[SFI] Bump semantic kernel package and dependencies

[gwharris7]

This pull request updates several NuGet package dependencies to their latest versions in the src/Directory.Packages.props file. The main goal is to fix a security issue in Microsoft.SemanticKernel 1.65.0, while the rest of the updates depend on this package.

Dependency updates:

Azure and OpenAI packages:

• Upgraded Azure.Core from version 1.47.3 to 1.50.0.
• Upgraded Azure.AI.OpenAI from 2.3.0-beta.2 to 2.7.0-beta.2.
• Upgraded OpenAI from 2.4.0 to 2.7.0.

Semantic Kernel and related Microsoft AI packages:

• Upgraded Microsoft.SemanticKernel, Microsoft.SemanticKernel.Agents.Core, and Microsoft.SemanticKernel.Abstractions from 1.65.0 to 1.71.0.
• Upgraded Microsoft.Extensions.AI from 9.10.0 to 10.2.0 and Microsoft.Extensions.AI.OpenAI from 9.9.0-preview.1.25458.4 to 10.0.1-preview.1.25571.5.

.NET System and Microsoft Extensions packages:

• Upgraded System.Text.Json from 9.0.2 to 10.0.2.
• Upgraded Microsoft.Extensions.DependencyInjection, Microsoft.Extensions.DependencyInjection.Abstractions, and Microsoft.Extensions.Logging.Abstractions from 9.x to 10.0.2.

[github-actions]

⚠️ Deprecation Warning: The deny-licenses option is deprecated for possible removal in the next major release. For more information, see issue 997.

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Snapshot Warnings

⚠️: No snapshots were found for the head SHA 5107f5f.

Ensure that dependencies are being submitted on PR branches and consider enabling retry-on-snapshot-warnings. See the documentation for more information and troubleshooting advice.

Scanned Files

None

[Copilot]

Pull request overview

This PR updates centrally-managed NuGet package versions (via src/Directory.Packages.props) to address a security issue in Microsoft.SemanticKernel and to bring several related dependencies forward.

Changes:

• Bumped Microsoft.SemanticKernel* packages from 1.65.0 to 1.71.0.
• Updated Azure/OpenAI dependencies (Azure.Core, Azure.AI.OpenAI, OpenAI) to newer versions.
• Updated select Microsoft.Extensions.*, Microsoft.Extensions.AI*, and System.Text.Json package versions.

[Copilot]

The Microsoft.Extensions.* versions are now mixed across major versions (DependencyInjection/DependencyInjection.Abstractions/Logging.Abstractions at 10.0.2, but Logging and Logging.Console remain at 9.0.1). With central package management + transitive pinning enabled, this increases the likelihood of NuGet restore conflicts (major-version upper bounds) and/or runtime binding issues. Consider aligning all Microsoft.Extensions.* packages to the same major/minor (e.g., bump Logging/Console/Configuration/Hosting/etc. to 10.x as well, or keep the whole group on 9.x).

[Copilot]

Microsoft.Extensions.AI was bumped to 10.2.0 and Microsoft.Extensions.AI.OpenAI to 10.0.1-preview., but Microsoft.Extensions.AI.AzureAIInference remains on 9.9.0-preview.. If these packages are used together (as in Tooling.Extensions.AgentFramework), keeping them on different major versions can create restore-time version range conflicts or subtle API mismatches. Consider upgrading AzureAIInference to a 10.x-compatible version (or add a note explaining why it must stay on 9.x).

Suggested change

	<PackageVersion Include="Microsoft.Extensions.AI.AzureAIInference" Version="9.9.0-preview.1.25458.4" />
	<PackageVersion Include="Microsoft.Extensions.AI.AzureAIInference" Version="10.0.1-preview.1.25571.5" />

[Copilot]

System.Text.Json is pinned to 10.0.2 while the repo targets net8.0 and also has netstandard2.0 projects. Please verify that this System.Text.Json major version is compatible with netstandard2.0 (and all net8.0 projects) and does not introduce restore conflicts with other pinned Microsoft.Extensions.* 9.x dependencies; otherwise consider keeping it on the 9.x line or aligning the rest of the dependency graph to the same major.

Suggested change

	<PackageVersion Include="System.Text.Json" Version="10.0.2" />
	<PackageVersion Include="System.Text.Json" Version="9.0.0" />