Bump the all-packages group with 18 updates

[dependabot]

Updated Azure.Identity from 1.17.1 to 1.18.0.

Release notes

Sourced from Azure.Identity's releases.

1.18.0

1.18.0 (2026-02-25)

Features Added

• Added experimental Microsoft.Extensions.Configuration and Microsoft.Extensions.DependencyInjection integration for Azure SDK clients. For details, see the Configuration and Dependency Injection documentation.

• The WorkloadIdentityCredentialOptions.IsAzureProxyEnabled property, which enables Azure Kubernetes token proxy mode, is only available in beta releases of this package.

• AzureDeveloperCliCredential now parses JSON error output from azd auth token to extract clean error messages instead of including raw JSON in exceptions. Error messages like {"type":"consoleMessage","data":{"message":"ERROR: fetching token: ..."}} are now displayed as ERROR: fetching token: ....

1.18.0-beta.3

1.18.0-beta.3 (2026-02-20)

Breaking Changes

• Renamed WorkloadIdentityCredentialOptions.IsAzureKubernetesTokenProxyEnabled to IsAzureProxyEnabled to follow .NET naming conventions for boolean properties.

Bugs Fixed

• Fixed a NullReferenceException that occurred during X509Chain validation on Linux when using the Identity Bindings feature.

• Disabled MSAL's internal retry logic for ConfidentialClientApplication and PublicClientApplication to prevent double retries when combined with Azure SDK's retry policy. Only the configured Azure SDK retry policy is applied, avoiding unexpected additional retry attempts.

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Authentication.JwtBearer from 8.0.23 to 8.0.24.

Release notes

Sourced from Microsoft.AspNetCore.Authentication.JwtBearer's releases.

8.0.24

Release

Commits viewable in compare view.

Updated Microsoft.AspNetCore.HeaderPropagation from 8.0.23 to 8.0.24.

Release notes

Sourced from Microsoft.AspNetCore.HeaderPropagation's releases.

8.0.24

Release

Commits viewable in compare view.

Updated Microsoft.AspNetCore.Mvc.NewtonsoftJson from 8.0.23 to 8.0.24.

Release notes

Sourced from Microsoft.AspNetCore.Mvc.NewtonsoftJson's releases.

8.0.24

Release

Commits viewable in compare view.

Updated Microsoft.Azure.WebJobs.Logging.ApplicationInsights from 3.0.44 to 3.0.45.

Release notes

Sourced from Microsoft.Azure.WebJobs.Logging.ApplicationInsights's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration from 9.0.12 to 9.0.13.

Release notes

Sourced from Microsoft.Extensions.Configuration's releases.

9.0.13

Release

What's Changed

• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122508
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122747
• Update branding to 9.0.13 by @​vseanreesermsft in Update branding to 9.0.13 dotnet/runtime#122888
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122941
• [manual] Merge release/9.0-staging into release/9.0 by @​jeffhandley in [manual] Merge release/9.0-staging into release/9.0 dotnet/runtime#123113

Full Changelog: dotnet/runtime@v9.0.12...v9.0.13

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration.Binder from 9.0.12 to 9.0.13.

Release notes

Sourced from Microsoft.Extensions.Configuration.Binder's releases.

9.0.13

Release

What's Changed

• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122508
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122747
• Update branding to 9.0.13 by @​vseanreesermsft in Update branding to 9.0.13 dotnet/runtime#122888
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122941
• [manual] Merge release/9.0-staging into release/9.0 by @​jeffhandley in [manual] Merge release/9.0-staging into release/9.0 dotnet/runtime#123113

Full Changelog: dotnet/runtime@v9.0.12...v9.0.13

Commits viewable in compare view.

Updated Microsoft.Extensions.Configuration.Json from 9.0.12 to 9.0.13.

Release notes

Sourced from Microsoft.Extensions.Configuration.Json's releases.

9.0.13

Release

What's Changed

• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122508
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122747
• Update branding to 9.0.13 by @​vseanreesermsft in Update branding to 9.0.13 dotnet/runtime#122888
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122941
• [manual] Merge release/9.0-staging into release/9.0 by @​jeffhandley in [manual] Merge release/9.0-staging into release/9.0 dotnet/runtime#123113

Full Changelog: dotnet/runtime@v9.0.12...v9.0.13

Commits viewable in compare view.

