Skip to content

Auto-merge non-breaking vendor updates with improved messaging #3059

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Copilot wants to merge 21 commits into
base: master
Choose a base branch
from
Open

Auto-merge non-breaking vendor updates with improved messaging #3059

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
21 commits
Select commit Hold shift + click to select a range
d61a4f7
Initial plan
Copilot Dec 8, 2025
be60888
Improve vendor CI/CD workflow with better messaging and auto-merge
Copilot Dec 8, 2025
4d21982
Fix trailing spaces in vendor workflow YAML
Copilot Dec 8, 2025
f2e8ae5
Improve version parsing to handle complex version strings
Copilot Dec 8, 2025
e64c0b1
Fix git reset logic in auto-merge error handling
Copilot Dec 8, 2025
bf90303
Remove Change Type column and add collapsible changelog for major upd…
Copilot Dec 8, 2025
e6fea0b
Use single emoji and show dependency name/version for single updates
Copilot Dec 8, 2025
fa2a34a
Merge branch 'master' into copilot/improve-vendor-ci-cd-messaging
DRSDavidSoft Dec 15, 2025
570b1d6
Fix single dependency variable initialization to prevent CI failures
Copilot Dec 15, 2025
0f6584f
Improve variable initialization logic with better error handling
Copilot Dec 15, 2025
cd2c4ec
Update version change emojis: πŸ”₯ major, πŸš€ minor, ⬆️ patch
Copilot Dec 15, 2025
4911924
Make new version bold in dependency update table
Copilot Dec 15, 2025
2cc1125
Fix CodeQL workflow PowerShell string termination error
Copilot Dec 15, 2025
9cfff38
Fix CodeQL PowerShell syntax by using Write-Output instead of echo
Copilot Dec 15, 2025
e598536
Use PowerShell here-string for CodeQL summary to fix parser error
Copilot Dec 15, 2025
82f7fdd
Merge and use PowerShell here-string for CodeQL summary
Dec 15, 2025
1afbd4a
Use PowerShell here-string to fix CodeQL parser error (reverted previ…
Copilot Dec 15, 2025
a475de2
Remove temporary comment from CodeQL workflow
Copilot Dec 15, 2025
400cdfe
Update .github/workflows/vendor.yml
DRSDavidSoft Dec 15, 2025
10a0675
Remove unused $headBeforeReset variable
Copilot Dec 15, 2025
7b86263
Wrap dependency count in backticks for consistency
Copilot Dec 15, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 9 additions & 7 deletions .github/workflows/codeql.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -100,10 +100,12 @@ jobs:
if: success()
shell: pwsh
run: |
echo "### πŸ” CodeQL Analysis Results" >> $env:GITHUB_STEP_SUMMARY
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "βœ… CodeQL security analysis completed successfully." >> $env:GITHUB_STEP_SUMMARY
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "**Language analyzed:** \`${{ matrix.language }}\`" >> $env:GITHUB_STEP_SUMMARY
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "> Check the Security tab for detailed findings and recommendations." >> $env:GITHUB_STEP_SUMMARY
@"
### πŸ” CodeQL Analysis Results

βœ… CodeQL security analysis completed successfully.

**Language analyzed:** ``${{ matrix.language }}``

> Check the Security tab for detailed findings and recommendations.
"@ | Add-Content -Path $env:GITHUB_STEP_SUMMARY -Encoding utf8
188 changes: 176 additions & 12 deletions .github/workflows/vendor.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -31,9 +31,9 @@ jobs:
- name: Summary - Workflow started
shell: pwsh
run: |
echo "## πŸ“¦ Update Vendor - Workflow Summary" >> $env:GITHUB_STEP_SUMMARY
echo "## πŸ“¦ Vendor Update - Workflow Summary" >> $env:GITHUB_STEP_SUMMARY
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "Checking for vendor dependency updates..." >> $env:GITHUB_STEP_SUMMARY
echo "πŸ” Checking for vendor dependency updates..." >> $env:GITHUB_STEP_SUMMARY
echo "" >> $env:GITHUB_STEP_SUMMARY

