From 947fab9ba1deb2884ca2579438fa59e89996bfbf Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 19 Sep 2025 12:53:46 +0000 Subject: [PATCH 01/13] Initial plan From 7500406eab1ac558afc5341c49556ae4aeec20c9 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 19 Sep 2025 12:58:25 +0000 Subject: [PATCH 02/13] Add Dependabot configuration for automated dependency updates Co-authored-by: eiriktsarpalis <2813363+eiriktsarpalis@users.noreply.github.com> --- .github/dependabot.yml | 63 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 63 insertions(+) create mode 100644 .github/dependabot.yml diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 000000000..cb3406e6a --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,63 @@ +# Configuration for Dependabot automatic dependency updates +# See https://docs.github.com/en/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file + +version: 2 +updates: + # Monitor NuGet packages + - package-ecosystem: "nuget" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "06:00" + # Group Microsoft packages together to reduce PR noise + groups: + microsoft-extensions: + patterns: + - "Microsoft.Extensions.*" + microsoft-aspnetcore: + patterns: + - "Microsoft.AspNetCore.*" + microsoft-identity: + patterns: + - "Microsoft.IdentityModel.*" + microsoft-build-tools: + patterns: + - "Microsoft.SourceLink.*" + - "Microsoft.NET.Test.Sdk" + - "Microsoft.Bcl.*" + system-packages: + patterns: + - "System.*" + opentelemetry: + patterns: + - "OpenTelemetry.*" + serilog: + patterns: + - "Serilog.*" + testing: + patterns: + - "xunit.*" + - "coverlet.*" + - "GitHubActionsTestLogger" + - "Moq" + # Limit the number of open pull requests for NuGet to 10 + open-pull-requests-limit: 10 + # Add labels to dependency update PRs + labels: + - "dependencies" + - "nuget" + + # Monitor GitHub Actions + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" + day: "monday" + time: "06:00" + # Limit the number of open pull requests for GitHub Actions to 5 + open-pull-requests-limit: 5 + # Add labels to GitHub Actions update PRs + labels: + - "dependencies" + - "github-actions" \ No newline at end of file From 62805a04c8f89f8c3b483d0622bec669c946d08e Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 19 Sep 2025 12:59:48 +0000 Subject: [PATCH 03/13] Add Dependabot documentation and complete onboarding Co-authored-by: eiriktsarpalis <2813363+eiriktsarpalis@users.noreply.github.com> --- .github/DEPENDABOT.md | 59 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 .github/DEPENDABOT.md diff --git a/.github/DEPENDABOT.md b/.github/DEPENDABOT.md new file mode 100644 index 000000000..21fb4b27f --- /dev/null +++ b/.github/DEPENDABOT.md @@ -0,0 +1,59 @@ +# Dependabot Configuration + +This repository uses [GitHub Dependabot](https://docs.github.com/en/code-security/dependabot) for automated dependency updates. + +## Configuration + +The Dependabot configuration is defined in [`.github/dependabot.yml`](.github/dependabot.yml) and monitors: + +### NuGet Packages +- **Schedule**: Weekly updates on Monday at 06:00 UTC +- **Target**: All packages defined in `Directory.Packages.props` (Central Package Management) +- **Grouping**: Related packages are grouped together to reduce PR noise: + - `microsoft-extensions`: Microsoft.Extensions.* packages (15 packages) + - `microsoft-aspnetcore`: Microsoft.AspNetCore.* packages (2 packages) + - `microsoft-identity`: Microsoft.IdentityModel.* packages + - `microsoft-build-tools`: Build and testing Microsoft packages + - `system-packages`: System.* packages (9 packages) + - `opentelemetry`: OpenTelemetry.* packages (5 packages) + - `serilog`: Serilog.* packages (5 packages) + - `testing`: Testing frameworks (xunit, Moq, coverlet, etc.) + +### GitHub Actions +- **Schedule**: Weekly updates on Monday at 06:00 UTC +- **Target**: All workflow files in `.github/workflows/` +- **Limit**: Maximum 5 concurrent pull requests + +## How It Works + +1. **Dependency Detection**: Dependabot scans `Directory.Packages.props` for NuGet package versions and `.github/workflows/*.yml` for GitHub Actions +2. **Update Checks**: Every Monday at 06:00 UTC, Dependabot checks for newer versions +3. **Grouped Updates**: Related packages are updated together in single PRs to reduce maintenance overhead +4. **Pull Request Creation**: Dependabot creates PRs with: + - Descriptive titles and changelogs + - Labels: `dependencies`, `nuget` or `github-actions` + - Automatic conflict resolution when possible + +## Verification + +After configuration deployment, you can verify Dependabot is working by: + +1. **Check Insights**: Go to repository → Insights → Dependency graph → Dependabot +2. **Monitor PRs**: Watch for PRs from `dependabot[bot]` with `dependencies` label +3. **Review Logs**: Check the Dependabot tab in repository settings for update logs + +## Maintenance + +- **Adding New Groups**: Update the `groups` section in `dependabot.yml` for new package families +- **Changing Schedule**: Modify the `schedule` section to adjust update frequency +- **Adjusting Limits**: Change `open-pull-requests-limit` to control concurrent PRs + +## Troubleshooting + +If Dependabot isn't creating updates: +1. Check the repository has Dependabot enabled in Settings → Security & analysis +2. Verify the configuration syntax using a YAML validator +3. Review Dependabot logs in repository Settings → Insights → Dependency graph → Dependabot +4. Ensure the target directories and files exist and are accessible + +For more information, see the [official Dependabot documentation](https://docs.github.com/en/code-security/dependabot). \ No newline at end of file From 66ba4f4166e6a6edf4712c65e6855a9dd02f2f87 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 19 Sep 2025 13:08:25 +0000 Subject: [PATCH 04/13] Refactor Dependabot config to only update testing dependencies and remove documentation Co-authored-by: eiriktsarpalis <2813363+eiriktsarpalis@users.noreply.github.com> --- .github/DEPENDABOT.md | 59 ------------------------------ .github/dependabot.yml | 82 +++++++++++++++++++++++++++--------------- 2 files changed, 53 insertions(+), 88 deletions(-) delete mode 100644 .github/DEPENDABOT.md diff --git a/.github/DEPENDABOT.md b/.github/DEPENDABOT.md deleted file mode 100644 index 21fb4b27f..000000000 --- a/.github/DEPENDABOT.md +++ /dev/null @@ -1,59 +0,0 @@ -# Dependabot Configuration - -This repository uses [GitHub Dependabot](https://docs.github.com/en/code-security/dependabot) for automated dependency updates. - -## Configuration - -The Dependabot configuration is defined in [`.github/dependabot.yml`](.github/dependabot.yml) and monitors: - -### NuGet Packages -- **Schedule**: Weekly updates on Monday at 06:00 UTC -- **Target**: All packages defined in `Directory.Packages.props` (Central Package Management) -- **Grouping**: Related packages are grouped together to reduce PR noise: - - `microsoft-extensions`: Microsoft.Extensions.* packages (15 packages) - - `microsoft-aspnetcore`: Microsoft.AspNetCore.* packages (2 packages) - - `microsoft-identity`: Microsoft.IdentityModel.* packages - - `microsoft-build-tools`: Build and testing Microsoft packages - - `system-packages`: System.* packages (9 packages) - - `opentelemetry`: OpenTelemetry.* packages (5 packages) - - `serilog`: Serilog.* packages (5 packages) - - `testing`: Testing frameworks (xunit, Moq, coverlet, etc.) - -### GitHub Actions -- **Schedule**: Weekly updates on Monday at 06:00 UTC -- **Target**: All workflow files in `.github/workflows/` -- **Limit**: Maximum 5 concurrent pull requests - -## How It Works - -1. **Dependency Detection**: Dependabot scans `Directory.Packages.props` for NuGet package versions and `.github/workflows/*.yml` for GitHub Actions -2. **Update Checks**: Every Monday at 06:00 UTC, Dependabot checks for newer versions -3. **Grouped Updates**: Related packages are updated together in single PRs to reduce maintenance overhead -4. **Pull Request Creation**: Dependabot creates PRs with: - - Descriptive titles and changelogs - - Labels: `dependencies`, `nuget` or `github-actions` - - Automatic conflict resolution when possible - -## Verification - -After configuration deployment, you can verify Dependabot is working by: - -1. **Check Insights**: Go to repository → Insights → Dependency graph → Dependabot -2. **Monitor PRs**: Watch for PRs from `dependabot[bot]` with `dependencies` label -3. **Review Logs**: Check the Dependabot tab in repository settings for update logs - -## Maintenance - -- **Adding New Groups**: Update the `groups` section in `dependabot.yml` for new package families -- **Changing Schedule**: Modify the `schedule` section to adjust update frequency -- **Adjusting Limits**: Change `open-pull-requests-limit` to control concurrent PRs - -## Troubleshooting - -If Dependabot isn't creating updates: -1. Check the repository has Dependabot enabled in Settings → Security & analysis -2. Verify the configuration syntax using a YAML validator -3. Review Dependabot logs in repository Settings → Insights → Dependency graph → Dependabot -4. Ensure the target directories and files exist and are accessible - -For more information, see the [official Dependabot documentation](https://docs.github.com/en/code-security/dependabot). \ No newline at end of file diff --git a/.github/dependabot.yml b/.github/dependabot.yml index cb3406e6a..86e9da2b2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -3,50 +3,74 @@ version: 2 updates: - # Monitor NuGet packages + # Monitor testing dependencies only - package-ecosystem: "nuget" directory: "/" schedule: interval: "weekly" day: "monday" time: "06:00" - # Group Microsoft packages together to reduce PR noise + # Only update testing dependencies, not product dependencies + allow: + - dependency-name: "Anthropic.SDK" + - dependency-name: "coverlet.collector" + - dependency-name: "GitHubActionsTestLogger" + - dependency-name: "Microsoft.Extensions.AI.OpenAI" + - dependency-name: "Microsoft.Extensions.DependencyInjection" + - dependency-name: "Microsoft.Extensions.Hosting" + - dependency-name: "Microsoft.Extensions.Logging" + - dependency-name: "Microsoft.Extensions.Logging.Console" + - dependency-name: "Microsoft.Extensions.Options" + - dependency-name: "Microsoft.Extensions.TimeProvider.Testing" + - dependency-name: "Microsoft.NET.Test.Sdk" + - dependency-name: "Moq" + - dependency-name: "OpenTelemetry" + - dependency-name: "OpenTelemetry.Exporter.InMemory" + - dependency-name: "OpenTelemetry.Exporter.OpenTelemetryProtocol" + - dependency-name: "OpenTelemetry.Instrumentation.Http" + - dependency-name: "OpenTelemetry.Extensions.Hosting" + - dependency-name: "OpenTelemetry.Instrumentation.AspNetCore" + - dependency-name: "Serilog.Extensions.Hosting" + - dependency-name: "Serilog.Extensions.Logging" + - dependency-name: "Serilog.Sinks.Console" + - dependency-name: "Serilog.Sinks.Debug" + - dependency-name: "Serilog.Sinks.File" + - dependency-name: "Serilog" + - dependency-name: "System.Linq.AsyncEnumerable" + - dependency-name: "xunit.v3" + - dependency-name: "xunit.runner.visualstudio" + - dependency-name: "System.Net.Http" + - dependency-name: "JsonSchema.Net" + # Group testing dependencies to reduce PR noise groups: - microsoft-extensions: - patterns: - - "Microsoft.Extensions.*" - microsoft-aspnetcore: - patterns: - - "Microsoft.AspNetCore.*" - microsoft-identity: - patterns: - - "Microsoft.IdentityModel.*" - microsoft-build-tools: - patterns: - - "Microsoft.SourceLink.*" - - "Microsoft.NET.Test.Sdk" - - "Microsoft.Bcl.*" - system-packages: - patterns: - - "System.*" - opentelemetry: - patterns: - - "OpenTelemetry.*" - serilog: - patterns: - - "Serilog.*" - testing: + testing-frameworks: patterns: - "xunit.*" + - "Microsoft.NET.Test.Sdk" - "coverlet.