بنقرة واحدة
dotnet-package-upgrade-triage
How to diagnose and fix .NET package major-version upgrade breaks from Dependabot
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
القائمة
How to diagnose and fix .NET package major-version upgrade breaks from Dependabot
التثبيت باستخدام Codex أو Claude انسخ هذا Prompt والصقه في Codex أو Claude أو مساعد آخر ليراجع صفحة Skill ويثبّتها لك.
استنادا إلى تصنيف SOC المهني
| name | dotnet-package-upgrade-triage |
| description | How to diagnose and fix .NET package major-version upgrade breaks from Dependabot |
| domain | backend, dotnet, dependencies |
| confidence | high |
| source | earned (2026-05-14, Microsoft.OpenApi 2.x migration) |
When Dependabot upgrades .NET packages (especially Swashbuckle, ASP.NET Core, Azure SDKs), major version bumps often include breaking changes:
This skill provides a systematic triage process to isolate, understand, and fix these breaks efficiently.
When build fails after Dependabot PR merge:
Directory.Packages.props (central package management) or *.csproj for version changes.dotnet nuget why <project> <package> to understand dependency chains. A Swashbuckle upgrade may pull in Microsoft.OpenApi 2.x.Before bulk-editing production code:
cd /tmp && mkdir test_pkg && cd test_pkg
cat > test.csproj << 'EOF'
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<TargetFramework>net9.0</TargetFramework>
<OutputType>Exe</OutputType>
</PropertyGroup>
<ItemGroup>
<PackageReference Include="Swashbuckle.AspNetCore" Version="10.1.7" />
</ItemGroup>
</Project>
EOF
Try the old pattern first to confirm it fails. Then iterate on new patterns until build succeeds.
Check in order:
docs/migration or MIGRATION.md in repotest/ or samples/ directories in the package's GitHub repoExample:
git clone --depth 1 --branch v10.1.7 https://github.com/domaindrivendev/Swashbuckle.AspNetCore.git
grep -r "AddSecurityDefinition" test/ --include="*.cs" -A 10
Look for how the official tests use the new API.
In your throwaway project, test the complete pattern:
using Microsoft.OpenApi; // Changed from Microsoft.OpenApi.Models
var builder = WebApplication.CreateBuilder(args);
builder.Services.AddSwaggerGen(c =>
{
c.SwaggerDoc("v1", new OpenApiInfo { Title = "Test" });
c.AddSecurityRequirement(doc => new OpenApiSecurityRequirement
{
{ new OpenApiSecuritySchemeReference("Bearer", doc), [] }
});
});
Run dotnet build. If it succeeds, you've validated the fix.
Before applying fixes to production code:
cd /path/to/repo
grep -r "Microsoft\.OpenApi\.Models" src/ --include="*.cs"
This shows:
Use the edit tool to make surgical changes:
using statements firstPick one affected service and build it:
cd src/user-service && dotnet build -c Release 2>&1 | tail -30
This catches:
Update agent history with:
Write a decision document explaining:
Break: Microsoft.OpenApi.Models namespace removed.
Fix:
// BEFORE (Microsoft.OpenApi 1.x)
using Microsoft.OpenApi.Models;
c.AddSecurityRequirement(new OpenApiSecurityRequirement
{
{
new OpenApiSecurityScheme
{
Reference = new OpenApiReference
{
Id = "Bearer",
Type = ReferenceType.SecurityScheme
}
},
Array.Empty<string>()
}
});
// AFTER (Microsoft.OpenApi 2.x)
using Microsoft.OpenApi;
c.AddSecurityRequirement(doc => new OpenApiSecurityRequirement
{
{
new OpenApiSecuritySchemeReference("Bearer", doc),
[]
}
});
Key Changes:
Microsoft.OpenApi.Models.* → Microsoft.OpenApi.*OpenApiSecuritySchemeReference replaces manual OpenApiSecurityScheme { Reference = ... }AddSecurityRequirement now requires Func<OpenApiDocument, ...> to pass document contextstring[] to List<string> (use [] collection expression)❌ Don't guess the fix — Create a test project to validate before bulk editing production code.
❌ Don't fix blindly — If the build error is a namespace issue but there are also NuGet restore errors, the code fix may be correct even if the build still fails. Separate concerns.
❌ Don't ignore other errors — After fixing the primary issue, note any secondary build errors for follow-up (but don't fix them in the same pass if they're unrelated).
❌ Don't pin back without trying forward — Reverting to an older package version should be a last resort. Most breaking changes have straightforward migration paths.
❌ Don't trust AI-generated migration guides — Web search results may be outdated or wrong. Always verify with official source code or test projects.
"Package version not found" during restore:
"Type still not found after namespace change":
strings ~/.nuget/packages/<package>/<version>/lib/<tfm>/<assembly>.dll | grep <TypeName>"Lambda required but wasn't before":
OpenApiDocument for references)"Build succeeds in test project but fails in production":
Directory.Packages.props) may pin a transitive dep to an incompatible versiondotnet nuget why <project> <package> to trace the conflict