Updated Microsoft.Extensions.Http.Polly from 9.0.12 to 9.0.13.

Release notes

Sourced from Microsoft.Extensions.Http.Polly's releases.

9.0.13

Release

What's Changed

• Update branding to 9.0.13 by @​vseanreesermsft in Update branding to 9.0.13 dotnet/aspnetcore#64938
• [release/9.0] (deps): Bump src/submodules/googletest from 1b96fa1 to 9156d4c by @​dependabot[bot] in [release/9.0] (deps): Bump src/submodules/googletest from 1b96fa1 to 9156d4c dotnet/aspnetcore#64908
• [release/9.0] Pass container image correctly for source-build job in official build by @​akoeplinger in [release/9.0] Pass container image correctly for source-build job in official build dotnet/aspnetcore#64781
• [release/9.0] Update dependencies from dotnet/extensions by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/extensions dotnet/aspnetcore#64686
• [release/9.0] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/arcade dotnet/aspnetcore#64685
• [release/9.0] Update gradle by @​github-actions[bot] in [release/9.0] Update gradle dotnet/aspnetcore#64980
• Backport #​64657: Use shallow clones for CI jobs by @​Copilot in Backport #64657: Use shallow clones for CI jobs dotnet/aspnetcore#64677
• [release/9.0] Update dependencies from dotnet/extensions by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/extensions dotnet/aspnetcore#65012
• [release/9.0] Add .slnx fallback for TestHost content root discovery by @​Copilot in [release/9.0] Add .slnx fallback for TestHost content root discovery dotnet/aspnetcore#64953
• Merging internal commits for release/9.0 by @​vseanreesermsft in Merging internal commits for release/9.0 dotnet/aspnetcore#65046

Full Changelog: dotnet/aspnetcore@v9.0.12...v9.0.13)

Commits viewable in compare view.

Updated Microsoft.Extensions.Logging.AzureAppServices from 8.0.23 to 8.0.24.

Release notes

Sourced from Microsoft.Extensions.Logging.AzureAppServices's releases.

8.0.24

Release

Commits viewable in compare view.

Updated Microsoft.Identity.Client from 4.81.0 to 4.82.1.

Release notes

Sourced from Microsoft.Identity.Client's releases.

4.82.1

Bug Fixes

• Remove experimental flag requirement from IAuthenticationOperation #​5699
• Add security warning to ICustomWebUi documentation #​5704

Changes

• Adds support for implicit mTLS (Mutual TLS) transport for client assertion delegates #​5670

4.82.0

4.82.0

Highlights

This release expands extensibility for confidential-client authentication (certificates + client assertions), adds additional sovereign cloud environments, and hardens security-sensitive flows (mTLS PoP and system browser auth) with clearer validation and safer defaults.

Features

• Certificate-based confidential client extensibility: Introduced CertificateOptions and updated WithCertificate extensibility APIs to accept it, including support for passing sendX5C configuration through the options model. (#​5655)
• Sovereign cloud support: Added instance discovery / authority validation support for Bleu (France), Delos (Germany), and GovSG (Singapore) cloud environments. (#​5671)
• Client assertion customization: Added WithExtraClientAssertionClaims on AcquireTokenForClientParameterBuilder to enable supplying additional signed claims in client assertions (intended for advanced scenarios and higher-level libraries). (#​5650)
• mTLS PoP guardrails: Added validation and explicit error handling when mTLS PoP is requested for unsupported environments and/or non-login.* hosts. (#​5684)
• System browser hardening: Added response_mode=form_post support for the default system browser (loopback) flow. MSAL will enforce form_post and process the authorization response from POST data. (#​5678)

Changes

• Key Attestation packaging rename: Microsoft.Identity.Client.MtlsPop renamed to Microsoft.Identity.Client.KeyAttestation (assembly/package naming update). (#​5653)

Commits viewable in compare view.

Updated Microsoft.IdentityModel.Logging from 8.15.0 to 8.16.0.

Release notes

Sourced from Microsoft.IdentityModel.Logging's releases.

