From 2363020b79e56c46370d6e1fd35126b36c5c4782 Mon Sep 17 00:00:00 2001
From: "dotnet-maestro[bot]"
 <42748379+dotnet-maestro[bot]@users.noreply.github.com>
Date: Thu, 2 Apr 2026 05:50:55 +0000
Subject: [PATCH 01/12] Update dependencies from
 https://github.com/dotnet/arcade build 20260401.4 (#9172)

[main] Update dependencies from dotnet/arcade
---
 eng/Version.Details.xml | 20 ++++++++++----------
 eng/Versions.props      |  6 +++---
 global.json             |  4 ++--
 3 files changed, 15 insertions(+), 15 deletions(-)

diff --git a/eng/Version.Details.xml b/eng/Version.Details.xml
index 88a288c497e..f209cecbfc8 100644
--- a/eng/Version.Details.xml
+++ b/eng/Version.Details.xml
@@ -22,25 +22,25 @@
       <Uri>https://dev.azure.com/dnceng/internal/_git/dotnet-dotnet</Uri>
       <Sha>b0f34d51fccc69fd334253924abd8d6853fad7aa</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="10.0.0-beta.26177.7">
+    <Dependency Name="Microsoft.DotNet.Arcade.Sdk" Version="10.0.0-beta.26201.4">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>62dc2defffeadabf6761a9ed7e142692107330c0</Sha>
+      <Sha>2ad6e0a00c692279222642dbcd6e72eb21572d93</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.Build.Tasks.Archives" Version="10.0.0-beta.26177.7">
+    <Dependency Name="Microsoft.DotNet.Build.Tasks.Archives" Version="10.0.0-beta.26201.4">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>62dc2defffeadabf6761a9ed7e142692107330c0</Sha>
+      <Sha>2ad6e0a00c692279222642dbcd6e72eb21572d93</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.CodeAnalysis" Version="10.0.0-beta.26177.7">
+    <Dependency Name="Microsoft.DotNet.CodeAnalysis" Version="10.0.0-beta.26201.4">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>62dc2defffeadabf6761a9ed7e142692107330c0</Sha>
+      <Sha>2ad6e0a00c692279222642dbcd6e72eb21572d93</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.Helix.Sdk" Version="10.0.0-beta.26177.7">
+    <Dependency Name="Microsoft.DotNet.Helix.Sdk" Version="10.0.0-beta.26201.4">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>62dc2defffeadabf6761a9ed7e142692107330c0</Sha>
+      <Sha>2ad6e0a00c692279222642dbcd6e72eb21572d93</Sha>
     </Dependency>
-    <Dependency Name="Microsoft.DotNet.XUnitExtensions" Version="10.0.0-beta.26177.7">
+    <Dependency Name="Microsoft.DotNet.XUnitExtensions" Version="10.0.0-beta.26201.4">
       <Uri>https://github.com/dotnet/arcade</Uri>
-      <Sha>62dc2defffeadabf6761a9ed7e142692107330c0</Sha>
+      <Sha>2ad6e0a00c692279222642dbcd6e72eb21572d93</Sha>
     </Dependency>
     <Dependency Name="Microsoft.FileFormats" Version="1.0.717301">
       <Uri>https://github.com/dotnet/diagnostics</Uri>
diff --git a/eng/Versions.props b/eng/Versions.props
index 091b0ab8107..08767d0cbdd 100644
--- a/eng/Versions.props
+++ b/eng/Versions.props
@@ -56,9 +56,9 @@
     <!-- dotnet/dotnet references -->
     <MicrosoftAspNetCoreAppRuntimewinx64Version>10.0.0</MicrosoftAspNetCoreAppRuntimewinx64Version>
     <MicrosoftCodeAnalysisNetAnalyzersVersion>10.0.100</MicrosoftCodeAnalysisNetAnalyzersVersion>
-    <MicrosoftDotNetBuildTasksArchivesVersion>10.0.0-beta.26177.7</MicrosoftDotNetBuildTasksArchivesVersion>
-    <MicrosoftDotNetCodeAnalysisVersion>10.0.0-beta.26177.7</MicrosoftDotNetCodeAnalysisVersion>
-    <MicrosoftDotNetXUnitExtensionsVersion>10.0.0-beta.26177.7</MicrosoftDotNetXUnitExtensionsVersion>
+    <MicrosoftDotNetBuildTasksArchivesVersion>10.0.0-beta.26201.4</MicrosoftDotNetBuildTasksArchivesVersion>
+    <MicrosoftDotNetCodeAnalysisVersion>10.0.0-beta.26201.4</MicrosoftDotNetCodeAnalysisVersion>
+    <MicrosoftDotNetXUnitExtensionsVersion>10.0.0-beta.26201.4</MicrosoftDotNetXUnitExtensionsVersion>
     <MicrosoftNETCoreAppRuntimewinx64Version>10.0.0</MicrosoftNETCoreAppRuntimewinx64Version>
     <SystemCommandLineVersion>2.0.0</SystemCommandLineVersion>
     <VSRedistCommonAspNetCoreSharedFrameworkx64100Version>10.0.0-rtm.25523.111</VSRedistCommonAspNetCoreSharedFrameworkx64100Version>
diff --git a/global.json b/global.json
index 6788f009fd3..edd3cc4e1bb 100644
--- a/global.json
+++ b/global.json
@@ -26,7 +26,7 @@
   },
   "msbuild-sdks": {
     "Microsoft.Build.NoTargets": "3.7.0",
-    "Microsoft.DotNet.Arcade.Sdk": "10.0.0-beta.26177.7",
-    "Microsoft.DotNet.Helix.Sdk": "10.0.0-beta.26177.7"
+    "Microsoft.DotNet.Arcade.Sdk": "10.0.0-beta.26201.4",
+    "Microsoft.DotNet.Helix.Sdk": "10.0.0-beta.26201.4"
   }
 }

