Skip to content

Bump the nuget group with 3 updates#47

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/src/InstallerClean.Core/nuget-c8a07eb9c7
Closed

Bump the nuget group with 3 updates#47
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/nuget/src/InstallerClean.Core/nuget-c8a07eb9c7

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Updated NSubstitute from 5.3.0 to 6.0.0.

Release notes

Sourced from NSubstitute's releases.

6.0.0

ℹ️ No changes from Release Candidate 1.

NSubstitute v6.0.0

From RC1 notes:

  • [NEW] ArgMatchers.Matching predicate matcher as an alternative to Is(Expression<Predicate<T>>. (.NET6 and above.)
  • [UPDATE] Improved support for custom argument matchers. Arg.Is now accepts arg matchers.
  • [UPDATE][BREAKING] Update target frameworks: .NET8, .NET Standard 2.0
  • [UPDATE][BREAKING] Remove legacy obsolete API
  • [UPDATE][BREAKING] Mark as obsolete api CompatArg with pre c# 7.0 support
  • [UPDATE][BREAKING] Nullability is enabled for public api for .NET 8+ TFMs
  • [UPDATE] Migrate documentation to docfx platform and update samples to NUnit 4
  • [NEW] Added NuGet Package README file.

Full change list

6.0.0-rc.1

NSubstitute v6.0.0 Release Candidate 1

Due to the large number of changes in this release, we wanted to start with a release candidate to ensure we've correctly captured breaking changes.

  • [NEW] ArgMatchers.Matching predicate matcher as an alternative to Is(Expression<Predicate<T>>. (.NET6 and above.)
  • [UPDATE] Improved support for custom argument matchers. Arg.Is now accepts arg matchers.
  • [UPDATE][BREAKING] Update target frameworks: .NET8, .NET Standard 2.0
  • [UPDATE][BREAKING] Remove legacy obsolete API
  • [UPDATE][BREAKING] Mark as obsolete api CompatArg with pre c# 7.0 support
  • [UPDATE][BREAKING] Nullability is enabled for public api for .NET 8+ TFMs
  • [UPDATE] Migrate documentation to docfx platform and update samples to NUnit 4
  • [NEW] Added NuGet Package README file.

Full change list

Commits viewable in compare view.

Updated System.IO.Abstractions from 22.1.1 to 22.2.0.

Release notes

Sourced from System.IO.Abstractions's releases.

22.2.0

What's Changed

Commits viewable in compare view.

Updated System.IO.Abstractions.TestingHelpers from 22.1.1 to 22.2.0.

Release notes

Sourced from System.IO.Abstractions.TestingHelpers's releases.

22.2.0

What's Changed

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps NSubstitute from 5.3.0 to 6.0.0
Bumps System.IO.Abstractions from 22.1.1 to 22.2.0
Bumps System.IO.Abstractions.TestingHelpers from 22.1.1 to 22.2.0

---
updated-dependencies:
- dependency-name: NSubstitute
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: nuget
- dependency-name: System.IO.Abstractions
  dependency-version: 22.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget
- dependency-name: System.IO.Abstractions.TestingHelpers
  dependency-version: 22.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: nuget
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added .NET Pull requests that update .NET code dependencies Pull requests that update a dependency file labels Jul 13, 2026
FarmLox added a commit that referenced this pull request Jul 13, 2026
… 6.0.0

Supersedes Dependabot's PR #47, which failed CI with NU1004. Dependabot
regenerated only three of the four packages.lock.json files: it left
src/InstallerClean.Cli/packages.lock.json recording the old
System.IO.Abstractions [22.1.1, ) range for its InstallerClean.Core project
reference, so a locked-mode restore of the CLI saw Core's dependencies change
under it. It also dropped the System.Diagnostics.EventLog transitive entry from
the GUI's lock file. All four locks here are regenerated together with
--force-evaluate, so every project's recorded view of Core's dependencies
matches Core itself.

NSubstitute 6.0.0 enables nullable annotations on its public API, which types
the lambda parameter of Arg.Is<T> as nullable. The eight predicates that
dereference it now guard on null, so a null argument fails to match and reports
as an unmatched call rather than throwing out of the matcher.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
@dependabot @github

dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are no longer updatable, so this is no longer needed.

@dependabot dependabot Bot closed this Jul 13, 2026
@dependabot
dependabot Bot deleted the dependabot/nuget/src/InstallerClean.Core/nuget-c8a07eb9c7 branch July 13, 2026 08:34
FarmLox added a commit that referenced this pull request Jul 13, 2026
Dependabot's NuGet updater rewrites only some of the four packages.lock.json
files when the package it moves lives in InstallerClean.Core, whose dependency
ranges the GUI, CLI and Tests locks each record separately. PR #47 left the CLI
lock on the superseded System.IO.Abstractions range and dropped a live
System.Diagnostics.EventLog transitive entry from the GUI lock, which CI's
locked-mode restore rejected with NU1004. The new relock job restores the
solution with --force-evaluate on the bot's branch and pushes whatever it
missed, so the PR presents the locks CI actually validates. It is a no-op on
bumps to a package only one project uses, which is why the earlier ones merged.

The job runs on the same windows-2025 image as the CI restore. GitHub does not
chain workflow runs off a GITHUB_TOKEN push, so the CI run for the pushed commit
arrives in an approval-required state and needs "Approve and run"; that is the
price of doing this without granting Actions a personal access token, which for
this repository is the wrong trade.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
FarmLox added a commit that referenced this pull request Jul 19, 2026
Addresses every actionable finding from the independent ship-readiness
review at non-repo-files/v1.5.4-ship-readiness-review.md. Findings
that the review flagged but explicitly did not fix here are documented
inline with their reasoning.

Native interop (latent UB; harmless on x64 by ABI luck):
- SHFILEOPSTRUCT: Pack=8 -> Pack=1 to match the Windows SDK's
  pshpack1.h declaration. Pack=8 inserted 4 bytes of padding before
  pFrom on x64, putting the C# field at offset 16 while the kernel
  reads from offset 12 - the shell happened to read field-aligned
  bytes that just so happened to look right.
- MSIHANDLE: changed from IntPtr (8 bytes on x64) to uint (4 bytes,
  matching `typedef unsigned long MSIHANDLE` in msi.h). The IntPtr
  signature would crash on x86 where the calling convention pushes
  8 bytes for a 4-byte argument. Cascaded the type change through
  Msi.cs and MsiFileInfoService.cs.
- X509Certificate.CreateFromSignedFile result is now disposed too
  (was leaked until finalisation; the X509Certificate2 wrapper
  duplicates the handle so the inner needs its own using).

Operation correctness:
- F5 keybinding (and any other Re-scan trigger) now gates on
  Cleanup.IsOperating and Completion.IsComplete via a new
  ScanViewModel.IsExternallyBlocked flag flipped from MainViewModel.
  Without this, F5 during a Move started a parallel scan that raced
  the active operation.
- EnumeratePatches now throws InvalidOperationException after
  MaxConsecutiveNonSuccess just like EnumerateProducts does. The
  silent break would have left real-but-superseded patches missing
  from the result set, classifying them as orphaned and offering
  them for cleanup.
- EnumeratePatches now Array.Clear's its GUID buffers between
  iterations, matching EnumerateProducts.
- Pre-flight write probe in CleanupViewModel.MoveAllAsync is now
  cancellable: the operationCts is created BEFORE the probe (was
  after), so the Cancel button on the operating overlay actually
  cancels rather than waiting out the SMB timeout. The probe also
  goes through the injected IFileSystem so MockFileSystem-driven
  tests don't hit real disk.
- Settings file lost-update race fixed: SaveAfterDelayAsync re-loads
  before saving, copies MoveDestination onto the freshly-loaded
  AppSettings, then writes. Previously, the cached _settings instance
  could clobber updates the detail-window code-behinds wrote
  (window-size persistence) while the user was typing in the move-
  destination textbox.
- PruneEmptySubdirectories called with CancellationToken.None: best-
  effort cleanup, not an operation the user's Cancel should
  re-classify a successful Move/Delete as cancelled.
- Move/DeleteFailed status pill now also includes the crash log path,
  so users can find detail rather than guess where to look.
- Maximize/Restore button glyph now updates with the window state.

