- Notifications
You must be signed in to change notification settings - Fork806
[release/9.5] Update Microsoft.Extensions.AI packages, use content env var#11726
Merged
davidfowl merged 4 commits intorelease/9.5fromOct 1, 2025
Merged
[release/9.5] Update Microsoft.Extensions.AI packages, use content env var#11726davidfowl merged 4 commits intorelease/9.5from
davidfowl merged 4 commits intorelease/9.5from
Conversation
Co-authored-by: JamesNK <303201+JamesNK@users.noreply.github.com>
ContributorAuthor
🚀Dogfood this PR with:
curl -fsSL https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.sh| bash -s -- 11726Or
iex"& {$(irm https://raw.githubusercontent.com/dotnet/aspire/main/eng/scripts/get-aspire-cli-pr.ps1) } 11726" |
Member
davidfowl commentedSep 30, 2025
Do we need this in the community toolkit as well? |
davidfowl approved these changesSep 30, 2025
Contributor
aaronpowell commentedSep 30, 2025
Our last release bumped MEAI to 9.9.0, I'm not too bothered on the |
Member
JamesNK commentedSep 30, 2025
There is no product toolkit code that sets the property so no changes should be required:https://github.com/search?q=repo%3ACommunityToolkit%2FAspire+EnableSensitiveData&type=code |
Member
joperezr commentedSep 30, 2025
Low risk, fixing a new feature. Approved for 9.5.1 |
davidfowl approved these changesOct 1, 2025
mitchdenny approved these changesOct 1, 2025
84dc29a intorelease/9.5 311 checks passed
Uh oh!
There was an error while loading.Please reload this page.
This was referencedOct 13, 2025
This was referencedOct 29, 2025
Closed
renebentes added a commit to renebentes/3054 that referenced this pull requestOct 30, 2025
… 9.5.2 (#53)Updated[Microsoft.Extensions.ServiceDiscovery](https://github.com/dotnet/aspire)from 9.3.1 to 9.5.2.<details><summary>Release notes</summary>_Sourced from [Microsoft.Extensions.ServiceDiscovery'sreleases](https://github.com/dotnet/aspire/releases)._## 9.5.2## What's Changed* [release/9.5] Revert SQL Server container image tag from 2025-latestto 2022-latest for Mac ARM compatibility by @github-actions[bot] indotnet/aspire#11908* [release/9.5] Ensure OutputPath is created inResourceContainerImageBuilder by @github-actions[bot] indotnet/aspire#11886* [release/9.5] Add configuration to suppress unsecured telemetrymessage in dashboard by @github-actions[bot] indotnet/aspire#11954* [release/9.5] Update dependencies fromhttps://github.com/microsoft/usvc-apiserver build 0.17.3 by @danegstaindotnet/aspire#12032* [release/9.5] Multi-target RabbitMQ and Redis client libraries by@eerhardt indotnet/aspire#12138* Backport PR #11951: Add noProfileSwitch to run command inDotNetCliRunner by @Copilot indotnet/aspire#11959* Bump patch version to 9.5.2 by @Copilot indotnet/aspire#12139**Full Changelog**:dotnet/aspire@v9.5.1...v9.5.2## 9.5.1## What's Changed* [release/9.5]: Add proper launch profile support to the VS Codeextension by @Copilot indotnet/aspire#11617* [release/9.5] Cherry-pick extension build and sign pipeline setup by@Copilot indotnet/aspire#11618* [release/9.5] Fix globalPackagesFolder path to be platform-agnostic inNuGetConfigMerger by @github-actions[bot] indotnet/aspire#11626* [release/9.5] Fix flashing console windows when Docker processes arelaunched on Windows by @github-actions[bot] indotnet/aspire#11615* [release/9.5] Display help text for GenAI sensitive data when nomessages by @github-actions[bot] indotnet/aspire#11668* [release/9.5] Allow .NET 10 prerelease versions for single-fileapphost scenarios by @github-actions[bot] indotnet/aspire#11616* [release/9.5] Update Aspire package versions from 9.5.0 to 9.5.1 by@Copilot indotnet/aspire#11721* [release/9.5] Fix DevTunnels in DevContainers and Codespaces by@github-actions[bot] indotnet/aspire#11730* [release/9.5] Don't require gen_ai.system attribute on span events by@github-actions[bot] indotnet/aspire#11735* [release/9.5] Update