Upgrade dependencies, fix MA0074 build errors, and group dependabot updates#2545
Merged
Merged
Conversation
…dates Supersedes sebastienros#2544, which failed to build because the Meziantou.Analyzer 3.0.101 -> 3.0.109 bump promotes MA0074 (use a Contains overload with a StringComparison) and warnings are treated as errors. Add StringComparison.Ordinal to the five flagged string.Contains calls in the Intl code; this is behaviour-identical (string.Contains(string) already compares ordinally) and matches the adjacent EndsWith(..., Ordinal) calls. Bring all packages to their latest stable versions so we don't have to update again shortly (prereleases/betas intentionally skipped): - ICU4N 60.1.0-alpha.439 -> .440 - Meziantou.Analyzer 3.0.101 -> 3.0.109 - Microsoft.Extensions.DependencyInjection 10.0.8 -> 10.0.9 - Microsoft.Extensions.TimeProvider.Testing 10.6.0 -> 10.7.0 - Verify.NUnit 31.19.0 -> 31.20.0 - YantraJS.Core 1.2.405 -> 1.2.406 - BenchmarkDotNet.TestAdapter 0.13.12 -> 0.15.8 (aligns with BenchmarkDotNet) - Microsoft.NET.Test.Sdk 18.6.0 -> 18.7.0 - System.Text.Json 10.0.8 -> 10.0.9 - Spectre.Console.Cli 0.45.0 -> 0.55.0 - Zio 0.22.2 -> 0.24.0 Replace the catch-all dependabot "all-dependencies" group with logical groups (analyzers, testing, benchmark, js-engine-comparisons, acornima, microsoft) so weekly update PRs are cohesive instead of one large mixed PR. Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com> Claude-Session: https://claude.ai/code/session_013iGpTz8AqQM1m6eRoF9jDr
970c908 to
24f6868
Compare
This was referenced Jun 24, 2026
This was referenced Jun 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
#2544 (the weekly Dependabot bump) fails to build on every platform. The root cause is the Meziantou.Analyzer
3.0.101→3.0.109bump, which promotes MA0074 (use aContainsoverload that takes aStringComparison). Because warnings are treated as errors, five existingstring.Contains(string)calls in the Intl code break the build:Jint/Native/Intl/JsNumberFormat.cs(3 sites)Jint/Native/Intl/LocaleConstructor.csJint/Native/Intl/DisplayNamesPrototype.csWhat
Fix the build (MA0074) — add
StringComparison.Ordinalto the five flagged calls. This is behaviour-identical:string.Contains(string)already performs an ordinal comparison, andOrdinalmatches the adjacentEndsWith(..., StringComparison.Ordinal)calls in the same methods.Upgrade all packages to their latest stable versions (so we don't have to update again right away; prereleases/betas were intentionally skipped):
The first six rows are the bumps originally proposed by #2544; the rest bring the remaining packages current. Packages with only prerelease updates available (M.E.DI 11.0-preview, Newtonsoft.Json 13.0.5-beta1, System.Text.Json 11.0-preview, xunit 4.0-pre, Spectre 1.0-alpha) were left on their latest stable.
Improve Dependabot grouping — replace the single catch-all
all-dependenciesgroup with logical, purpose-based groups so each weekly PR is cohesive and easy to review/revert instead of one large mixed bump:analyzers— Meziantou.Analyzer, Microsoft.CodeAnalysis.*, PolySharptesting— xunit, NUnit, test SDK, assertion/helper libraries, Verify, Test262Harness, etc.benchmark— BenchmarkDotNet*js-engine-comparisons— Jurassic, NiL.JS, YantraJS.Coreacornima— the lockstep parser packagesmicrosoft— remainingMicrosoft.*/System.*runtime packagesGroups are ordered most-specific first since Dependabot assigns each dependency to the first matching group.
Testing
dotnet build --configuration Release— succeeds, 0 warnings / 0 errorsJint.Tests— 3131 passed (net10.0), 3069 passed (net472), 0 failedJint.Tests.CommonScripts— 28 passed on both TFMsJint.Tests.PublicInterface— all green exceptCanUseTimeProvideron net472, which is a pre-existing timing-sensitive test (a 100 ms window around the real system clock on cold-start JIT) that fails identically on unmodifiedmain; none of the bumped packages are on its code path.This PR supersedes #2544.
🤖 Generated with Claude Code