- id: make-changes
Expand All @@ -46,52 +46,210 @@ jobs:
Set-GHVariable -Name COUNT_UPDATED -Value $count
$newVersion = (Get-Content .\vendor\sources.json | ConvertFrom-Json)
$listUpdated = ""
$updateMessage = "| Name | Old Version | New Version |`n| :--- | ---- | ---- |`n"
$updateMessage = "| Name | Old Version | New Version |`n| :--- | :---: | :---: |`n"
$majorUpdates = @()
$singleDepName = ""
$singleDepOldVersion = ""
$singleDepNewVersion = ""
foreach ($s in $newVersion) {
$oldVersion = ($currentVersion | Where-Object {$_.name -eq $s.name}).version
if ($s.version -ne $oldVersion) {
$repoUrl = ($repoUrl = $s.Url.Replace("/archive/", "/releases/")).Substring(0, $repoUrl.IndexOf("/releases/")) + "/releases"

# Store single dependency info for messages (only if this is the only update)
if ($count -eq 1) {
$singleDepName = $s.name
$singleDepOldVersion = $oldVersion
$singleDepNewVersion = $s.version
}

# Determine change type and emoji
$changeType = "unknown"
$emoji = "πŸ”„"
$isMajor = $false
try {
# Handle versions with more than 4 parts
$oldVerStr = $oldVersion.Split('-')[0]
$newVerStr = $s.version.Split('-')[0]

# Split by dots and take only numeric parts, first 4 max
$oldParts = $oldVerStr.Split('.') | Where-Object { $_ -match '^\d+$' } | Select-Object -First 4
$newParts = $newVerStr.Split('.') | Where-Object { $_ -match '^\d+$' } | Select-Object -First 4

# Ensure we have at least 2 parts (major.minor)
if ($oldParts.Count -ge 2 -and $newParts.Count -ge 2) {
$oldVerParseable = $oldParts -join '.'
$newVerParseable = $newParts -join '.'

$oldVer = [System.Version]::Parse($oldVerParseable)
$newVer = [System.Version]::Parse($newVerParseable)

if ($newVer.Major -gt $oldVer.Major) {
$changeType = "major"
$emoji = "πŸ”₯"
$isMajor = $true
} elseif ($newVer.Minor -gt $oldVer.Minor) {
$changeType = "minor"
$emoji = "πŸš€"
} else {
$changeType = "patch"
$emoji = "⬆️"
Comment on lines +94 to +96
Copy link

Copilot AI Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version comparison only checks if major or minor versions increased, but doesn't verify that the new version is actually greater than the old version in the patch case. If a version downgrade occurs (e.g., from 1.2.5 to 1.2.3), it would still be classified as "patch" and potentially auto-merged. Consider adding a check to ensure the new version is greater than the old version before classifying as a patch update.

Suggested change
} else {
$changeType = "patch"
$emoji = "⬆️"
} elseif ($newVer -gt $oldVer) {
$changeType = "patch"
$emoji = "⬆️"
} else {
$changeType = "unknown"
$emoji = "πŸ”„"

Copilot uses AI. Check for mistakes.
}
}
} catch {
$changeType = "unknown"
$emoji = "πŸ”„"
}

Comment on lines +66 to +103
Copy link

Copilot AI Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version parsing logic is duplicated between the PowerShell script (lines 307-344) and the GitHub Actions workflow (lines 66-102). This duplication makes maintenance harder and increases the risk of inconsistencies. Consider extracting this logic into a reusable function in the PowerShell script that both locations can call.

Suggested change
# Determine change type and emoji
$changeType = "unknown"
$emoji = "πŸ”„"
$isMajor = $false
try {
# Handle versions with more than 4 parts
$oldVerStr = $oldVersion.Split('-')[0]
$newVerStr = $s.version.Split('-')[0]
# Split by dots and take only numeric parts, first 4 max
$oldParts = $oldVerStr.Split('.') | Where-Object { $_ -match '^\d+$' } | Select-Object -First 4
$newParts = $newVerStr.Split('.') | Where-Object { $_ -match '^\d+$' } | Select-Object -First 4
# Ensure we have at least 2 parts (major.minor)
if ($oldParts.Count -ge 2 -and $newParts.Count -ge 2) {
$oldVerParseable = $oldParts -join '.'
$newVerParseable = $newParts -join '.'
$oldVer = [System.Version]::Parse($oldVerParseable)
$newVer = [System.Version]::Parse($newVerParseable)
if ($newVer.Major -gt $oldVer.Major) {
$changeType = "major"
$emoji = "πŸ”₯"
$isMajor = $true
} elseif ($newVer.Minor -gt $oldVer.Minor) {
$changeType = "minor"
$emoji = "πŸš€"
} else {
$changeType = "patch"
$emoji = "⬆️"
}
}
} catch {
$changeType = "unknown"
$emoji = "πŸ”„"
}
# Determine change type and emoji using shared function
$result = Get-VersionChangeType -OldVersion $oldVersion -NewVersion $s.version
$changeType = $result.ChangeType
$emoji = $result.Emoji
$isMajor = $result.IsMajor

