Skip to content

Merge main into live#52892

Merged
gewarren merged 17 commits intolivefrom
main
Apr 8, 2026
Merged

Merge main into live#52892
gewarren merged 17 commits intolivefrom
main

Conversation

@dotnet-policy-service
Copy link
Copy Markdown
Contributor

@dotnet-policy-service dotnet-policy-service bot commented Apr 8, 2026
edited by github-actions bot
Loading

azure-sdk and others added 2 commits April 8, 2026 00:13
@azure-sdk
Update package index with latest published versions (#52887)
07ca1d1
@ericstj
@gewarren @nkolev92
Add NuGet package compatibility rules documentation (#52775)
04c1b25 
* Add NuGet package compatibility rules documentation

Add a new article under library guidance that documents the compatibility
rules NuGet packages must follow, covering:

- Framework compatibility and assembly consistency across TFMs
- Assembly version rules (never decrease, binary breaking changes)
- Dependency compatibility (avoiding dropped dependencies, polyfill patterns)
- Assembly versioning on .NET Framework (GAC, binding redirects)
- Special versioning policy for packages overlapping with shared frameworks
- Conflict resolution (SDK and runtime) and NuGet package pruning

Co-authored-by: Copilot <[email protected]>

* Address PR review feedback

- Add ai-usage: ai-assisted to frontmatter
- Fix Microsoft.BCL.* casing to Microsoft.Bcl.* to match actual package IDs
- Replace first-person 'We recommend' with imperative voice
- Fix broken prune packages link to point to NU1510 docs

Co-authored-by: Copilot <[email protected]>

* Link to NuGet target frameworks docs, clarify cross-TFM compatibility

Explain why compatible TFM builds must present compatible API surface
at both compile time and run time, with link to NuGet target framework
selection docs.

Co-authored-by: Copilot <[email protected]>

* Address second round of review feedback

- Standardize 'run time' to 'runtime' throughout
- Use 'might' instead of 'may' for possibility per docs style
- Convert full learn.microsoft.com URLs to docset-root-relative links
- Use auto-numbering (1. for all items) in ordered lists

Co-authored-by: Copilot <[email protected]>

* Apply suggestions from code review

Co-authored-by: Genevieve Warren <[email protected]>
Co-authored-by: Nikolche Kolev <[email protected]>

* Address reviewer feedback: clarify dependency dropping scope, fix stray artifacts

- Clarify 'compatible versions' to 'compatible package versions or frameworks'
- Broaden text to explain both cross-version and cross-TFM dependency rules
- Fix 'run-time' to 'runtime'
- Remove stray list marker from package pruning section
- Trim trailing whitespace

Co-authored-by: Copilot <[email protected]>

* Add real-world example of shared framework assembly versioning

Add a concrete example using System.Text.Json 8.0.5 showing assembly
versions per TFM. Demonstrates that the net462 assembly intentionally
has a higher version (8.0.0.5) than netstandard2.0 (8.0.0.0), and
explains why this is safe and necessary. Notes that binding redirects
are auto-generated and expected for .NET Framework consumers.

Co-authored-by: Copilot <[email protected]>

* Restructure as reccomendations

---------

Co-authored-by: Copilot <[email protected]>
Co-authored-by: Genevieve Warren <[email protected]>
Co-authored-by: Nikolche Kolev <[email protected]>
@github-advanced-security
Copy link
Copy Markdown

github-advanced-security bot commented Apr 8, 2026

You are seeing this message because GitHub Code Scanning has recently been set up for this repository, or this pull request contains the workflow file for the Code Scanning tool.

What Enabling Code Scanning Means:

  • The 'Security' tab will display more code scanning analysis results (e.g., for the default branch).
  • Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results.
  • You will be able to see the analysis results for the pull request's branch on this overview once the scans have completed and the checks have passed.

For more information about GitHub Code Scanning, check out the documentation.

@dotnetrepoman dotnetrepoman bot added this to the April 2026 milestone Apr 8, 2026
dependabot bot and others added 15 commits April 8, 2026 12:27
@dependabot
Bump the dotnet group with 1 update (#52897)
17ce9ca 
Bumps Microsoft.Diagnostics.Tracing.TraceEvent from 3.2.0 to 3.2.1

---
updated-dependencies:
- dependency-name: Microsoft.Diagnostics.Tracing.TraceEvent
  dependency-version: 3.2.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump the dotnet group with 1 update (#52911)
6491158 
Bumps Microsoft.ServiceFabric.Services from 8.3.475 to 8.3.658

---
updated-dependencies:
- dependency-name: Microsoft.ServiceFabric.Services
  dependency-version: 8.3.658
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump the dotnet group with 3 updates (#52919)
3ff0952 
Bumps Microsoft.NET.Test.Sdk from 18.3.0 to 18.4.0
Bumps MSTest.TestAdapter from 4.1.0 to 4.2.1
Bumps MSTest.TestFramework from 4.1.0 to 4.2.1

---
updated-dependencies:
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-version: 18.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
- dependency-name: MSTest.TestAdapter
  dependency-version: 4.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
- dependency-name: MSTest.TestFramework
  dependency-version: 4.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump the dotnet group with 1 update (#52921)
8ff123b 
Bumps Microsoft.Extensions.Hosting from 10.0.1 to 10.0.5

---
updated-dependencies:
- dependency-name: Microsoft.Extensions.Hosting
  dependency-version: 10.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump the dotnet group with 1 update (#52922)
dd2cc1a 
Bumps Microsoft.Extensions.Hosting from 10.0.0 to 10.0.5

---
updated-dependencies:
- dependency-name: Microsoft.Extensions.Hosting
  dependency-version: 10.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
- dependency-name: Microsoft.Extensions.Hosting
  dependency-version: 10.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump the dotnet group with 2 updates (#52923)
edbfc0a 
Bumps MSTest.TestAdapter from 4.1.0 to 4.2.1
Bumps MSTest.TestFramework from 4.1.0 to 4.2.1

---
updated-dependencies:
- dependency-name: MSTest.TestAdapter
  dependency-version: 4.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
- dependency-name: MSTest.TestFramework
  dependency-version: 4.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump the dotnet group with 2 updates (#52924)
ddb0bd3 
Bumps Azure.Identity from 1.18.0 to 1.20.0
Bumps OpenAI from 2.9.1 to 2.10.0

---
updated-dependencies:
- dependency-name: Azure.Identity
  dependency-version: 1.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
- dependency-name: OpenAI
  dependency-version: 2.10.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump the dotnet group with 3 updates (#52925)
9d559da 
Bumps Microsoft.Extensions.AI.OpenAI from 9.4.0-preview.1.25207.5 to 10.4.1
Bumps Microsoft.Extensions.Configuration from 9.0.10 to 10.0.5
Bumps Microsoft.Extensions.Configuration.UserSecrets from 9.0.10 to 10.0.5

---
updated-dependencies:
- dependency-name: Microsoft.Extensions.AI.OpenAI
  dependency-version: 10.4.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet
- dependency-name: Microsoft.Extensions.Configuration
  dependency-version: 10.0.5
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet
- dependency-name: Microsoft.Extensions.Configuration.UserSecrets
  dependency-version: 10.0.5
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: dotnet
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump the dotnet group with 2 updates (#52933)
debdf28 
Bumps Azure.Identity from 1.18.0 to 1.20.0
Bumps Azure.Identity.Broker from 1.4.0 to 1.5.0

---
updated-dependencies:
- dependency-name: Azure.Identity
  dependency-version: 1.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
- dependency-name: Azure.Identity.Broker
  dependency-version: 1.5.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump the dotnet group with 1 update (#52939)
58edc9c 
Bumps OllamaSharp from 5.4.16 to 5.4.25

---
updated-dependencies:
- dependency-name: OllamaSharp
  dependency-version: 5.4.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump the dotnet group with 1 update (#52943)
c7476af 
Bumps Azure.Identity from 1.19.0 to 1.20.0

---
updated-dependencies:
- dependency-name: Azure.Identity
  dependency-version: 1.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump the dotnet group with 3 updates (#52942)
50c400a 
Bumps Azure.Identity from 1.19.0 to 1.20.0
Bumps Microsoft.NET.Test.Sdk from 18.3.0 to 18.4.0
Bumps MSTest from 4.1.0 to 4.2.1

---
updated-dependencies:
- dependency-name: Azure.Identity
  dependency-version: 1.20.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-version: 18.4.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
- dependency-name: MSTest
  dependency-version: 4.2.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dotnet
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump Microsoft.Agents.AI.OpenAI from 1.0.0-rc5 to 1.0.0 (#52944)
3b7be6b 
---
updated-dependencies:
- dependency-name: Microsoft.Agents.AI.OpenAI
  dependency-version: 1.0.0
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@dependabot
Bump the dotnet group with 1 update (#52938)
604e8b2 
Bumps OllamaSharp from 5.4.16 to 5.4.25

---
updated-dependencies:
- dependency-name: OllamaSharp
  dependency-version: 5.4.25
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: dotnet
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
@BillWagner @gewarren
Sync/Async wrapper article (#52879)
e75e180 
* Sync/Async wrapper article

Contributes to #17714

Port the first two articles for wrapping async methods in synchronous methods, and wrapping synchronous methods in asynchronous methods.

* proofread and edit.

Do a full review and edit.

* Apply suggestions from code review

Co-authored-by: Copilot <[email protected]>

* respond to feedback.

* Apply suggestions from code review

Co-authored-by: Genevieve Warren <[email protected]>

---------

Co-authored-by: Copilot <[email protected]>
Co-authored-by: Genevieve Warren <[email protected]>
@gewarren gewarren merged commit 2dc2640 into live Apr 8, 2026
18 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

:octocat: auto-merge

Projects

None yet

Milestone

April 2026

Development

Successfully merging this pull request may close these issues.

5 participants

@github-advanced-security @gewarren @azure-sdk @ericstj @BillWagner