*" - "GitHubActionsTestLogger" - "Moq" - # Limit the number of open pull requests for NuGet to 10 - open-pull-requests-limit: 10 + microsoft-extensions-testing: + patterns: + - "Microsoft.Extensions.DependencyInjection" + - "Microsoft.Extensions.Hosting" + - "Microsoft.Extensions.Logging" + - "Microsoft.Extensions.Logging.Console" + - "Microsoft.Extensions.Options" + - "Microsoft.Extensions.TimeProvider.Testing" + - "Microsoft.Extensions.AI.OpenAI" + opentelemetry-testing: + patterns: + - "OpenTelemetry*" + serilog-testing: + patterns: + - "Serilog*" + # Limit the number of open pull requests for testing dependencies + open-pull-requests-limit: 5 # Add labels to dependency update PRs labels: - "dependencies" - - "nuget" + - "testing" # Monitor GitHub Actions - package-ecosystem: "github-actions" From a585d3caec2a1cec23ba92ae20fadf3af318a0db Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 19 Sep 2025 13:35:25 +0000 Subject: [PATCH 05/13] Remove redundant allow list and use groups + ignore instead Co-authored-by: eiriktsarpalis <2813363+eiriktsarpalis@users.noreply.github.com> --- .github/dependabot.yml | 52 ++++++++++++++++++------------------------ 1 file changed, 22 insertions(+), 30 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 86e9da2b2..758b916b3 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -11,36 +11,7 @@ updates: day: "monday" time: "06:00" # Only update testing dependencies, not product dependencies - allow: - - dependency-name: "Anthropic.SDK" - - dependency-name: "coverlet.collector" - - dependency-name: "GitHubActionsTestLogger" - - dependency-name: "Microsoft.Extensions.AI.OpenAI" - - dependency-name: "Microsoft.Extensions.DependencyInjection" - - dependency-name: "Microsoft.Extensions.Hosting" - - dependency-name: "Microsoft.Extensions.Logging" - - dependency-name: "Microsoft.Extensions.Logging.Console" - - dependency-name: "Microsoft.Extensions.Options" - - dependency-name: "Microsoft.Extensions.TimeProvider.Testing" - - dependency-name: "Microsoft.NET.Test.Sdk" - - dependency-name: "Moq" - - dependency-name: "OpenTelemetry" - - dependency-name: "OpenTelemetry.Exporter.InMemory" - - dependency-name: "OpenTelemetry.Exporter.OpenTelemetryProtocol" - - dependency-name: "OpenTelemetry.Instrumentation.Http" - - dependency-name: "OpenTelemetry.Extensions.Hosting" - - dependency-name: "OpenTelemetry.Instrumentation.AspNetCore" - - dependency-name: "Serilog.Extensions.Hosting" - - dependency-name: "Serilog.Extensions.Logging" - - dependency-name: "Serilog.Sinks.Console" - - dependency-name: "Serilog.Sinks.Debug" - - dependency-name: "Serilog.Sinks.File" - - dependency-name: "Serilog" - - dependency-name: "System.Linq.AsyncEnumerable" - - dependency-name: "xunit.v3" - - dependency-name: "xunit.runner.visualstudio" - - dependency-name: "System.Net.Http" - - dependency-name: "JsonSchema.Net" + # Dependencies are controlled via the groups below # Group testing dependencies to reduce PR noise groups: testing-frameworks: @@ -65,6 +36,27 @@ updates: serilog-testing: patterns: - "Serilog*" + other-testing: + patterns: + - "Anthropic.SDK" + - "System.Linq.AsyncEnumerable" + - "System.Net.Http" + - "JsonSchema.Net" + # Ignore all product dependencies to only update testing dependencies + ignore: + - dependency-name: "Microsoft.Bcl.Memory" + - dependency-name: "Microsoft.Extensions.Hosting.Abstractions" + - dependency-name: "Microsoft.Extensions.Logging.Abstractions" + - dependency-name: "System.Diagnostics.DiagnosticSource" + - dependency-name: "System.IO.Pipelines" + - dependency-name: "System.Text.Json" + - dependency-name: "System.Threading.Channels" + - dependency-name: "Microsoft.AspNetCore.Authentication.JwtBearer" + - dependency-name: "Microsoft.IdentityModel.Tokens" + - dependency-name: "Microsoft.Extensions.AI.Abstractions" + - dependency-name: "Microsoft.Extensions.AI" + - dependency-name: "System.Net.ServerSentEvents" + - dependency-name: "Microsoft.SourceLink.GitHub" # Limit the number of open pull requests for testing dependencies open-pull-requests-limit: 5 # Add labels to dependency update PRs From bf436d40643577f08af4f706579d2563faa33160 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 19 Sep 2025 13:41:35 +0000 Subject: [PATCH 06/13] Use wildcard patterns in ignore list for cleaner configuration Co-authored-by: eiriktsarpalis <2813363+eiriktsarpalis@users.noreply.github.com> --- .github/dependabot.yml | 22 ++++++++++++---------- 1 file changed, 12 insertions(+), 10 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 758b916b3..7b86883cc 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -42,21 +42,23 @@ updates: - "System.Linq.AsyncEnumerable" - "System.Net.Http" - "JsonSchema.Net" - # Ignore all product dependencies to only update testing dependencies + # Ignore product dependencies - only allow testing dependencies in groups above ignore: - - dependency-name: "Microsoft.Bcl.Memory" + # Ignore all Microsoft product dependencies except those explicitly in testing groups - dependency-name: "Microsoft.Extensions.Hosting.Abstractions" - - dependency-name: "Microsoft.Extensions.Logging.Abstractions" - - dependency-name: "System.Diagnostics.DiagnosticSource" - - dependency-name: "System.IO.Pipelines" - - dependency-name: "System.Text.Json" - - dependency-name: "System.Threading.Channels" - - dependency-name: "Microsoft.AspNetCore.Authentication.JwtBearer" - - dependency-name: "Microsoft.IdentityModel.Tokens" + - dependency-name: "Microsoft.Extensions.Logging.Abstractions" - dependency-name: "Microsoft.Extensions.AI.Abstractions" - dependency-name: "Microsoft.Extensions.AI" + - dependency-name: "Microsoft.AspNetCore.*" + - dependency-name: "Microsoft.IdentityModel.*" + - dependency-name: "Microsoft.Bcl.*" + - dependency-name: "Microsoft.SourceLink.*" + # Ignore all System product dependencies except those explicitly in testing groups + - dependency-name: "System.Diagnostics.*" + - dependency-name: "System.IO.*" + - dependency-name: "System.Text.*" + - dependency-name: "System.Threading.*" - dependency-name: "System.Net.ServerSentEvents" - - dependency-name: "Microsoft.SourceLink.GitHub" # Limit the number of open pull requests for testing dependencies open-pull-requests-limit: 5 # Add labels to dependency update PRs From cb8e9e83be57bf563b85ba3e5e4dde6d9854d13b Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 19 Sep 2025 13:55:27 +0000 Subject: [PATCH 07/13] Add Microsoft.Extensions.AI group and remove from ignore list Co-authored-by: eiriktsarpalis <2813363+eiriktsarpalis@users.noreply.github.com> --- .github/dependabot.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 7b86883cc..3e1ed8f58 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -21,6 +21,9 @@ updates: - "coverlet.*" - "GitHubActionsTestLogger" - "Moq" + microsoft-extensions-ai: + patterns: + - "Microsoft.Extensions.AI*" microsoft-extensions-testing: patterns: - "Microsoft.Extensions.DependencyInjection" @@ -29,7 +32,6 @@ updates: - "Microsoft.Extensions.Logging.Console" - "Microsoft.Extensions.Options" - "Microsoft.Extensions.TimeProvider.Testing" - - "Microsoft.Extensions.AI.OpenAI" opentelemetry-testing: patterns: - "OpenTelemetry*" @@ -47,8 +49,6 @@ updates: # Ignore all Microsoft product dependencies except those explicitly in testing groups - dependency-name: "Microsoft.Extensions.Hosting.Abstractions" - dependency-name: "Microsoft.Extensions.Logging.Abstractions" - - dependency-name: "Microsoft.Extensions.AI.Abstractions" - - dependency-name: "Microsoft.Extensions.AI" - dependency-name: "Microsoft.AspNetCore.*" - dependency-name: "Microsoft.IdentityModel.*" - dependency-name: "Microsoft.Bcl.*" From 0db13e0cba938be7388a16dbc7c1ccdcd0f9c51c Mon Sep 17 00:00:00 2001 From: Eirik Tsarpalis Date: Fri, 19 Sep 2025 16:57:37 +0300 Subject: [PATCH 08/13] Update .github/dependabot.yml --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 3e1ed8f58..157a72c68 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -23,7 +23,7 @@ updates: - "Moq" microsoft-extensions-ai: patterns: - - "Microsoft.Extensions.AI*" + - "Microsoft.Extensions.AI.*" microsoft-extensions-testing: patterns: - "Microsoft.Extensions.DependencyInjection" From 97d82a6e0d77a07c207cba1e58bef8641f2b048f Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 19 Sep 2025 14:00:24 +0000 Subject: [PATCH 09/13] Move microsoft-extensions-ai group to top of groups section Co-authored-by: eiriktsarpalis <2813363+eiriktsarpalis@users.noreply.github.com> --- .github/dependabot.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 157a72c68..77be63fa7 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -14,6 +14,9 @@ updates: # Dependencies are controlled via the groups below # Group testing dependencies to reduce PR noise groups: + microsoft-extensions-ai: + patterns: + - "Microsoft.Extensions.AI.