393661a1f777dce26db779b2c20341b7a0eb8b1bd954d157d3c669d82cR1-R54): Defined `BookContentChunk` to represent chunks of book content for vector search, including metadata and vector embeddings. * [`EssentialCSharp.Chat.Shared/Models/AIOptions.cs`](diffhunk://#diff-66e64dc8790347f86e8ebce8a3e7fc8b25a9694ddb514ea3f90522bb81310395R1-R34): Created `AIOptions` to centralize configuration for Azure OpenAI services and PostgreSQL vector store. * [`EssentialCSharp.Chat.Shared/Extensions/ServiceCollectionExtensions.cs`](diffhunk://#diff-44e37562fe51903c9f707ccc04677a25b2e37691b1a7dead5d62cc2f76004d83R1-R80): Added extension methods to register Azure OpenAI services and PostgreSQL vector store in the dependency injection container. </details> Screenshot: <img width="1342" height="1144" alt="image" src="https://github.com/user-attachments/assets/71dbf972-7ff4-45ed-b161-f80e9c342ff2" />
dependabot
Bot
force-pushed
the
dependabot/nuget/Microsoft.SemanticKernel-1.74.0
branch
from
b099def to
b1e36e2
Compare
intellitect-bot
approved these changes
Apr 17, 2026
- Replace UseExceptionHandler('/Error') with lambda handler that:
- Logs exceptions via IExceptionHandlerFeature (was silently swallowed)
- Returns JSON 500 for /api/* requests (fixes chat returning 404 HTML)
- Redirects non-API requests to /Home/Error?statusCode=500 (route exists)
- Add try/catch to ChatController.StreamMessage with:
- OperationCanceledException guard for clean client disconnect handling
- Pre-response-start catch: returns JSON 500 with CancellationToken.None
- Mid-stream catch: best-effort SSE error event, wrapped in try/catch
- Update ChatDeploymentName default: gpt-4o -> gpt-5 (matches ecs-cog-prod)
Update prod deploy to reference -V2 versioned secrets pointing to ecs-cog-prod (cognitiveservices.azure.com). Rollback: revert this commit. - AIOptions--Endpoint-V2: https://ecs-cog-prod.cognitiveservices.azure.com/ - AIOptions--ChatDeploymentName-V2: gpt-5 - AIOptions--VectorGenerationDeploymentName-V2: text-embedding-3-small-v1 Dev KV secrets already updated to new values (same secret names, no -V2 needed).
Update prod KV secrets in-place instead of versioned names. Chat was already broken so rollback risk is negligible.
…ployment workflow Both dev and prod KVs now have this secret managed by Terraform (azapi_resource in configuration/env/dev/main.tf and configuration/env/prod/main.tf). This secret name matches the actual config key it feeds (ConnectionStrings:PostgresVectorStore) and eliminates the confusing remapping from connectionstrings--PostgresVectorDb. This decouples the web app's postgres connection string from the Tooling pipeline's connection string, which was sharing the same KV secret and causing breakage when dev KV was updated to point to the dev PostgreSQL server.
) Updated [Microsoft.EntityFrameworkCore.SqlServer](https://github.com/dotnet/dotnet) from 10.0.5 to 10.0.6. <details> <summary>Release notes</summary> _Sourced from [Microsoft.EntityFrameworkCore.SqlServer's releases](https://github.com/dotnet/dotnet/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot
Bot
force-pushed
the
dependabot/nuget/Microsoft.SemanticKernel-1.74.0
branch
from
b1e36e2 to
6c9c70a
Compare
intellitect-bot
approved these changes
Apr 20, 2026
Updated EssentialCSharp.Shared.Models from 1.1.1.18932 to 1.1.1.18964. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updated EssentialCSharp.Shared.Models from 1.1.1.18964 to 1.1.1.18973. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updated [Microsoft.EntityFrameworkCore.Tools](https://github.com/dotnet/dotnet) from 10.0.3 to 10.0.6. <details> <summary>Release notes</summary> _Sourced from [Microsoft.EntityFrameworkCore.Tools's releases](https://github.com/dotnet/dotnet/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
dependabot
Bot
force-pushed
the
dependabot/nuget/Microsoft.SemanticKernel-1.74.0
branch
from
6c9c70a to
bfd0ba3
Compare
intellitect-bot
approved these changes
Apr 21, 2026
Updated [System.CommandLine](https://github.com/dotnet/dotnet) from 2.0.5 to 2.0.6. <details> <summary>Release notes</summary> _Sourced from [System.CommandLine's releases](https://github.com/dotnet/dotnet/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updated [TUnit](https://github.com/thomhurst/TUnit) from 1.35.2 to 1.37.10. <details> <summary>Release notes</summary> _Sourced from [TUnit's releases](https://github.com/thomhurst/TUnit/releases)._ ## 1.37.10 <!