chore(deps): update dependency verify to 30.19.0

[thomhurst]

This PR contains the following updates:

Package	Type	Update	Change
Verify	nuget	minor	30.18.0 -> 30.19.0

---

Release Notes

VerifyTests/Verify (Verify)

v30.19.0

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[claude]

Claude finished @thomhurst's task —— View job

---

PR Review: Verify Package Update

Review Tasks:

• Analyze the changed file (Directory.Packages.props)
• Understand Verify package usage in TUnit codebase
• Check for potential breaking changes or compatibility issues
• Assess security and performance implications
• Evaluate test coverage needs
• Provide comprehensive review feedback

---

🔍 Review Summary

This PR updates the Verify package from 30.18.0 to 30.19.0 - a minor version bump that appears safe overall.

✅ Code Quality & Best Practices

• Centralized dependency management: ✅ Uses Directory.Packages.props correctly for version management
• Version update approach: ✅ Minor version increment, low risk of breaking changes
• Automated dependency management: ✅ Managed by Renovate, ensuring consistent updates

⚠️ Potential Issues Identified

1. Version Inconsistency Concern

The main Verify package is being updated to 30.19.0, but related packages remain at older versions:

• Verify.NUnit: Still at 30.18.0 (/home/runner/work/TUnit/TUnit/Directory.Packages.props:86)
• Verify.TUnit: Still at 30.18.0 (/home/runner/work/TUnit/TUnit/Directory.Packages.props:90)

Recommendation: These packages should typically be updated together to maintain compatibility and avoid potential integration issues.

2. Snapshot Test Impact

The codebase extensively uses Verify for snapshot testing:

• Source generator tests: /home/runner/work/TUnit/TUnit/TUnit.Core.SourceGenerator.Tests/
• Public API verification: /home/runner/work/TUnit/TUnit/TUnit.PublicAPI/
• Custom verification logic: Custom VerifyTUnit implementation in /home/runner/work/TUnit/TUnit/TUnit.Core.SourceGenerator.Tests/Verify.cs

Risk Assessment: Minor version updates in Verify rarely break snapshot formats, but changes in serialization or output formatting could cause test failures.

🔒 Security Assessment

• Low Risk: Minor version updates in verification libraries typically contain bug fixes and improvements
• Supply Chain: Verify is a well-maintained, popular NuGet package from the community
• No malicious indicators: Standard dependency update with clear changelog

🚀 Performance Considerations

• Minimal Impact: Verify is used in testing, not production runtime
• Test Performance: Minor version updates may include performance improvements in snapshot comparison
• Build Time: No significant impact expected

🧪 Test Coverage Recommendations

Per the repository's CLAUDE.md guidelines, the following tests should be run when changing source generator output or APIs:

1. Source Generator Tests: dotnet test TUnit.Core.SourceGenerator.Tests
2. Public API Tests: dotnet test TUnit.PublicAPI

Critical: If any snapshot tests fail, evaluate whether the failures represent:

• Expected improvements (accept snapshots by renaming .received.txt → .verified.txt)
• Unexpected breaking changes (investigate before merging)

📋 Recommended Actions

1. Update Related Packages: Consider updating Verify.NUnit and Verify.TUnit to 30.19.0 for consistency
2. Run Snapshot Tests: Execute the test suites mentioned above to ensure no unexpected snapshot changes
3. Review Test Failures: If snapshot tests fail, carefully review the differences to ensure they're benign

✅ Overall Assessment

APPROVE WITH RECOMMENDATIONS: This is a safe minor version update, but the version inconsistency with related packages should be addressed for maintainability.

---

[claude]

Claude finished @thomhurst's task —— View job

---

PR Review: Verify Package Update

Review Tasks:

• Analyze the changed file (Directory.Packages.props)
• Understand Verify package usage in TUnit codebase
• Check for potential breaking changes or compatibility issues
• Assess security and performance implications
• Evaluate test coverage needs
• Provide comprehensive review feedback

---

🔍 Review Summary

This PR updates the Verify package from 30.18.0 to 30.19.0 - a minor version bump that appears safe overall. However, there are important considerations for the TUnit project.

✅ Code Quality & Best Practices

• Centralized dependency management: ✅ Uses Directory.Packages.props correctly for version management
• Version update approach: ✅ Minor version increment, low risk of breaking changes
• Automated dependency management: ✅ Managed by Renovate, ensuring consistent updates

⚠️ Critical Issue Identified

Version Inconsistency Concern

The main Verify package is being updated to 30.19.0, but Verify.TUnit remains at 30.18.0 (Directory.Packages.props:90). This creates a version mismatch that could lead to compatibility issues.

Git History Analysis:

• verify.nunit was updated to 30.19.0 in PR chore(deps): update dependency verify.nunit to 30.19.0 #3204
• verify.tunit was updated to 30.18.0 in PR chore(deps): update dependency verify.tunit to 30.18.0 #3169
• Current PR updates main verify to 30.19.0

Recommendation: Update Verify.TUnit to 30.19.0 for version consistency, either in this PR or as a follow-up.

🔍 Codebase Impact Assessment

Custom Verify Implementation

The TUnit project uses a custom Verify implementation (VerifyTUnit class in /home/runner/work/TUnit/TUnit/TUnit.Core.SourceGenerator.Tests/Verify.cs:194), which:

• Implements its own snapshot comparison logic
• Handles file path normalization and scrubbing
• Uses custom serialization for string arrays
• Is less dependent on the standard Verify API surface

This reduces the risk of breaking changes from the version update.

