Bump FluentAssertions from 6.12.2 to 8.0.0 #250
Conversation
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?s=60&v=4){kind=small}
Bumps [FluentAssertions](https://github.com/fluentassertions/fluentassertions) from 6.12.2 to 8.0.0. - [Release notes](https://github.com/fluentassertions/fluentassertions/releases) - [Changelog](https://github.com/fluentassertions/fluentassertions/blob/main/AcceptApiChanges.ps1) - [Commits](fluentassertions/fluentassertions@6.12.2...8.0.0) --- updated-dependencies: - dependency-name: FluentAssertions dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
bot
added
.NET
|
As of version 8 of FluentAssertions, it is no longer OpenSource and is moving to a paid model. As I understand the license, since Gauge is OpenSource, it may be exempt from needing to pay the license fee; however, as a testing framework, it may cause some confusion among users if they can use Gauge with FluentAssertions without themselves being subject to paying for it. Also many of Gauge's examples and documentation use FluentAssertions which again may cause issues with users who would not want to license FA themselves. More Information: |
|
Thanks for bringing this up @mpekurny . We could either pin this dep the the 'last known good version' or replace it with good old nunit assertions. |
|
@dependabot ignore this dependency |
|
OK, I won't notify you about FluentAssertions again, unless you re-open this PR. |
This is correct. You can use v8 in any open-source project (if that would be applicable). If you don't want that for whatever reason, you can either stay with v7 (which will get bugfixes and important updates), or switch to something like Shouldly (which is two years old), or native assertions. |
|
The v8 license is non-standard, has concerning clauses, and we are not lawyers. I don’t think any OSS project can or should accept those terms. (even putting aside potentially misleading our users into thinking FA is safe for them to use) Even continuing to use v7 in examples for a testing project such as gauge is risky in this sense, e.g for users who start using it and then allow dependabot to upgrade them beyond v7. I guess we should switch to an alternative regardless? |
|
Fair enough.
Out of curiosity, what clauses are you referring to? |
|
For what it's worth, I certainly understand the pain of funding/supporting OSS maintenance in the longer term, sometimes with a barrage of semi-hostile users expecting freebies on behalf of their companies - so you won't find blanket outrage from me. Folks can always continue using v7 or fork v7 if they feel they can continue the maintenance themselves (for free or with a different model).
Probably some of them that you have also seen concern about within the community in comments on your PR which changed the license.
While standard language, not exactly encouraging as a base for an OSS project already struggling with maintainer time and allowing targeted revocation at will.
License doesn't specifically exempt OSS tools or OSS contributors from this, nor define what a "competitive software product" is, or is not. One might reasonably conclude it is any tool within XCeed's family, and that may include a test automation tool such as Gauge at some point, putting us at breach of the license - even accidentally.
This one is quite bizarre. Not a concern with Gauge's usage, but still really odd.
Perhaps also standard language for custom licenses, but not something your average OSS project licensee would seem to be able to agree to "as a project" (rather than as individuals).
Standard lawyerey language as well, but not something that is particularly encouraging for ongoing reliance. |
|
Thanks for the explanation. I'll pass on the feedback. |
Bumps FluentAssertions from 6.12.2 to 8.0.0.
Release notes
Sourced from FluentAssertions's releases.
... (truncated)
Commits
901c8faMerge pull request #2947 from fluentassertions/release-8.0df7e9bfUpdate ownership and license65d78e2Merge pull request #2945 from fluentassertions/mainbfbf509Update landing page (#2944)f77fe32Bump the xunit group with 3 updates266fedeBump Microsoft.Testing.Extensions.TrxReport from 1.5.0 to 1.5.1e5283d0Bump Meziantou.Analyzer from 2.0.184 to 2.0.1863d8f03fFix several link texts7426493Fix release note PR-linkbcc974bSimplify FirstOrDefault() + null check to Any()Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore this major versionwill close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this minor versionwill close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)@dependabot ignore this dependencywill close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)