Copilot uses AI. Check for mistakes.
# Track major updates for changelog section
if ($isMajor) {
$compareUrl = "$repoUrl/compare/v$oldVersion...v$($s.version)"
$majorUpdates += @{
name = $s.name
oldVersion = $oldVersion
newVersion = $s.version
compareUrl = $compareUrl
repoUrl = $repoUrl
}
}

$listUpdated += "$($s.name) v$($s.version), "
$updateMessage += "| **[$($s.name)]($repoUrl)** | $oldVersion | **$($s.version)** |`n"
$updateMessage += "| $emoji **[$($s.name)]($repoUrl)** | \`$oldVersion\` | **\`$($s.version)\`** |`n"
Copy link

Copilot AI Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The table row includes backticks around version numbers in markdown format, but the backtick for $oldVersion is escaped with a backslash (\$oldVersion``). This will likely render the backslash literally in the markdown output instead of showing just the backtick. The backslash should be removed to properly format the version number.

Suggested change
$updateMessage += "| $emoji **[$($s.name)]($repoUrl)** | \`$oldVersion\` | **\`$($s.version)\`** |`n"
$updateMessage += "| $emoji **[$($s.name)]($repoUrl)** | `$oldVersion` | **`$($s.version)`** |`n"

Copilot uses AI. Check for mistakes.
}
}
if ($count -eq 0) { return }
Set-GHVariable -Name LIST_UPDATED -Value $listUpdated.Trim(', ')
# Set single dependency variables (they will only be used if COUNT_UPDATED is 1)
# Use safe fallback values in case variables weren't set (shouldn't happen but prevents errors)
if ([string]::IsNullOrEmpty($singleDepName) -and $count -eq 1) {
# This shouldn't happen, but if it does, log a warning
Write-Warning "Single dependency name not set despite count being 1"
$singleDepName = "unknown-package"
$singleDepOldVersion = "unknown"
$singleDepNewVersion = "unknown"
} elseif ([string]::IsNullOrEmpty($singleDepName)) {
# For multiple dependencies, set placeholder values (won't be used)
$singleDepName = ""
$singleDepOldVersion = ""
$singleDepNewVersion = ""
}
Set-GHVariable -Name SINGLE_DEP_NAME -Value $singleDepName
Set-GHVariable -Name SINGLE_DEP_OLD_VERSION -Value $singleDepOldVersion
Set-GHVariable -Name SINGLE_DEP_NEW_VERSION -Value $singleDepNewVersion
echo "UPDATE_MESSAGE<<<EOF`n$updateMessage`n<EOF" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8

# Generate major updates changelog section
if ($majorUpdates.Count -gt 0) {
$changelogSection = "`n<details>`n<summary>πŸ”₯ Major version updates - View changelog</summary>`n`n"
foreach ($update in $majorUpdates) {
$changelogSection += "### [$($update.name)]($($update.repoUrl))`n"
$changelogSection += "**$($update.oldVersion)** β†’ **$($update.newVersion)**`n`n"
$changelogSection += "- [View full changelog]($($update.compareUrl))`n"
$changelogSection += "- [Release notes]($($update.repoUrl)/tag/v$($update.newVersion))`n`n"
}
$changelogSection += "</details>`n"
echo "CHANGELOG_SECTION<<<EOF`n$changelogSection`n<EOF" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8
} else {
echo "CHANGELOG_SECTION=" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8
}

- name: Summary - Update check results
shell: pwsh
run: |
$count = $env:COUNT_UPDATED
if ($count -eq 0) {
echo "### βœ… No Updates Available" >> $env:GITHUB_STEP_SUMMARY
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "All vendor dependencies are up to date." >> $env:GITHUB_STEP_SUMMARY
echo "All vendor dependencies are up to date! πŸŽ‰" >> $env:GITHUB_STEP_SUMMARY
} else {
$word = if ($count -eq 1) { 'dependency' } else { 'dependencies' }
echo "### πŸ”„ Updates Found" >> $env:GITHUB_STEP_SUMMARY
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "**$count** vendor $word updated:" >> $env:GITHUB_STEP_SUMMARY
if ($count -eq 1) {
echo "πŸ“¦ **$env:SINGLE_DEP_NAME** updated from \`$env:SINGLE_DEP_OLD_VERSION\` to \`$env:SINGLE_DEP_NEW_VERSION\`" >> $env:GITHUB_STEP_SUMMARY
} else {
echo "πŸ“¦ **$count** vendor $word updated:" >> $env:GITHUB_STEP_SUMMARY
}
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "$env:UPDATE_MESSAGE" >> $env:GITHUB_STEP_SUMMARY
echo "" >> $env:GITHUB_STEP_SUMMARY

