Skip to content

build: Bump the testing group with 6 updates#171

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/testing-191f779a68
Closed

build: Bump the testing group with 6 updates#171
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/nuget/testing-191f779a68

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 23, 2026
edited
Loading

Updated AwesomeAssertions from 9.3.0 to 9.4.0.

Release notes

Sourced from AwesomeAssertions's releases.

9.4.0

What's Changed

New features

Improvements

Fixes

Documentation

Dependencies

Commits viewable in compare view.

Updated coverlet.collector from 6.0.4 to 8.0.1.

Release notes

Sourced from coverlet.collector's releases.

8.0.1

Fixed

  • Fix [BUG] TypeInitializationException when targeting .NET Framework #​1818
  • Fix [BUG] coverlet.MTP build fails with CS0400 due to developmentDependency=true #​1827

Improvements

  • Additional improvements needed for .NET Framework instrumentation type import #​1825

Diff between 8.0.0 and 8.0.1

8.0.0

Special Thanks: A huge thank you to @​Bertk for driving the majority of the work in this release! 🎉

Fixed

Improvements

  • Coverlet MTP extension feature #​1788
  • Generate SBOM for nuget packages #​1752
  • Use multi targets projects for coverlet.collector, coverlet.msbuild.tasks packages #​1742
  • Use .NET 8.0 target framework for coverlet.core and remove Newtonsoft.Json #​1733
  • Use latest System.CommandLine version #​1660
  • Upgraded minimum required .NET SDK and runtime to .NET 8.0 LTS (Long Term Support) (Breaking Change)
  • Use xunit.v3 for tests and example code

Diff between 6.0.4 and 8.0.0

Commits viewable in compare view.

Updated Moq.Analyzers from 0.4.0 to 0.4.2.

Release notes

Sourced from Moq.Analyzers's releases.

0.4.2

Moq.Analyzers 0.4.2 🎉

This is a focused patch release with one mission: squash a false positive that was getting in the way of real-world LINQ-to-Mocks usage. If you've been seeing Moq1302 warnings on perfectly valid code, this one's for you. 🎯

A big thank you to @​abatishchev for reporting the issue with a clear, actionable reproduction. Community reports like this make all the difference.

🐛 False Positive Fix for Moq1302

What was happening

If you were using Mock.Of with a comparison expression — something totally normal like this:

Mock.Of<Response>(static r => r.Status == StatusCodes.Status200OK)

…you'd get a warning:

⚠️ Moq1302: Invalid member 'StatusCodes.Status200OK' in LINQ to Mocks expression

But there's nothing wrong with that code. It compiles, it runs, and it's how LINQ-to-Mocks expressions are supposed to work. The right-hand side of the comparison (StatusCodes.Status200OK) is just a constant — it's not a mock setup member. The analyzer shouldn't have been looking at it at all. 😬

The same false positive appeared with enum values, static fields, external locals, and other non-mock expressions on the right-hand side of ==, &&, or || comparisons.

How it was fixed

The fix introduces a lambda parameter guard: before the analyzer flags a member access, it now walks the receiver chain to check whether the operation is actually rooted in the lambda parameter (i.e., the r in r => r.Status == ...).

A new IsRootedInLambdaParameter() extension method traces the receiver chain — through property accesses, method calls, and conversions — all the way back to the lambda parameter. If the chain doesn't terminate in the lambda parameter, the member is silently skipped. Static members, constants, and external references pass right through without a warning.

The guard is applied only to leaf member operations (property references, method calls). Composite operations like && and || still get decomposed normally, so chained comparisons like r.Prop == "a" && r.Other == "b" continue to be fully analyzed. No false negatives.

As a bonus, MoqKnownSymbols is now threaded through the entire analysis chain instead of being recreated mid-analysis, and nested Mock.Of calls are excluded early to prevent false positives from inner mock expressions.

🧪 Comprehensive Test Coverage

This release adds 961 new lines of test code covering the full surface area of the fix (#​1020):

  • ✅ Static members and constants on the right-hand side of comparisons
  • ✅ Enum value comparisons
  • ✅ Chained && / || expressions
  • ✅ Nested Mock.Of calls
  • ✅ Deep receiver chain walking edge cases

👥 Contributors

Thank you to everyone who reported bugs and provided reproduction cases:

... (truncated)

0.4.1

Moq.Analyzers 0.4.1

This is a patch release addressing critical bugs reported after v0.4.0.

🐛 Bug Fixes

Moq1203 False Positives

  • #​849 - Fixed incorrect Moq1203 flagging after upgrading to v0.4.0. The analyzer now correctly resolves delegate-overload resolution for ReturnsAsync, Callback, and similar chained methods. (#​886, #​919)
  • #​887 - Fixed Moq1203 false positive when the Setup call is wrapped in parentheses. (#​895)

Parenthesized Expression Handling

  • #​896 - Fixed parenthesized expressions breaking syntax chain walking in Moq1100 and Moq1206 analyzers. (#​907)

Assembly Loading

  • #​850 - Resolved CS8032 warning caused by System.Collections.Immutable assembly version mismatch. (#​888)

🤝 Contributors

Thank you to everyone who reported bugs, provided reproduction cases, and engaged in issue discussions to help make this release possible:

🔗 Resources

💬 Feedback

If you encounter any issues or have suggestions:

Thank you for using Moq.Analyzers!

