ci(renovate): block NuGet packages with commercial license fees#50469
ci(renovate): block NuGet packages with commercial license fees#50469
Conversation
chouetz
added
changelog/no-changelog
github-actions
Bot
added
the
short review
![chatgpt-codex-connector[bot]](https://avatars.githubusercontent.com/in/1144995?s=60&v=4){kind=small}
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: 75a0ccdce8
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| "allowedVersions": "<8.0.0" | ||
| }, | ||
| { | ||
| "matchDepNames": ["WixToolset.Dtf.WindowsInstaller"], | ||
| "allowedVersions": "<6.0.0" |
There was a problem hiding this comment.
These rules target NuGet PackageReference dependencies, so Renovate evaluates allowedVersions with NuGet versioning rather than npm-style semver ranges. The <8.0.0 / <6.0.0 strings are not valid NuGet ranges, which causes the Renovate config validation for these dependencies to fail instead of blocking the paid major versions; use NuGet bracket ranges such as (,8.0.0) and (,6.0.0).
Useful? React with 👍 / 👎.
There was a problem hiding this comment.
Good catch — fixed in the latest commit. Switched to NuGet bracket notation: (,8.0.0) and (,6.0.0).
Files inventory check summaryFile checks results against ancestor a4176470: Results for datadog-agent_7.80.0~devel.git.561.c52eaa5.pipeline.111982213-1_amd64.deb:No change detected |
github-actions
Bot
added
medium review
Semver-style `<X.0.0` is not valid NuGet range syntax; Renovate parses NuGet allowedVersions with the nuget versioning module which only accepts bracket ranges. Switch to `(,8.0.0)` and `(,6.0.0)` so the version caps on FluentAssertions and WixToolset.Dtf.WindowsInstaller are actually enforced. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
1 participant
What does this PR do?
Adds
allowedVersionsconstraints inrenovate.jsonto prevent Renovate from proposing updates to NuGet packages that have introduced commercial license fees:FluentAssertions: capped at<8.0.0(v8+ requires a paid license for commercial use)WixToolset.Dtf.WindowsInstaller: capped at<6.0.0(v6+ requires an Open Source Maintenance Fee for revenue-generating users)Motivation
Two Renovate PRs were declined because the proposed versions crossed a license boundary:
FluentAssertionsv7 → v8)WixToolset.Dtf.WindowsInstallerv5 → v6)Using
allowedVersions(rather thanenabled: false) keeps patch/minor updates flowing within the free tier, while permanently blocking the paid major versions.Describe how you validated your changes
Verified the license change boundaries:
Additional Notes
All other NuGet packages tracked in the Renovate dashboard were audited and confirmed to have free/open-source licenses (MIT, Apache 2.0, BSD-3-Clause).