chore(deps): bump EF Core 10.0.2 → 10.0.8 to unblock Dependabot PR #32

[emeraldleaf]

Summary

Unblocks PR #32 (Dependabot bump of the `microsoft-extensions` group, 10 updates). That PR's CI fails restore with NU1605:

```
Microsoft.EntityFrameworkCore.Design 10.0.2
→ Microsoft.EntityFrameworkCore.Relational 10.0.8
→ Microsoft.EntityFrameworkCore (>= 10.0.8)
```

The project pins EF Core to 10.0.2 in `Directory.Packages.props`, but the transitive graph through one of the bumped Microsoft.Extensions packages demands `>= 10.0.8`. `TreatWarningsAsErrors` flips NU1605 into a hard fail in restore, which cascades into `integration-tests` and `CodeQL` (no build → nothing to test or analyze).

Main is green today (last green: c19fbee) — this is PR-specific. Bumping EF Core to the floor the transitive graph already needs is the smallest fix.

Changes

Bumps four EF Core packages in lockstep (Microsoft ships these together — mixing versions is the failure mode this PR resolves):

Package	From	To
Microsoft.EntityFrameworkCore	10.0.2	10.0.8
Microsoft.EntityFrameworkCore.Design	10.0.2	10.0.8
Microsoft.EntityFrameworkCore.Relational	10.0.2	10.0.8
Microsoft.EntityFrameworkCore.SqlServer	10.0.2	10.0.8

Intentionally NOT bumped

• `Microsoft.Extensions.Diagnostics.HealthChecks.EntityFrameworkCore` — part of the Microsoft.Extensions group. Dependabot owns it on PR Bump the microsoft-extensions group with 10 updates #32; touching it here would conflict on rebase.
• `Npgsql.EntityFrameworkCore.PostgreSQL` (10.0.0) — independent Npgsql versioning, not coupled to EF Core's 10.0.x patch cadence. CatalogService + ShippingService use it; restore + build pass cleanly with the EF Core bump.

Verification

• ✅ `dotnet restore` — clean, no NU1605
• ✅ `dotnet build` — succeeds under `TreatWarningsAsErrors`, 0 errors, 1 pre-existing CS0436 warning in benchmarks (present on main; unrelated to this bump)

Follow-up

Once this lands on main, comment `@dependabot rebase` on PR #32. The microsoft-extensions group bump picks up the new EF Core floor and the downgrade error disappears.

Why this is option (b)

Option (a) was "push the EF Core bump directly onto PR #32's branch." Option (b) (this PR) keeps a clean audit trail: EF Core bump and Microsoft.Extensions group bump land as separate, attributable commits on main. Cleaner if Dependabot ever force-pushes the group-bump branch.

🤖 Generated with Claude Code

Summary by CodeRabbit

• Chores
  • Updated core database framework dependencies to version 10.0.8.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: ASSERTIVE

Plan: Pro Plus

Run ID: 7d25136d-c110-4aeb-b774-4115ef7882f0

📥 Commits

Reviewing files that changed from the base of the PR and between c19fbee and 53a3466.

📒 Files selected for processing (1)

• Directory.Packages.props

---

Walkthrough

This PR updates Entity Framework Core package versions from 10.0.2 to 10.0.8 in the centrally managed dependency configuration. Four related packages are bumped together: Microsoft.EntityFrameworkCore, Microsoft.EntityFrameworkCore.Design, Microsoft.EntityFrameworkCore.Relational, and Microsoft.EntityFrameworkCore.SqlServer.

Changes

Dependency Updates

Layer / File(s)	Summary
Entity Framework Core version upgrade Directory.Packages.props	Microsoft.EntityFrameworkCore, Microsoft.EntityFrameworkCore.Design, Microsoft.EntityFrameworkCore.Relational, and Microsoft.EntityFrameworkCore.SqlServer are upgraded from version 10.0.2 to 10.0.8 in the central package management file.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and specifically describes the main change: bumping Entity Framework Core from version 10.0.2 to 10.0.8, and explains the purpose (unblocking Dependabot PR #32).
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Linked Issues check	✅ Passed	Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check	✅ Passed	Check skipped because no linked issues were found for this pull request.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch chore/bump-ef-core-10.0.8

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.

📢 Thoughts on this report? Let us know!

[emeraldleaf]

Closing as duplicate of #33.

PR #33 is Dependabot's automated EF Core bump that does exactly what this PR does (10.0.2 → 10.0.8 on all four packages), AND additionally bumps `Npgsql.EntityFrameworkCore.PostgreSQL 10.0.0 → 10.0.1`. It's been sitting green since 2026-05-26 — I just missed it when audit-walking the queue before opening this PR.

#33 is the better merge target because:

• It's already CI-green (no rebuild needed)
• It includes the Npgsql bump that this PR skipped
• It's Dependabot-authored, so the upstream-version-update audit trail stays intact

Action: merge #33, then `@dependabot rebase` on PR #32 to pick up the new EF Core floor.