-- Release notes generated using configuration in .github/release.yml at v1.37.10 --> ## What's Changed ### Other Changes * docs(test-filters): add migration callout for --filter → --treenode-filter by @johnkattenhorn in thomhurst/TUnit#5628 * fix: re-enable RPC tests and modernize harness (#5540) by @thomhurst in thomhurst/TUnit#5632 * fix(mocks): propagate [Obsolete] and null-forgiving raise dispatch (#5626) by @JohnVerheij in thomhurst/TUnit#5631 * ci: use setup-dotnet built-in NuGet cache by @thomhurst in thomhurst/TUnit#5635 * feat(playwright): propagate W3C trace context into browser contexts by @thomhurst in thomhurst/TUnit#5636 ### Dependencies * chore(deps): update tunit to 1.37.0 by @thomhurst in thomhurst/TUnit#5625 ## New Contributors * @johnkattenhorn made their first contribution in thomhurst/TUnit#5628 * @JohnVerheij made their first contribution in thomhurst/TUnit#5631 **Full Changelog**: thomhurst/TUnit@v1.37.0...v1.37.10 ## 1.37.0 <!-- Release notes generated using configuration in .github/release.yml at v1.37.0 --> ## What's Changed ### Other Changes * fix: stabilize flaky tests across analyzer, OTel, and engine suites by @thomhurst in thomhurst/TUnit#5609 * perf: engine hot-path allocation wins (#5528 B) by @thomhurst in thomhurst/TUnit#5610 * feat(analyzers): detect collection IsEqualTo reference equality (TUnitAssertions0016) by @thomhurst in thomhurst/TUnit#5615 * perf: consolidate test dedup + hook register guards (#5528 A) by @thomhurst in thomhurst/TUnit#5612 * perf: engine discovery/init path cleanup (#5528 C) by @thomhurst in thomhurst/TUnit#5611 * fix(assertions): render collection contents in IsEqualTo failure messages (#5613 B) by @thomhurst in thomhurst/TUnit#5619 * feat(analyzers): code-fix for TUnit0015 to insert CancellationToken (#5613 D) by @thomhurst in thomhurst/TUnit#5621 * fix(assertions): add Task reference forwarders on AsyncDelegateAssertion by @thomhurst in thomhurst/TUnit#5618 * test(asp-net): fix race in FactoryMethodOrderTests by @thomhurst in thomhurst/TUnit#5623 * feat(analyzers): code-fix for TUnit0049 to insert [MatrixDataSource] (#5613 C) by @thomhurst in thomhurst/TUnit#5620 * fix(pipeline): isolate AOT publish outputs to stop clobbering pack DLLs (#5622) by @thomhurst in thomhurst/TUnit#5624 ### Dependencies * chore(deps): update tunit to 1.36.0 by @thomhurst in thomhurst/TUnit#5608 * chore(deps): update modularpipelines to 3.2.8 by @thomhurst in thomhurst/TUnit#5614 **Full Changelog**: thomhurst/TUnit@v1.36.0...v1.37.0 ## 1.36.0 <!-- Release notes generated using configuration in .github/release.yml at v1.36.0 --> ## What's Changed ### Other Changes * fix: don't render test's own trace as Linked Trace in HTML report by @thomhurst in thomhurst/TUnit#5580 * fix(docs): benchmark index links 404 by @thomhurst in thomhurst/TUnit#5587 * docs: replace repeated benchmark link suffix with per-test descriptions by @thomhurst in thomhurst/TUnit#5588 * docs: clearer distributed tracing setup and troubleshooting by @thomhurst in thomhurst/TUnit#5597 * fix: auto-suppress ExecutionContext flow for hosted services (#5589) by @thomhurst in thomhurst/TUnit#5598 * feat: auto-align DistributedContextPropagator to W3C by @thomhurst in thomhurst/TUnit#5599 * feat: TUnit0064 analyzer + code fix for direct WebApplicationFactory inheritance by @thomhurst in thomhurst/TUnit#5601 * feat: auto-propagate test trace context through IHttpClientFactory by @thomhurst in thomhurst/TUnit#5603 * feat: TUnit.OpenTelemetry zero-config tracing package by @thomhurst in thomhurst/TUnit#5602 * fix: restore [Obsolete] members removed in v1.27 (#5539) by @thomhurst in thomhurst/TUnit#5605 * feat: generalize OTLP receiver for use outside TUnit.Aspire by @thomhurst in thomhurst/TUnit#5606 * feat: auto-configure OpenTelemetry in TestWebApplicationFactory SUT by @thomhurst in thomhurst/TUnit#5607 ### Dependencies * chore(deps): update tunit to 1.35.2 by @thomhurst in thomhurst/TUnit#5581 * chore(deps): update dependency typescript to ~6.0.3 by @thomhurst in thomhurst/TUnit#5582 * chore(deps): update dependency coverlet.collector to v10 by @thomhurst in thomhurst/TUnit#5600 **Full Changelog**: thomhurst/TUnit@v1.35.2...v1.36.0 Commits viewable in [compare view](thomhurst/TUnit@v1.35.2...v1.37.10). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
- Replace docker/login-action (admin credentials) with az acr login via OIDC session (azure/login with AZURE_CLIENT_ID) - Add --registry-identity and --user-assigned flags to az containerapp up so identity attachment and registry config happen atomically on create and update, eliminating the chicken-and-egg ordering issue - Replace az config set extension.use_dynamic_install with explicit az extension add --name containerapp --upgrade to ensure the extension version supports --registry-identity on az containerapp up - Remove --registry-username/--registry-password from containerapp up - Update Assign MI step to use WEB_UAMI_RESOURCE_ID and WEB_UAMI_CLIENT_ID