0.4.1-alpha

v0.4.1-alpha

Prerelease containing 3 bug fixes since v0.4.0 to rebuild confidence with users.

Bug Fixes

  • fix: Moq1203 false positives for ReturnsAsync and Callback chaining (#​886)
  • fix: resolve CS8032 assembly version mismatch (#​850) (#​888)
  • fix: Moq1203 false positive when Setup call is wrapped in parentheses (#​895)

Critical: CS8032 Fix

v0.4.0 shipped DLLs that referenced System.Collections.Immutable versions incompatible with .NET 8 SDK hosts, causing CS8032 warnings on every build. This release downgrades the transitive dependency pins and adds CI load tests to prevent recurrence.

Commits viewable in compare view.

Updated Reqnroll from 3.3.1 to 3.3.3.

Release notes

Sourced from Reqnroll's releases.

3.3.3

Improvements:

  • Improve binding discovery so that the discovery can continue even if the attributes of a type fail to load (#​1006)

Bug fixes:

  • Fix: xUnit VB.NET generates code with async warning (#​1009)
  • Fix: disableFriendlyTestNames doesn't work in Reqnroll 3.3.2 (#​1013)

Contributors of this release (in alphabetical order): @​clrudolphi

3.3.2

Bug fixes:

  • Fix: Partially defined CI Environment variables (missing relevant environment variables) cause missing Meta envelope in Cucumber Messages report and Javascript errors in HTML report. (#​990)
  • Fix: Visual Studio Test Explorer does not navigate to the correct source line for MsTest v4 tests when 'ReqnrollUseIntermediateOutputPathForCodeBehind' is enabled. (#​997)
  • Fix: Visual Studio Test Explorer does not navigate to the correct source line for TUnit tests. (#​997)

Contributors of this release (in alphabetical order): @​clrudolphi, @​gasparnagy

Commits viewable in compare view.

Updated Reqnroll.xUnit from 3.3.1 to 3.3.3.

Release notes

Sourced from Reqnroll.xUnit's releases.

3.3.3

Improvements:

  • Improve binding discovery so that the discovery can continue even if the attributes of a type fail to load (#​1006)

Bug fixes:

  • Fix: xUnit VB.NET generates code with async warning (#​1009)
  • Fix: disableFriendlyTestNames doesn't work in Reqnroll 3.3.2 (#​1013)

Contributors of this release (in alphabetical order): @​clrudolphi

3.3.2

Bug fixes:

  • Fix: Partially defined CI Environment variables (missing relevant environment variables) cause missing Meta envelope in Cucumber Messages report and Javascript errors in HTML report. (#​990)
  • Fix: Visual Studio Test Explorer does not navigate to the correct source line for MsTest v4 tests when 'ReqnrollUseIntermediateOutputPathForCodeBehind' is enabled. (#​997)
  • Fix: Visual Studio Test Explorer does not navigate to the correct source line for TUnit tests. (#​997)

Contributors of this release (in alphabetical order): @​clrudolphi, @​gasparnagy

Commits viewable in compare view.

Updated xunit.analyzers from 1.26.0 to 1.27.0.

Release notes

Sourced from xunit.analyzers's releases.

No release notes found for this version range.

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build: Bump the testing group with 6 updates
a181f71 
Bumps AwesomeAssertions from 9.3.0 to 9.4.0
Bumps coverlet.collector from 6.0.4 to 8.0.1
Bumps Moq.Analyzers from 0.4.0 to 0.4.2
Bumps Reqnroll from 3.3.1 to 3.3.3
Bumps Reqnroll.xUnit from 3.3.1 to 3.3.3
Bumps xunit.analyzers from 1.26.0 to 1.27.0

---
updated-dependencies:
- dependency-name: AwesomeAssertions
  dependency-version: 9.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: testing
- dependency-name: coverlet.collector
  dependency-version: 8.0.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: testing
- dependency-name: Moq.Analyzers
  dependency-version: 0.4.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: testing
- dependency-name: Reqnroll
  dependency-version: 3.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: testing
- dependency-name: Reqnroll.xUnit
  dependency-version: 3.3.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: testing
- dependency-name: xunit.analyzers
  dependency-version: 1.27.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: testing
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 23, 2026

Labels

The following labels could not be found: dependencies, nuget. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.

@dependabot dependabot bot requested a review from mcj-coder as a code owner March 23, 2026 06:20
@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 23, 2026

This Dependabot PR contains a version-update:semver-major update and requires manual review before merging.

@github-actions
Copy link
Copy Markdown

github-actions bot commented Mar 23, 2026
edited
Loading




Fails
🚫 PR must have a Summary or Description section.
🚫 PR must have auto-merge enabled. Enable via PR settings → "Enable auto-merge".

This ensures PRs are merged automatically once all checks pass.
🚫 PR title subject should start with lowercase.

Current: "build: Bump the testing group with 6 updates"

The subject after the colon should start with a lowercase letter.
🚫 PR body must contain an issue reference.

Add one of the following to your PR description:

This ensures traceability between commits and issues.

Generated by 🚫 dangerJS against a181f71

@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 30, 2026

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot bot closed this Mar 30, 2026
@dependabot dependabot bot deleted the dependabot/nuget/testing-191f779a68 branch March 30, 2026 06:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mcj-coder mcj-coder Awaiting requested review from mcj-coder mcj-coder is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants