Bump System.ComponentModel.Composition from 9.0.9 to 10.0.0

[dependabot]

Updated System.ComponentModel.Composition from 9.0.9 to 10.0.0.

Release notes

Sourced from System.ComponentModel.Composition's releases.

10.0.0-preview.6.25358.103

You can build .NET 10.0 Preview 6 from the repository by cloning the release tag v10.0.0-preview.6.25358.103 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.0-preview.5.25277.114

You can build .NET 10.0 Preview 5 from the repository by cloning the release tag v10.0.0-preview.5.25277.114 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.0-preview.4.25258.110

You can build .NET 10.0 Preview 4 from the repository by cloning the release tag v10.0.0-preview.4.25258.110 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.0-preview.3.25171.5

You can build .NET 10.0 Preview 3 from the repository by cloning the release tag v10.0.0-preview.3.25171.5 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.0-preview.2.25163.2

You can build .NET 10.0 Preview 2 from the repository by cloning the release tag v10.0.0-preview.2.25163.2 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

10.0.0-preview.1.25080.5

You can build .NET 10.0 Preview 1 from the repository by cloning the release tag v10.0.0-preview.1.25080.5 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.112

You can build .NET 9.0 from the repository by cloning the release tag v9.0.112 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.111

You can build .NET 9.0 from the repository by cloning the release tag v9.0.111 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.110

You can build .NET 9.0 from the repository by cloning the release tag v9.0.110 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.109

You can build .NET 9.0 from the repository by cloning the release tag v9.0.109 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

9.0.101

You can build .NET 9.0 from the repository by cloning the release tag v9.0.101 and following the build instructions in the main README.md.

Alternatively, you can build from the sources attached to this release directly.
More information on this process can be found in the dotnet/dotnet repository.

Attached are PGP signatures for the GitHub generated tarball and zipball. You can find the public key at https://dot.net/release-key-2023

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[greptile-apps]

Greptile Overview

Greptile Summary

Bumped System.ComponentModel.Composition from 9.0.9 to 10.0.0. This is a major version jump to a .NET 10 preview release.

Key concerns:

• The project targets .NET Framework 4.7.2 (net472), but version 10.0.0 appears to be a .NET 10 preview package
• .NET 10 packages are typically designed for modern .NET (Core/5+), not .NET Framework
• The 9.x series was likely the last to support .NET Framework officially
• The plugin uses MEF ([Export(typeof(IPlugin))] in BARS.cs:20) which relies on this package for composition

Recommended actions:

• Test that NuGet successfully restores this package for the net472 target
• Verify the plugin loads correctly in vatSys after building
• Check for any runtime MEF composition errors
• Consider staying on 9.x series if compatibility issues arise

Confidence Score: 2/5

• This PR has significant compatibility risks due to framework version mismatch
• Score reflects the high risk of updating to a .NET 10 preview package in a .NET Framework 4.7.2 project. While the change is automated by Dependabot, .NET 10 packages are designed for modern .NET (Core/5+) and may not be compatible with .NET Framework. The plugin uses MEF composition which is critical for vatSys integration, so any compatibility issues could prevent the plugin from loading entirely.
• Verify packages.config - ensure the package actually restores and builds correctly for net472 target

Important Files Changed

File Analysis

Filename	Score	Overview
packages.config	2/5	Major version bump from 9.0.9 to 10.0.0 for .NET Framework 4.7.2 project - potential compatibility issues

Sequence Diagram

sequenceDiagram
    participant D as Dependabot
    participant P as packages.config
    participant N as NuGet
    participant B as Build System
    participant V as vatSys Plugin
    
    D->>P: Update System.ComponentModel.Composition
    P->>P: Change version 9.0.9 → 10.0.0
    Note over P: Target: .NET Framework 4.7.2
    
    B->>N: Restore packages
    N->>N: Resolve System.ComponentModel.Composition 10.0.0
    Note over N: .NET 10.0 package for .NET Framework 4.7.2?
    
    B->>V: Compile with [Export] attributes
    Note over V: Uses MEF via System.ComponentModel.Composition
    V->>V: Export IPlugin implementation

Loading

[greptile-apps]

_{1 file reviewed, 1 comment}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

logic: Version 10.0.0 is a .NET 10 preview package. This project targets .NET Framework 4.7.2, which may not be compatible with .NET 10.0 packages that are designed for modern .NET (formerly .NET Core). The 9.x versions were the last to support .NET Framework. Verify that this package installs correctly and the plugin loads in vatSys.

Prompt To Fix With AI

This is a comment left during a code review.
Path: packages.config
Line: 4:4

Comment:
**logic:** Version 10.0.0 is a .NET 10 preview package. This project targets .NET Framework 4.7.2, which may not be compatible with .NET 10.0 packages that are designed for modern .NET (formerly .NET Core). The 9.x versions were the last to support .NET Framework. Verify that this package installs correctly and the plugin loads in vatSys.

How can I resolve this? If you propose a fix, please make it concise.

[dependabot]

Superseded by #14.