*" testing-frameworks: patterns: - "xunit.*" @@ -21,9 +24,6 @@ updates: - "coverlet.*" - "GitHubActionsTestLogger" - "Moq" - microsoft-extensions-ai: - patterns: - - "Microsoft.Extensions.AI.*" microsoft-extensions-testing: patterns: - "Microsoft.Extensions.DependencyInjection" From 231d13e3b3b6ef7ec46cc45c40732556617aa3fa Mon Sep 17 00:00:00 2001 From: Eirik Tsarpalis Date: Fri, 19 Sep 2025 17:01:29 +0300 Subject: [PATCH 10/13] Update .github/dependabot.yml --- .github/dependabot.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 77be63fa7..69ca54806 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -46,7 +46,7 @@ updates: - "JsonSchema.Net" # Ignore product dependencies - only allow testing dependencies in groups above ignore: - # Ignore all Microsoft product dependencies except those explicitly in testing groups + # Ignore all Microsoft product dependencies except those explicitly defined in groups. - dependency-name: "Microsoft.Extensions.Hosting.Abstractions" - dependency-name: "Microsoft.Extensions.Logging.Abstractions" - dependency-name: "Microsoft.AspNetCore.*" From 26105b1e950adee41144cf8601e12fc039c8d723 Mon Sep 17 00:00:00 2001 From: Eirik Tsarpalis Date: Fri, 19 Sep 2025 17:02:42 +0300 Subject: [PATCH 11/13] Update .github/dependabot.yml --- .github/dependabot.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 69ca54806..94b5889e2 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -10,9 +10,8 @@ updates: interval: "weekly" day: "monday" time: "06:00" - # Only update testing dependencies, not product dependencies # Dependencies are controlled via the groups below - # Group testing dependencies to reduce PR noise + # Group dependencies to reduce PR noise groups: microsoft-extensions-ai: patterns: From f105c41dff5d1860ea2f9756020c577314a87bda Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Fri, 10 Oct 2025 13:15:04 +0000 Subject: [PATCH 12/13] Remove packages with fixed version strings from dependency groups Co-authored-by: eiriktsarpalis <2813363+eiriktsarpalis@users.noreply.github.com> --- .github/dependabot.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 94b5889e2..16e187056 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -30,7 +30,6 @@ updates: - "Microsoft.Extensions.Logging" - "Microsoft.Extensions.Logging.Console" - "Microsoft.Extensions.Options" - - "Microsoft.Extensions.TimeProvider.Testing" opentelemetry-testing: patterns: - "OpenTelemetry*" @@ -47,7 +46,9 @@ updates: ignore: # Ignore all Microsoft product dependencies except those explicitly defined in groups. - dependency-name: "Microsoft.Extensions.Hosting.Abstractions" - - dependency-name: "Microsoft.Extensions.Logging.Abstractions" + - dependency-name: "Microsoft.Extensions.Logging.Abstractions" + - dependency-name: "Microsoft.Extensions.AI.OpenAI" + - dependency-name: "Microsoft.Extensions.TimeProvider.Testing" - dependency-name: "Microsoft.AspNetCore.*" - dependency-name: "Microsoft.IdentityModel.*" - dependency-name: "Microsoft.Bcl.*" From 1d52f2a2c8f76d43f4199400d761e0ebb65574ec Mon Sep 17 00:00:00 2001 From: Eirik Tsarpalis Date: Fri, 10 Oct 2025 17:36:38 +0300 Subject: [PATCH 13/13] remove Microsoft.Extensions packages --- .github/dependabot.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.github/dependabot.yml b/.github/dependabot.yml index 16e187056..7ffd6a269 100644 --- a/.github/dependabot.yml +++ b/.github/dependabot.yml @@ -13,9 +13,6 @@ updates: # Dependencies are controlled via the groups below # Group dependencies to reduce PR noise groups: - microsoft-extensions-ai: - patterns: - - "Microsoft.Extensions.AI.*" testing-frameworks: patterns: - "xunit.*" @@ -23,13 +20,6 @@ updates: - "coverlet.*" - "GitHubActionsTestLogger" - "Moq" - microsoft-extensions-testing: - patterns: - - "Microsoft.Extensions.DependencyInjection" - - "Microsoft.Extensions.Hosting" - - "Microsoft.Extensions.Logging" - - "Microsoft.Extensions.Logging.Console" - - "Microsoft.Extensions.Options" opentelemetry-testing: patterns: - "OpenTelemetry*"