From 63697c51ffb3821da6af8f3cc5d492fe989b8731 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Wed, 1 Apr 2026 23:02:44 -0700
Subject: [PATCH 02/12] [main] Bump AWSSDK.S3 from 4.0.19.4 to 4.0.20.1 (#9163)

---
updated-dependencies:
- dependency-name: AWSSDK.S3
  dependency-version: 4.0.20.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 eng/dependabot/independent/Versions.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eng/dependabot/independent/Versions.props b/eng/dependabot/independent/Versions.props
index 4f9d00d9740..726eb60b472 100644
--- a/eng/dependabot/independent/Versions.props
+++ b/eng/dependabot/independent/Versions.props
@@ -14,7 +14,7 @@
     <!-- Third-party references -->
     <NewtonsoftJsonVersion>13.0.4</NewtonsoftJsonVersion>
     <NJsonSchemaVersion>11.5.2</NJsonSchemaVersion>
-    <AwsSdkS3Version>4.0.19.4</AwsSdkS3Version>
+    <AwsSdkS3Version>4.0.20.1</AwsSdkS3Version>
     <AwsSdkSecurityTokenVersion>4.0.5.15</AwsSdkSecurityTokenVersion>
 
     <!--

From 216fa08b00af576b5498b59ec9e77657a466f49b Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 2 Apr 2026 11:49:10 -0700
Subject: [PATCH 03/12] [main] Bump AWSSDK.SecurityToken from 4.0.5.15 to
 4.0.5.17 (#9178)

---
updated-dependencies:
- dependency-name: AWSSDK.SecurityToken
  dependency-version: 4.0.5.17
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 eng/dependabot/independent/Versions.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eng/dependabot/independent/Versions.props b/eng/dependabot/independent/Versions.props
index 726eb60b472..c8b72fde1c7 100644
--- a/eng/dependabot/independent/Versions.props
+++ b/eng/dependabot/independent/Versions.props
@@ -15,7 +15,7 @@
     <NewtonsoftJsonVersion>13.0.4</NewtonsoftJsonVersion>
     <NJsonSchemaVersion>11.5.2</NJsonSchemaVersion>
     <AwsSdkS3Version>4.0.20.1</AwsSdkS3Version>
-    <AwsSdkSecurityTokenVersion>4.0.5.15</AwsSdkSecurityTokenVersion>
+    <AwsSdkSecurityTokenVersion>4.0.5.17</AwsSdkSecurityTokenVersion>
 
     <!--
       Moq version & constants derived from Moq.

From 3f9261aa49b4754560dab67d2d6faad0dc46cdbb Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 2 Apr 2026 11:50:09 -0700
Subject: [PATCH 04/12] [main] Bump the identity-dependencies group with 1
 update (#9174)

Bumps Microsoft.Identity.Web from 4.6.0 to 4.7.0

---
updated-dependencies:
- dependency-name: Microsoft.Identity.Web
  dependency-version: 4.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: identity-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 eng/dependabot/independent/Versions.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eng/dependabot/independent/Versions.props b/eng/dependabot/independent/Versions.props
index c8b72fde1c7..b0c303d114f 100644
--- a/eng/dependabot/independent/Versions.props
+++ b/eng/dependabot/independent/Versions.props
@@ -6,7 +6,7 @@
     <AzureIdentityVersion>1.20.0</AzureIdentityVersion>
     <AzureStorageBlobsVersion>12.27.0</AzureStorageBlobsVersion>
     <AzureStorageQueuesVersion>12.25.0</AzureStorageQueuesVersion>
-    <MicrosoftIdentityWebVersion>4.6.0</MicrosoftIdentityWebVersion>
+    <MicrosoftIdentityWebVersion>4.7.0</MicrosoftIdentityWebVersion>
     <MicrosoftOpenApiReadersVersion>1.6.28</MicrosoftOpenApiReadersVersion>
     <SystemPrivateUriVersion>4.3.2</SystemPrivateUriVersion>
     <SystemSecurityPrincipalWindowsVersion>5.0.0</SystemSecurityPrincipalWindowsVersion>

From 200565784992f9857dee37665f68285628322489 Mon Sep 17 00:00:00 2001
From: kkeirstead <85592574+kkeirstead@users.noreply.github.com>
Date: Thu, 2 Apr 2026 11:50:38 -0700
Subject: [PATCH 05/12] Making diagnostic port tests more resilient (copy from
 net8x) (#9171)

---
 .../DiagnosticPortTests.cs                          | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/Tests/Microsoft.Diagnostics.Monitoring.Tool.FunctionalTests/DiagnosticPortTests.cs b/src/Tests/Microsoft.Diagnostics.Monitoring.Tool.FunctionalTests/DiagnosticPortTests.cs
index 0fb49cb8572..0f8cf2ab58b 100644
--- a/src/Tests/Microsoft.Diagnostics.Monitoring.Tool.FunctionalTests/DiagnosticPortTests.cs
+++ b/src/Tests/Microsoft.Diagnostics.Monitoring.Tool.FunctionalTests/DiagnosticPortTests.cs
@@ -8,6 +8,7 @@
 using Microsoft.Diagnostics.Monitoring.WebApi;
 using System;
 using System.IO;
+using System.Threading;
 using System.Threading.Tasks;
 using Xunit;
 using Xunit.Abstractions;
@@ -82,7 +83,7 @@ public async Task DefaultDiagnosticPort_Supported_ListenModeOnNonWindows()
 
             await Task.Delay(TimeSpan.FromSeconds(10)); // Allow some time for the socket to be created.
 
-            AssertDefaultDiagnosticPortExists(defaultSharedTempDir);
+            await AssertDefaultDiagnosticPortExistsAsync(defaultSharedTempDir);
         }
 
         /// <summary>
@@ -109,10 +110,16 @@ private static string GetDefaultSharedSocketPath(string defaultSharedPath)
             return Path.Combine(defaultSharedPath, ToolIdentifiers.DefaultSocketName);
         }
 
-        private static void AssertDefaultDiagnosticPortExists(TemporaryDirectory dir)
+        private static async Task AssertDefaultDiagnosticPortExistsAsync(TemporaryDirectory dir)
         {
             string diagnosticPort = GetDefaultSharedSocketPath(dir.FullName);
-            Assert.True(File.Exists(diagnosticPort), $"Expected socket to exist at '{diagnosticPort}'.");
+
+            using CancellationTokenSource cancellationSource = new CancellationTokenSource(CommonTestTimeouts.GeneralTimeout);
+
+            while (!File.Exists(diagnosticPort))
+            {
+                await Task.Delay(TimeSpan.FromMilliseconds(50), cancellationSource.Token);
+            }
         }
 
         private static void AssertDefaultDiagnosticPortNotExists(TemporaryDirectory dir)

