Consolidate Dependabot version bumps#883
Conversation
|
Follow-up note on this PR: I added a small guidance update in Reason for the change: these package-upgrade tests exposed a misleading failure mode. The branch initially looked red with native This comment is here so reviewers understand why this guidance changed as part of a dependency-upgrade PR rather than in a separate cleanup PR. |
There was a problem hiding this comment.
Pull request overview
Note
Copilot was unable to run its full agentic suite in this review.
Consolidates multiple Dependabot updates into a single dependency refresh across GitHub Actions and .NET package version pins, including a targeted hold on Microsoft.Extensions.DependencyModel due to runtime compatibility concerns.
Changes:
- Bumped transitive/pinned .NET package versions (incl. several
System.*packages) and refreshed SIL ecosystem version properties. - Updated
NativeBuildto reference the dedicatedSilLibPalasoL10nsVersionproperty forSIL.LibPalaso.L10ns. - Updated the GitHub Actions release step to a newer pinned commit of
softprops/action-gh-release.
Reviewed changes
Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.
Show a summary per file
| File | Description |
|---|---|
| Directory.Packages.props | Updates transitive pins and refines the rationale for keeping DependencyModel at 9.0.14. |
| Build/Src/NativeBuild/NativeBuild.csproj | Switches SIL.LibPalaso.L10ns to use a dedicated version property. |
| Build/SilVersions.props | Bumps SIL-related version properties and adjusts formatting. |
| .github/workflows/base-installer-cd.yml | Updates the pinned commit for the release action. |
| .github/skills/verify-test/SKILL.md | Expands verification guidance around clean builds; modifies constraints. |
| .github/instructions/build.instructions.md | Updates docs to recommend build.ps1 -Clean in relevant scenarios. |
| 1. **Select verification steps** | ||
| - Choose the minimal tests or checks that validate acceptance signals. | ||
| - If stale intermediates or copied outputs could invalidate the result, include a clean validation pass. | ||
| 2. **Run verification** | ||
| - Execute builds/tests or manual checks as appropriate. | ||
| - For FieldWorks, run `./build.ps1 -Clean` before validation when switching branches or worktrees, upgrading package versions, suspecting stale `Obj/` or `Output/` artifacts, or any time you need a fully clean validation baseline. | ||
| - After the clean step, rerun the normal scripted verification commands such as `./build.ps1`, `./test.ps1`, or the narrow scripted slice you are validating. |
| - Summarize verification coverage and gaps. | ||
| </workflow> | ||
|
|
||
| <constraints> |
| <Project> | ||
| <!-- | ||
| <!-- | ||
| ============================================================= | ||
| SIL ECOSYSTEM VERSION PROPERTIES | ||
| Single source of truth for all SIL dependency versions. |
| <PackageVersion Include="System.Resources.Extensions" Version="9.0.16" /> | ||
| <!-- DependencyModel: icu.net wants 2.0.4, ParatextData wants >= 9.0.9. | ||
| Pin to 9.0.14 which is backward compatible with 2.0.4 API surface. --> | ||
| Keep 9.0.14 until icu.net can load newer assembly identities. --> |
|
@copilot apply changes based on the comments in this thread |
Supersedes Dependabot PRs #859, #860, and #861.
What changed from each one:
softprops/action-gh-releasefrom 2.6.1 to 3.0.0, which moves the action to the Node 24 runtime.System.Drawing.Common,System.Reflection.Metadata,System.Resources.Extensions, andSystem.Security.Permissions. TheNativeBuildproject now uses the dedicatedSilLibPalasoL10nsVersionproperty forSIL.LibPalaso.L10ns.Microsoft.Extensions.DependencyModeland the SIL/Core family. I verified the latest versions independently, but keptMicrosoft.Extensions.DependencyModelat 9.0.14 because 9.0.16 breaks ICU initialization in the .NET Framework test host.Validation:
.�uild.ps1succeeded.. est.ps1still has remaining native/Views failures: 2215 passed, 72 failed, 53 skipped. The failures are access violations in_VwRootBoxClass.Layoutplus nativeTestViewsexiting -1.Notes:
DependencyModel9.0.16 is not viable here.This change is