Path leakage under elevation:
- DescribeWriteFailure no longer routes ex.Message into the dialog.
  Even an IOException's .Message can carry paths from outside the
  user's typed destination (lock-holder process paths, NTFS
  resolution chains); under elevation those could be paths from
  another user's profile. Caller now writes to crash log first,
  passes the log path through DescribeWriteFailure, and the dialog
  body shows only the user's own dest plus the log-path pointer.
  Resx patterns updated; matching tests inverted.
- ScanViewModel generic-exception catch shows a dialog (was status
  pill only, easily missed).
- DispatcherUnhandledException in App.xaml.cs guards against re-
  entry: a second exception during the MessageBox's nested message
  pump no longer stacks two dialogs / two log entries.

CLI:
- Rejects extra positional args for /s, /d (silent truncation
  before); /m allows args[1] only.
- /m PATH path with unquoted spaces ("/m D:\My Backup") used to
  become "D:\My" with no warning.
- Three-state exit code: 0 success, 2 partial success, 1 full
  failure. Documented in --help. Sysadmin retry policies can now
  distinguish "all files failed" from "1 of 100 failed".
- DeletingFiles / MovingFiles status messages take a pluralised
  noun parameter so "1 files" is no longer printed for single-
  orphan runs.
- Console.CancelKeyPress handler registered BEFORE the mutex
  acquisition so a Ctrl+C in the gap prints "Cancelling..."
  gracefully.
- Pre-mutex-cancel path also unhooks the cancel handler before
  return, matching the post-finally cleanup.

Threading / state:
- ScanViewModel re-samples HasPendingReboot AFTER the scan await,
  not before. Sampling before could publish a stale "no pending
  reboot" if Windows Update queued a reboot during a multi-second
  scan, allowing Move/Delete to enable on stale state.
- PropertyChanged-based MoveDestination binding (was LostFocus): the
  400 ms debounce now actually earns its keep (per-keystroke updates
  let the placeholder hide on the first character and the Move
  button enable as soon as the path becomes non-empty), and the
  debounce prevents save thrashing.
- MoveAllAsync uses the captured `dest` consistently (was reading
  MoveDestination live for confirmation / move call / restore-hint
  string), closing a race where a fast user could change the
  textbox between IsInstallerFolderOrChild validation and the Move
  service call.

Localisation:
- Strings.en-GB.resx deleted: it was a 1:1 duplicate of the neutral
  resx, and the project's NeutralLanguage is en-GB so .NET fallback
  already returned the neutral resource for en-GB consumers. The
  satellite assembly was loaded but its content was identical.
  Maintenance trap eliminated.
- Resx patterns added: Cli.Help.ExitCodes* (the new --help block),
  Cli.PendingRebootBlocked, Cli.EventLogPendingRebootBlocked.

UX polish:
- Result overlay tab-cycles inside the overlay's two buttons (was
  cycling through main-window buttons behind the overlay until
  focus eventually landed on Close).
- Result overlay has a 1px slate border so it reads as a layered
  window instead of a free-floating block.
- Click on the dim margin around the result overlay dismisses it.
- Maximize/Restore button glyph swaps between U+25A1 and U+2750.
- Result-screen errors block is now keyboard-focusable so screen
  readers can read it (overrides SelectableText style's
  IsTabStop=False locally).
- AboutWindow Close button gets AutomationProperties.Name (was
  inconsistent with the four other windows' close buttons).
- SubtleLink hyperlinks now underline on hover so the link is
  discoverable without relying on colour shift alone.

Tests:
- DescribeWriteFailureTests: inverted to assert the inner exception
  message does NOT leak and the log path DOES surface.
- MainViewModelTests timing-coupled debounce wait now reads
  CleanupViewModel.MoveDestinationSaveDelay (made internal)
  instead of hardcoding 700 ms.
- OrphanedFilesViewModelTests dispose-cancel test uses
  TaskCompletionSource (await-based) instead of
  DateTime.UtcNow polling.
- PendingRebootServiceTests removed the tautological
  Assert.IsType<bool>(svc.HasPendingReboot()) test.
- PruneEmptySubdirectoriesTests gated on the
  INSTALLERCLEAN_TEST_PRUNE=1 env var so they don't delete real
  installer-folder subdirs on dev/CI hosts.
- InstallerClean.Tests.csproj sets RestorePackagesWithLockFile=true
  so test dependency drift can't mask production behaviour.

Project notes drift:
- The notes said neutral resx is en-US; actually en-GB. Fixed and
  noted the en-GB.resx satellite removal.
- The notes said only Core has SupportedOSPlatform; CLI has it too.
  Now mentions both.
- "Nothing currently blocking" replaced with a pointer to the latest
  ship-readiness review.
- MEMORY.md "no ex.Message to UI" claim qualified with the documented
  inline exceptions (DescribeWriteFailure, ScanViewModel's
  InvalidOperationException catch).

Findings explicitly NOT actioned (with reasoning):
- #18, #25, #59 are duplicates of #1, #11.
- #31 EventTrigger animation paths: reviewer's own conclusion was
  "no fix unless profiler shows it".
- #32 Process.Start as Admin: would require explorer-token-drop
  machinery; deferred (a click-once-per-session UX paper-cut).
- #36, #41, #44, #48, #53, #54, #57: reviewer confirmed not bugs.
- #40 RescanRequested via constructor: reviewer's "not a bug today".
- #43 AllowsTransparency: acceptable trade-off for confirm dialogs.
- #45, #46 manifest version: cosmetic.
- #47 Inno [Files] precondition: release-script concern, not
  shipped product.
- #55, #56: minor UX nits.
- #58 CrashLog.Write return success/failure: would change the
  signature across every caller; out of scope for a fixup pass.

178/178 tests passed before this commit; running on Windows after.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
FarmLox added a commit that referenced this pull request Jul 19, 2026
… 6.0.0

Supersedes Dependabot's PR #47, which failed CI with NU1004. Dependabot
regenerated only three of the four packages.lock.json files: it left
src/InstallerClean.Cli/packages.lock.json recording the old
System.IO.Abstractions [22.1.1, ) range for its InstallerClean.Core project
reference, so a locked-mode restore of the CLI saw Core's dependencies change
under it. It also dropped the System.Diagnostics.EventLog transitive entry from
the GUI's lock file. All four locks here are regenerated together with
--force-evaluate, so every project's recorded view of Core's dependencies
matches Core itself.

NSubstitute 6.0.0 enables nullable annotations on its public API, which types
the lambda parameter of Arg.Is<T> as nullable. The eight predicates that
dereference it now guard on null, so a null argument fails to match and reports
as an unmatched call rather than throwing out of the matcher.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
FarmLox added a commit that referenced this pull request Jul 19, 2026
Dependabot's NuGet updater rewrites only some of the four packages.lock.json
files when the package it moves lives in InstallerClean.Core, whose dependency
ranges the GUI, CLI and Tests locks each record separately. PR #47 left the CLI
lock on the superseded System.IO.Abstractions range and dropped a live
System.Diagnostics.EventLog transitive entry from the GUI lock, which CI's
locked-mode restore rejected with NU1004. The new relock job restores the
solution with --force-evaluate on the bot's branch and pushes whatever it
missed, so the PR presents the locks CI actually validates. It is a no-op on
bumps to a package only one project uses, which is why the earlier ones merged.

The job runs on the same windows-2025 image as the CI restore. GitHub does not
chain workflow runs off a GITHUB_TOKEN push, so the CI run for the pushed commit
arrives in an approval-required state and needs "Approve and run"; that is the
price of doing this without granting Actions a personal access token, which for
this repository is the wrong trade.

Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file .NET Pull requests that update .NET code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants