Update all dependencies

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
Microsoft.AspNetCore.Authentication.JwtBearer (source)	10.0.5 → 10.0.6
Microsoft.AspNetCore.OpenApi (source)	10.0.5 → 10.0.6
Microsoft.AspNetCore.SpaServices.Extensions (source)	10.0.5 → 10.0.6
Microsoft.EntityFrameworkCore (source)	10.0.5 → 10.0.6
Microsoft.EntityFrameworkCore.Design (source)	10.0.5 → 10.0.6
Microsoft.EntityFrameworkCore.Sqlite (source)	10.0.5 → 10.0.6
Microsoft.Extensions.Caching.Memory (source)	10.0.5 → 10.0.6
Microsoft.Extensions.Configuration (source)	10.0.5 → 10.0.6
Microsoft.Extensions.Configuration.Abstractions (source)	10.0.5 → 10.0.6
Microsoft.Extensions.Configuration.Binder (source)	10.0.5 → 10.0.6
Microsoft.Extensions.Configuration.EnvironmentVariables (source)	10.0.5 → 10.0.6
Microsoft.Extensions.Configuration.FileExtensions (source)	10.0.5 → 10.0.6
Microsoft.Extensions.Configuration.Json (source)	10.0.5 → 10.0.6
Microsoft.Extensions.DependencyInjection (source)	10.0.5 → 10.0.6
Microsoft.Extensions.Diagnostics.Testing (source)	10.4.0 → 10.5.0
Microsoft.Extensions.Hosting (source)	10.0.5 → 10.0.6
Microsoft.Extensions.Http (source)	10.0.5 → 10.0.6
Microsoft.Extensions.Logging.Abstractions (source)	10.0.5 → 10.0.6
Microsoft.Extensions.Options.ConfigurationExtensions (source)	10.0.5 → 10.0.6
MimeKit (source)	4.15.1 → 4.16.0
react-router-dom (source)	7.14.0 → 7.14.1
typescript (source)	6.0.2 → 6.0.3

---

Release Notes

dotnet/dotnet (Microsoft.AspNetCore.Authentication.JwtBearer)

v10.0.6

dotnet/extensions (Microsoft.Extensions.Diagnostics.Testing)

v10.5.0

HTTP Logging Middleware APIs in Microsoft.AspNetCore.Diagnostics.Middleware are now stable. This release also transfers Microsoft.Extensions.VectorData.Abstractions and Microsoft.Extensions.VectorData.ConformanceTests from the Semantic Kernel repository into dotnet/extensions, jumping from 10.1.0 to 10.5.0 for consistent versioning. The release also delivers fixes across the AI libraries, AI Evaluation, and Service Discovery.

Breaking Changes

1. Rename VectorStoreVectorAttribute constructor parameter #​7460
   • The Dimensions parameter was renamed to dimensions (lowercase). This is a source-breaking change only — binary compatibility is preserved.
   • If you use the named argument syntax new VectorStoreVectorAttribute(Dimensions: 1536), update it to new VectorStoreVectorAttribute(dimensions: 1536).

Experimental API Changes

Now Stable

• HTTP Logging Middleware APIs are now stable (previously EXTEXP0013): AddHttpLogEnricher<T>, IHttpLogEnricher, and RequestHeadersLogEnricherOptions.HeadersDataClasses #​7380

What's Changed

AI

• Fix OpenAIResponsesChatClient to respect "store":false in responses #​7417 by @​stephentoub
• Fix InvalidOperationException in CoalesceWebSearchToolCallContent #​7419 by @​stephentoub
• Handle F# optional parameters in AIFunctionFactory schema generation #​7439 by @​eiriktsarpalis
• Fix ComputerCallResponseItem using Item.Id instead of CallId #​7446 by @​jozkee
• Fix HostedFileContent with image MIME type sent as input_file instead of input_image #​7438 by @​stephentoub (co-authored by @​copilot)
• Guard Activity.Current restore with null check in OpenTelemetry streaming clients #​7443 by @​stephentoub (co-authored by @​copilot)
• Enable stateless mode in remote MCP server template (released as v1.2.0 on 2026-04-01) #​7441 by @​jeffhandley

Vector Data

• Move Microsoft.Extensions.VectorData.Abstractions over from Semantic Kernel #​7434 by @​roji
• Rename VectorStoreVectorAttribute dimensions constructor parameter #​7460 by @​roji

AI Evaluation

• Add Path Validation for DiskBasedResponseCache and DiskBasedResultStore #​7397 by @​peterwald
• Update brace-expansion for CVE-2026-33750 #​7457 by @​SamMonoRT

ASP.NET Core Extensions

• Removing experimental attribute from Http logging middleware #​7380 by @​mariamgerges

Service Discovery

• Implement RFC6761 reserved DNS names handling #​6924 by @​rzikm

Documentation Updates

• Remove per-library CHANGELOG.md files #​7413 by @​jeffhandley

Test Improvements

• Fix SqliteVectorStoreWriterTests hang: reduce test record count and use conditional MaxTopCount #​7360 by @​stephentoub (co-authored by @​copilot)

Repository Infrastructure Updates

• Bump minimatch and azure-pipelines-task-lib in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7361
• Remove stale user-level .npmrc instead of npmAuthenticate #​7366 by @​ilonatommy
• [main] Update dependencies from dotnet/arcade #​7374
• Use env vars in build.ps1 to bypass stale agent npm config #​7376 by @​ilonatommy
• Add a Release-Notes skill #​7390 by @​jeffhandley
• Enable CFSClean* policies for extensions-ci-official pipeline #​7403 by @​mmitche
• Fix CG alerts for Microsoft.Bcl.Memory #​7418 by @​wtgodbe
• Bump flatted from 3.3.3 to 3.4.2 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7421
• [main] Update dependencies from dotnet/arcade #​7422
• Bump picomatch from 2.3.1 to 2.3.2 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7427
• Bump picomatch in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7429
• Stop using Mariner 2 images #​7431 by @​wtgodbe
• [main] Update dependencies from dotnet/arcade #​7435
• Bump brace-expansion from 1.1.12 to 1.1.13 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7440
• Bump lodash from 4.17.23 to 4.18.1 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7455
• Bump vite from 6.4.1 to 6.4.2 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript #​7456
• Correctly publish MEVD.ConformanceTests as nuget packages #​7459 by @​roji
• Update ApiChief baselines for MEAI and MEVD #​7461 by @​jeffhandley
• Upgrade to OpenAI 2.10.0 #​7450 by @​stephentoub
• Use shared DiagnosticIds constants for MEVD experimental APIs #​7462 by @​jeffhandley

Acknowledgements

• @​shyamnamboodiripad @​rogerbarreto @​ReubenBond @​evgenyfedorov2 @​tarekgh reviewed pull requests

Full Changelog: dotnet/extensions@v10.4.1...v10.5.0

jstedfast/MimeKit (MimeKit)

v4.16.0

Compare Source

• Simplified logic for illegal ctrl characters within quoted-string local-part tokens in addr-specs.
• Fixed IndexOutOfRangeException in ParseUtils.TryParseMsgId().
  (issue #​1227)
• Improved ParseException message for invalid ctrl chars in quoted-strings.
• Improved recovery logic for InternetAddressList.TryParse().
• Fixed leak in X509Certificate2Extensions.GetPrivateKeyAsAsymmetricKeyParameter().
  (issue #​1230)
• Fixed potential integer overflow in TnefPropertyReader.
  (issue #​1231)
• Added support for converting ECDsa PrivateKeys between Windows and BouncyCastle.
• Partial Encryption & Certificate Validation Failures for S/MIME.
  (issue #​1224)
• Fixed MimeParser/MimeReader.ScanContent to not init local until needed.
  (issue #​1234)
• Improved Received header folding logic.

remix-run/react-router (react-router-dom)

v7.14.1

Compare Source

Patch Changes

• Updated dependencies:
  • react-router@7.14.1

microsoft/TypeScript (typescript)

v6.0.3

Compare Source

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 65.86%. Comparing base (4623f6f) to head (86ad108).

Additional details and impacted files

@@           Coverage Diff           @@
##              dev      #49   +/-   ##
=======================================
  Coverage   65.86%   65.86%           
=======================================
  Files          98       98           
  Lines        4046     4046           
  Branches      573      573           
=======================================
  Hits         2665     2665           
+ Misses       1165     1164    -1     
- Partials      216      217    +1     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.