# Check if we can auto-merge (only minor/patch changes)
$hasBreaking = $env:HAS_BREAKING_CHANGES -eq 'True'
if ($hasBreaking) {
echo "> ⚠️ **Note:** This update contains major version changes that may include breaking changes." >> $env:GITHUB_STEP_SUMMARY
} else {
echo "> ℹ️ **Note:** This update only contains minor or patch changes." >> $env:GITHUB_STEP_SUMMARY
}
}

- name: Auto-merge minor updates
if: env.COUNT_UPDATED > 0 && env.HAS_BREAKING_CHANGES != 'True'
shell: pwsh
run: |
try {
echo "### πŸš€ Auto-merging Updates" >> $env:GITHUB_STEP_SUMMARY
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "Attempting to automatically merge non-breaking changes to master..." >> $env:GITHUB_STEP_SUMMARY

git config --global user.name "github-actions[bot]"
git config --global user.email "github-actions[bot]@users.noreply.github.com"

# Commit the changes
git add vendor/sources.json
$commitResult = git commit -m "⬆️ Update dependencies ($env:LIST_UPDATED)"

# Push directly to master
git push origin HEAD:master
Comment on lines +186 to +203
Copy link

Copilot AI Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The auto-merge feature directly pushes to the master branch without any approval or security checks. This could be a security risk if a malicious dependency update is introduced. Consider adding validation steps before auto-merging, such as running tests or security scans, even for minor/patch updates.

Copilot uses AI. Check for mistakes.
Comment on lines +186 to +203
Copy link

Copilot AI Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

There's a potential race condition if multiple workflow runs execute concurrently. If two workflows try to push to master at the same time, one will fail. While this is handled by the error catch block, it would be better to use a concurrency group to prevent multiple instances of this workflow from running simultaneously on the same branch.

Copilot uses AI. Check for mistakes.

echo "" >> $env:GITHUB_STEP_SUMMARY
echo "βœ… **Success!** Updates have been automatically merged to master." >> $env:GITHUB_STEP_SUMMARY
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "**Updated dependencies:** $env:LIST_UPDATED" >> $env:GITHUB_STEP_SUMMARY

# Set a flag to skip PR creation
echo "AUTO_MERGED=true" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8
Comment on lines +202 to +211
Copy link

Copilot AI Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The $commitResult variable captures the output of git commit, but it's only used in a check on line 224. However, if the commit fails (e.g., no changes to commit), the script will proceed to try to push, which could fail. Consider checking if the commit succeeded before attempting to push, or use -ErrorAction Stop to halt on errors.

Suggested change
# Push directly to master
git push origin HEAD:master
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "βœ… **Success!** Updates have been automatically merged to master." >> $env:GITHUB_STEP_SUMMARY
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "**Updated dependencies:** $env:LIST_UPDATED" >> $env:GITHUB_STEP_SUMMARY
# Set a flag to skip PR creation
echo "AUTO_MERGED=true" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8
if ($commitResult) {
# Push directly to master
git push origin HEAD:master
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "βœ… **Success!** Updates have been automatically merged to master." >> $env:GITHUB_STEP_SUMMARY
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "**Updated dependencies:** $env:LIST_UPDATED" >> $env:GITHUB_STEP_SUMMARY
# Set a flag to skip PR creation
echo "AUTO_MERGED=true" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8
}

Copilot uses AI. Check for mistakes.
} catch {
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "⚠️ **Warning:** Unable to automatically merge updates." >> $env:GITHUB_STEP_SUMMARY
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "**Error:** $($_.Exception.Message)" >> $env:GITHUB_STEP_SUMMARY
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "Falling back to creating a pull request..." >> $env:GITHUB_STEP_SUMMARY

Write-Warning "Failed to auto-merge: $($_.Exception.Message)"

# Reset the commit if one was made
if ($commitResult) {
git reset --hard HEAD~1
}

# Set flag to create PR instead
echo "AUTO_MERGED=false" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8
}

- uses: peter-evans/create-pull-request@v8
if: env.COUNT_UPDATED > 0
if: env.COUNT_UPDATED > 0 && (env.HAS_BREAKING_CHANGES == 'True' || env.AUTO_MERGED == 'false')
Copy link

Copilot AI Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The condition env.COUNT_UPDATED > 0 performs a string comparison instead of a numeric comparison. Environment variables in GitHub Actions are strings, so this should be written as env.COUNT_UPDATED != '0' to properly check if updates are available.

