Skip to content

Pin AutoMapper to 14.x to prevent commercial v15.x upgrades #302

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Pin AutoMapper to 14.x to prevent commercial v15.x upgrades #302

wants to merge 3 commits into from

Conversation

Copy link

Copilot AI commented Nov 12, 2025
edited
Loading

AutoMapper 15.x introduced commercial licensing requirements. This PR pins the dependency to the 14.x line to prevent automatic upgrades via Dependabot or package restore.

Changes

  • .github/dependabot.yml: Added ignore rules for AutoMapper semver-major updates in both src and test project configs
  • .csproj: Changed AutoMapper version from 14.0.0 to [14.0.0,15.0.0) using NuGet version range syntax
<!-- Before -->
<PackageReference Include="AutoMapper" Version="14.0.0" />

<!-- After -->
<PackageReference Include="AutoMapper" Version="[14.0.0,15.0.0)" />

Note on AutoMapper.Extensions.Microsoft.DependencyInjection

This package was not added despite the original plan because:

  • It only exists up to v12.0.1
  • AutoMapper 14.x includes DI extensions (AddAutoMapper()) in the main package
  • Adding it would cause restore failures
Original prompt

Make two coordinated changes to prevent AutoMapper 15 (commercial/licensing) from being suggested or restored in CI while keeping the repo on the 14.x line.

Files to create/update:

  1. Create file: .github/dependabot.yml
  • Purpose: instruct Dependabot to ignore semver-major updates for AutoMapper packages so it won't propose upgrades to v15.x.
  • Content (exact):
    version: 2
    updates:
    • package-ecosystem: "nuget"
      directory: "/"
      schedule:
      interval: "weekly"
      ignore:
      • dependency-name: "AutoMapper"
        update-types: ["version-update:semver-major"]
      • dependency-name: "AutoMapper.Extensions.Microsoft.DependencyInjection"
        update-types: ["version-update:semver-major"]
  1. Update file: src/Dotnet.Samples.AspNetCore.WebApi/Dotnet.Samples.AspNetCore.WebApi.csproj (edit existing PackageReference entries)

  • Purpose: pin the AutoMapper package family to 14.x by using an inclusive lower bound and exclusive upper bound range [14.0.0,15.0.0). Also add an explicit PackageReference for the DI extensions package with the same range to avoid transitive upgrades.

  • Replace the existing entry with:

  • Add a new PackageReference (if not present) for AutoMapper.Extensions.Microsoft.DependencyInjection with the same range:

  • Keep all other package references and existing project settings identical.

Rationale:

  • Dependabot ignore prevents noisy PRs for major upgrades to AutoMapper that would require a license.
  • Package version ranges prevent CI or local restores from picking AutoMapper 15 via transitive resolution.

Please create a single branch, commit both changes together, and open a pull request against master with the title above. Add a short PR description mentioning the failing Actions run (job id 55195535323) and that this pins AutoMapper to 14.x and instructs Dependabot to avoid proposing 15.x major upgrades.

Reference: failing job https://github.com/nanotaboada/Dotnet.Samples.AspNetCore.WebApi/actions/runs/19301106484/job/55195535323?pr=294 (job id 55195535323, ref 1f0b93e).

This pull request was created as a result of the following prompt from Copilot chat.

Make two coordinated changes to prevent AutoMapper 15 (commercial/licensing) from being suggested or restored in CI while keeping the repo on the 14.x line.

Files to create/update:

  1. Create file: .github/dependabot.yml
  • Purpose: instruct Dependabot to ignore semver-major updates for AutoMapper packages so it won't propose upgrades to v15.x.
  • Content (exact):
    version: 2
    updates:
    • package-ecosystem: "nuget"
      directory: "/"
      schedule:
      interval: "weekly"
      ignore:
      • dependency-name: "AutoMapper"
        update-types: ["version-update:semver-major"]
      • dependency-name: "AutoMapper.Extensions.Microsoft.DependencyInjection"
        update-types: ["version-update:semver-major"]
  1. Update file: src/Dotnet.Samples.AspNetCore.WebApi/Dotnet.Samples.AspNetCore.WebApi.csproj (edit existing PackageReference entries)

  • Purpose: pin the AutoMapper package family to 14.x by using an inclusive lower bound and exclusive upper bound range [14.0.0,15.0.0). Also add an explicit PackageReference for the DI extensions package with the same range to avoid transitive upgrades.

  • Replace the existing entry with:

  • Add a new PackageReference (if not present) for AutoMapper.Extensions.Microsoft.DependencyInjection with the same range:

  • Keep all other package references and existing project settings identical.

Rationale:

  • Dependabot ignore prevents noisy PRs for major upgrades to AutoMapper that would require a license.
  • Package version ranges prevent CI or local restores from picking AutoMapper 15 via transitive resolution.

Please create a single branch, commit both changes together, and open a pull request against master with the title above. Add a short PR description mentioning the failing Actions run (job id 55195535323) and that this pins AutoMapper to 14.x and instructs Dependabot to avoid proposing 15.x major upgrades.

Reference: failing job https://github.com/nanotaboada/Dotnet.Samples.AspNetCore.WebApi/actions/runs/19301106484/job/55195535323?pr=294 (job id 55195535323, ref 1f0b93e).

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

@coderabbitai
Copy link

coderabbitai bot commented Nov 12, 2025

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Comment @coderabbitai help to get the list of available commands and usage tips.

Copilot AI and others added 2 commits November 12, 2025 17:19
@nanotaboada
Initial plan: Pin AutoMapper to 14.x line
df626e0 
Co-authored-by: nanotaboada <87288+nanotaboada@users.noreply.github.com>
@nanotaboada
Pin AutoMapper to 14.x line to avoid commercial v15.x upgrades
eae96fd 
Co-authored-by: nanotaboada <87288+nanotaboada@users.noreply.github.com>
@sonarqubecloud
Copy link

sonarqubecloud bot commented Nov 12, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

Copilot AI changed the title [WIP] Create Dependabot config to ignore AutoMapper v15 updates Pin AutoMapper to 14.x to prevent commercial v15.x upgrades Nov 12, 2025
Copilot AI requested a review from nanotaboada November 12, 2025 17:27
Copilot finished work on behalf of nanotaboada November 12, 2025 17:27
@nanotaboada nanotaboada marked this pull request as ready for review November 13, 2025 14:23
@codacy-production
Copy link

codacy-production bot commented Nov 13, 2025
edited
Loading

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation Diff coverage
+0.00%
Coverage variation details
Coverable lines Covered lines Coverage
Common ancestor commit (c8b0f0a) 1169 196 16.77%
Head commit (eae96fd) 1169 (+0) 196 (+0) 16.77% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details
Coverable lines Covered lines Diff coverage
Pull request (#302) 0 0 ∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@nanotaboada nanotaboada Awaiting requested review from nanotaboada

Assignees

@nanotaboada nanotaboada

Copilot code review Copilot

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nanotaboada