8.16.0

New Features

• Add telemetry around signature validation. See PR #​3415 for details.

Fundamentals

• Fix FileVersion format to use two-digit year and day of year. See PR #​3389 for details.

Commits viewable in compare view.

Updated Microsoft.NET.Test.Sdk from 18.0.1 to 18.3.0.

Release notes

Sourced from Microsoft.NET.Test.Sdk's releases.

18.3.0

What's Changed

• Fix answer file splitting by @​nohwnd in Fix answer file splitting microsoft/vstest#15306

Internal fixes and updates

• Bump branding to 18.1 by @​nohwnd in Bump branding to 18.1 microsoft/vstest#15286
• Remove stale copy of S.ComponentModel.Composition from testplatform packages by @​ViktorHofer in Remove stale copy of S.ComponentModel.Composition from testplatform packages microsoft/vstest#15287
• Update codeflow metadata to fix backflow by @​premun in Update codeflow metadata to fix backflow microsoft/vstest#15291
• [main] Update dependencies from devdiv/DevDiv/vs-code-coverage by @​dotnet-maestro[bot] in [main] Update dependencies from devdiv/DevDiv/vs-code-coverage microsoft/vstest#15283
• Update Microsoft.Build.Utilities.Core by @​Youssef1313 in Update Microsoft.Build.Utilities.Core microsoft/vstest#15300
• Disable DynamicNative instrumentation by default by @​nohwnd in Disable DynamicNative instrumentation by default microsoft/vstest#15299
• [main] Source code updates from dotnet/dotnet by @​dotnet-maestro[bot] in [main] Source code updates from dotnet/dotnet microsoft/vstest#15293
• [main] Source code updates from dotnet/dotnet by @​dotnet-maestro[bot] in [main] Source code updates from dotnet/dotnet microsoft/vstest#15302
• [main] Source code updates from dotnet/dotnet by @​dotnet-maestro[bot] in [main] Source code updates from dotnet/dotnet microsoft/vstest#15314
• Delete sha1 custom implementation we are not using for a long time by @​nohwnd in Delete sha1 custom implementation we are not using for a long time microsoft/vstest#15313
• [main] Source code updates from dotnet/dotnet by @​dotnet-maestro[bot] in [main] Source code updates from dotnet/dotnet microsoft/vstest#15315
• Update branding to 18.3.0 by @​nohwnd in Update branding to 18.3.0 microsoft/vstest#15321
• [main] Update dependencies from devdiv/DevDiv/vs-code-coverage by @​dotnet-maestro[bot] in [main] Update dependencies from devdiv/DevDiv/vs-code-coverage microsoft/vstest#15325
• [main] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [main] Update dependencies from dotnet/arcade microsoft/vstest#15264
• Revert adding dotnet_host_path workaround by @​nohwnd in Revert adding dotnet_host_path workaround microsoft/vstest#15328
• [main] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [main] Update dependencies from dotnet/arcade microsoft/vstest#15338
• [main] Source code updates from dotnet/dotnet by @​dotnet-maestro[bot] in [main] Source code updates from dotnet/dotnet microsoft/vstest#15322
• [main] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [main] Update dependencies from dotnet/arcade microsoft/vstest#15343
• Change PreReleaseVersionLabel from 'preview' to 'release' by @​nohwnd in Change PreReleaseVersionLabel from 'preview' to 'release' microsoft/vstest#15352
• [rel/18.3] Update dependencies from devdiv/DevDiv/vs-code-coverage by @​dotnet-maestro[bot] in [rel/18.3] Update dependencies from devdiv/DevDiv/vs-code-coverage microsoft/vstest#15354
• [rel/18.3] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [rel/18.3] Update dependencies from dotnet/arcade microsoft/vstest#15389
• [rel/18.3] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in [rel/18.3] Update dependencies from dotnet/arcade microsoft/vstest#15400
• Update build tools to 17.11.48 to be source buildable by @​nohwnd in Update build tools to 17.11.48 to be source buildable microsoft/vstest#15310
• Disable publishing on RTM by @​nohwnd in Disable publishing on RTM microsoft/vstest#15296
• Don't access nuget.org for package feeds by @​nohwnd in Don't access nuget.org for package feeds microsoft/vstest#15316
• No nuget access fix tests by @​nohwnd in No nuget access fix tests microsoft/vstest#15317
• Disable Dependabot updates in dependabot.yml by @​mmitche in Disable Dependabot updates in dependabot.yml microsoft/vstest#15324

New Contributors

• @​premun made their first contribution in Update codeflow metadata to fix backflow microsoft/vstest#15291

Commits viewable in compare view.

