Bump the aspire group with 1 update by dependabot[bot] · Pull Request #146 · Pinguteca/eShop

dependabot · 2026-02-16T13:03:06Z

Updated Microsoft.Extensions.ServiceDiscovery.Yarp from 10.0.0 to 10.3.0.

Release notes

Sourced from Microsoft.Extensions.ServiceDiscovery.Yarp's releases.

10.3.0 What's Changed

Bump version to 10.3.0 for next development cycle by @Copilot in Bump version to 10.3.0 for next development cycle dotnet/extensions#7197
Fix race condition in UnreliableL2Tests.WriteFailureInvisible by @Copilot in Fix race condition in UnreliableL2Tests.WriteFailureInvisible dotnet/extensions#7075
Set Microsoft.McpServer.ProjectTemplates version to align with MCP packages by @jeffhandley in Set Microsoft.McpServer.ProjectTemplates version to align with MCP packages dotnet/extensions#7170
ToChatResponse: Merge AdditionalProperties into ChatMessage instead of ChatResponse by @Copilot in ToChatResponse: Merge AdditionalProperties into ChatMessage instead of ChatResponse dotnet/extensions#7194
Fix NRT resolution for AIFunction parameters. by @eiriktsarpalis in Fix NRT resolution for AIFunction parameters. dotnet/extensions#7200
Bump mdast-util-to-hast from 13.2.0 to 13.2.1 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript by @dependabot[bot] in Bump mdast-util-to-hast from 13.2.0 to 13.2.1 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript dotnet/extensions#7198
Add .npmrc next to package.json and add lockfile for PublishAIEvaluationReport by @akoeplinger in Add .npmrc next to package.json and add lockfile for PublishAIEvaluationReport dotnet/extensions#7108
Bump qs from 6.14.0 to 6.14.1 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript by @dependabot[bot] in Bump qs from 6.14.0 to 6.14.1 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript dotnet/extensions#7189
Bump js-yaml from 4.1.0 to 4.1.1 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript by @dependabot[bot] in Bump js-yaml from 4.1.0 to 4.1.1 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript dotnet/extensions#7054
Bump validator from 13.15.20 to 13.15.23 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript by @dependabot[bot] in Bump validator from 13.15.20 to 13.15.23 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript dotnet/extensions#7103
Update AI changelogs by @stephentoub in Update AI changelogs dotnet/extensions#7206
Merge changes from internal after 10.2 release by @joperezr in Merge changes from internal after 10.2 release dotnet/extensions#7205
Merge changes from release/10.2 to main by @joperezr in Merge changes from release/10.2 to main dotnet/extensions#7209
Categorize MEAI001 experimental APIs by @Copilot in Categorize MEAI001 experimental APIs dotnet/extensions#7116
[main] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in [main] Update dependencies from dotnet/arcade dotnet/extensions#7212
Update Package Validation Baseline to 10.2.0 by @Copilot in Update Package Validation Baseline to 10.2.0 dotnet/extensions#7208
Enable package validation for M.E.AmbientMetadata.Build by @evgenyfedorov2 in Enable package validation for M.E.AmbientMetadata.Build dotnet/extensions#7213
[5752] FakeLogCollector waiting capabilities by @Demo30 in [5752] FakeLogCollector waiting capabilities dotnet/extensions#6228
Set network isolation policy for extensions-ci by @wtgodbe in Set network isolation policy for extensions-ci dotnet/extensions#7221
Fix FunctionInvokingChatClient invoke_agent span detection with exact match or space delimiter by @Copilot in Fix FunctionInvokingChatClient invoke_agent span detection with exact match or space delimiter dotnet/extensions#7224
Add Ordinal into ordering by @cincuranet in Add Ordinal into ordering dotnet/extensions#7225
Remove AIFunctionDeclaration tools on last iteration in FunctionInvokingChatClient by @Copilot in Remove AIFunctionDeclaration tools on last iteration in FunctionInvokingChatClient dotnet/extensions#7207
Remove unnecessary description tags by @gewarren in Remove unnecessary description tags dotnet/extensions#7226
Fix FunctionInvokingChatClient to respect ChatOptions.Tools modifications by function tools by @Copilot in Fix FunctionInvokingChatClient to respect ChatOptions.Tools modifications by function tools dotnet/extensions#7218
Add LoadFromAsync and SaveToAsync helper methods to DataContent by @Copilot in Add LoadFromAsync and SaveToAsync helper methods to DataContent dotnet/extensions#7159
Bump lodash from 4.17.21 to 4.17.23 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript by @dependabot[bot] in Bump lodash from 4.17.21 to 4.17.23 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript dotnet/extensions#7227
Add logging to FunctionInvokingChatClient for approval flow, error handling, and loop control by @Copilot in Add logging to FunctionInvokingChatClient for approval flow, error handling, and loop control dotnet/extensions#7228
[main] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in [main] Update dependencies from dotnet/arcade dotnet/extensions#7230
Allow FunctionResultContent pass-through when CallId matches by @Copilot in Allow FunctionResultContent pass-through when CallId matches dotnet/extensions#7229
Propagate CachedInputTokenCount in OpenTelemetry telemetry by @Copilot in Propagate CachedInputTokenCount in OpenTelemetry telemetry dotnet/extensions#7234
Add InvocationRequired property to FunctionCallContent by @Copilot in Add InvocationRequired property to FunctionCallContent dotnet/extensions#7126
Escape the JSON data before embedding in Evaluation reports by @peterwald in Escape the JSON data before embedding in Evaluation reports dotnet/extensions#7238
Update mcpserver template to ModelContextProtocol 0.7.0-preview.1 by @Copilot in Update mcpserver template to ModelContextProtocol 0.7.0-preview.1 dotnet/extensions#7236
Update aiagent-webapi template to Agent Framework 1.0.0-preview.260127.1 by @Copilot in Update aiagent-webapi template to Agent Framework 1.0.0-preview.260127.1 dotnet/extensions#7237
Fix token metric unit to use UCUM format {token} by @stephentoub in Fix token metric unit to use UCUM format {token} dotnet/extensions#7241
Add server tool call support to OpenTelemetryChatClient per semantic conventions by @Copilot in Add server tool call support to OpenTelemetryChatClient per semantic conventions dotnet/extensions#7240
Preserve extra JSON schema properties in ToolJson serialization by @Copilot in Preserve extra JSON schema properties in ToolJson serialization dotnet/extensions#7250
Bring new cpu.requests formula from Kubernetes by @amadeuszl in Bring new cpu.requests formula from Kubernetes dotnet/extensions#7239
Update M.E.AI changelogs with recent changes by @stephentoub in Update M.E.AI changelogs with recent changes dotnet/extensions#7242
Fix DataUriParser to default to text/plain;charset=US-ASCII per RFC 2397 by @Copilot in Fix DataUriParser to default to text/plain;charset=US-ASCII per RFC 2397 dotnet/extensions#7247
Fix deadlock in ServiceEndpointWatcher when disposing change token registration by @ReubenBond in Fix deadlock in ServiceEndpointWatcher when disposing change token registration dotnet/extensions#7255
Rename FunctionCallContent.InvocationRequired to InformationalOnly with inverted polarity by @Copilot in Rename FunctionCallContent.InvocationRequired to InformationalOnly with inverted polarity dotnet/extensions#7262
Fix approval request/response correlation in FunctionInvokingChatClient by @Copilot in Fix approval request/response correlation in FunctionInvokingChatClient dotnet/extensions#7261
Add ReasoningOptions to ChatOptions by @Copilot in Add ReasoningOptions to ChatOptions dotnet/extensions#7252

