.Net: Bump AWSSDK.BedrockAgent and AWSSDK.Core#14000
Conversation
Bumps AWSSDK.BedrockAgent from 4.0.7.5 to 4.0.8.5 Bumps AWSSDK.Core from 4.0.3.8 to 4.0.6.1 --- updated-dependencies: - dependency-name: AWSSDK.Core dependency-version: 4.0.6.1 dependency-type: direct:production update-type: version-update:semver-patch - dependency-name: AWSSDK.BedrockAgent dependency-version: 4.0.8.5 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
.NET
dependabot
Bot
added
dependencies
github-actions
Bot
changed the title
![github-actions[bot]](https://avatars.githubusercontent.com/in/15368?s=60&v=4){kind=small}
There was a problem hiding this comment.
Automated Code Review
Reviewers: 4 | Confidence: 95%
✓ Correctness
This is a straightforward Dependabot patch-version bump of AWSSDK.BedrockAgent from 4.0.7.5 to 4.0.8.5. The change itself is correct. However, the PR title and description state that AWSSDK.Core is also being updated from 4.0.3.8 to 4.0.6.1, but no such change appears in the diff — the file still pins AWSSDK.Core at 4.0.3.8 (line 19). If BedrockAgent 4.0.8.5 requires a newer Core version, this could cause a version conflict during NuGet restore.
✓ Security Reliability
This is a straightforward Dependabot patch-level bump of AWSSDK.BedrockAgent from 4.0.7.5 to 4.0.8.5 in the central NuGet package version file. The change is confined to a single version pin in Directory.Packages.props with no code changes. No security or reliability issues identified. Note: the PR description mentions bumping AWSSDK.Core from 4.0.3.8 to 4.0.6.1, but that change does not appear in the diff — AWSSDK.Core remains at 4.0.3.8 on line 19. This is cosmetic (likely a Dependabot description artifact) and not a security concern.
✓ Test Coverage
This is a straightforward Dependabot patch-level version bump of AWSSDK.BedrockAgent from 4.0.7.5 to 4.0.8.5 in the central package versions file. No project source code or behavior is changed—only a transitive dependency version pin is updated. There are no test coverage concerns: dependency version bumps do not introduce new application behavior that would require new or modified tests. Existing tests for the AWS Bedrock connector (if any) continue to exercise the same public API surface.
✗ Design Approach
The dependency bump is incomplete in a way that matters to the repo’s restore graph:
AWSSDK.BedrockAgentis updated, butAWSSDK.Coreremains pinned to4.0.3.8, so projects that referenceAWSSDK.Coredirectly still restore the old version. That means this approach does not actually deliver the PR’s statedAWSSDK.Coreupgrade.
Flagged Issues
-
dotnet/Directory.Packages.props:19still pinsAWSSDK.Coreto4.0.3.8, whileConnectors.Amazon.csprojandConcepts.csprojreferenceAWSSDK.Coredirectly. Bumping onlyAWSSDK.BedrockAgentleaves those projects on the old core package and does not accomplish the PR's statedAWSSDK.Coreupgrade from 4.0.3.8 to 4.0.6.1.
Automated review by dependabot[bot]'s agents
| <PackageVersion Include="AWSSDK.BedrockAgent" Version="4.0.8.5" /> | ||
| <PackageVersion Include="AWSSDK.BedrockAgentRuntime" Version="4.0.8.5" /> | ||
| <PackageVersion Include="AWSSDK.BedrockRuntime" Version="4.0.14.5" /> | ||
| <PackageVersion Include="AWSSDK.Core" Version="4.0.3.8" /> |
There was a problem hiding this comment.
AWSSDK.Core is still pinned to 4.0.3.8 here, but the PR description claims it should be bumped to 4.0.6.1. Direct consumers (dotnet/src/Connectors/Connectors.Amazon/Connectors.Amazon.csproj:20, dotnet/samples/Concepts.csproj:49) will continue restoring the old version.
| <PackageVersion Include="AWSSDK.Core" Version="4.0.3.8" /> | |
| <PackageVersion Include="AWSSDK.Core" Version="4.0.6.1" /> |
Pinned AWSSDK.BedrockAgent at 4.0.8.5.
Release notes
Sourced from AWSSDK.BedrockAgent's releases.
No release notes found for this version range.
Commits viewable in compare view.
Updated AWSSDK.Core from 4.0.3.8 to 4.0.6.1.
Release notes
Sourced from AWSSDK.Core's releases.
No release notes found for this version range.
Commits viewable in compare view.
Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)