Bump test deps#8110
Merged
Merged
Conversation
Contributor
There was a problem hiding this comment.
Pull request overview
Updates centrally-managed NuGet package versions in Directory.Packages.props, primarily for test/integration-test dependencies across the repo.
Changes:
- Bump NUnit from 4.5.0 to 4.6.0.
- Upgrade Moq and MSBuild.StructuredLogger to newer versions.
- Patch-bump Polly from 8.6.5 to 8.6.6.
Show a summary per file
| File | Description |
|---|---|
| Directory.Packages.props | Updates central package versions for several test/infrastructure dependencies (NUnit, Moq, MSBuild.StructuredLogger, Polly). |
Copilot's findings
- Files reviewed: 1/1 changed files
- Comments generated: 1
Evangelink
commented
May 11, 2026
Member
Author
Evangelink
left a comment
Evangelink
left a comment
There was a problem hiding this comment.
Summary
Workflow: Expert Code Reviewer
Date: 2026-05-11
Repository: microsoft/testfx
Key Findings
- [Security / Minor]
Directory.Packages.propsline 78 retains<!-- Pinned to 4.18.4 for security -->while the Moq version is now4.20.72. The original pin guarded against the SponsorLink data-collection feature introduced in Moq 4.20.0 — that feature was removed in a later 4.20.x release, so 4.20.72 is unaffected. The comment is now stale and should be removed or updated so future readers (and automated tooling) aren't misled.
Positive Observations
- All four bumps (
NUnit4.5→4.6,Moq4.18.4→4.20.72,MSBuild.StructuredLogger2.3.113→2.3.178,Polly8.6.5→8.6.6) are test/build-time-only dependencies — none affect the shipped NuGet surface or runtime behavior of MTP/MSTest. - No public API surface is touched.
- No cross-TFM or threading concerns introduced.
Recommendations
- Update or remove the stale security comment on the
Moqentry (see inline comment).
Generated by Expert Code Reviewer
🧠 Reviewed by Expert Code Reviewer 🧠
Evangelink
commented
May 11, 2026
Member
Author
Evangelink
left a comment
Evangelink
left a comment
There was a problem hiding this comment.
Summary
Workflow: PR Nitpick Reviewer
Date: 2026-05-11
Repository: microsoft/testfx
Key Findings
- Outdated comment (
Directory.Packages.props, line 78): The comment<!-- Pinned to 4.18.4 for security -->was not removed when Moq was bumped from4.18.4to4.20.72. This is the only meaningful nitpick in an otherwise clean, routine dependency bump.
Positive Highlights
- ✅ The missing end-of-file newline was fixed as part of this PR — good catch.
- ✅ All version bumps are incremental and look reasonable (NUnit, Moq, MSBuild.StructuredLogger, Polly).
Overall Assessment
Very small, low-risk PR. Only one minor issue found.
🔍 Meticulously inspected by PR Nitpick Reviewer
🔍 Meticulously inspected by PR Nitpick Reviewer 🔍
Evangelink
commented
May 11, 2026
| <!-- Pinned to 4.18.4 for security --> | ||
| <PackageVersion Include="Moq" Version="4.18.4" /> | ||
| <PackageVersion Include="MSBuild.StructuredLogger" Version="2.3.113" /> | ||
| <!-- Previously pinned to 4.18.4 to avoid SponsorLink (4.20.0–4.20.x); resolved in 4.20.72 --> |
Evangelink
added a commit
that referenced
this pull request
May 12, 2026
Co-authored-by: GitHub Copilot <copilot@github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.