Bump NuGet dependencies (Polyfill 10.0.0, Spectre.Console 0.55.0, TUnit 1.28.7)#423
Merged
Bump NuGet dependencies (Polyfill 10.0.0, Spectre.Console 0.55.0, TUnit 1.28.7)#423
Conversation
…8.7) - Polyfill 9.24.0 → 10.0.0 (major: Directory polyfills now use C# 14 extension syntax; not used via Polyfill.* in this repo) - Spectre.Console 0.54.0 → 0.55.0 (minor: Style is now a struct; not used directly in this repo) - Spectre.Console.ImageSharp 0.54.0 → 0.55.0 - TUnit 1.24.18 → 1.28.7 (minor: new AggregateException assertions, mock perf, race condition fix in parallel tests) Group all NuGet update types (major+minor+patch) in dependabot.yml to prevent future conflicts between standalone major-bump PRs and the minor/patch group PR. Extend the lock-file regeneration workflow to also run for deps/* branches (previously only triggered for dependabot[bot] actor). https://claude.ai/code/session_01TAbeYaM8tVgQZp7meWf3Qy
This was referenced Apr 7, 2026
Contributor
There was a problem hiding this comment.
Pull request overview
Consolidates multiple Dependabot updates into a single dependency bump and adjusts automation to reduce future dependency-update PR conflicts while keeping NuGet lock files in sync.
Changes:
- Bump NuGet package versions: Polyfill 10.0.0, Spectre.Console(+ImageSharp) 0.55.0, TUnit 1.28.7.
- Update Dependabot grouping to include major NuGet updates in the existing
nuget-dependenciesgroup. - Expand the lockfile-regeneration workflow to also run for PR branches prefixed with
deps/.
Reviewed changes
Copilot reviewed 10 out of 10 changed files in this pull request and generated 1 comment.
| File | Description |
|---|---|
| Directory.Packages.props | Updates centrally-managed NuGet dependency versions. |
| .github/workflows/dependabot-lockfile.yml | Broadens the lockfile-fix job trigger condition to include deps/* branches. |
| .github/dependabot.yml | Adds major to the NuGet dependency group’s update-types to avoid split PRs. |
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Consolidates the conflicting Dependabot PRs #421 and #422 into a single update.
Package updates
Breaking changes reviewed
Polyfill 10.0.0 — Six
Directory.*polyfill methods moved fromPolyfill.*static class to C# 14extension(Directory)syntax. This repo does not call anyPolyfill.EnumerateFiles/GetFiles/etc.methods directly, so no code changes needed. The existingLangVersion=previewalready satisfies the C# 14 requirement.Spectre.Console 0.55.0 —
Styleis now a struct;Renderextension method removed. Neither is used in this repo.TUnit 1.24.18 → 1.28.7 — Only breaking change is dropping net6/net7 TFMs, which does not affect this repo (targets net10.0).
Other changes
dependabot.yml: Addedmajorto thenuget-dependenciesgroup so all NuGet updates (major + minor + patch) land in a single PR, preventing future conflicts between major-bump standalone PRs and the minor/patch group PR.dependabot-lockfile.yml: Extended the lock-file regeneration workflow to also trigger fordeps/*branches (previously only ran fordependabot[bot]actor), so CI regenerates lock files for manual dependency update PRs.