Bump Aspire.Hosting.JavaScript from 13.2.0 to 13.2.3

[dependabot]

Updated Aspire.Hosting.JavaScript from 13.2.0 to 13.2.3.

Release notes

Sourced from Aspire.Hosting.JavaScript's releases.

13.2.3

What's New in Aspire 13.2.3

Patch release focused on CLI packaging, signing, and reliability fixes.

🐛 Fixes

• 🛑 aspire stop now properly cleans up application containers on Windows (#​16123)
• 🔐 Fixed macOS signing, permissions, and certificate trust with improved CI verification (#​16053)
• ✍️ Fixed signing for the aspire-managed bundle payload (#​16211)
• 🎭 Fixed Playwright CLI provenance verification for the new tag format (#​16134)
• 🧭 Updated service discovery environment variables (#​16223)

🔧 Improvements

• 📊 Removed telemetry API data limits and refactored URL builders (#​16023)
• ⏱️ Increased native build + sign timeout to 60 minutes for reliability (#​16212)

🏷️ Housekeeping

• 🔖 Bumped branding to 13.2.3 (#​16181)
• 🧪 Temporarily disabled Verify CLI archive step on Windows while investigating (#​16276, #​16285)

13.2.2

This is a servicing release focused on bug fixes and platform improvements.

🐛 Bug Fixes

• Fix SqlClient runtime asset layout on Unix — Resolved an issue where Microsoft.Data.SqlClient failed to load correctly on macOS and Linux due to incorrect NuGet asset layout (#​15709)
• Fix IDE execution regressions for Azure Functions and class library projects — Backported fixes for
  13.2 regressions impacting IDE-based execution (#​15714)
• Fix NpmRunner multi-version output parsing — npm view returning multiple versions no longer breaks version resolution; also bumps @​playwright/cli to >=0.1.3 (#​15746)
• Skip name validation for internal resources — ProjectRebuilderResource, installer, and venv creator resources no longer fail the 64-char name limit since they're never deployed (#​15726, fixes #​15693)

🔒 Security & Certificates

• Use ASP.NET Core dev cert for DCP — Avoids ephemeral certificate trust issues by using the standard ASP.NET Core developer certificate (#​15718)
• Cache PFX dev certs on Windows and Linux — Prevents binary-level changes between runs for persistent container scenarios (#​15774)

🏗️ Infrastructure & Platform

• ARM64 CLI support — Added win-arm64 and linux-arm64 to the native CLI archive build matrix (#​15599)
• Update DCP to
  0.22.11 (#​15713)

💻 CLI Improvements

• Show anonymous dashboard URLs in aspire ps — The dashboard URL is now displayed even when running without authentication (#​15731

13.2.1

🐛 Bug Fixes

• 🖥️ CLI bundles for ARM & musl — win-arm64, linux-arm64, and linux-musl-x64 bundles now correctly include DCP instead of silently producing broken installs (#​15529)
• ⚡ aspire new in VS Code — Fixed a race where the workspace switch severed the CLI terminal before the agent init prompt could complete (#​15553)
• 🔗 Dashboard resource URLs — The describe command no longer produces broken dashboard links with a stray /login?t=... in the path (#​15495)
• 🌍 Guest AppHost env vars — Launch profile environment variables are now correctly forwarded to guest AppHosts (#​15637)
• 📦 Legacy settings migration — .aspire/settings.json → aspire.config.json migration was silently skipped in some scenarios; now works reliably (#​15526)
• 🔧 TypeScript AppHost restore — Fixed config resolution during TS AppHost restore (#​15625)
• 🎭 Playwright CLI on Windows — aspire agent init now correctly installs playwright-cli on Windows (#​15559)
• 📌 Emulator stability — Pinned Kusto emulator image and improved Cosmos DB emulator reliability (#​15504)

✨ Improvements

• 🏗️ Brownfield TypeScript aspire init — Running aspire init in existing JS/TS projects now smartly merges package.json — scripts, dependencies, and engines — with semver-aware conflict handling (#​15123)
• 🎯 Endpoint filtering — New ExcludeReferenceEndpoint property lets you filter specific endpoints from WithReference (#​15586)
• 🌐 More polyglot ATS APIs — Exported additional hosting APIs for TypeScript and Go AppHost authoring (#​15557)
• 🔍 Short trace ID support — The dashboard now resolves short trace IDs in addition to full-length ones (#​15613)
• ⚠️ Aspire.Hosting.NodeJs deprecated — Use Aspire.Hosting.JavaScript instead; the old package no longer appears in aspire add (#​15686)

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)