New Contributors

@cincuranet made their first contribution in Add Ordinal into ordering dotnet/extensions#7225
@ReubenBond made their first contribution in Fix deadlock in ServiceEndpointWatcher when disposing change token registration dotnet/extensions#7255

... (truncated)

10.2.0 What's Changed

Bump version to 10.2.0 for next development cycle by @Copilot in Bump version to 10.2.0 for next development cycle dotnet/extensions#7105
Add unit parameter to metric source generator by @mariamgerges in Add unit parameter to metric source generator dotnet/extensions#7099
[main] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in [main] Update dependencies from dotnet/arcade dotnet/extensions#7111
Fix expected conversation length in SummarizingChatReducer integration tests by @MackinnonBuck in Fix expected conversation length in SummarizingChatReducer integration tests dotnet/extensions#7119
Fix build status badge in README.md by @akoeplinger in Fix build status badge in README.md dotnet/extensions#7118
Update AI changelogs for 10.1.0 by @stephentoub in Update AI changelogs for 10.1.0 dotnet/extensions#7123
Merging internal changes into release/10.1 branch by @joperezr in Merging internal changes into release/10.1 branch dotnet/extensions#7127
Bump glob from 11.0.1 to 11.1.0 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript by @dependabot[bot] in Bump glob from 11.0.1 to 11.1.0 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript dotnet/extensions#7052
Fix markdown parser crash on inline HTML elements by @Copilot in Fix markdown parser crash on inline HTML elements dotnet/extensions#7131
Fix IndexOutOfRangeException when parsing markdown tables without trailing pipes by @Copilot in Fix IndexOutOfRangeException when parsing markdown tables without trailing pipes dotnet/extensions#7133
Merging changes from release/10.1 into main by @joperezr in Merging changes from release/10.1 into main dotnet/extensions#7128
Remove nuget.exe by @ericstj in Remove nuget.exe dotnet/extensions#7138
Augment UsageDetails with cached / reasoning token counts by @stephentoub in Augment UsageDetails with cached / reasoning token counts dotnet/extensions#7122
Expose ctors for setting AdditionalProperties on Hosted tools by @stephentoub in Expose ctors for setting AdditionalProperties on Hosted tools dotnet/extensions#7120
Update to OpenAI 2.8.0 by @stephentoub in Update to OpenAI 2.8.0 dotnet/extensions#7136
Add DocumentTokenChunker by @KrystofS in Add DocumentTokenChunker dotnet/extensions#7093
Skip tests by default in internal rolling builds by @Copilot in Skip tests by default in internal rolling builds dotnet/extensions#7151
Fix FunctionApprovalResponseContent to message mapping by @PederHP in Fix FunctionApprovalResponseContent to message mapping dotnet/extensions#7152
[main] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in [main] Update dependencies from dotnet/arcade dotnet/extensions#7155
Add support for custom headers in HostedMcpServerTool by @echapmanFromBunnings in Add support for custom headers in HostedMcpServerTool dotnet/extensions#7053
AmbientMetadata.Build - release to GA by @evgenyfedorov2 in AmbientMetadata.Build - release to GA dotnet/extensions#7161
Overhaul project template builds and testing by @jeffhandley in Overhaul project template builds and testing dotnet/extensions#7113
Update Microsoft.Agents.AI.ProjectTemplates to latest Agent Framework by @jeffhandley in Update Microsoft.Agents.AI.ProjectTemplates to latest Agent Framework dotnet/extensions#7167
Introduce local vs. remote mcpserver template option by @jeffhandley in Introduce local vs. remote mcpserver template option dotnet/extensions#7168
Fix rolling build pipeline by @jeffhandley in Fix rolling build pipeline dotnet/extensions#7171
Add Reason property to FunctionApprovalResponseContent for custom rejection messages by @Copilot in Add Reason property to FunctionApprovalResponseContent for custom rejection messages dotnet/extensions#7140
[main] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in [main] Update dependencies from dotnet/arcade dotnet/extensions#7180
Fix ToChatResponse to use first appropriate CreatedAt instead of last by @Copilot in Fix ToChatResponse to use first appropriate CreatedAt instead of last dotnet/extensions#7193
Add support for InputImageUrl via reflection in OpenAIResponsesChatClient by @Copilot in Add support for InputImageUrl via reflection in OpenAIResponsesChatClient dotnet/extensions#7195

New Contributors

@mariamgerges made their first contribution in Add unit parameter to metric source generator dotnet/extensions#7099
@akoeplinger made their first contribution in Fix build status badge in README.md dotnet/extensions#7118
@PederHP made their first contribution in Fix FunctionApprovalResponseContent to message mapping dotnet/extensions#7152
@echapmanFromBunnings made their first contribution in Add support for custom headers in HostedMcpServerTool dotnet/extensions#7053

Full Changelog: dotnet/extensions@v10.1...v10.2.0

10.1.0 What's Changed

[MEDI] start producing NuGet packages by @adamsitnik in [MEDI] start producing NuGet packages dotnet/extensions#7016
Deprecate AddServiceLogEnricher method with its overloads, introduce replacements by @evgenyfedorov2 in Deprecate AddServiceLogEnricher method with its overloads, introduce replacements dotnet/extensions#6529
Update version numbers in AI changelogs by @stephentoub in Update version numbers in AI changelogs dotnet/extensions#7008
HttpDependencyMetadataResolver class for the custom downstream dependency metadata resolution by @rainsxng in HttpDependencyMetadataResolver class for the custom downstream dependency metadata resolution dotnet/extensions#6880
[MEDI] Don't stop document processing on enricher error by @adamsitnik in [MEDI] Don't stop document processing on enricher error dotnet/extensions#7005
[MEDI] add PackageTags by @adamsitnik in [MEDI] add PackageTags dotnet/extensions#7022
Add a new Microsoft.Agents.AI.Templates package with an aiagent-webapi project template by @jeffhandley in Add a new Microsoft.Agents.AI.Templates package with an aiagent-webapi project template dotnet/extensions#7014
Add MarkItDownMcpReader for MCP server support by @Copilot in Add MarkItDownMcpReader for MCP server support dotnet/extensions#7025
Image generation tool by @ericstj in Image generation tool dotnet/extensions#6749
Make MEAI packages use 10.0 runtime packages by @ericstj in Make MEAI packages use 10.0 runtime packages dotnet/extensions#7028
When using latest .NET packages, force System.Numerics.Tensors to 10.0 (for MEAI) by @jeffhandley in When using latest .NET packages, force System.Numerics.Tensors to 10.0 (for MEAI) dotnet/extensions#7031
[main] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in [main] Update dependencies from dotnet/arcade dotnet/extensions#7032
Use DataContent from Microsoft.Extensions.AI for data URI generation by @Copilot in Use DataContent from Microsoft.Extensions.AI for data URI generation dotnet/extensions#7027
Add AmbientMetadata.Build component by @evgenyfedorov2 in Add AmbientMetadata.Build component dotnet/extensions#6623
Introduce SectionChunker by @KrystofS in Introduce SectionChunker dotnet/extensions#7015
Use Microsoft.Extensions.DataIngestion in AI Chat Web template by @MackinnonBuck in Use Microsoft.Extensions.DataIngestion in AI Chat Web template dotnet/extensions#7023
Add Agent Framework DevUI into the aiagent-webapi template by @jeffhandley in Add Agent Framework DevUI into the aiagent-webapi template dotnet/extensions#7026
Adjust cgroupv2 drive format check for .NET 10 and higher by @KeterSCP in Adjust cgroupv2 drive format check for .NET 10 and higher dotnet/extensions#6877
Replace custom IAsyncEnumerable extensions with System.Linq.AsyncEnumerable by @Copilot in Replace custom IAsyncEnumerable extensions with System.Linq.AsyncEnumerable dotnet/extensions#7039
Add Image Detail support for Image DataContent to OpenAIResponsesChatClient. by @rogerbarreto in Add Image Detail support for Image DataContent to OpenAIResponsesChatClient. dotnet/extensions#7042
[main] Update dependencies from dotnet/arcade by @dotnet-maestro[bot] in [main] Update dependencies from dotnet/arcade dotnet/extensions#7043
Update to OpenAI 2.7.0 by @stephentoub in Update to OpenAI 2.7.0 dotnet/extensions#7044
Merge changes from internal by @joperezr in Merge changes from internal dotnet/extensions#7038
Merge rel10 by @joperezr in Merge rel10 dotnet/extensions#7047
Disable AzDO dependabot by @mmitche in Disable AzDO dependabot dotnet/extensions#7045
Bump version to 10.1.0 for next development cycle by @Copilot in Bump version to 10.1.0 for next development cycle dotnet/extensions#7018
Update AI Chat Web template to Aspire 13.0.0 by @Copilot in Update AI Chat Web template to Aspire 13.0.0 dotnet/extensions#7036
Fix flaky SetupSequence tests by @amadeuszl in Fix flaky SetupSequence tests dotnet/extensions#7051
Update AI changelogs by @stephentoub in Update AI changelogs dotnet/extensions#7037
Update project template dependencies by @jeffhandley in Update project template dependencies dotnet/extensions#7064
Reset Microsoft.Agents.AI.ProjectTemplates versioning by @jeffhandley in Reset Microsoft.Agents.AI.ProjectTemplates versioning dotnet/extensions#7034
Fix operator precedence bug in ValidateSchemaDocument causing rejection of valid boolean schemas by @Copilot in Fix operator precedence bug in ValidateSchemaDocument causing rejection of valid boolean schemas dotnet/extensions#7066
Use JsonElement.Parse for JsonElement conversions in AI libraries by @Copilot in Use JsonElement.Parse for JsonElement conversions in AI libraries dotnet/extensions#7067
.NET: Change type of ContinuationToken properties by @SergeyMenshykh in .NET: Change type of ContinuationToken properties dotnet/extensions#7050
Fix OpenAIEmbeddingGenerator to handle missing usage data by @stephentoub in Fix OpenAIEmbeddingGenerator to handle missing usage data dotnet/extensions#7074
Add AIJsonSchemaCreateOptions.ParameterDescriptions by @stephentoub in Add AIJsonSchemaCreateOptions.ParameterDescriptions dotnet/extensions#7068
Improve FunctionInvokingChatClient's awareness of agents by @stephentoub in Improve FunctionInvokingChatClient's awareness of agents dotnet/extensions#7030
Add Kubernetes based Resource Monitoring by @amadeuszl in Add Kubernetes based Resource Monitoring dotnet/extensions#6748
Ensure all ResponseItems are yielded in AIContent by @crickman in Ensure all ResponseItems are yielded in AIContent dotnet/extensions#7063
Add CHANGELOG.md files for Microsoft.Extensions.DataIngestion* projects by @Copilot in Add CHANGELOG.md files for Microsoft.Extensions.DataIngestion* projects dotnet/extensions#7072
Assign authors only on PR creation by @sebastienros in Assign authors only on PR creation dotnet/extensions#7083
Update to .NET 10 GA release by @Copilot in Update to .NET 10 GA release dotnet/extensions#7078
Fix package references from M.E.AI packages by @stephentoub in Fix package references from M.E.AI packages dotnet/extensions#7076
Workaround OpenAI bug with streaming error events by @stephentoub in Workaround OpenAI bug with streaming error events dotnet/extensions#7085
Update AI changelogs for 10.0.1 release by @stephentoub in Update AI changelogs for 10.0.1 release dotnet/extensions#7086
Add metering for baseline resource quotas by @amadeuszl in Add metering for baseline resource quotas dotnet/extensions#7080
Update Microsoft.VisualStudio.Threading.Analyzers to latest by @stephentoub in Update Microsoft.VisualStudio.Threading.Analyzers to latest dotnet/extensions#7091
Update SonarAnalyzer.CSharp to latest by @stephentoub in Update SonarAnalyzer.CSharp to latest dotnet/extensions#7092
Remove Microsoft.Extensions.AI.AzureAIInference by @stephentoub in Remove Microsoft.Extensions.AI.AzureAIInference dotnet/extensions#7096
... (truncated)

