chore: group related packages in Dependabot config

[nanotaboada]

• Add entity-framework group for Microsoft.EntityFrameworkCore.*
• Add aspnetcore group for Microsoft.AspNetCore.*
• Add fluentvalidation group for FluentValidation.*

This prevents dependency conflicts by ensuring related packages update together in a single PR instead of separate PRs.

Summary by CodeRabbit

• Chores
  • Updated dependency management configuration to organize NuGet packages into logical groups (EntityFrameworkCore, AspNetCore, FluentValidation) for improved update tracking and maintenance workflow.

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

Added dependency grouping patterns for entity-framework, aspnetcore, and fluentvalidation packages in the Dependabot NuGet configuration. Included a comment about pinning AutoMapper to the 14.x line to prevent unintended upgrades to the commercial v15.x release.

Changes

Cohort / File(s)	Summary
Dependabot NuGet Configuration .github/dependabot.yml	Added three new dependency group patterns (entity-framework for Microsoft.EntityFrameworkCore\, aspnetcore for Microsoft.AspNetCore\, fluentvalidation for FluentValidation\*) to both primary and test NuGet update sections. Appended commit-message comment regarding AutoMapper v14.x pinning.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~5 minutes

Possibly related PRs

• #254 — Modifies NuGet dependency grouping configuration in Dependabot settings
• #211 — Adjusts dependency group patterns and NuGet update entries in Dependabot configuration

Suggested labels

dependencies, .NET

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title uses the correct Conventional Commits format (chore:), is under 80 characters (50 chars), and accurately describes the main change of grouping related packages in Dependabot configuration.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch chore/group-dependabot-package-updates

---

---

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a20ae03 and 49a46e0.

📒 Files selected for processing (1)

• .github/dependabot.yml

🧰 Additional context used

🧠 Learnings (4)

📚 Learning: 2025-12-11T00:20:48.024Z

Learnt from: CR
Repo: nanotaboada/Dotnet.Samples.AspNetCore.WebApi PR: 0
File: codecov.yml:0-0
Timestamp: 2025-12-11T00:20:48.024Z
Learning: Applies to codecov.yml : Exclude test directories, scripts, Program.cs, LICENSE, and README.md files from code coverage

Applied to files:

• .github/dependabot.yml

📚 Learning: 2026-01-07T12:33:14.167Z

Learnt from: CR
Repo: nanotaboada/Dotnet.Samples.AspNetCore.WebApi PR: 0
File: .github/copilot-instructions.md:0-0
Timestamp: 2026-01-07T12:33:14.167Z
Learning: Applies to **/test/**/*.cs : Use Moq for mocking dependencies in unit tests for C#

Applied to files:

• .github/dependabot.yml

📚 Learning: 2025-12-30T01:02:20.216Z

Learnt from: CR
Repo: nanotaboada/Dotnet.Samples.AspNetCore.WebApi PR: 0
File: src/Dotnet.Samples.AspNetCore.WebApi/packages.lock.json:0-0
Timestamp: 2025-12-30T01:02:20.216Z
Learning: This is a NuGet dependency lock file (.csproj.lock) for a .NET 8.0 project, not a coding guideline

Applied to files:

• .github/dependabot.yml

📚 Learning: 2025-12-11T00:21:00.156Z

Learnt from: CR
Repo: nanotaboada/Dotnet.Samples.AspNetCore.WebApi PR: 0
File: src/Dotnet.Samples.AspNetCore.WebApi/appsettings.Development.json:0-0
Timestamp: 2025-12-11T00:21:00.156Z
Learning: Applies to src/Dotnet.Samples.AspNetCore.WebApi/**/appsettings*.json : Configure OpenAPI/Swagger documentation with Title 'Dotnet.Samples.AspNetCore.WebApi', Version '1.0.0', and appropriate contact/license information

Applied to files:

• .github/dependabot.yml

⏰ Context from checks skipped due to timeout of 120000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: Codacy Static Code Analysis

🔇 Additional comments (3)

.github/dependabot.yml (3)

20-28: LGTM! Dependency groups configured correctly.

The three new groups (entity-framework, aspnetcore, fluentvalidation) use appropriate wildcard patterns and follow the existing configuration style. This will ensure related packages are updated together, preventing dependency conflicts.

---

45-47: The test project does not use AspNetCore or FluentValidation packages, so adding those groups to the dependabot configuration is unnecessary. The current configuration with entity-framework and xunit groups appropriately matches the test project's actual dependencies.

Likely an incorrect or invalid review comment.

---

12-12: AutoMapper v15 commercial claim is accurate.

Verified: AutoMapper v15 uses dual licensing (RPL-1.5 + commercial) and requires a commercial license for commercial use (or qualifies for a community exception for small organizations). This justifies pinning to the v14.x line.

_{✏️ Tip: You can disable this entire section by setting review_details to false in your review settings.}

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[codacy-production]

Coverage summary from Codacy

See diff coverage on Codacy

Coverage variation	Diff coverage
✅ +0.00%	✅ ∅

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (a20ae03)	1721	194	11.27%
Head commit (49a46e0)	1721 (+0)	194 (+0)	11.27% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#349)	0	0	∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

See your quality gate settings    Change summary preferences