Microsoft.Extensions.AI packages, use content envvar by @github-actions[bot] indotnet/aspire#11726* [release/9.5] Fix ParameterProcessor to use ExecutionContextOptionsand skip excluded resources by @github-actions[bot] indotnet/aspire#11782* [release/9.5] Update retry in Kusto emulator actions to handle anynon-permanent error by @github-actions[bot] indotnet/aspire#11779* [release/9.5] Fix CommandLineArgsCallbackContext ExecutionContext inAzureResourcePreparer and prevent WithVSCodeDebugSupport execution inpublish mode by @github-actions[bot] indotnet/aspire#11788* [release/9.5] Fix GenAI visualizer when span is missing peer attributeby @JamesNK indotnet/aspire#11765* [release/9.5] Support parameter names with dashes resolved fromunderscore configuration by @github-actions[bot] indotnet/aspire#11802* [release/9.5] Adapt OpenAI health check based on endpointconfiguration by @github-actions[bot] indotnet/aspire#11792**Full Changelog**:dotnet/aspire@v9.5.0...v9.5.1## 9.5.0We are excited to share that our 9.5.0 release of Aspire has shipped!All of the packages are available in NuGet.org now. Head over tohttps://learn.microsoft.com/en-us/dotnet/aspire/whats-new/dotnet-aspire-9.5to find what's new in 9.5.0!## New Contributors* @benwitmanmsft made their first contribution indotnet/aspire#10289* @MattKotsenas made their first contribution indotnet/aspire#9868* @danespinosa made their first contribution indotnet/aspire#10394* @jnyrup made their first contribution indotnet/aspire#10884* @ericstj made their first contribution indotnet/aspire#10928* @jeremy-vm made their first contribution indotnet/aspire#10972* @Steinblock made their first contribution indotnet/aspire#11003* @brettcannon made their first contribution indotnet/aspire#11014* @twsouthwick made their first contribution indotnet/aspire#10507* @KirillOsenkov made their first contribution indotnet/aspire#11164* @CaitieM20 made their first contribution indotnet/aspire#10662**Full Changelog**:dotnet/aspire@v9.4.0...v9.5.0## 9.4.2## What's Changed* [release/9.4] Simplify Aspire CLI project name validation to onlyreject path separators by @github-actions[bot] indotnet/aspire#10832* [release/9.4] External Services with URL Parameter fails to generatemanifests by @github-actions[bot] indotnet/aspire#10806* [release/9.4] Always update resource list in console logs after hiddenbool changes by @github-actions[bot] indotnet/aspire#10738* [release/9.4] serve blazor.web.js from wwwroot by @JamesNK indotnet/aspire#10990* Branding updates for 9.4.2 by @joperezr indotnet/aspire#11026* [release/9.4] Port Fix creating projects with GB18030 chars by@danmoseley indotnet/aspire#11032* [release/9.4] Fix Azure AI Foundry resource name by@github-actions[bot] indotnet/aspire#11038* [release/9.4] Fixed properties override when publishing an update inexternal service by @github-actions[bot] indotnet/aspire#10824**Full Changelog**:dotnet/aspire@v9.4.1...v9.4.2## 9.4.1## What's Changed* [release/9.4] Mark Aspire.CLI as stable by @joperezr indotnet/aspire#10724* [release/9.4] aspire config set writes appHostPath to~/.aspire/settings.json globally, causing incorrect path resolution by@github-actions[bot] indotnet/aspire#10703* [release/9.4] Update dependencies from microsoft/usvc-apiserver by@danegsta indotnet/aspire#10814* [release/9.4] Fix grid scrolling bugs by @github-actions[bot] indotnet/aspire#10861* Bump package versions to 9.4.1 in project files by @joperezr indotnet/aspire#10891**Full Changelog**:dotnet/aspire@v9.4.0...v9.4.1## 9.4.0We are excited to share that our 9.4.0 release of Aspire has shipped!All of the packages are available in NuGet.org now. Head over tohttps://learn.microsoft.com/en-us/dotnet/aspire/whats-new/dotnet-aspire-9.4to find what's new in 9.4.0!