Copilot uses AI. Check for mistakes.
with:
title: 'Updates to `${{ env.COUNT_UPDATED }}` vendored dependencies'
title: ${{ env.COUNT_UPDATED == '1' && format('⬆️ Update {0}', env.LIST_UPDATED) || format('⬆️ Update {0} vendored dependencies', env.COUNT_UPDATED) }}
Copy link

Copilot AI Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The expression env.COUNT_UPDATED == '1' in the format() function will not work as expected in GitHub Actions workflow expressions. In the context of workflow expressions (inside ${{ }}), you should use a simple comparison without env. prefix when comparing against string literals. The correct syntax should be: env.COUNT_UPDATED == 1 or use string comparison with quotes around the number.

Copilot uses AI. Check for mistakes.
Copy link
Contributor

@DRSDavidSoft DRSDavidSoft Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@copilot The number of update should be wrapped in (`) like before

Copy link
Contributor Author

Copilot AI Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done in commit 7b86263. The dependency count is now wrapped in backticks for the plural case to match the original format: πŸ“¦ Automatically updated {0} dependencies

body: |
### Automatically updated `${{ env.COUNT_UPDATED }}` dependencies:
### ${{ env.COUNT_UPDATED == 1 && format('πŸ“¦ Updated {0} from `{1}` to `{2}`', env.SINGLE_DEP_NAME, env.SINGLE_DEP_OLD_VERSION, env.SINGLE_DEP_NEW_VERSION) || format('πŸ“¦ Automatically updated `{0}` dependencies', env.COUNT_UPDATED) }}

${{ env.UPDATE_MESSAGE }}

${{ env.CHANGELOG_SECTION }}

---
Please verify and then **Merge** the pull request to update.

${{ env.HAS_BREAKING_CHANGES == 'True' && '⚠️ **This update contains major version changes that may include breaking changes.**' || 'ℹ️ This update only contains minor or patch changes.' }}

Please verify and then **Merge** the pull request to apply the updates.
commit-message: '⬆️ Update dependencies (${{ env.LIST_UPDATED }})'
branch: update-vendor
base: master

- name: Summary - Pull request created
if: env.COUNT_UPDATED > 0
if: env.COUNT_UPDATED > 0 && (env.HAS_BREAKING_CHANGES == 'True' || env.AUTO_MERGED == 'false')
shell: pwsh
run: |
echo "### πŸŽ‰ Pull Request Created" >> $env:GITHUB_STEP_SUMMARY
Expand All @@ -102,4 +260,10 @@ jobs:
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "**Updated dependencies:** $env:LIST_UPDATED" >> $env:GITHUB_STEP_SUMMARY
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "> Please review and merge the pull request to apply the updates." >> $env:GITHUB_STEP_SUMMARY
if ($env:HAS_BREAKING_CHANGES -eq 'True') {
echo "> ⚠️ **Manual review required:** This update contains major version changes." >> $env:GITHUB_STEP_SUMMARY
} else {
echo "> ℹ️ **Note:** Auto-merge failed, manual review required." >> $env:GITHUB_STEP_SUMMARY
}
echo "" >> $env:GITHUB_STEP_SUMMARY
echo "Please review and merge the pull request to apply the updates." >> $env:GITHUB_STEP_SUMMARY
60 changes: 56 additions & 4 deletions scripts/update.ps1
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -259,6 +259,8 @@ function Fetch-DownloadUrl {
}

$count = 0
$hasBreakingChanges = $false
$updateDetails = @()

# Read the current sources content
$sources = Get-Content $sourcesPath | Out-String | ConvertFrom-Json
Expand Down Expand Up @@ -301,6 +303,52 @@ foreach ($s in $sources) {
# }

$count++

# Analyze version change type
$changeType = "unknown"
try {
# Try parsing as semantic version
# Handle versions with more than 4 parts by taking only the first 3-4 parts
$oldVerStr = $s.version.Split('-')[0]
$newVerStr = $version.Split('-')[0]

# Split by dots and take only numeric parts, first 4 max
$oldParts = $oldVerStr.Split('.') | Where-Object { $_ -match '^\d+$' } | Select-Object -First 4
$newParts = $newVerStr.Split('.') | Where-Object { $_ -match '^\d+$' } | Select-Object -First 4

# Ensure we have at least 2 parts (major.minor)
if ($oldParts.Count -ge 2 -and $newParts.Count -ge 2) {
$oldVerParseable = $oldParts -join '.'
$newVerParseable = $newParts -join '.'

