Conversation
Ayaz-Microsoft
requested review from
Avijit-Microsoft,
Dongbumlee,
Prajwal-Microsoft,
Roopan-Microsoft,
Vinay-Microsoft,
aniaroramsft,
dgp10801,
nchandhi and
toherman-msft
as code owners
There was a problem hiding this comment.
Pull request overview
Updates backend API project dependencies to newer package versions as part of a Dependabot-driven vulnerability reduction effort.
Changes:
- Bump AutoMapper from 14.0.0 to 15.1.1 in the DPS library and Host projects.
- Bump Microsoft.Extensions.Configuration/Json/Options packages in the Host project from 9.0.6 to 10.0.5.
Reviewed changes
Copilot reviewed 2 out of 3 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| App/backend-api/Microsoft.GS.DPS/Microsoft.GS.DPS.csproj | Updates AutoMapper package version. |
| App/backend-api/Microsoft.GS.DPS.Host/Microsoft.GS.DPS.Host.csproj | Updates AutoMapper and Microsoft.Extensions.* package versions. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| <ItemGroup> | ||
| <PackageReference Include="AutoMapper" Version="14.0.0" /> | ||
| <PackageReference Include="AutoMapper" Version="15.1.1" /> |
There was a problem hiding this comment.
AutoMapper appears to be unused in this backend-api codebase (search finds no usages beyond an unused using AutoMapper;). If it’s not needed, consider removing this PackageReference to reduce dependency surface area; otherwise, add/point to the code that requires AutoMapper so the dependency is justified.
| <PackageReference Include="AutoMapper" Version="15.1.1" /> |
|
|
||
| <ItemGroup> | ||
| <PackageReference Include="AutoMapper" Version="14.0.0" /> | ||
| <PackageReference Include="AutoMapper" Version="15.1.1" /> |
There was a problem hiding this comment.
AutoMapper appears to be unused in the backend-api projects (no IMapper, Profile, AddAutoMapper, etc. found; only an unused using AutoMapper;). If there’s no runtime usage, consider removing this PackageReference rather than updating it to a new major version.
| <PackageReference Include="AutoMapper" Version="15.1.1" /> |
| <PackageReference Include="Microsoft.Extensions.Configuration" Version="10.0.5" /> | ||
| <PackageReference Include="Microsoft.Extensions.Configuration.AzureAppConfiguration" Version="8.2.0" /> | ||
| <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="9.0.6" /> | ||
| <PackageReference Include="Microsoft.Extensions.Options" Version="9.0.6" /> | ||
| <PackageReference Include="Microsoft.Extensions.Configuration.Json" Version="10.0.5" /> | ||
| <PackageReference Include="Microsoft.Extensions.Options" Version="10.0.5" /> |
There was a problem hiding this comment.
These Microsoft.Extensions.* package references are being updated to 10.0.5 while the project targets net8.0. For ASP.NET Core apps (Microsoft.NET.Sdk.Web), overriding the shared-framework Microsoft.Extensions assemblies with a higher major version can introduce runtime/assembly compatibility issues. Consider aligning these to the net8/ASP.NET Core 8.x wave (or removing the explicit references if not required) to avoid version skew.
Purpose
Does this introduce a breaking change?
Golden Path Validation
Deployment Validation
What to Check
Verify that the following are valid
Other Information