## What's Changed* API review: Add Services property to ResourceEndpointsAllocatedEventby @DamianEdwards indotnet/aspire#9270* Fix visibility updates during resource upserts by @adamint indotnet/aspire#9264* Accept null value in Redis WithPassword to ensure password dosen't setin redis-server by @Alirexaa indotnet/aspire#9278* Make sure the publisher example supports azd by @davidfowl indotnet/aspire#9277* API review: `WithHostPort` should accept null for port param by@Alirexaa indotnet/aspire#9282* Refactor database explorer resource builders to not prefix their namesthe name of the first resource they are added to. by @paulomorgado indotnet/aspire#8237* Test that ensures legacy dashboard token env var is honored by@DamianEdwards indotnet/aspire#9296* Refactor solution file from .sln to .slnx format and update related d…by @davidfowl indotnet/aspire#9295* Minor dashboard improvements and clean up by @JamesNK indotnet/aspire#9301* Minor improvements to resource changed log by @JamesNK indotnet/aspire#9303* Fix Blazor error logging to telemetry by @JamesNK indotnet/aspire#9304* Don't throw from component telemetry context dispose if notinitialized by @JamesNK indotnet/aspire#9306* [CI] Add PR validation on macOS by @radical indotnet/aspire#9287* Localized file check-in by OneLocBuild Task: Build definition ID 1309:Build ID 2709142 by @dotnet-bot indotnet/aspire#9302* Ignore case on FormatDateTime_WithMilliseconds_NewZealandCulture by@adamint indotnet/aspire#9316* Changing default SKU for App Service Plan to P0V3 by @ShilpiRachna1indotnet/aspire#9280* Branding updates for 9.4 by @joperezr indotnet/aspire#9331* Increase retry time in AppBar_Change_Theme_ReloadPage by @adamint indotnet/aspire#9317* Update xUnit.v3 to support MTP tests by @peterwald indotnet/aspire#9261* [main] Update dependencies from microsoft/usvc-apiserver by@dotnet-maestro[bot] indotnet/aspire#9333* Add tracing support for Azure App Configuration component by@zhiyuanliang-ms indotnet/aspire#9323* Revert "Update xUnit.v3 to support MTP tests (#9261)" by @radical indotnet/aspire#9336* Remove the workaround to explicitly set the container runtime fortests now that the orchestrator is updated by @danegsta indotnet/aspire#9339* [Automated] Update API Surface Area by @github-actions[bot] indotnet/aspire#8736* Revert "Revert "Update xUnit.v3 to support MTP tests (#9261)"(#9336)" by @radical indotnet/aspire#9337* TestsReportGenerator: Always show the error message, and truncate onlythe stdout by @radical indotnet/aspire#9335* [CI] Fix azdo builds for `main` by @radical indotnet/aspire#9338* [main] Update dependencies from microsoft/usvc-apiserver by@dotnet-maestro[bot] indotnet/aspire#9347* Fully qualify OutputPath for PublishingContext by @captainsafia indotnet/aspire#9351* Fix typo in doccomment in `ContainerResourceBuilderExtensions.cs` by@KuraiAndras indotnet/aspire#9342* Update health check to ensure blob containers created at right time by@RussKie indotnet/aspire#9159* Re-apply quarantined test for validation by @sebastienros indotnet/aspire#9364* Update telemetry doc for AzureAppConfiguration by @sebastienros indotnet/aspire#9365* Enable MTP tests via MSBuild property by @captainsafia indotnet/aspire#9361* catch json error by @danmoseley indotnet/aspire#9369* Refactor a common TempDirectory test class by @eerhardt indotnet/aspire#9370* Centralize Verify convention by @sebastienros indotnet/aspire#9371* Update Aspire to stable Microsoft.Extensions.AI.Abstractions by@stephentoub indotnet/aspire#9356* Update RunCommand.cs by @IEvangelist indotnet/aspire#9360* Add support for copying existing files via WithContainerFiles API by@danegsta indotnet/aspire#8908* Do not fail on partial trust warning. by @mitchdenny indotnet/aspire#9384* markdown lint by @danmoseley indotnet/aspire#9389* Merge branch release/9.3 into main by @joperezr indotnet/aspire#9394* Fix failure in MongoDbFunctionalTests.VerifyWithInitFiles by@danegsta indotnet/aspire#9391* Ensure all grid columns have tooltips by @adamint indotnet/aspire#9401* Remove test from quarantine by @danegsta indotnet/aspire#9402* copilot setup steps by @danmoseley indotnet/aspire#9409 ... (truncated)## 9.3.2## What's Changed* [release/9.3] Fix SqlServer PowerShell module version to avoidbreaking changes in 22.4.5.1 by @sebastienros indotnet/aspire#9958* Bumping patch version for 9.3.2 by @joperezr indotnet/aspire#9963**Full Changelog**:dotnet/aspire@v9.3.1...v9.3.2Commits viewable in [compareview](dotnet/aspire@v9.3.1...v9.5.2).</details>[](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)Dependabot will resolve any conflicts with this PR as long as you don'talter it yourself. You can also trigger a rebase manually by commenting`@dependabot rebase`.[//]: # (dependabot-automerge-start)[//]: # (dependabot-automerge-end)---<details><summary>Dependabot commands and options</summary><br />You can trigger Dependabot actions by commenting on this PR:- `@dependabot rebase` will rebase this PR- `@dependabot recreate` will recreate this PR, overwriting any editsthat have been made to it- `@dependabot merge` will merge this PR after your CI passes on it- `@dependabot squash and merge` will squash and merge this PR afteryour CI passes on it- `@dependabot cancel merge` will cancel a previously requested mergeand block automerging- `@dependabot reopen` will reopen this PR if it is closed- `@dependabot close` will close this PR and stop Dependabot recreatingit. You can achieve the same result by closing it manually- `@dependabot show <dependency name> ignore conditions` will show allof the ignore conditions of the specified dependency- `@dependabot ignore this major version` will close this PR and stopDependabot creating any more for this major version (unless you reopenthe PR or upgrade to it yourself)- `@dependabot ignore this minor version` will close this PR and stopDependabot creating any more for this minor version (unless you reopenthe PR or upgrade to it yourself)- `@dependabot ignore this dependency` will close this PR and stopDependabot creating any more for this dependency (unless you reopen thePR or upgrade to it yourself)</details>Signed-off-by: dependabot[bot] <support@github.com>Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>Co-authored-by: Rene Bentes Pinto <renebentes@yahoo.com.br>
This was referencedOct 31, 2025
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
Sign up for freeto subscribe to this conversation on GitHub. Already have an account?Sign in.
Labels
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading.Please reload this page.
Backport of#11670 to release/9.5
/cc@JamesNK@copilot
Customer Impact
Just after 9.5 locked down
Microsoft.Extensions.AIwas updated to use theOTEL_INSTRUMENTATION_GENAI_CAPTURE_MESSAGE_CONTENTenv var to decide the default value ofEnableSensitiveData. This property controls whether MEAI includes message content in GenAI telemetry.Unfortunately Aspire AI integrationsoverwrites MEAI's
EnableSensitiveDataproperty. That means its set to what the user set (good) or back to its default of false (bad, we lose the env var default).The end result is users have to manually enable sensitive data in local dev environment instead of it automatically being enabled.
Fixes in this PR:
OTEL_INSTRUMENTATION_GENAI_CAPTURE_MESSAGE_CONTENT. Because of layering of the current code, it was simpler to continue to overwrite MEAI'sEnableSensitiveDataproperty, but now the new value is a sensible default based on the env var.Microsoft.Extensions.AIto version that looks forOTEL_INSTRUMENTATION_GENAI_CAPTURE_MESSAGE_CONTENT. That means if someone has a reference to MEAI via our packages, but is creating the client themselves, then they'll get a consistent experience.The goal here is to make GenAI telemetry "just work" in local development without any additional configuration.
Testing
Manual testing
Risk
Low
Regression?
No