$oldVer = [System.Version]::Parse($oldVerParseable)
$newVer = [System.Version]::Parse($newVerParseable)

if ($newVer.Major -gt $oldVer.Major) {
$changeType = "major"
$hasBreakingChanges = $true
} elseif ($newVer.Minor -gt $oldVer.Minor) {
$changeType = "minor"
} else {
$changeType = "patch"
Comment on lines +327 to +333
Copy link

Copilot AI Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The version comparison logic only checks if the major or minor version increased, but doesn't handle the case where the major/minor versions are equal and only the patch version changed. When both major and minor are equal but the patch increased, the code will incorrectly classify it as "patch" due to the else clause. However, if the patch version actually decreased (a downgrade), it would still be classified as "patch" rather than flagged as potentially problematic.

Suggested change
if ($newVer.Major -gt $oldVer.Major) {
$changeType = "major"
$hasBreakingChanges = $true
} elseif ($newVer.Minor -gt $oldVer.Minor) {
$changeType = "minor"
} else {
$changeType = "patch"
if ($newVer -lt $oldVer) {
$changeType = "downgrade"
$hasBreakingChanges = $true
} elseif ($newVer.Major -gt $oldVer.Major) {
$changeType = "major"
$hasBreakingChanges = $true
} elseif ($newVer.Minor -gt $oldVer.Minor) {
$changeType = "minor"
} elseif ($newVer.Build -gt $oldVer.Build) {
$changeType = "patch"
} else {
# No version increase detected (could be equal or non-incremental change)
$changeType = "unknown"

Copilot uses AI. Check for mistakes.
}
} else {
# Not enough numeric parts for semantic versioning
throw "Not enough numeric version parts"
}
} catch {
# If semantic versioning fails, treat as unknown (potentially breaking)
$changeType = "unknown"
$hasBreakingChanges = $true
Write-Verbose "Could not parse version as semantic version, treating as potentially breaking"
Copy link

Copilot AI Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

When version parsing fails and falls into the catch block, the code sets $hasBreakingChanges = $true as a safety measure. However, this means that any dependency with a non-standard version format will always require manual review, even if it's actually a safe patch update. Consider logging which specific dependency failed to parse to help with debugging and potential future improvements to the version parsing logic.

Suggested change
Write-Verbose "Could not parse version as semantic version, treating as potentially breaking"
Write-Verbose "Could not parse version as semantic version for dependency '$($s.name)' (old: '$($s.version)', new: '$version'), treating as potentially breaking"

Copilot uses AI. Check for mistakes.
}

$updateDetails += @{
name = $s.name
oldVersion = $s.version
newVersion = $version
changeType = $changeType
}
}

$s.url = $downloadUrl
Expand All @@ -314,12 +362,16 @@ if ($count -eq 0) {
return
}

if ($Env:APPVEYOR -eq 'True') {
Add-AppveyorMessage -Message "Successfully updated $count dependencies." -Category Information
}

# Export update details for GitHub Actions
if ($Env:GITHUB_ACTIONS -eq 'true') {
$updateDetailsJson = $updateDetails | ConvertTo-Json -Compress
Write-Output "UPDATE_DETAILS=$updateDetailsJson" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8
Copy link

Copilot AI Dec 15, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The UPDATE_DETAILS environment variable is exported as JSON but is never used in the workflow. If this was intended for future use or debugging, it should be documented. If it's not needed, it should be removed to avoid confusion and reduce the amount of data being passed through environment variables.

Suggested change
Write-Output "UPDATE_DETAILS=$updateDetailsJson" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8

Copilot uses AI. Check for mistakes.
Write-Output "HAS_BREAKING_CHANGES=$hasBreakingChanges" | Out-File -FilePath $env:GITHUB_ENV -Append -Encoding utf8
Write-Output "::notice title=Task Complete::Successfully updated $count dependencies."
}

if ($Env:APPVEYOR -eq 'True') {
Add-AppveyorMessage -Message "Successfully updated $count dependencies." -Category Information
}

Write-Host -ForegroundColor green "Successfully updated $count dependencies."