Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update strategy for pinning versions of dependent packages #1471

Merged
merged 2 commits into from
Feb 14, 2025
+8 −8
Merged

Update strategy for pinning versions of dependent packages #1471

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
b142221
Update strategy for pinning versions of dependent packages
bart-vmware Feb 13, 2025
350d8c2
Update versions.props
TimHess Feb 14, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 8 additions & 8 deletions versions.props
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
<Project>
<PropertyGroup>
<!--
Non-exposed dependencies, only referenced from test projects, benchmarks or build infrastructure.
It's safe to update these at any time, so wildcards are allowed.
Non-exposed dependencies, only referenced from test projects, build infrastructure and internal tools.
It's safe to update these at any time, so wildcards are allowed anywhere.
-->

<AspNetCoreHealthChecksVersion>9.0.*</AspNetCoreHealthChecksVersion>
Expand Down Expand Up @@ -44,10 +44,10 @@

<PropertyGroup>
<!--
Exposed dependencies, observable by Steeltoe consumers.
Exposed dependencies, observable by Steeltoe library consumers.
Be cautious with updates:
- Wildcards are only allowed when starting work on the next major version, until its release.
- Before release of the next major version, pin these down and never change them between minor/patch releases.
- Wildcards are only allowed at the patch level, so we automatically benefit from vulnerability fixes.
- Major/minor versions here generally should not change between minor/patch versions of Steeltoe.
-->

<BouncyCastleVersion>2.2.*</BouncyCastleVersion>
Expand All @@ -57,7 +57,7 @@
<FoundationalVersion>
<!--
Package versions of this category are always safe to update to the latest version, because they multi-target all frameworks.
For example, v6 explicitly targets .NET 6; v7 explicitly targets .NET 6 and 7; v8 explicitly targets .NET 6, 7 and 8.
For example, v8 explicitly targets .NET 8; v9 explicitly targets .NET 8 and 9.
-->
9.0.*
</FoundationalVersion>
Expand All @@ -72,7 +72,7 @@
<MatchTargetFrameworkVersion>
<!--
Package versions of this category are bound to the target framework, so they cannot be updated to the latest version.
For example, v6 targets only .NET 6; v7 targets only .NET 7; v8 targets only .NET 8.
For example, v8 targets only .NET 8; v9 targets only .NET 9.
Caution: some packages additionally target netstandard, but result in compile-time/runtime errors or reduced API surface.
-->
8.0.*
Expand All @@ -83,7 +83,7 @@
<MatchTargetFrameworkVersion>
<!--
Package versions of this category are bound to the target framework, so they cannot be updated to the latest version.
For example, v6 targets only .NET 6; v7 targets only .NET 7; v8 targets only .NET 8.
For example, v8 targets only .NET 8; v9 targets only .NET 9.
Caution: some packages additionally target netstandard, but result in compile-time/runtime errors or reduced API surface.
-->
9.0.*
Expand Down
Loading