From d2b2fc1ade7f7dcd8e0ec846bcf7613e7f9d708c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Thu, 2 Apr 2026 13:27:56 -0700
Subject: [PATCH 06/12] [main] Bump AWSSDK.S3 from 4.0.20.1 to 4.0.20.2 (#9176)

---
updated-dependencies:
- dependency-name: AWSSDK.S3
  dependency-version: 4.0.20.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 eng/dependabot/independent/Versions.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eng/dependabot/independent/Versions.props b/eng/dependabot/independent/Versions.props
index b0c303d114f..f979e906c57 100644
--- a/eng/dependabot/independent/Versions.props
+++ b/eng/dependabot/independent/Versions.props
@@ -14,7 +14,7 @@
     <!-- Third-party references -->
     <NewtonsoftJsonVersion>13.0.4</NewtonsoftJsonVersion>
     <NJsonSchemaVersion>11.5.2</NJsonSchemaVersion>
-    <AwsSdkS3Version>4.0.20.1</AwsSdkS3Version>
+    <AwsSdkS3Version>4.0.20.2</AwsSdkS3Version>
     <AwsSdkSecurityTokenVersion>4.0.5.17</AwsSdkSecurityTokenVersion>
 
     <!--

From dd225e5e17dc4f32f1e7a9d23e1bc19def1a8474 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Fri, 3 Apr 2026 10:17:23 -0700
Subject: [PATCH 07/12] Bump dawidd6/action-download-artifact from 19 to 20
 (#9186)

Bumps [dawidd6/action-download-artifact](https://github.com/dawidd6/action-download-artifact) from 19 to 20.
- [Release notes](https://github.com/dawidd6/action-download-artifact/releases)
- [Commits](https://github.com/dawidd6/action-download-artifact/compare/8a338493df3d275e4a7a63bcff3b8fe97e51a927...8305c0f1062bb0d184d09ef4493ecb9288447732)

---
updated-dependencies:
- dependency-name: dawidd6/action-download-artifact
  dependency-version: '20'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/submit-to-do-issue.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/submit-to-do-issue.yml b/.github/workflows/submit-to-do-issue.yml
index 2f600a39850..5ec6846acd1 100644
--- a/.github/workflows/submit-to-do-issue.yml
+++ b/.github/workflows/submit-to-do-issue.yml
@@ -35,7 +35,7 @@ jobs:
       # The default artifact download action doesn't support cross-workflow
       # artifacts, so use a 3rd party one.
       - name: 'Download linting results'
-        uses: dawidd6/action-download-artifact@8a338493df3d275e4a7a63bcff3b8fe97e51a927
+        uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732
         with:
           workflow: ${{env.workflow_name}}
           run_id: ${{github.event.workflow_run.id }}

From 82c8ec2a9d37e3bed00d16030909b8b7d45ad2eb Mon Sep 17 00:00:00 2001
From: Wiktor Kopec <wiktork@microsoft.com>
Date: Sun, 5 Apr 2026 21:43:17 -0700
Subject: [PATCH 08/12] Fix parallel builds (try 2) (#9187)

---
 src/Tools/dotnet-monitor/dotnet-monitor.csproj | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/src/Tools/dotnet-monitor/dotnet-monitor.csproj b/src/Tools/dotnet-monitor/dotnet-monitor.csproj
index 34993f9604f..0be502b7c12 100644
--- a/src/Tools/dotnet-monitor/dotnet-monitor.csproj
+++ b/src/Tools/dotnet-monitor/dotnet-monitor.csproj
@@ -39,13 +39,15 @@
   <ItemGroup>
     <ProjectReference Include="..\..\Microsoft.Diagnostics.Monitoring.Options\Microsoft.Diagnostics.Monitoring.Options.csproj" />
     <ProjectReference Include="..\..\Microsoft.Diagnostics.Monitoring.WebApi\Microsoft.Diagnostics.Monitoring.WebApi.csproj" />
-    <!-- This is a build-ordering dependency only - we don't want this hook to appear directly in the our referenced libraries, we
-         need to customize it's layout. We _do_ however need to ensure that it _gets built_ before we build/publish. -->
+    <!-- This is a build-ordering dependency only - we don't want this hook to appear directly in our referenced libraries, we
+         need to customize its layout. We _do_ however need to ensure that it _gets built_ before we build/publish.
+         The actual publish of StartupHook is handled by PublishProjectsBeforePack (during pack) and
+         PublishProjectsAfterBuild in eng/AfterSolutionBuild.targets (during CI).
+         Do NOT add AdditionalProperties or Targets="Publish" here - doing so creates a separate MSBuild
+         project instance that races with test projects' references during parallel builds. -->
     <ProjectReference Include="..\..\Microsoft.Diagnostics.Monitoring.StartupHook\Microsoft.Diagnostics.Monitoring.StartupHook.csproj"
-      AdditionalProperties="RuntimeIdentifier=;PublishDir=$(StartupHookPublishPath)"
-      GlobalPropertiesToRemove="PublishSingleFile"
-      Targets="Publish"
-      ReferenceOutputAssembly="false" />
+      ReferenceOutputAssembly="false"
+      Private="false" />
   </ItemGroup>
 
   <ItemGroup>

From 8217015cbee1c5725c21818d6c36b75804bc2b2c Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Mon, 6 Apr 2026 10:21:30 -0700
Subject: [PATCH 09/12] Bump streetsidesoftware/cspell-action from 8.3.0 to
 8.4.0 (#9191)

Bumps [streetsidesoftware/cspell-action](https://github.com/streetsidesoftware/cspell-action) from 8.3.0 to 8.4.0.
- [Release notes](https://github.com/streetsidesoftware/cspell-action/releases)
- [Changelog](https://github.com/streetsidesoftware/cspell-action/blob/main/CHANGELOG.md)
- [Commits](https://github.com/streetsidesoftware/cspell-action/compare/9cd41bb518a24fefdafd9880cbab8f0ceba04d28...de2a73e963e7443969755b648a1008f77033c5b2)

---
updated-dependencies:
- dependency-name: streetsidesoftware/cspell-action
  dependency-version: 8.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 .github/workflows/spellcheck.yml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/.github/workflows/spellcheck.yml b/.github/workflows/spellcheck.yml
index 5b85eba8c85..e5ad211d602 100644
--- a/.github/workflows/spellcheck.yml
+++ b/.github/workflows/spellcheck.yml
@@ -17,7 +17,7 @@ jobs:
         with:
           persist-credentials: false
 
-      - uses: streetsidesoftware/cspell-action@9cd41bb518a24fefdafd9880cbab8f0ceba04d28
+      - uses: streetsidesoftware/cspell-action@de2a73e963e7443969755b648a1008f77033c5b2
         name: Documentation spellcheck
         if: ${{ !cancelled() }}
         with:
@@ -25,7 +25,7 @@ jobs:
             inline: error
             incremental_files_only: true
 
-      - uses: streetsidesoftware/cspell-action@9cd41bb518a24fefdafd9880cbab8f0ceba04d28
+      - uses: streetsidesoftware/cspell-action@de2a73e963e7443969755b648a1008f77033c5b2
         name: Resx spellcheck
         if: ${{ !cancelled() }}
         with:
@@ -33,7 +33,7 @@ jobs:
             inline: error
             incremental_files_only: true
 
-      - uses: streetsidesoftware/cspell-action@9cd41bb518a24fefdafd9880cbab8f0ceba04d28
+      - uses: streetsidesoftware/cspell-action@de2a73e963e7443969755b648a1008f77033c5b2
         name: Source code spellcheck
         if: ${{ !cancelled() }}
         with:

From ae6685a2384f04c06992bc285a21889e21655a89 Mon Sep 17 00:00:00 2001
From: kkeirstead <85592574+kkeirstead@users.noreply.github.com>
Date: Mon, 6 Apr 2026 17:19:49 -0700
Subject: [PATCH 10/12] Specify Versions for Failing Actions (#9200)

* Initial plan

* Update installAndRequirePackages to support versioned packages and pin @actions/core@2 and @actions/github@8

Agent-Logs-Url: https://github.com/kkeirstead/dotnet-monitor/sessions/2c2f479a-31d2-49bc-8656-541b8e2d2c55

Co-authored-by: kkeirstead <85592574+kkeirstead@users.noreply.github.com>

---------

Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
---
 .github/actions/action-utils.js               | 21 ++++++++++---------
 .../actions/generate-release-notes/index.js   |  2 +-
 .../learning-path-staleness-check/index.js    |  2 +-
 .github/actions/update-releases-json/index.js |  2 +-
 .github/actions/update-releases-md/index.js   |  2 +-
 5 files changed, 15 insertions(+), 14 deletions(-)

diff --git a/.github/actions/action-utils.js b/.github/actions/action-utils.js
index b401cf2a1ba..888b1da8b95 100644
--- a/.github/actions/action-utils.js
+++ b/.github/actions/action-utils.js
@@ -2,21 +2,22 @@ const util = require("util");
 const fs = require("fs");
 const jsExec = util.promisify(require("child_process").exec);
 
-module.exports.installAndRequirePackages = async function(...newPackages)
-{
+module.exports.installAndRequirePackages = async function (...packages) {
+    // Back-compat: allow strings ("@actions/core") as well as objects ({ name, version })
+    const normalized = packages.map(p => typeof p === "string" ? { name: p } : p);
+
+    const installSpecs = normalized.map(p =>
+        p.version ? `${p.name}@${p.version}` : p.name
+    );
+
     console.log("Installing npm dependency");
-    const { stdout, stderr } = await jsExec(`npm install ${newPackages.join(' ')}`);
+    const { stdout, stderr } = await jsExec(`npm install ${installSpecs.join(" ")}`);
     console.log("npm-install stderr:\n\n" + stderr);
     console.log("npm-install stdout:\n\n" + stdout);
     console.log("Finished installing npm dependencies");
 
-    let requiredPackages = [];
-    for (const packageName of newPackages) {
-        requiredPackages.push(require(packageName));
-    }
-
-    return requiredPackages;
-}
+    return normalized.map(p => require(p.name));
+};
 
 function splitVersionTag(tag) {
     const regex = /v(?<major>\d+)\.(?<minor>\d+)\.(?<patch>\d+)(-(?<versionLabel>[a-zA-Z]+)\.(?<iteration>\d+))?/;
diff --git a/.github/actions/generate-release-notes/index.js b/.github/actions/generate-release-notes/index.js
index f981e769965..68c063e7d15 100644
--- a/.github/actions/generate-release-notes/index.js
+++ b/.github/actions/generate-release-notes/index.js
@@ -5,7 +5,7 @@ const UpdateReleaseNotesLabel = "update-release-notes";
 const BackportLabel = "backport";
 
 async function run() {
-    const [core, github] = await actionUtils.installAndRequirePackages("@actions/core", "@actions/github");
+    const [core, github] = await actionUtils.installAndRequirePackages({ name: "@actions/core", version: "2" }, { name: "@actions/github", version: "8" });
 
     const octokit = github.getOctokit(core.getInput("auth_token", { required: true }));
 
diff --git a/.github/actions/learning-path-staleness-check/index.js b/.github/actions/learning-path-staleness-check/index.js
index 4d6a5ddc7c1..e466449a27d 100644
--- a/.github/actions/learning-path-staleness-check/index.js
+++ b/.github/actions/learning-path-staleness-check/index.js
@@ -202,7 +202,7 @@ function ValidateLinks(learningPathContents, repoURLToSearch, modifiedPRFiles, l
 
 const main = async () => {
 
-  const [core] = await actionUtils.installAndRequirePackages("@actions/core");
+  const [core] = await actionUtils.installAndRequirePackages({ name: "@actions/core", version: "2" });
 
   try {
     const learningPathDirectory = core.getInput('learningPathsDirectory', { required: true });
diff --git a/.github/actions/update-releases-json/index.js b/.github/actions/update-releases-json/index.js
index c93391508c0..35487e98b4f 100644
--- a/.github/actions/update-releases-json/index.js
+++ b/.github/actions/update-releases-json/index.js
@@ -2,7 +2,7 @@ const actionUtils = require('../action-utils.js');
 const path = require('path');
 
 async function run() {
-    const [core, github] = await actionUtils.installAndRequirePackages("@actions/core", "@actions/github");
+    const [core, github] = await actionUtils.installAndRequirePackages({ name: "@actions/core", version: "2" }, { name: "@actions/github", version: "8" });
 
     const releasesDataFile = core.getInput("releases_json_file", { required: true });
     let octokit = undefined;
diff --git a/.github/actions/update-releases-md/index.js b/.github/actions/update-releases-md/index.js
index 2290832036f..0739202f0fd 100644
--- a/.github/actions/update-releases-md/index.js
+++ b/.github/actions/update-releases-md/index.js
@@ -1,7 +1,7 @@
 const actionUtils = require('../action-utils.js');
 
 async function run() {
-    const [core, github] = await actionUtils.installAndRequirePackages("@actions/core", "@actions/github");
+    const [core, github] = await actionUtils.installAndRequirePackages({ name: "@actions/core", version: "2" }, { name: "@actions/github", version: "8" });
 
     const releasesDataFile = core.getInput("releases_json_file", { required: true });
     const outputFile = core.getInput("releases_md_file", { required: true });

From 91a7bd20fe45f0b68a6b99003c905d78eff67898 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Apr 2026 17:12:02 -0700
Subject: [PATCH 11/12] [main] Bump AWSSDK.SecurityToken from 4.0.5.17 to
 4.0.5.19 (#9202)

---
updated-dependencies:
- dependency-name: AWSSDK.SecurityToken
  dependency-version: 4.0.5.19
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 eng/dependabot/independent/Versions.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eng/dependabot/independent/Versions.props b/eng/dependabot/independent/Versions.props
index f979e906c57..7a83d2d4eba 100644
--- a/eng/dependabot/independent/Versions.props
+++ b/eng/dependabot/independent/Versions.props
@@ -15,7 +15,7 @@
     <NewtonsoftJsonVersion>13.0.4</NewtonsoftJsonVersion>
     <NJsonSchemaVersion>11.5.2</NJsonSchemaVersion>
     <AwsSdkS3Version>4.0.20.2</AwsSdkS3Version>
-    <AwsSdkSecurityTokenVersion>4.0.5.17</AwsSdkSecurityTokenVersion>
+    <AwsSdkSecurityTokenVersion>4.0.5.19</AwsSdkSecurityTokenVersion>
 
     <!--
       Moq version & constants derived from Moq.

From 28abf38f81460b36488cab9fb839eba461996fd1 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 7 Apr 2026 20:19:19 -0700
Subject: [PATCH 12/12] [main] Bump AWSSDK.S3 from 4.0.20.2 to 4.0.20.4 (#9201)

---
updated-dependencies:
- dependency-name: AWSSDK.S3
  dependency-version: 4.0.20.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
---
 eng/dependabot/independent/Versions.props | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eng/dependabot/independent/Versions.props b/eng/dependabot/independent/Versions.props
index 7a83d2d4eba..b24d54c3cba 100644
--- a/eng/dependabot/independent/Versions.props
+++ b/eng/dependabot/independent/Versions.props
@@ -14,7 +14,7 @@
     <!-- Third-party references -->
     <NewtonsoftJsonVersion>13.0.4</NewtonsoftJsonVersion>
     <NJsonSchemaVersion>11.5.2</NJsonSchemaVersion>
-    <AwsSdkS3Version>4.0.20.2</AwsSdkS3Version>
+    <AwsSdkS3Version>4.0.20.4</AwsSdkS3Version>
     <AwsSdkSecurityTokenVersion>4.0.5.19</AwsSdkSecurityTokenVersion>
 
     <!--