We use Dependabot to notify the team of any updates to dependencies. Once a week the robot will scan our dependencies and raise a pull-request if a new version is found. If an existing open pull-request is found for a dependency it will be closed and replaced with a new pull-request. The behavior of the robot is controlled by this configuration file.
These dependencies don't change the public API surface and are typically safe to merge and we could potentially configure mergify to automatically merge them if CI passes:
- BenchmarkDotNet
- FluentAssertions
- NUnit3TestAdapter
- NUnit.Runners
- Microsoft.AppCenter
- Microsoft.SourceLink.GitHub
- Microsoft.NET.Test.Sdk
- MSTest.TestAdapter
- MSTest.TestFramework
- Moq
- Xamarin.Build.Download
These dependencies require manual adjustments before merging:
- docfx.console
Microsoft.CodeAnalysis.*. Those dependencies need to be aligned with the source generation task package, for which the dependency cannot be be explicitly provided.Xamarin.GooglePlayServices.*. Those dependencies are added per TargetFramework (Android SDK version), not updated.
Updating these dependencies will require consumers to upgrade their dependencies and as such need consideration on a case by case basis is required before merging:
- System.Reactive. Currently only used in the
WpfHostwhich eventually will be deprecated. - Microsoft.TypeScript.* child packages needs to be aligned with the other
Microsoft.TypeScript.*packages.
These dependencies require care and human testing:
- CommonServiceLocator. This specific dependency needs to be removed from Uno.
cef.redist.x86needs to be kept in alignment withCefSharp.Wpf- CefSharp.Wpf needs to be kept in alignment with
cef.redist.x86 - Microsoft.CodeAnalysis.* children packages needs to be aligned with the other
Microsoft.CodeAnalysispackages. - Microsoft.Build.* children packages needs to be aligned with the other
Microsoft.Buildpackages, and need to be aligned withUno.SourceGenerationTaskspackage features. - Microsoft.Extensions.Logging.* child packages needs to be aligned with the other
Microsoft.Extensions.Loggingpackages. Currently can't be upgraded because most recent versions are using thread, which are not supported on Wasm. - Microsoft.UI.Xaml: This dependency is needs to be aligned with the currently supported API set found in Uno.
These dependencies require care and human testing to confirm compatibility with WebAssembly:
These dependencies are updated manually as part of the release process:
- Uno.SourceGenerationTasks
- Uno.Core
You can trigger Dependabot actions by commenting on the pull-request:
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot ignore this [patch|minor|major] version will close this PR and stop Dependabot creating any more for this minor/major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
Please do not use any of the rebase|merge|squash and merge chatops commands as they bypass our merging pull-request guidelines and ready-to-merge workflow.