Extensive Snapshot Testing

• Source generator tests: Extensive use in TUnit.Core.SourceGenerator.Tests
• Public API verification: Used in TUnit.PublicAPI for API surface testing
• Custom verification logic: 21+ occurrences of .verified.txt/.received.txt files

🔒 Security Assessment

• Low Risk: Minor version updates in verification libraries typically contain bug fixes and improvements
• Supply Chain: Verify is a well-maintained, popular NuGet package from the VerifyTests organization
• No malicious indicators: Standard dependency update with clear changelog

🚀 Performance Considerations

• Minimal Impact: Verify is used in testing, not production runtime
• Test Performance: Minor version updates may include performance improvements in snapshot comparison
• Build Time: No significant impact expected on build performance

🧪 Test Coverage Recommendations

Per the repository's CLAUDE.md guidelines, the following tests should be run when changing source generator output or APIs:

1. Source Generator Tests: dotnet test TUnit.Core.SourceGenerator.Tests
2. Public API Tests: dotnet test TUnit.PublicAPI

Critical: If any snapshot tests fail, evaluate whether the failures represent:

• Expected improvements (accept snapshots by renaming .received.txt → .verified.txt)
• Unexpected breaking changes (investigate before merging)

📋 Recommended Actions

1. ⚠️ Address Version Inconsistency: Update Verify.TUnit to 30.19.0 for consistency
2. ✅ Run Snapshot Tests: Execute the test suites mentioned above to ensure no unexpected snapshot changes
3. ✅ Review Test Failures: If snapshot tests fail, carefully review the differences to ensure they're benign

✅ Overall Assessment

APPROVE WITH RECOMMENDATIONS: This is a safe minor version update due to TUnit's custom Verify implementation, but the version inconsistency with Verify.TUnit should be addressed for maintainability.

---

View job

[claude]

Claude finished @thomhurst's task —— View job

---

PR Review: Verify Package Update

Review Tasks:

• Analyze the changed file (Directory.Packages.props)
• Understand Verify package usage in TUnit codebase
• Check for potential breaking changes or compatibility issues
• Assess security and performance implications
• Evaluate test coverage needs
• Provide comprehensive review feedback

---

🔍 Review Summary

This PR updates the Verify package from 30.18.0 to 30.19.0 - a minor version bump that appears safe overall. However, there are important considerations for the TUnit project.

✅ Code Quality & Best Practices

• Centralized dependency management: ✅ Uses Directory.Packages.props correctly for version management
• Version update approach: ✅ Minor version increment, low risk of breaking changes
• Automated dependency management: ✅ Managed by Renovate, ensuring consistent updates

⚠️ Critical Issue Identified

Version Inconsistency Concern

The main Verify package is being updated to 30.19.0, but Verify.TUnit remains at 30.18.0 (Directory.Packages.props:90). This creates a version mismatch that could lead to compatibility issues.

Git History Analysis:

• verify.nunit was updated to 30.19.0 in PR chore(deps): update dependency verify.nunit to 30.19.0 #3204
• Current PR updates main verify to 30.19.0
• verify.tunit is still at 30.18.0

Recommendation: Update Verify.TUnit to 30.19.0 for version consistency, either in this PR or as a follow-up.

🔍 Codebase Impact Assessment

Custom Verify Implementation

The TUnit project uses a custom Verify implementation (VerifyTUnit class in /home/runner/work/TUnit/TUnit/TUnit.Core.SourceGenerator.Tests/Verify.cs:194), which:

• Implements its own snapshot comparison logic
• Handles file path normalization and scrubbing
• Uses custom serialization for string arrays
• Is less dependent on the standard Verify API surface

This reduces the risk of breaking changes from the version update.

Extensive Snapshot Testing

• Source generator tests: Extensive use in TUnit.Core.SourceGenerator.Tests
• Public API verification: Used in TUnit.PublicAPI for API surface testing
• 100+ snapshot files: Extensive .verified.txt files across the codebase
• Custom verification logic: Both main Verify package and Verify.TUnit are used together

Package Usage Analysis

Projects using Verify packages:

• TUnit.Core.SourceGenerator.Tests: Uses both Verify and Verify.TUnit
• TUnit.Assertions.SourceGenerator.Tests: Uses both Verify and Verify.TUnit
• TUnit.PublicAPI: Uses both Verify and Verify.TUnit

🔒 Security Assessment

• Low Risk: Minor version updates in verification libraries typically contain bug fixes and improvements
• Supply Chain: Verify is a well-maintained, popular NuGet package from the VerifyTests organization
• No malicious indicators: Standard dependency update with clear changelog

🚀 Performance Considerations

• Minimal Impact: Verify is used in testing, not production runtime
• Test Performance: Minor version updates may include performance improvements in snapshot comparison
• Build Time: No significant impact expected on build performance

🧪 Test Coverage Recommendations

Per the repository's CLAUDE.md guidelines, the following tests should be run when changing source generator output or APIs:

1. Source Generator Tests: dotnet test TUnit.Core.SourceGenerator.Tests
2. Public API Tests: dotnet test TUnit.PublicAPI

Critical: If any snapshot tests fail, evaluate whether the failures represent:

• Expected improvements (accept snapshots by renaming .received.txt → .verified.txt)
• Unexpected breaking changes (investigate before merging)

📋 Recommended Actions

1. ⚠️ Address Version Inconsistency: Update Verify.TUnit to 30.19.0 for consistency
2. ✅ Run Snapshot Tests: Execute the test suites mentioned above to ensure no unexpected snapshot changes
3. ✅ Review Test Failures: If snapshot tests fail, carefully review the differences to ensure they're benign

✅ Overall Assessment

APPROVE WITH RECOMMENDATIONS: This is a safe minor version update due to TUnit's custom Verify implementation, but the version inconsistency with Verify.TUnit should be addressed for maintainability.

---