- Replace docker/login-action (admin credentials) with az acr login via OIDC session (azure/login with AZURE_CLIENT_ID) - Add --registry-identity and --user-assigned flags to az containerapp up so identity attachment and registry config happen atomically on create and update, eliminating the chicken-and-egg ordering issue - Replace az config set extension.use_dynamic_install with explicit az extension add --name containerapp --upgrade to ensure the extension version supports --registry-identity on az containerapp up - Remove --registry-username/--registry-password from containerapp up - Update Assign MI step to use WEB_UAMI_RESOURCE_ID and WEB_UAMI_CLIENT_ID ## Description Describe your changes here. Fixes #Issue_Number (if available) ### Ensure that your pull request has followed all the steps below: - [ ] Code compilation - [ ] Created tests which fail without the change (if possible) - [ ] All tests passing - [ ] Extended the README / documentation, if necessary Co-authored-by: Benjamin Michaelis <bmichaelis@intellitect.com>
…pdate - Add --image to az containerapp update so image and env vars are set atomically in a single revision (dev and prod) - Remove separate containerapp up which required CAE-level permissions; identity assign + registry set + update --image are CA-scoped only (plus managedEnvironments/read, covered by Container Apps Contributor role on the CAE granted to deploy UAMIs)
…_APP_ENVIRONMENT env var - Change deploy-production cancel-in-progress from true to false to prevent broken state if deploy is cancelled mid-flight (secrets set but revision not yet updated) - Remove unused CONTAINER_APP_ENVIRONMENT env var from both dev and prod Assign MI steps (vestigial from az containerapp up era)
PR merge ref caches (`refs/pull/{number}/merge`) accumulate after PRs
close and are never automatically purged, consuming repository cache
quota unnecessarily.
## Changes
- **`.github/workflows/CleanupCaches.yml`**: Workflow triggered on
`pull_request: closed` that enumerates and deletes all Actions caches
scoped to the closed PR's merge ref using native `gh cache` CLI commands
with `secrets.GITHUB_TOKEN` — no additional secrets required. Uses a
`permissions: actions: write` block to follow least-privilege security
practice. No repository checkout is required since the script only calls
the GitHub API.
<!-- START COPILOT CODING AGENT TIPS -->
---
📍 Connect Copilot coding agent with [Jira](https://gh.io/cca-jira-docs),
[Azure Boards](https://gh.io/cca-azure-boards-docs) or
[Linear](https://gh.io/cca-linear-docs) to delegate work to Copilot in
one click without leaving your project management tool.
---------
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: BenjaminMichaelis <22186029+BenjaminMichaelis@users.noreply.github.com>
…osystems (#1002) Bumps the dotnet-sdk-updates group in /EssentialCSharp.Web with 1 update: dotnet/sdk. Updates `dotnet/sdk` from 10.0.202 to 10.0.203 Bumps the dotnet-sdk-updates group with 1 update: [dotnet-sdk](https://github.com/dotnet/sdk). Updates `dotnet-sdk` from 10.0.202 to 10.0.203 <details> <summary>Commits</summary> <ul> <li>See full diff in <a href="https://github.com/dotnet/sdk/commits">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Updated EssentialCSharp.Shared.Models from 1.1.1.18973 to 1.1.1.18983. [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
… to 10.0.7 (#1004) Updated [Microsoft.AspNetCore.Authentication.MicrosoftAccount](https://github.com/dotnet/dotnet) from 10.0.6 to 10.0.7. <details> <summary>Release notes</summary> _Sourced from [Microsoft.AspNetCore.Authentication.MicrosoftAccount's releases](https://github.com/dotnet/dotnet/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…1005) Updated [Microsoft.EntityFrameworkCore.SqlServer](https://github.com/dotnet/dotnet) from 10.0.6 to 10.0.7. <details> <summary>Release notes</summary> _Sourced from [Microsoft.EntityFrameworkCore.SqlServer's releases](https://github.com/dotnet/dotnet/releases)._ No release notes found for this version range. Commits viewable in [compare view](https://github.com/dotnet/dotnet/commits). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
--- updated-dependencies: - dependency-name: Microsoft.SemanticKernel dependency-version: 1.74.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/nuget/Microsoft.SemanticKernel-1.74.0
branch
from
bfd0ba3 to
740e03f
Compare
intellitect-bot
approved these changes
Apr 22, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updated Microsoft.SemanticKernel from 1.72.0 to 1.74.0.
Release notes
Sourced from Microsoft.SemanticKernel's releases.
1.74.0
Changes:
See More
This list of changes was auto generated.
1.73.0
Changes:
See More
This list of changes was auto generated.
Commits viewable in compare view.