fix(dependabot): Ensure NuGet package updates across projects in single PR

[piotrzajac]

Summary

Summary by CodeRabbit

• Chores
  • Consolidated Dependabot NuGet updates into grouped pull requests (Testing, Common, Other) to reduce per-project PR fragmentation and improve version alignment.
• Documentation
  • Added a backlog task documenting the grouping change, expected behavior, and acceptance criteria for single-PR updates across projects.

Checklist

• Commit messages follow Conventional Commits (type(scope): description)
• dotnet build src/Objectivity.AutoFixture.XUnit2.AutoMock.sln passes with no warnings
• dotnet test src/Objectivity.AutoFixture.XUnit2.AutoMock.sln passes on all framework slices
• Code coverage remains at least at the level prior the change (verified by Codecov)
• Mutation score remains at least at the level prior the change (verified by Stryker)
• New tests follow the GIVEN/WHEN/THEN naming convention and AAA structure (see AGENTS.md)
• No new [SuppressMessage] without a justification comment
• No // TODO: comments added — open a GitHub issue instead
• No new dependencies introduced that are incompatible with the MIT license (verified by FOSSA)

[coderabbitai]

Warning

Rate limit exceeded

@piotrzajac has exceeded the limit for the number of commits that can be reviewed per hour. Please wait 23 minutes and 35 seconds before requesting another review.

Your organization is not enrolled in usage-based pricing. Contact your admin to enable usage-based pricing to continue reviews beyond the rate limit, or try again in 23 minutes and 35 seconds.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 9ca36538-0bf9-4e03-b590-67773f00953a

📥 Commits

Reviewing files that changed from the base of the PR and between 9d2f583 and fd79cbe.

📒 Files selected for processing (1)

• .backlog/tasks/task-10 - Ensure-dependabot-updates-NuGet-packages-across-all-projects-in-a-single-PR.md

📝 Walkthrough

Walkthrough

Adds a backlog task documenting Dependabot NuGet grouping and updates .github/dependabot.yml to introduce three NuGet dependency groups (Testing, Common, Other) so NuGet updates are consolidated into grouped, cross-directory PRs while preserving directories: ["**/*"].

Changes

Cohort / File(s)	Summary
Backlog Documentation \.backlog/tasks/task-10 - Ensure-dependabot-updates-NuGet-packages-across-all-projects-in-a-single-PR.md	New backlog task documenting the Dependabot grouping issue, acceptance criteria, and implementation plan for grouped NuGet updates.
Dependabot Configuration .github/dependabot.yml	Adds three NuGet dependency groups: Testing (e.g., Microsoft.NET.Test.Sdk, coverlet.msbuild), Common (e.g., Castle.Core, JetBrains.Annotations, Microsoft.SourceLink.GitHub, Microsoft.NETFramework.ReferenceAssemblies), and Other (catch-all "*") to consolidate updates into grouped PRs while keeping directories: ["**/*"] discovery.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• #312: Modifies .github/dependabot.yml (adds NuGet commit-message prefix) — directly touches the same Dependabot config file.
• #301: Introduces the .backlog/tasks infrastructure that this PR extends with the new task-10 document.
• #233: Contains a Castle.Core dependency update — related to the Common group pattern that now includes Castle.Core.

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description is largely incomplete. While the checklist is marked as complete, the critical 'Summary' section contains only a placeholder comment with no actual description of the issue or changes.	Replace the placeholder '@coderabbitai summary' with an actual description explaining the Dependabot issue being fixed and why grouping NuGet dependencies resolves the PR consolidation problem.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title clearly and accurately describes the main change: updating Dependabot configuration to consolidate NuGet package updates across projects into single PRs.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch fix/ensure-dependabot-updates-nuget-packages-across-all-projects-in-single-pr

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.backlog/tasks/task-10 -
Ensure-dependabot-updates-NuGet-packages-across-all-projects-in-a-single-PR.md:
- Line 74: Remove the stale sentence "The change is already applied to the
working tree (not yet committed). Review and commit when ready." from the task
body so the backlog item remains evergreen; locate that exact sentence in the
task-10 document (within the task description/body) and delete it, leaving the
rest of the content unchanged.

🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

• Push a commit to this branch (recommended)
• Create a new PR with the fixes

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 3b4a417c-417b-4afc-9e6f-6399a8a0214d

📥 Commits

Reviewing files that changed from the base of the PR and between ba941af and ebb13dd.

📒 Files selected for processing (2)

• .backlog/tasks/task-10 - Ensure-dependabot-updates-NuGet-packages-across-all-projects-in-a-single-PR.md
• .github/dependabot.yml

[coderabbitai]

♻️ Duplicate comments (1)

.backlog/tasks/task-10 - Ensure-dependabot-updates-NuGet-packages-across-all-projects-in-a-single-PR.md (1)

74-74: ⚠️ Potential issue | 🟡 Minor

Remove stale implementation-status text from the task body.

"not yet committed" will be incorrect as soon as this file is merged, so this line should be deleted to keep the backlog item evergreen.

✂️ Proposed doc fix

-The change is already applied to the working tree (not yet committed). Review and commit when ready.

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.backlog/tasks/task-10 -
Ensure-dependabot-updates-NuGet-packages-across-all-projects-in-a-single-PR.md
at line 74, Remove the stale sentence "The change is already applied to the
working tree (not yet committed). Review and commit when ready." from the task
body so the backlog item remains evergreen; locate that exact sentence in the
task-10 content and delete it (or replace with a neutral status phrase if
needed) to avoid the incorrect "not yet committed" wording.

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In @.backlog/tasks/task-10 -
Ensure-dependabot-updates-NuGet-packages-across-all-projects-in-a-single-PR.md:
- Line 74: Remove the stale sentence "The change is already applied to the
working tree (not yet committed). Review and commit when ready." from the task
body so the backlog item remains evergreen; locate that exact sentence in the
task-10 content and delete it (or replace with a neutral status phrase if
needed) to avoid the incorrect "not yet committed" wording.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: f77ab206-2b50-4838-b077-d9cdbda8dafc

📥 Commits

Reviewing files that changed from the base of the PR and between ebb13dd and 9d2f583.

📒 Files selected for processing (1)

• .backlog/tasks/task-10 - Ensure-dependabot-updates-NuGet-packages-across-all-projects-in-a-single-PR.md