Configure Renovate

[renovate]

Welcome to Renovate! This is an onboarding PR to help you understand and configure settings before regular Pull Requests begin.

🚦 To activate Renovate, merge this Pull Request. To disable Renovate, simply close this Pull Request unmerged.

---

Detected Package Files

• build/docker-compose.net8.0.yml (docker-compose)
• build/docker-compose.net9.0.yml (docker-compose)
• .github/workflows/Component.BuildTest.yml (github-actions)
• .github/workflows/add-labels.yml (github-actions)
• .github/workflows/automation.yml (github-actions)
• .github/workflows/ci.yml (github-actions)
• .github/workflows/codeql-analysis.yml (github-actions)
• .github/workflows/concurrency-tests.yml (github-actions)
• .github/workflows/docfx.yml (github-actions)
• .github/workflows/dotnet-format.yml (github-actions)
• .github/workflows/fossa.yml (github-actions)
• .github/workflows/markdownlint.yml (github-actions)
• .github/workflows/ossf-scorecard.yml (github-actions)
• .github/workflows/package-validation.yml (github-actions)
• .github/workflows/post-release.yml (github-actions)
• .github/workflows/prepare-release.yml (github-actions)
• .github/workflows/publish-packages-1.0.yml (github-actions)
• .github/workflows/sanitycheck.yml (github-actions)
• .github/workflows/stale.yml (github-actions)
• .github/workflows/verifyaotcompat.yml (github-actions)
• Directory.Packages.props (nuget)
• build/Common.nonprod.props (nuget)
• build/Common.prod.props (nuget)
• build/Common.props (nuget)
• build/Common.targets (nuget)
• docs/logs/complex-objects/complex-objects.csproj (nuget)
• docs/metrics/getting-started-aspnetcore/getting-started-aspnetcore.csproj (nuget)
• docs/trace/getting-started-aspnetcore/getting-started-aspnetcore.csproj (nuget)
• docs/trace/getting-started-jaeger/getting-started-jaeger.csproj (nuget)
• global.json (nuget)
• src/OpenTelemetry.Api.ProviderBuilderExtensions/OpenTelemetry.Api.ProviderBuilderExtensions.csproj (nuget)
• src/OpenTelemetry.Api/OpenTelemetry.Api.csproj (nuget)
• src/OpenTelemetry.Exporter.Prometheus.AspNetCore/OpenTelemetry.Exporter.Prometheus.AspNetCore.csproj (nuget)
• src/OpenTelemetry.Exporter.Prometheus.HttpListener/OpenTelemetry.Exporter.Prometheus.HttpListener.csproj (nuget)
• src/OpenTelemetry.Extensions.Hosting/OpenTelemetry.Extensions.Hosting.csproj (nuget)
• src/OpenTelemetry.Shims.OpenTracing/OpenTelemetry.Shims.OpenTracing.csproj (nuget)
• src/OpenTelemetry/OpenTelemetry.csproj (nuget)
• test/Benchmarks/Benchmarks.csproj (nuget)
• test/Directory.Build.targets (nuget)
• test/OpenTelemetry.Api.ProviderBuilderExtensions.Tests/OpenTelemetry.Api.ProviderBuilderExtensions.Tests.csproj (nuget)
• test/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests/OpenTelemetry.Exporter.OpenTelemetryProtocol.Tests.csproj (nuget)
• test/OpenTelemetry.Exporter.Prometheus.AspNetCore.Tests/OpenTelemetry.Exporter.Prometheus.AspNetCore.Tests.csproj (nuget)
• test/OpenTelemetry.Exporter.Prometheus.HttpListener.Tests/OpenTelemetry.Exporter.Prometheus.HttpListener.Tests.csproj (nuget)
• test/OpenTelemetry.Exporter.Zipkin.Tests/OpenTelemetry.Exporter.Zipkin.Tests.csproj (nuget)
• test/OpenTelemetry.Extensions.Hosting.Tests/OpenTelemetry.Extensions.Hosting.Tests.csproj (nuget)
• test/OpenTelemetry.Instrumentation.W3cTraceContext.Tests/OpenTelemetry.Instrumentation.W3cTraceContext.Tests.csproj (nuget)
• test/OpenTelemetry.Shims.OpenTracing.Tests/OpenTelemetry.Shims.OpenTracing.Tests.csproj (nuget)
• test/OpenTelemetry.Tests.Stress/OpenTelemetry.Tests.Stress.csproj (nuget)
• test/OpenTelemetry.Tests/OpenTelemetry.Tests.csproj (nuget)
• test/TestApp.AspNetCore/TestApp.AspNetCore.csproj (nuget)

Configuration Summary

Based on the default config's presets, Renovate will:

