chore(deps): update dependency microsoft.visualstudio.threading.analyzers to v18#6297
Merged
thomhurst merged 1 commit intoJun 22, 2026
Conversation
thomhurst
added
dependencies
thomhurst
had a problem deploying
to
Pull Requests
GitHub Actions
Failure
![claude[bot]](https://avatars.githubusercontent.com/in/1236702?s=60&v=4){kind=small}
Contributor
There was a problem hiding this comment.
Code Review
This is a single-line dependency bump of Microsoft.VisualStudio.Threading.Analyzers from 17.14.15 → 18.7.23 in Directory.Packages.props.
Assessment: Looks good ✓
Risk is low — this is an analyzer-only package (compile-time tooling, no runtime dependency), so a major version bump carries far less risk than a runtime library upgrade. No production code changes, no API surface changes for consumers.
Notable improvements in v18 that are particularly relevant to TUnit:
- NativeAOT safety attributes added — TUnit has a hard requirement that all code must work with Native AOT. The new trim/NativeAOT annotations in the analyzer itself align well with this project goal.
- False-positive fixes — VSTHRD110 (expression-valued scenarios), VSTHRD103 (sync extension methods with async alternatives, superset fix), and VSTHRD114 (null in ternary conditionals) were all causing incorrect diagnostics. Fewer false positives means cleaner CI signal.
- Regex performance improvement — slow regex removed from the analyzers; marginally faster build times.
One thing to watch: The major version jump (17 → 18) may surface new or stricter analyzer warnings on existing code that previously went undiagnosed. If the build treats warnings-as-errors (common with Roslyn analyzers), this could cause a build failure. The pending CI runs will confirm — the modularpipeline matrix jobs across Linux/macOS/Windows are the right signal here.
No action needed beyond letting CI pass.
Up to standards ✅🟢 Issues
|
| Metric | Results |
|---|---|
| Complexity | 0 |
NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.
thomhurst
deleted the
renovate/microsoft.visualstudio.threading.analyzers-18.x
branch
This was referenced Jun 24, 2026
Closed
This was referenced Jun 29, 2026
Open
Merged
github-actions Bot
pushed a commit
to IntelliTect/CodingGuidelines
that referenced
this pull request
Jun 29, 2026
Updated [TUnit.Core](https://github.com/thomhurst/TUnit) from 1.56.25 to 1.57.0. <details> <summary>Release notes</summary> _Sourced from [TUnit.Core's releases](https://github.com/thomhurst/TUnit/releases)._ ## 1.57.0 <!-- Release notes generated using configuration in .github/release.yml at v1.57.0 --> ## What's Changed ### Other Changes * perf(sourcegen): consolidate per-file ModuleInitializers into merged .cctor (#6226) by @thomhurst in thomhurst/TUnit#6286 * fix: resolve CS0121 IsEqualTo ambiguity on .NET 8 SDK (#6296) by @thomhurst in thomhurst/TUnit#6313 * chore(docs): apply Codacy markdownlint fixes by @thomhurst in thomhurst/TUnit#6284 * fix(mocks): generate mock for qualified-name X.Mock() calls (#6298) by @thomhurst in thomhurst/TUnit#6314 ### Dependencies * chore(deps): update tunit to 1.56.35 by @thomhurst in thomhurst/TUnit#6306 * chore(deps): update dependency stackexchange.redis to 3.0.7 by @thomhurst in thomhurst/TUnit#6307 * chore(deps): update dependency opentelemetry.instrumentation.http to 1.16.0 by @thomhurst in thomhurst/TUnit#6308 * chore(deps): update dependency opentelemetry.instrumentation.aspnetcore to 1.16.0 by @thomhurst in thomhurst/TUnit#6309 * chore(deps): update dependency qs to v6.15.3 by @thomhurst in thomhurst/TUnit#6310 * chore(deps): update dependency polyfill to 10.11.0 by @thomhurst in thomhurst/TUnit#6312 * chore(deps): update dependency polyfill to 10.11.0 by @thomhurst in thomhurst/TUnit#6311 * chore(deps): bump http-proxy-middleware from 2.0.9 to 2.0.10 in /docs by @dependabot[bot] in thomhurst/TUnit#6303 **Full Changelog**: thomhurst/TUnit@v1.56.35...v1.57.0 ## 1.56.35 <!-- Release notes generated using configuration in .github/release.yml at v1.56.35 --> ## What's Changed ### Other Changes * feat(aspire): tear down Aspire on test-run abort via session cancellation token by @thomhurst in thomhurst/TUnit#6292 ### Dependencies * chore(deps): update tunit to 1.56.25 by @thomhurst in thomhurst/TUnit#6294 * chore(deps): update dependency microsoft.visualstudio.threading.analyzers to v18 by @thomhurst in thomhurst/TUnit#6297 * chore(deps): update dependency microsoft.net.test.sdk to 18.7.0 by @thomhurst in thomhurst/TUnit#6300 * chore(deps): update dependency microsoft.playwright to 1.61.0 by @thomhurst in thomhurst/TUnit#6302 * chore(deps): update actions/cache action to v6 by @thomhurst in thomhurst/TUnit#6301 * chore(deps): update dependency azure.storage.blobs to 12.29.1 by @thomhurst in thomhurst/TUnit#6304 **Full Changelog**: thomhurst/TUnit@v1.56.25...v1.56.35 Commits viewable in [compare view](thomhurst/TUnit@v1.56.25...v1.57.0). </details> [](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
This was referenced Jun 29, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
17.14.15→18.7.23Release Notes
microsoft/vs-threading (Microsoft.VisualStudio.Threading.Analyzers)
v18.7.23What's Changed
Fixes
CancellationToken.Combinewith 3+ cancelable tokens by @AArnott in #1443Enhancements
JoinableTaskFactory.DisableProcessing()by @AArnott in #1576NoMessagePumpSyncContext..ctor(SynchronizationContext)for Post/Send behaviors by @AArnott in #1578IPendingExecutionRequestStateinterface to expose completion state ofSingleExecuteProtectorby @lifengl in #1447New Contributors
Full Changelog: microsoft/vs-threading@v17.14.15...v18.7.23
Configuration
📅 Schedule: (UTC)
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate.