Bump the nuget-dependencies group with 2 updates

[dependabot]

Updated Microsoft.Extensions.Http.Resilience from 9.9.0 to 9.10.0.

Release notes

Sourced from Microsoft.Extensions.Http.Resilience's releases.

9.10.0

What's Changed

• Branding updates for 9.10 by @​Copilot in Branding updates for 9.10 dotnet/extensions#6769
• Doc improvements by @​gewarren in Doc improvements dotnet/extensions#6794
• Bump vite from 6.3.5 to 6.3.6 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript by @​dependabot[bot] in Bump vite from 6.3.5 to 6.3.6 in /src/Libraries/Microsoft.Extensions.AI.Evaluation.Reporting/TypeScript dotnet/extensions#6793
• Updated changelogs for AI libs by @​stephentoub in Updated changelogs for AI libs dotnet/extensions#6787
• Update MCP server template by @​jeffkl in Update MCP server template dotnet/extensions#6772
• Add support for using ConversationID for AzureOpenAI and OpenAI by @​ViveliDuCh in Add support for using ConversationID for AzureOpenAI and OpenAI dotnet/extensions#6770
• Merging internal commits by @​joperezr in Merging internal commits dotnet/extensions#6801
• Merge changes from release/9.9 branch by @​joperezr in Merge changes from release/9.9 branch dotnet/extensions#6803
• Support keyed HybridCache with keyed DistributedCaches and named options by @​kelly-yinn in Support keyed HybridCache with keyed DistributedCaches and named options dotnet/extensions#6694
• Inventory as code by @​wtgodbe in Inventory as code dotnet/extensions#6820
• Increase output token limit for EquivalenceEvaluator by @​shyamnamboodiripad in Increase output token limit for EquivalenceEvaluator dotnet/extensions#6835
• Fix KeyNotFoundException on HttpRequestLatencyListener.OnEventWritten for uknown event sources by @​ssmelov in Fix KeyNotFoundException on HttpRequestLatencyListener.OnEventWritten for uknown event sources dotnet/extensions#6821
• Add project name normalization to match aspire's code generator logic by @​ViveliDuCh in Add project name normalization to match aspire's code generator logic dotnet/extensions#6818
• Disable really noisy analyzers, part 1 by @​stephentoub in Disable really noisy analyzers, part 1 dotnet/extensions#6837
• Fix KeyNotFoundException in HttpRequestLatencyListener.OnEventWritten by @​pentp in Fix KeyNotFoundException in HttpRequestLatencyListener.OnEventWritten dotnet/extensions#6823
• Update global.json to use .NET 9.0.0 stable instead of RC 1 by @​Copilot in Update global.json to use .NET 9.0.0 stable instead of RC 1 dotnet/extensions#6846
• Add measures and tags with mediator object to the HttpClientLatencyLogEnricher by @​rainsxng in Add measures and tags with mediator object to the HttpClientLatencyLogEnricher dotnet/extensions#6783
• Add comprehensive .github/copilot-instructions.md for dotnet/extensions repository by @​Copilot in Add comprehensive .github/copilot-instructions.md for dotnet/extensions repository dotnet/extensions#6792
• Update to .NET 10 SDK by @​eerhardt in Update to .NET 10 SDK dotnet/extensions#6863
• Update Microsoft.Extensions.AI changelog files with current NuGet versions by @​Copilot in Update Microsoft.Extensions.AI changelog files with current NuGet versions dotnet/extensions#6849
• Fix GenerateImagesAsync_SingleImageGeneration integration test by @​stephentoub in Fix GenerateImagesAsync_SingleImageGeneration integration test dotnet/extensions#6843
• Re-enable IDE0032 by @​stephentoub in Re-enable IDE0032 dotnet/extensions#6866
• Add OpenTelemetrySpeechToTextClient and friends by @​stephentoub in Add OpenTelemetrySpeechToTextClient and friends dotnet/extensions#6845
• Update ModelContextProtocol version in MCP template by @​MackinnonBuck in Update ModelContextProtocol version in MCP template dotnet/extensions#6870
• Scope Ollama resilience settings to Web/Program.cs and restore ServiceDefaults by @​ViveliDuCh in Scope Ollama resilience settings to Web/Program.cs and restore ServiceDefaults dotnet/extensions#6850
• Update Aspire by @​Varorbc in Update Aspire dotnet/extensions#6858
• Update MCP template for new registry specification by @​Copilot in Update MCP template for new registry specification dotnet/extensions#6796
• Add support for HostApplicationBuilder in AmbientMetadata extension by @​eduherminio in Add support for HostApplicationBuilder in AmbientMetadata extension dotnet/extensions#6867
• Fix mcpserver test baselines by @​jeffhandley in Fix mcpserver test baselines dotnet/extensions#6874
• Move Microsoft.Extensions.ServiceDiscovery to dotnet/extensions by @​eerhardt in Move Microsoft.Extensions.ServiceDiscovery to dotnet/extensions dotnet/extensions#6868
• Add copy constructors to option types (ChatOptions, etc.) by @​stephentoub in Add copy constructors to option types (ChatOptions, etc.) dotnet/extensions#6882
• Fix ChatMessage.CreatedAt being always overwritten by the latest timestamp. by @​Copilot in Fix ChatMessage.CreatedAt being always overwritten by the latest timestamp. dotnet/extensions#6885
• Small doc fixes by @​gewarren in Small doc fixes dotnet/extensions#6887
• Update AI changelogs with some recent additions by @​stephentoub in Update AI changelogs with some recent additions dotnet/extensions#6886
• Fix Assistants IChatClient handling of unrelated tool calls in history by @​stephentoub in Fix Assistants IChatClient handling of unrelated tool calls in history dotnet/extensions#6891
• Fix duplication between OpenAI Assistants pre-configured tools by @​stephentoub in Fix duplication between OpenAI Assistants pre-configured tools dotnet/extensions#6896
• Update MCP Server Template to adhere to 2025-09-29 server.json schema by @​joelverhagen in Update MCP Server Template to adhere to 2025-09-29 server.json schema dotnet/extensions#6888
• Remove Azure.AI.OpenAI dependency from templates and tests by @​Copilot in Remove Azure.AI.OpenAI dependency from templates and tests dotnet/extensions#6873
• Remove UnsafeRelaxedJsonEscaping by @​peterwald in Remove UnsafeRelaxedJsonEscaping dotnet/extensions#6899
• Fix bug to yield remaining buffered FCC by @​westey-m in Fix bug to yield remaining buffered FCC dotnet/extensions#6903
• Fix serialization of [Experimental] AIContent-derived types by @​stephentoub in Fix serialization of [Experimental] AIContent-derived types dotnet/extensions#6900

New Contributors

• @​westey-m made their first contribution in Add function approvals support dotnet/extensions#6745
• @​jeffkl made their first contribution in Update MCP server template dotnet/extensions#6772
• @​ViveliDuCh made their first contribution in Add support for using ConversationID for AzureOpenAI and OpenAI dotnet/extensions#6770
• @​kelly-yinn made their first contribution in Support keyed HybridCache with keyed DistributedCaches and named options dotnet/extensions#6694
• @​ssmelov made their first contribution in Fix KeyNotFoundException on HttpRequestLatencyListener.OnEventWritten for uknown event sources dotnet/extensions#6821
• @​Varorbc made their first contribution in Update Aspire dotnet/extensions#6858
  ... (truncated)

Commits viewable in compare view.

Updated Microsoft.Identity.Web from 4.0.1 to 4.1.1.

Release notes

Sourced from Microsoft.Identity.Web's releases.

4.1.1

Bug fixes

• Authority-only configuration parsing improvements: Early parsing of Authority into Instance/TenantId and defensive fallback in PrepareAuthorityInstanceForMsal. Behavior is backward compatible; Authority is still ignored when Instance/TenantId explicitly provided—now surfaced via a warning. See #​3612.

New features

• Added warning diagnostics for conflicting Authority vs Instance/TenantId: Emitting a single structured warning when both styles are provided. See #​3611.

Fundamentals

• Expanded authority test matrix: Coverage for AAD (v1/v2), B2C (/tfp/ normalization, policy path), CIAM (PreserveAuthority), query parameters, scheme-less forms, and conflict scenarios. See #​3610.

4.1.0

New features

• Migrate to .NET 10 GA. #​3449 and #​3590

Dependencies updates

• Bump MSAL.NET to version 4.79.2 and handle changes to deprecated WithExtraQueryParameters APIs. #​3583
• Update Microsoft.IdentityModel and Abstractions versions. #​3604
• Update coverlet.collector to 6.0.4. #​3587
• Update package validation baseline version to 4.0.0. #​3589
• Bump js-yaml from 4.1.0 to 4.1.1 in /tests/DevApps/SidecarAdapter/typescript. #​3595

Entra ID SDK sidecar

• Restrict hosts to localhost for sidecar. #​3579
• Update http file to match endpoints. #​3555
• Revise sidecar issue template for Entra ID. #​3577

Documentation

• Update README to include Entra SDK container info. #​3578

Fundamentals

• Include NET 9.0 in template-install-dependencies. #​3593
• Fix CodeQL alerts. #​3591
• Suppression file is needed. #​3592

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, dotnet. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.