• Start dependency updates only once this onboarding PR is merged
• Hopefully safe environment variables to allow users to configure.
• Show all Merge Confidence badges for pull requests.
• Enable Renovate Dependency Dashboard creation.
• Use semantic commit type fix for dependencies and chore for all others if semantic commits are in use.
• Ignore node_modules, bower_components, vendor and various test/tests (except for nuget) directories.
• Group known monorepo packages together.
• Use curated list of recommended non-monorepo package groupings.
• Show only the Age and Confidence Merge Confidence badges for pull requests.
• Apply crowd-sourced package replacement rules.
• Apply crowd-sourced workarounds for known problems with packages.
• Pin Docker digests.
• Pin github-action digests.
• Enable Renovate configuration migration PRs when needed.
• Pin dependency versions for development dependencies.
• Update _VERSION variables in Dockerfiles.
• Update _VERSION environment variables in GitHub Action files.
• Require all status checks to pass before any automerging.
• Remove hourly and concurrent rate limits.
• Raise PR when vulnerability alerts are detected.
• Append Signed-off-by: to signoff Git commits.
• Upgrade to unstable versions only if the existing version is unstable.
• Run Renovate on following schedule: * 8-17 * * 3

🔡 Do you want to change how Renovate upgrades your dependencies? Add your custom config to renovate.json in this branch. Renovate will update the Pull Request description the next time it runs.

---

What to Expect

With your current configuration, Renovate will create 16 Pull Requests:

Bump codecov/codecov-action action to v5.5.1

• Schedule: ["* 8-17 * * 3"]
• Branch name: renovate/github-actions/codecov-codecov-action-5.x
• Merge into: main
• Upgrade codecov/codecov-action to 5a1091511ad55cbe89839c7260b706298ca349f7

Bump dotnet monorepo

• Schedule: ["* 8-17 * * 3"]
• Branch name: renovate/nuget/dotnet-monorepo
• Merge into: main
• Upgrade Microsoft.AspNetCore.TestHost to 8.0.19
• Upgrade Microsoft.AspNetCore.TestHost to 9.0.8
• Upgrade Microsoft.Extensions.DependencyInjection to 9.0.8
• Upgrade Microsoft.Extensions.DependencyInjection.Abstractions to 9.0.8
• Upgrade Microsoft.Extensions.Diagnostics.Abstractions to 9.0.8
• Upgrade Microsoft.Extensions.Hosting to 9.0.8
• Upgrade Microsoft.Extensions.Hosting.Abstractions to 9.0.8
• Upgrade Microsoft.Extensions.Http to 9.0.8
• Upgrade Microsoft.Extensions.Logging.Abstractions to 9.0.8
• Upgrade Microsoft.Extensions.Logging.Configuration to 9.0.8
• Upgrade Microsoft.Extensions.Telemetry.Abstractions to 9.8.0
• Upgrade System.Diagnostics.DiagnosticSource to 9.0.8
• Upgrade System.Text.Json to 8.0.6

Bump dependency Google.Protobuf to 3.32.0

• Schedule: ["* 8-17 * * 3"]
• Branch name: renovate/nuget/protobuf-monorepo
• Merge into: main
• Upgrade Google.Protobuf to 3.32.0

Bump dependency Grpc to 2.46.6

• Schedule: ["* 8-17 * * 3"]
• Branch name: renovate/nuget/grpc-2.x
• Merge into: main
• Upgrade Grpc to 2.46.6

Bump dependency Grpc.Tools to 2.72.0

• Schedule: ["* 8-17 * * 3"]
• Branch name: renovate/nuget/grpc.tools-2.x
• Merge into: main
• Upgrade Grpc.Tools to 2.72.0

Bump dependency Microsoft.NET.Test.Sdk to 17.14.1

• Schedule: ["* 8-17 * * 3"]
• Branch name: renovate/nuget/vstest-monorepo
• Merge into: main
• Upgrade Microsoft.NET.Test.Sdk to 17.14.1

Bump dependency NuGet.Versioning to 6.14.0

• Schedule: ["* 8-17 * * 3"]
• Branch name: renovate/nuget/nuget-monorepo
• Merge into: main
• Upgrade NuGet.Versioning to 6.14.0

Bump dependency Swashbuckle.AspNetCore to 6.9.0

• Schedule: ["* 8-17 * * 3"]
• Branch name: renovate/nuget/swashbuckle-aspnetcore-monorepo
• Merge into: main
• Upgrade Swashbuckle.AspNetCore to 6.9.0

Bump grpc-dotnet monorepo to 2.71.0

• Schedule: ["* 8-17 * * 3"]
• Branch name: renovate/nuget/grpc-dotnet-monorepo
• Merge into: main
• Upgrade Grpc.AspNetCore to 2.71.0
• Upgrade Grpc.AspNetCore.Server to 2.71.0
• Upgrade Grpc.Net.Client to 2.71.0

Bump opentelemetry-dotnet-contrib monorepo to 1.12.0

• Schedule: ["* 8-17 * * 3"]
• Branch name: renovate/nuget/opentelemetry-dotnet-contrib-monorepo
• Merge into: main
• Upgrade OpenTelemetry.Instrumentation.AspNetCore to 1.12.0
• Upgrade OpenTelemetry.Instrumentation.Http to 1.12.0
• Upgrade OpenTelemetry.Instrumentation.Runtime to 1.12.0

Bump actions/setup-dotnet action to v5

• Schedule: ["* 8-17 * * 3"]
• Branch name: renovate/github-actions/actions-setup-dotnet-5.x
• Merge into: main
• Upgrade actions/setup-dotnet to d4c94342e560b34958eacfc5d055d21461ed1c5d

Bump actions/stale action to v10

• Schedule: ["* 8-17 * * 3"]
• Branch name: renovate/github-actions/actions-stale-10.x
• Merge into: main
• Upgrade actions/stale to 3a9db7e6a41a89f618792c92c0e97cc736e1b13f

Bump dependency MinVer to v6

• Schedule: ["* 8-17 * * 3"]
• Branch name: renovate/nuget/minver-6.x
• Merge into: main
• Upgrade MinVer to 6.0.0

Bump dependency RabbitMQ.Client to v7

• Schedule: ["* 8-17 * * 3"]
• Branch name: renovate/nuget/rabbitmq.client-7.x
• Merge into: main
• Upgrade RabbitMQ.Client to 7.1.2

Bump dependency Swashbuckle.AspNetCore to v9

• Schedule: ["* 8-17 * * 3"]
• Branch name: renovate/nuget/major-swashbuckle-aspnetcore-monorepo
• Merge into: main
• Upgrade Swashbuckle.AspNetCore to 9.0.4

Bump dependency ubuntu to v24

• Schedule: ["* 8-17 * * 3"]
• Branch name: renovate/github-actions/ubuntu-24.x
• Merge into: main
• Upgrade ubuntu to 24.04

---

❓ Got questions? Check out Renovate's Docs, particularly the Getting Started section.
If you need any further assistance then you can also request help here.

---

This PR was generated by Mend Renovate. View the repository job log.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 86.61%. Comparing base (2a9c406) to head (2d379a5).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #6459      +/-   ##
==========================================
- Coverage   86.68%   86.61%   -0.08%     
==========================================
  Files         258      258              
  Lines       11876    11876              
==========================================
- Hits        10295    10286       -9     
- Misses       1581     1590       +9     

Flag	Coverage Δ
unittests-Project-Experimental	86.58% <ø> (+0.15%)	⬆️
unittests-Project-Stable	86.29% <ø> (-0.31%)	⬇️
unittests-Solution	86.26% <ø> (-0.05%)	⬇️
unittests-UnstableCoreLibraries-Experimental	85.87% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.
see 4 files with indirect coverage changes

[Kielek]

This is main concern on from my side. Other are minors.

"[$(OTelLatestStableVer),)" is not the same as "[$(OTelLatestStableVer),2.0)". It will allow to solve packages also with OpenTelemetry v2.0.0 if ever released.

[Kielek]

This should work the same as:

Suggested change

	<PackageVersion Include="Microsoft.CodeAnalysis.PublicApiAnalyzers" Version="[3.11.0-beta1.23525.2,)" />
	<PackageVersion Include="Microsoft.CodeAnalysis.PublicApiAnalyzers" Version="3.11.0-beta1.23525.2" />

[martincostello]

The change is semantically equivalent, but makes it fall into the regex used in the renovate configuration file which makes it "pinned" and be ignored. There's commentary in the abandoned PR detailing the rationale behind various choices here.

I've tried to upgrade this dependency previously, and it was non trivial as new rules made the build fail. This makes it ignored until someone actively tries to upgrade it manually. Renovate or dependabot would just generate a broken PR.

[Kielek]

I think that we have 1.12.0 packages already. I am fine with keeping as is in this PR, and allow to fix it by renovate.

[martincostello]

Yeah I just unpinned it to let the PRs flow from dependabot. You can see in the description of this PR what updates are going to flow post-merge.

[Kielek]

3.* works only with .NET8 (it is fine) and .NET Framework 4.7.2 (we cannot update to such version).

Is there any option to prevent renovate with updates? If it can be configured. we could change it to

Suggested change

	<PackageVersion Include="xunit.runner.visualstudio" Version="[2.8.2,)" />
	<PackageVersion Include="xunit.runner.visualstudio" Version="2.8.2" />

or keep previous version.

[martincostello]

There is no xunit 3.*. There is however xunit.v3 1.*-3.* - it's a completely different package.

This is the latest version for v2, and is unpinned so if there's ever a patch version for it we'll get the update.

[martincostello]

Just noticed the comment was on the other line.

True, but post merge we can just close the PR to ignore the v3 update. We'd still get a patch version of there ever was one for 2.