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
@dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
@dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
@dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
@dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps Microsoft.Extensions.ServiceDiscovery.Yarp from 10.0.0 to 10.3.0 --- updated-dependencies: - dependency-name: Microsoft.Extensions.ServiceDiscovery.Yarp dependency-version: 10.3.0 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: aspire ... Signed-off-by: dependabot[bot] <support@github.com>

socket-security · 2026-02-16T13:04:44Z

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff	Package	Supply Chain Security	Vulnerability	Quality	Maintenance	License
	nuget/microsoft.extensions.servicediscovery.abstractions@10.3.0
	nuget/microsoft.extensions.servicediscovery@10.3.0
	nuget/microsoft.extensions.servicediscovery.yarp@10.0.0 ⏵ 10.3.0	⁺²

View full report

socket-security · 2026-02-16T13:04:47Z

Warning

Review the following alerts detected in dependencies.

According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.

Action	Severity	Alert (click "▶" to expand/collapse)
Warn		License policy violation: nuget `microsoft.extensions.configuration.abstractions` License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) License: NIST-Software - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) From: src/eShop.ServiceDefaults/packages.lock.json → `nuget/microsoft.extensions.servicediscovery.abstractions@10.3.0` → `nuget/microsoft.extensions.servicediscovery@10.3.0` → `nuget/microsoft.extensions.configuration@9.0.0` → `nuget/microsoft.extensions.logging.configuration@9.0.0` → `nuget/asp.versioning.http.client@8.1.0` → `nuget/grpc.net.clientfactory@2.71.0` → `nuget/microsoft.extensions.azure@1.13.0` → `nuget/communitytoolkit.aspire.ollamasharp@9.8.0-beta.395` → `nuget/microsoft.extensions.options.configurationextensions@10.0.0` → `nuget/microsoft.extensions.logging.configuration@10.0.0` → `nuget/microsoft.extensions.hosting.abstractions@10.0.0` → `nuget/microsoft.extensions.http@10.0.0` → `nuget/microsoft.extensions.configuration@10.0.0` → `nuget/microsoft.extensions.http.diagnostics@10.0.0` → `nuget/aspire.azure.ai.openai@13.0.0-preview.1.25560.3` → `nuget/aspire.openai@13.0.0-preview.1.25560.3` → `nuget/aspire.rabbitmq.client@13.0.1` → `nuget/microsoft.extensions.configuration.abstractions@10.0.3` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.extensions.configuration.abstractions@10.0.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `microsoft.extensions.configuration.abstractions` License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) From: src/eShop.ServiceDefaults/packages.lock.json → `nuget/microsoft.extensions.servicediscovery.abstractions@10.3.0` → `nuget/microsoft.extensions.servicediscovery@10.3.0` → `nuget/microsoft.extensions.configuration@9.0.0` → `nuget/microsoft.extensions.logging.configuration@9.0.0` → `nuget/asp.versioning.http.client@8.1.0` → `nuget/grpc.net.clientfactory@2.71.0` → `nuget/opentelemetry@1.12.0` → `nuget/opentelemetry.extensions.hosting@1.12.0` → `nuget/opentelemetry.instrumentation.http@1.12.0` → `nuget/communitytoolkit.aspire.ollamasharp@9.8.0-beta.395` → `nuget/microsoft.extensions.ambientmetadata.application@10.0.0` → `nuget/microsoft.extensions.telemetry@10.0.0` → `nuget/microsoft.extensions.servicediscovery@10.0.0` → `nuget/microsoft.extensions.http.diagnostics@10.0.0` → `nuget/microsoft.extensions.resilience@10.0.0` → `nuget/microsoft.extensions.dependencyinjection.autoactivation@10.0.0` → `nuget/aspire.rabbitmq.client@13.0.1` → `nuget/aspire.stackexchange.redis@13.0.1` → `nuget/aspire.npgsql.entityframeworkcore.postgresql@13.0.1` → `nuget/microsoft.extensions.configuration.abstractions@9.0.13` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.extensions.configuration.abstractions@9.0.13`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `microsoft.extensions.configuration.binder` License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) License: NIST-Software - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) From: src/eShop.ServiceDefaults/packages.lock.json → `nuget/microsoft.extensions.servicediscovery.abstractions@10.3.0` → `nuget/microsoft.extensions.servicediscovery@10.3.0` → `nuget/microsoft.extensions.logging.configuration@9.0.0` → `nuget/asp.versioning.http.client@8.1.0` → `nuget/grpc.net.clientfactory@2.71.0` → `nuget/microsoft.extensions.azure@1.13.0` → `nuget/communitytoolkit.aspire.ollamasharp@9.8.0-beta.395` → `nuget/microsoft.extensions.options.configurationextensions@10.0.0` → `nuget/microsoft.extensions.logging.configuration@10.0.0` → `nuget/microsoft.extensions.http@10.0.0` → `nuget/microsoft.extensions.diagnostics@10.0.0` → `nuget/microsoft.extensions.ambientmetadata.application@10.0.0` → `nuget/microsoft.extensions.http.diagnostics@10.0.0` → `nuget/microsoft.extensions.resilience@10.0.0` → `nuget/aspire.azure.ai.openai@13.0.0-preview.1.25560.3` → `nuget/aspire.openai@13.0.0-preview.1.25560.3` → `nuget/aspire.rabbitmq.client@13.0.1` → `nuget/microsoft.extensions.configuration.binder@10.0.3` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.extensions.configuration.binder@10.0.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `microsoft.extensions.configuration.binder` License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) From: src/eShop.ServiceDefaults/packages.lock.json → `nuget/microsoft.extensions.servicediscovery.abstractions@10.3.0` → `nuget/microsoft.extensions.servicediscovery@10.3.0` → `nuget/microsoft.extensions.logging.configuration@9.0.0` → `nuget/asp.versioning.http.client@8.1.0` → `nuget/grpc.net.clientfactory@2.71.0` → `nuget/opentelemetry@1.12.0` → `nuget/communitytoolkit.aspire.ollamasharp@9.8.0-beta.395` → `nuget/microsoft.extensions.ambientmetadata.application@10.0.0` → `nuget/microsoft.extensions.telemetry@10.0.0` → `nuget/microsoft.extensions.servicediscovery@10.0.0` → `nuget/microsoft.extensions.http.diagnostics@10.0.0` → `nuget/microsoft.extensions.resilience@10.0.0` → `nuget/microsoft.extensions.configuration.binder@9.0.13` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.extensions.configuration.binder@9.0.13`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `microsoft.extensions.configuration` License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) License: NIST-Software - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) From: src/eShop.ServiceDefaults/packages.lock.json → `nuget/microsoft.extensions.servicediscovery.abstractions@10.3.0` → `nuget/microsoft.extensions.servicediscovery@10.3.0` → `nuget/microsoft.extensions.logging.configuration@9.0.0` → `nuget/asp.versioning.http.client@8.1.0` → `nuget/grpc.net.clientfactory@2.71.0` → `nuget/opentelemetry.instrumentation.http@1.12.0` → `nuget/microsoft.extensions.azure@1.13.0` → `nuget/communitytoolkit.aspire.ollamasharp@9.8.0-beta.395` → `nuget/microsoft.extensions.options.configurationextensions@10.0.0` → `nuget/microsoft.extensions.logging.configuration@10.0.0` → `nuget/microsoft.extensions.configuration.binder@10.0.0` → `nuget/microsoft.extensions.http@10.0.0` → `nuget/microsoft.extensions.diagnostics@10.0.0` → `nuget/microsoft.extensions.ambientmetadata.application@10.0.0` → `nuget/microsoft.extensions.http.diagnostics@10.0.0` → `nuget/microsoft.extensions.resilience@10.0.0` → `nuget/aspire.azure.ai.openai@13.0.0-preview.1.25560.3` → `nuget/aspire.openai@13.0.0-preview.1.25560.3` → `nuget/aspire.rabbitmq.client@13.0.1` → `nuget/microsoft.extensions.configuration@10.0.3` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.extensions.configuration@10.0.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `microsoft.extensions.configuration` License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) From: src/eShop.ServiceDefaults/packages.lock.json → `nuget/microsoft.extensions.servicediscovery@10.3.0` → `nuget/asp.versioning.http.client@8.1.0` → `nuget/grpc.net.clientfactory@2.71.0` → `nuget/opentelemetry@1.12.0` → `nuget/opentelemetry.instrumentation.http@1.12.0` → `nuget/communitytoolkit.aspire.ollamasharp@9.8.0-beta.395` → `nuget/microsoft.extensions.ambientmetadata.application@10.0.0` → `nuget/microsoft.extensions.telemetry@10.0.0` → `nuget/microsoft.extensions.servicediscovery@10.0.0` → `nuget/microsoft.extensions.http.diagnostics@10.0.0` → `nuget/microsoft.extensions.resilience@10.0.0` → `nuget/microsoft.extensions.configuration@9.0.13` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.extensions.configuration@9.0.13`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `microsoft.extensions.dependencyinjection.abstractions` License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) License: NIST-Software - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) From: src/eShop.ServiceDefaults/packages.lock.json → `nuget/microsoft.extensions.servicediscovery.abstractions@10.3.0` → `nuget/microsoft.extensions.servicediscovery@10.3.0` → `nuget/microsoft.extensions.options@9.0.0` → `nuget/microsoft.extensions.logging.configuration@9.0.0` → `nuget/asp.versioning.http.client@8.1.0` → `nuget/grpc.net.clientfactory@2.71.0` → `nuget/opentelemetry.api.providerbuilderextensions@1.12.0` → `nuget/microsoft.extensions.azure@1.13.0` → `nuget/communitytoolkit.aspire.ollamasharp@9.8.0-beta.395` → `nuget/microsoft.extensions.options.configurationextensions@10.0.0` → `nuget/microsoft.extensions.logging.configuration@10.0.0` → `nuget/microsoft.extensions.hosting.abstractions@10.0.0` → `nuget/microsoft.extensions.http@10.0.0` → `nuget/microsoft.extensions.logging.abstractions@10.0.0` → `nuget/microsoft.extensions.diagnostics.abstractions@10.0.0` → `nuget/microsoft.extensions.options@10.0.0` → `nuget/microsoft.extensions.compliance.abstractions@10.0.0` → `nuget/microsoft.extensions.diagnostics.exceptionsummarization@10.0.0` → `nuget/microsoft.extensions.ai@10.0.0` → `nuget/microsoft.extensions.http.diagnostics@10.0.0` → `nuget/aspire.azure.ai.openai@13.0.0-preview.1.25560.3` → `nuget/aspire.openai@13.0.0-preview.1.25560.3` → `nuget/aspire.rabbitmq.client@13.0.1` → `nuget/microsoft.extensions.dependencyinjection.abstractions@10.0.3` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.extensions.dependencyinjection.abstractions@10.0.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `microsoft.extensions.dependencyinjection.abstractions` License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) From: src/eShop.ServiceDefaults/packages.lock.json → `nuget/microsoft.extensions.servicediscovery.abstractions@10.3.0` → `nuget/microsoft.extensions.servicediscovery@10.3.0` → `nuget/microsoft.extensions.options@9.0.0` → `nuget/microsoft.extensions.logging.configuration@9.0.0` → `nuget/polly.extensions@8.4.2` → `nuget/asp.versioning.http.client@8.1.0` → `nuget/grpc.net.client@2.71.0` → `nuget/grpc.net.clientfactory@2.71.0` → `nuget/opentelemetry@1.12.0` → `nuget/opentelemetry.api.providerbuilderextensions@1.12.0` → `nuget/opentelemetry.extensions.hosting@1.12.0` → `nuget/opentelemetry.instrumentation.http@1.12.0` → `nuget/microsoft.codeanalysis.workspaces.msbuild@4.14.0` → `nuget/communitytoolkit.aspire.ollamasharp@9.8.0-beta.395` → `nuget/stackexchange.redis@2.9.32` → `nuget/microsoft.extensions.compliance.abstractions@10.0.0` → `nuget/microsoft.extensions.diagnostics.exceptionsummarization@10.0.0` → `nuget/microsoft.extensions.ambientmetadata.application@10.0.0` → `nuget/microsoft.extensions.telemetry.abstractions@10.0.0` → `nuget/microsoft.extensions.telemetry@10.0.0` → `nuget/microsoft.extensions.servicediscovery.abstractions@10.0.0` → `nuget/microsoft.extensions.servicediscovery@10.0.0` → `nuget/microsoft.extensions.http.diagnostics@10.0.0` → `nuget/microsoft.extensions.resilience@10.0.0` → `nuget/microsoft.extensions.dependencyinjection.autoactivation@10.0.0` → `nuget/npgsql@10.0.0` → `nuget/aspire.rabbitmq.client@13.0.1` → `nuget/aspire.stackexchange.redis@13.0.1` → `nuget/aspire.npgsql.entityframeworkcore.postgresql@13.0.1` → `nuget/microsoft.extensions.dependencyinjection.abstractions@9.0.13` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.extensions.dependencyinjection.abstractions@9.0.13`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `microsoft.extensions.dependencyinjection` License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) License: NIST-Software - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) From: src/eShop.ServiceDefaults/packages.lock.json → `nuget/microsoft.extensions.servicediscovery@10.3.0` → `nuget/microsoft.extensions.logging@8.0.0` → `nuget/microsoft.extensions.logging@9.0.0` → `nuget/microsoft.extensions.logging.configuration@9.0.0` → `nuget/asp.versioning.http.client@8.1.0` → `nuget/grpc.net.clientfactory@2.71.0` → `nuget/microsoft.extensions.azure@1.13.0` → `nuget/communitytoolkit.aspire.ollamasharp@9.8.0-beta.395` → `nuget/microsoft.extensions.logging@10.0.0` → `nuget/microsoft.extensions.logging.configuration@10.0.0` → `nuget/microsoft.extensions.http@10.0.0` → `nuget/microsoft.extensions.http.diagnostics@10.0.0` → `nuget/microsoft.extensions.dependencyinjection@10.0.3` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.extensions.dependencyinjection@10.0.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `microsoft.extensions.dependencyinjection` License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) From: src/eShop.ServiceDefaults/packages.lock.json → `nuget/microsoft.extensions.servicediscovery@10.3.0` → `nuget/microsoft.extensions.logging@8.0.0` → `nuget/microsoft.extensions.logging@9.0.0` → `nuget/microsoft.extensions.logging.configuration@9.0.0` → `nuget/asp.versioning.http.client@8.1.0` → `nuget/grpc.net.clientfactory@2.71.0` → `nuget/opentelemetry@1.12.0` → `nuget/microsoft.codeanalysis.workspaces.msbuild@4.14.0` → `nuget/mediatr@13.0.0` → `nuget/microsoft.extensions.azure@1.13.0` → `nuget/communitytoolkit.aspire.ollamasharp@9.8.0-beta.395` → `nuget/microsoft.extensions.telemetry@10.0.0` → `nuget/microsoft.extensions.servicediscovery@10.0.0` → `nuget/microsoft.extensions.http.diagnostics@10.0.0` → `nuget/microsoft.extensions.dependencyinjection@9.0.13` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.extensions.dependencyinjection@9.0.13`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `microsoft.extensions.diagnostics.abstractions` License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) License: NIST-Software - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) From: src/eShop.ServiceDefaults/packages.lock.json → `nuget/microsoft.extensions.servicediscovery@10.3.0` → `nuget/asp.versioning.http.client@8.1.0` → `nuget/grpc.net.clientfactory@2.71.0` → `nuget/opentelemetry@1.12.0` → `nuget/communitytoolkit.aspire.ollamasharp@9.8.0-beta.395` → `nuget/microsoft.extensions.hosting.abstractions@10.0.0` → `nuget/microsoft.extensions.http@10.0.0` → `nuget/microsoft.extensions.diagnostics@10.0.0` → `nuget/microsoft.extensions.http.diagnostics@10.0.0` → `nuget/microsoft.extensions.resilience@10.0.0` → `nuget/microsoft.extensions.diagnostics.abstractions@10.0.3` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.extensions.diagnostics.abstractions@10.0.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `microsoft.extensions.diagnostics.abstractions` License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) From: src/eShop.ServiceDefaults/packages.lock.json → `nuget/microsoft.extensions.servicediscovery@10.3.0` → `nuget/asp.versioning.http.client@8.1.0` → `nuget/grpc.net.clientfactory@2.71.0` → `nuget/opentelemetry@1.12.0` → `nuget/opentelemetry.extensions.hosting@1.12.0` → `nuget/communitytoolkit.aspire.ollamasharp@9.8.0-beta.395` → `nuget/microsoft.extensions.ambientmetadata.application@10.0.0` → `nuget/microsoft.extensions.servicediscovery@10.0.0` → `nuget/microsoft.extensions.http.diagnostics@10.0.0` → `nuget/microsoft.extensions.resilience@10.0.0` → `nuget/microsoft.extensions.dependencyinjection.autoactivation@10.0.0` → `nuget/aspire.rabbitmq.client@13.0.1` → `nuget/aspire.stackexchange.redis@13.0.1` → `nuget/aspire.npgsql.entityframeworkcore.postgresql@13.0.1` → `nuget/microsoft.extensions.diagnostics.abstractions@9.0.13` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.extensions.diagnostics.abstractions@9.0.13`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `microsoft.extensions.diagnostics` License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) License: NIST-Software - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) From: src/eShop.ServiceDefaults/packages.lock.json → `nuget/microsoft.extensions.servicediscovery@10.3.0` → `nuget/asp.versioning.http.client@8.1.0` → `nuget/grpc.net.clientfactory@2.71.0` → `nuget/communitytoolkit.aspire.ollamasharp@9.8.0-beta.395` → `nuget/microsoft.extensions.http@10.0.0` → `nuget/microsoft.extensions.http.diagnostics@10.0.0` → `nuget/microsoft.extensions.resilience@10.0.0` → `nuget/microsoft.extensions.diagnostics@10.0.3` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.extensions.diagnostics@10.0.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `microsoft.extensions.diagnostics` License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) From: src/eShop.ServiceDefaults/packages.lock.json → `nuget/microsoft.extensions.servicediscovery@10.3.0` → `nuget/asp.versioning.http.client@8.1.0` → `nuget/grpc.net.clientfactory@2.71.0` → `nuget/communitytoolkit.aspire.ollamasharp@9.8.0-beta.395` → `nuget/microsoft.extensions.servicediscovery@10.0.0` → `nuget/microsoft.extensions.http.diagnostics@10.0.0` → `nuget/microsoft.extensions.resilience@10.0.0` → `nuget/microsoft.extensions.diagnostics@9.0.13` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.extensions.diagnostics@9.0.13`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `microsoft.extensions.http` License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) License: NIST-Software - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) From: src/eShop.ServiceDefaults/packages.lock.json → `nuget/microsoft.extensions.servicediscovery@10.3.0` → `nuget/asp.versioning.http.client@8.1.0` → `nuget/grpc.net.clientfactory@2.71.0` → `nuget/communitytoolkit.aspire.ollamasharp@9.8.0-beta.395` → `nuget/microsoft.extensions.http.diagnostics@10.0.0` → `nuget/microsoft.extensions.http@10.0.3` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.extensions.http@10.0.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `microsoft.extensions.http` License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) From: src/eShop.ServiceDefaults/packages.lock.json → `nuget/microsoft.extensions.servicediscovery@10.3.0` → `nuget/asp.versioning.http.client@8.1.0` → `nuget/grpc.net.clientfactory@2.71.0` → `nuget/communitytoolkit.aspire.ollamasharp@9.8.0-beta.395` → `nuget/microsoft.extensions.http.diagnostics@10.0.0` → `nuget/microsoft.extensions.http@9.0.13` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.extensions.http@9.0.13`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `microsoft.extensions.logging.abstractions` License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) License: NIST-Software - the applicable license policy does not allow this license (4) (THIRD-PARTY-NOTICES.TXT) From: src/eShop.ServiceDefaults/packages.lock.json → `nuget/microsoft.extensions.servicediscovery.abstractions@10.3.0` → `nuget/microsoft.extensions.servicediscovery@10.3.0` → `nuget/microsoft.extensions.logging.configuration@9.0.0` → `nuget/polly.extensions@8.4.2` → `nuget/asp.versioning.http.client@8.1.0` → `nuget/grpc.net.client@2.71.0` → `nuget/grpc.net.clientfactory@2.71.0` → `nuget/microsoft.extensions.azure@1.13.0` → `nuget/communitytoolkit.aspire.ollamasharp@9.8.0-beta.395` → `nuget/system.clientmodel@1.7.0` → `nuget/microsoft.extensions.logging.configuration@10.0.0` → `nuget/microsoft.extensions.hosting.abstractions@10.0.0` → `nuget/microsoft.extensions.http@10.0.0` → `nuget/microsoft.extensions.ai@10.0.0` → `nuget/microsoft.extensions.telemetry.abstractions@10.0.0` → `nuget/microsoft.extensions.http.diagnostics@10.0.0` → `nuget/aspire.azure.ai.openai@13.0.0-preview.1.25560.3` → `nuget/aspire.openai@13.0.0-preview.1.25560.3` → `nuget/aspire.rabbitmq.client@13.0.1` → `nuget/microsoft.extensions.logging.abstractions@10.0.3` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.extensions.logging.abstractions@10.0.3`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
Warn		License policy violation: nuget `microsoft.extensions.logging.abstractions` License: GPL-2.0-or-later WITH Classpath-exception-2.0 - the applicable license policy does not allow this license (4). the applicable license policy does not allow this license exception (THIRD-PARTY-NOTICES.TXT) From: src/eShop.ServiceDefaults/packages.lock.json → `nuget/microsoft.extensions.servicediscovery.abstractions@10.3.0` → `nuget/microsoft.extensions.servicediscovery@10.3.0` → `nuget/polly.extensions@8.4.2` → `nuget/asp.versioning.http.client@8.1.0` → `nuget/grpc.net.clientfactory@2.71.0` → `nuget/opentelemetry@1.12.0` → `nuget/opentelemetry.extensions.hosting@1.12.0` → `nuget/communitytoolkit.aspire.ollamasharp@9.8.0-beta.395` → `nuget/microsoft.extensions.ambientmetadata.application@10.0.0` → `nuget/microsoft.extensions.telemetry.abstractions@10.0.0` → `nuget/microsoft.extensions.telemetry@10.0.0` → `nuget/microsoft.extensions.servicediscovery@10.0.0` → `nuget/microsoft.extensions.http.diagnostics@10.0.0` → `nuget/microsoft.extensions.dependencyinjection.autoactivation@10.0.0` → `nuget/aspire.rabbitmq.client@13.0.1` → `nuget/aspire.stackexchange.redis@13.0.1` → `nuget/aspire.npgsql.entityframeworkcore.postgresql@13.0.1` → `nuget/microsoft.extensions.logging.abstractions@9.0.13` ℹ Read more on: This package \| This alert \| What is a license policy violation? Next steps: Take a moment to review the security alert above. Review the linked package source code to understand the potential risk. Ensure the package is not malicious before proceeding. If you're unsure how to proceed, reach out to your security team or ask the Socket team for help at `support@socket.dev`. Suggestion: Find a package that does not violate your license policy or adjust your policy to allow this package's license. Mark the package as acceptable risk. To ignore this alert only in this pull request, reply with the comment `@SocketSecurity ignore nuget/microsoft.extensions.logging.abstractions@9.0.13`. You can also ignore all packages with `@SocketSecurity ignore-all`. To ignore an alert for all future pull requests, use Socket's Dashboard to change the triage state of this alert.
See 8 more rows in the dashboard

View full report

dependabot bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Feb 16, 2026

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the aspire group with 1 update#146

Bump the aspire group with 1 update#146
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/aspire-ebb2fab3ed

dependabot bot commented on behalf of github Feb 16, 2026

Uh oh!

socket-security bot commented Feb 16, 2026

Uh oh!

socket-security bot commented Feb 16, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot bot commented on behalf of github Feb 16, 2026

10.3.0

What's Changed

New Contributors

10.2.0

What's Changed

New Contributors

10.1.0

What's Changed

Uh oh!

socket-security bot commented Feb 16, 2026

Uh oh!

socket-security bot commented Feb 16, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants