chore(deps): update microsoft.extensions

[thomhurst]

This PR contains the following updates:

Package	Type	Update	Change
Microsoft.Extensions.DependencyInjection (source)	nuget	patch	10.0.7 → 10.0.8
Microsoft.Extensions.Http.Resilience (source)	nuget	minor	10.5.0 → 10.6.0
Microsoft.Extensions.Logging (source)	nuget	patch	10.0.7 → 10.0.8
Microsoft.Extensions.Logging.Abstractions (source)	nuget	patch	10.0.7 → 10.0.8
Microsoft.Extensions.ServiceDiscovery (source)	nuget	minor	10.5.0 → 10.6.0

---

Release Notes

dotnet/extensions (Microsoft.Extensions.Http.Resilience)

v10.6.0

What's Changed

• Bump vite from 6.4.1 to 6.4.2 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript by @​dependabot[bot] in #​7456
• Correctly publish MEVD.ConformanceTests as nuget packages by @​roji in #​7459
• Rename VectorStoreVectorAttribute dimensions constructor parameter by @​roji in #​7460
• Update brace-expansion for CVE-2026-33750 by @​SamMonoRT in #​7457
• Update version to 10.6.0 by @​jeffhandley in #​7458
• Use shared DiagnosticIds constants for MEVD experimental APIs by @​jeffhandley in #​7462
• Update ApiChief baselines for MEAI and MEVD by @​jeffhandley in #​7461
• Convert using statement to using declaration for ReturnableBufferWriter in GetMemoryUsageInBytes by @​Copilot in #​7464
• Merge published release into release/10.5 by @​jeffhandley in #​7466
• Merge release/10.5 into main by @​jeffhandley in #​7470
• Fix: Mark both TARC and TAResp FunctionCallContent as InformationalOnly after approval processing by @​westey-m in #​7468
• Minor fixes to MEVD.Abstractions by @​roji in #​7475
• HostedToolSearchTool with DeferredTools in the type by @​jozkee in #​7471
• Stabilize ImageGeneration content types and HostedImageGenerationTool by @​jozkee in #​7476
• Bump the project template package reference versions for OpenTelemetry and Agent Framework by @​jeffhandley in #​7491
• Bump dotnet-reportgenerator-globaltool from 5.1.19 to 5.5.7 by @​dependabot[bot] in #​7489
• Bump postcss from 8.5.9 to 8.5.12 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript by @​dependabot[bot] in #​7494
• Honor UnmappedMemberHandling in AIFunctionFactory parameter binding by @​eiriktsarpalis in #​7474
• Bump follow-redirects from 1.15.11 to 1.16.0 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript/azure-devops-report/tasks/PublishAIEvaluationReport by @​dependabot[bot] in #​7469
• Bump dotnet-coverage from 17.8.2 to 18.6.2 by @​dependabot[bot] in #​7481
• Bump Microsoft.Build.Traversal from 3.2.0 to 4.1.82 by @​dependabot[bot] in #​7483
• Stabilize CodeInterpreter and WebSearch content types by @​jozkee in #​7493
• Add OpenAIRequestPolicies extension hook for MEAI OpenAI clients by @​rogerbarreto in #​7495
• Fix flaky tests: remove process-wide Directory.SetCurrentDirectory and anchor cwd assertions to absolute paths by @​Copilot in #​7487
• Bump PowerShell from 7.3.3 to 7.6.1 by @​dependabot[bot] in #​7485
• Fix Namespace gaps in HostedToolSearchTool by @​jozkee in #​7500
• Update OpenTelemetry gen-ai conventions through v1.41 by @​jeffhandley in #​7497
• Bump dotnet-reportgenerator-globaltool from 5.5.7 to 5.5.9 by @​dependabot[bot] in #​7504
• Bump microsoft.visualstudio.slngen.tool from 12.0.13 to 12.0.32 by @​dependabot[bot] in #​7484
• [main] Update dependencies from dotnet/arcade by @​dotnet-maestro[bot] in #​7451
• Rename release-notes skill to write-release-notes by @​Copilot in #​7511
• Stabilize ResponseContinuationToken / background-response APIs by @​jozkee in #​7512

New Contributors

• @​SamMonoRT made their first contribution in #​7457

Full Changelog: dotnet/extensions@v10.5.0...v10.6.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

[claude]

Dependency Update Review

This is a clean, automated Renovate dependency update. No issues found.

Changes Overview

Package	Change	Type
	10.0.7 → 10.0.8	patch
	10.0.7 → 10.0.8	patch
	10.0.7 → 10.0.8	patch
Microsoft.Extensions.Http.Resilience	10.5.0 → 10.6.0	minor
Microsoft.Extensions.ServiceDiscovery	10.5.0 → 10.6.0	minor

Observations

Consistency — Updates are applied uniformly across Directory.Packages.props, per-project overrides, templates, and examples. No stale references left behind.

Multi-targeting pattern — The TUnit.Logging.Microsoft and TUnit.Mocks.Logging projects correctly preserve their VersionOverride values (8.0.0 / 9.0.0 per target framework) while bumping the base Version attribute. This matches the existing multi-targeting strategy.

Security note — The Microsoft.Extensions.Http.Resilience 10.6.0 release includes an indirect fix for CVE-2026-33750 (brace-expansion), making this update worthwhile beyond routine maintenance.

LGTM. Safe to merge via the configured squash auto-merge.

[claude]

Dependency Update Review

This is a clean, automated Renovate dependency update. No issues found.

Changes Overview

Package	Change	Type
Microsoft.Extensions.DependencyInjection	10.0.7 → 10.0.8	patch
Microsoft.Extensions.Logging	10.0.7 → 10.0.8	patch
Microsoft.Extensions.Logging.Abstractions	10.0.7 → 10.0.8	patch
Microsoft.Extensions.Http.Resilience	10.5.0 → 10.6.0	minor
Microsoft.Extensions.ServiceDiscovery	10.5.0 → 10.6.0	minor

Observations

Consistency — Updates are applied uniformly across Directory.Packages.props, per-project overrides, templates, and examples. No stale references left behind.

Multi-targeting pattern — The TUnit.Logging.Microsoft and TUnit.Mocks.Logging projects correctly preserve their VersionOverride values (8.0.0 / 9.0.0 per target framework) while bumping the base Version attribute. This matches the existing multi-targeting strategy.

Security note — The Microsoft.Extensions.Http.Resilience 10.6.0 release includes an indirect fix for CVE-2026-33750 (brace-expansion), making this update worthwhile beyond routine maintenance.

LGTM. Safe to merge via the configured squash auto-merge.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity

Metric	Results
Complexity	0

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}