Updated NUnit from 4.4.0 to 4.5.0.

Release notes

Sourced from NUnit's releases.

4.5.0

See release notes for details.

Commits viewable in compare view.

Updated Serilog from 4.3.0 to 4.3.1.

Release notes

Sourced from Serilog's releases.

4.3.1

What's Changed

• Remove SourceLink by @​SimonCropp in remove SourceLink serilog/serilog#2183
• Handle Exception.ToString failures in text formatter by @​krisbiradar in Handle Exception.ToString failures in text formatter serilog/serilog#2197
• Remove char[] allocation by @​karpinsn in Remove char[] allocation serilog/serilog#2198
• Remove backpressure from XMLDoc by @​timothycoleman in Remove backpressure from XMLDoc serilog/serilog#2203
• Don't enable XDOC for tests by @​nblumhardt in Don't enable XDOC for tests serilog/serilog#2205
• Target and test on net10 by @​SimonCropp in target and test on net10 serilog/serilog#2206
• Fix trimming error when Serilog is a transitive dependency by @​Numpsy in Package Serilog.targets as 'buildTransitive' as well as 'build' serilog/serilog#2214
• Inline TraceId and SpanId JSON string formatting by @​SimonCropp in Inline TraceId and SpanId JSON string formatting serilog/serilog#2215

New Contributors

• @​krisbiradar made their first contribution in Handle Exception.ToString failures in text formatter serilog/serilog#2197
• @​karpinsn made their first contribution in Remove char[] allocation serilog/serilog#2198
• @​timothycoleman made their first contribution in Remove backpressure from XMLDoc serilog/serilog#2203
• @​Numpsy made their first contribution in Package Serilog.targets as 'buildTransitive' as well as 'build' serilog/serilog#2214

Full Changelog: serilog/serilog@v4.3.0...v4.3.1

Commits viewable in compare view.

Updated System.IdentityModel.Tokens.Jwt from 8.15.0 to 8.16.0.

Release notes

Sourced from System.IdentityModel.Tokens.Jwt's releases.

8.16.0

New Features

• Add telemetry around signature validation. See PR #​3415 for details.

Fundamentals

• Fix FileVersion format to use two-digit year and day of year. See PR #​3389 for details.

Commits viewable in compare view.

Updated System.Text.Encoding.CodePages from 9.0.12 to 9.0.13.

Release notes

Sourced from System.Text.Encoding.CodePages's releases.

9.0.13

Release

What's Changed

• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122508
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122747
• Update branding to 9.0.13 by @​vseanreesermsft in Update branding to 9.0.13 dotnet/runtime#122888
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122941
• [manual] Merge release/9.0-staging into release/9.0 by @​jeffhandley in [manual] Merge release/9.0-staging into release/9.0 dotnet/runtime#123113

Full Changelog: dotnet/runtime@v9.0.12...v9.0.13

Commits viewable in compare view.

Updated System.Text.Json from 9.0.12 to 9.0.13.

Release notes

Sourced from System.Text.Json's releases.

9.0.13

Release

What's Changed

• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122508
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122747
• Update branding to 9.0.13 by @​vseanreesermsft in Update branding to 9.0.13 dotnet/runtime#122888
• [release/9.0] Update dependencies from dotnet/emsdk by @​dotnet-maestro[bot] in [release/9.0] Update dependencies from dotnet/emsdk dotnet/runtime#122941
• [manual] Merge release/9.0-staging into release/9.0 by @​jeffhandley in [manual] Merge release/9.0-staging into release/9.0 dotnet/runtime#123113

Full Changelog: dotnet/runtime@v9.0.12...v9.0.13

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[snyk-io-eu]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scanner	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues
✅	Licenses	0	0	0	0	0 issues
✅	Code Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.