deps: update outdated packages and fix Dependabot configuration

Security updates:
- Microsoft.PowerPlatform.Dataverse.Client: 1.1.* → 1.2.* (CVE-2022-26907)
- System.CommandLine: 2.0.0-beta4 → 2.0.1 (stable release)

Test infrastructure updates:
- Microsoft.NET.Test.Sdk: 17.8.0 → 18.0.1
- xunit: 2.6.4 → 2.9.3
- xunit.runner.visualstudio: 2.5.6 → 3.0.2

Dependabot improvements:
- Added versioning-strategy: increase for floating version bumps
- Added dependency grouping to reduce PR noise
- Increased PR limit from 5 to 10

Root cause: Floating versions (e.g., 1.1.*) prevented Dependabot from
suggesting minor/major version bumps. The versioning-strategy setting
addresses this going forward.

Author: claude

.github/dependabot.yml

@@ -6,12 +6,29 @@ updates:
     schedule:
       interval: "weekly"
       day: "monday"
-    open-pull-requests-limit: 5
+    open-pull-requests-limit: 10
     labels:
       - "dependencies"
       - "nuget"
     commit-message:
       prefix: "deps"
+    # Group related dependencies to reduce PR noise
+    groups:
+      microsoft-extensions:
+        patterns:
+          - "Microsoft.Extensions.*"
+      test-infrastructure:
+        patterns:
+          - "Microsoft.NET.Test.Sdk"
+          - "xunit*"
+          - "coverlet.*"
+          - "Moq"
+          - "FluentAssertions"
+      dataverse:
+        patterns:
+          - "Microsoft.PowerPlatform.Dataverse.*"
+    # Widen version constraints when needed (e.g., 1.1.* -> 1.2.*)
+    versioning-strategy: increase
 
   # GitHub Actions
   - package-ecosystem: "github-actions"
@@ -25,3 +42,7 @@ updates:
       - "github-actions"
     commit-message:
       prefix: "ci"
+    groups:
+      github-actions:
+        patterns:
+          - "*"

CHANGELOG.md

@@ -7,6 +7,22 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ## [Unreleased]
 
+### Security
+
+- Updated `Microsoft.PowerPlatform.Dataverse.Client` from `1.1.*` to `1.2.*` - includes CVE-2022-26907 fix
+- Updated `System.CommandLine` from `2.0.0-beta4` to `2.0.1` (stable release)
+
+### Changed
+
+- Updated test infrastructure packages:
+  - `Microsoft.NET.Test.Sdk`: 17.8.0 → 18.0.1
+  - `xunit`: 2.6.4 → 2.9.3
+  - `xunit.runner.visualstudio`: 2.5.6 → 3.0.2
+- Improved Dependabot configuration:
+  - Added `versioning-strategy: increase` to handle floating version bumps
+  - Added dependency grouping for reduced PR noise
+  - Increased PR limit to 10
+
 ### Added
 
 - **PPDS.Migration** - New library for high-performance Dataverse data migration

src/PPDS.Dataverse/PPDS.Dataverse.csproj

@@ -41,7 +41,7 @@
 
   <ItemGroup>
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="10.0.1" />
-    <PackageReference Include="Microsoft.PowerPlatform.Dataverse.Client" Version="1.1.*" />
+    <PackageReference Include="Microsoft.PowerPlatform.Dataverse.Client" Version="1.2.*" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="10.0.1" />
     <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="10.0.1" />
     <PackageReference Include="Microsoft.Extensions.Options" Version="10.0.1" />

src/PPDS.Migration.Cli/PPDS.Migration.Cli.csproj

@@ -35,6 +35,6 @@
     <ProjectReference Include="..\PPDS.Migration\PPDS.Migration.csproj" />
     <ProjectReference Include="..\PPDS.Dataverse\PPDS.Dataverse.csproj" />
     <PackageReference Include="Microsoft.Extensions.DependencyInjection" Version="10.0.1" />
-    <PackageReference Include="System.CommandLine" Version="2.0.0-beta4.22272.1" />
+    <PackageReference Include="System.CommandLine" Version="2.0.1" />
   </ItemGroup>
 </Project>

tests/PPDS.Dataverse.Tests/PPDS.Dataverse.Tests.csproj

@@ -10,9 +10,9 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
-    <PackageReference Include="xunit" Version="2.6.4" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.5.6">
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.0.1" />
+    <PackageReference Include="xunit" Version="2.9.3" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="3.0.2">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>

tests/PPDS.Migration.Cli.Tests/PPDS.Migration.Cli.Tests.csproj

@@ -10,9 +10,9 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
-    <PackageReference Include="xunit" Version="2.6.4" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.5.6">
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.0.1" />
+    <PackageReference Include="xunit" Version="2.9.3" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="3.0.2">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>

tests/PPDS.Plugins.Tests/PPDS.Plugins.Tests.csproj

@@ -10,9 +10,9 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.8.0" />
-    <PackageReference Include="xunit" Version="2.6.4" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="2.5.6">
+    <PackageReference Include="Microsoft.NET.Test.Sdk" Version="18.0.1" />
+    <PackageReference Include="xunit" Version="2.9.3" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="3.0.2">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>