Bump Microsoft.CodeAnalysis.PublicApiAnalyzers to 5.10.0-1 preview#9865
Bump Microsoft.CodeAnalysis.PublicApiAnalyzers to 5.10.0-1 preview#9865Evangelink wants to merge 1 commit into
Conversation
Move from stable 5.6.0 to the roslyn main (5.10.0-1.*) preview line on the dnceng dotnet-tools feed, in preparation for picking up dotnet/roslyn#84437 (exclude [Embedded] APIs from public/internal API tracking). NOTE: 5.10.0-1.26360.111 predates the #84437 merge (2026-07-10 23:11 UTC) by ~46 min, so it does not yet contain the fix. Re-pin to the first post-merge main build (5.10.0-1.26361.* or later) once it ships. Full Release build is clean for this bump (0 RS00xx diagnostics). Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com> Copilot-Session: 3f7eb1fb-6df4-4665-9f9a-c17d60883e66
There was a problem hiding this comment.
Pull request overview
Updates Public API analyzers to a Roslyn preview build in preparation for [Embedded] API exclusion.
Changes:
- Bumps both API analyzer packages to
5.10.0-1.26360.111. - Documents the tracked Roslyn change and notes that the selected build predates it.
Show a summary per file
| File | Description |
|---|---|
Directory.Packages.props |
Updates and documents the shared analyzer version pin. |
Review details
- Files reviewed: 1/1 changed files
- Comments generated: 1
- Review effort level: Medium
There was a problem hiding this comment.
Note
🤖 Automated review by GitHub Copilot. Generated by the Expert Code Review workflow. To request a follow-up action, reply by tagging @copilot directly.
Review Summary
Clean dependency version bump — no code, API, or behavioral changes. The comment clearly documents the temporary state and the re-pin requirement.
Verdict Table
| # | Dimension | Verdict |
|---|---|---|
| 1 | Algorithmic Correctness | N/A |
| 2 | Threading & Concurrency | N/A |
| 3 | Security & IPC Contract Safety | N/A |
| 4 | Public API & Binary Compatibility | N/A |
| 5 | Performance & Allocations | N/A |
| 6 | Cross-TFM Compatibility | N/A |
| 7 | Resource & IDisposable Management | N/A |
| 8 | Defensive Coding at Boundaries | N/A |
| 9 | Localization & Resources | N/A |
| 10 | Test Isolation | N/A |
| 11 | Assertion Quality | N/A |
| 12 | Flakiness Patterns | N/A |
| 13 | Test Completeness & Coverage | N/A |
| 14 | Error Messages & Diagnostics | N/A |
| 15 | Code Style & Conventions | ✅ Clean |
| 16 | Documentation & Comments | ✅ Clean |
| 17 | Build & Packaging | ✅ Clean |
| 18 | Naming | N/A |
| 19 | Nullability | N/A |
| 20 | Logging & Telemetry | N/A |
| 21 | CLI Options | N/A |
| 22 | PowerShell & Scripting | N/A |
Result: No issues found. The inline comment accurately documents that this preview build predates the target roslyn merge and must be re-pinned — good transparency. The dotnet-tools feed is already in NuGet.config, and the BannedApiAnalyzers version is correctly derived via $(MicrosoftCodeAnalysisPublicApiAnalyzersVersion).
One note: since the PR description itself says this version does not yet contain the desired fix (dotnet/roslyn#84437), ensure the follow-up re-pin happens before this branch ships to a release. The in-code NOTE: comment serves as a good breadcrumb for that.
What
Moves
MicrosoftCodeAnalysisPublicApiAnalyzersVersion(which also drivesMicrosoft.CodeAnalysis.BannedApiAnalyzers) from stable5.6.0to the roslynmainpreview line5.10.0-1.26360.111, consumed from the dncengdotnet-toolsfeed already configured inNuGet.config.Why
In preparation for picking up dotnet/roslyn#84437 — "Exclude
[Embedded]APIs from public/internal API tracking" — which lets internal[Embedded]types opt out ofInternalAPI.*.txt/PublicAPI.*.txttracking.5.10.0-1.26360.111was built 2026-07-10 22:25 UTC, ~46 min before the #84437 merge (2026-07-10 23:11 UTC), so it does not yet contain the fix. Themain/5.10.0 line has not produced a post-merge build on the feed as of this PR. This must be re-pinned to the first post-merge main build (5.10.0-1.26361.*or later) to actually gain the feature.Validation
Full
.\build.cmd -c Release— the 5.6→5.10 analyzer jump produced 0 RS00xx (PublicAPI/BannedAPI) diagnostics, i.e. no public-API tracking fallout. (Any CA1416 errors seen locally inFileLoggerTests.csare a pre-existing, unrelated platform-compat issue tracked separately.)Tracking context: #9091 (Task 5).