chore(deps): update dependency polyfill to 9.0.3

[thomhurst]

This PR contains the following updates:

Package	Type	Update	Change
Polyfill	nuget	patch	9.0.2 -> 9.0.3

---

Release Notes

SimonCropp/Polyfill (Polyfill)

v9.0.3

Compare Source

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[claude]

Claude finished @thomhurst's task —— View job

---

Pull Request Review: Polyfill Dependency Update

I've completed my analysis of this dependency update. This is a straightforward patch version update from Polyfill 9.0.2 to 9.0.3.

Todo List:

• Read repository guidelines (CLAUDE.md)
• Examine the changed file (TUnit.Core.targets)
• Research Polyfill library and version 9.0.3 changes
• Analyze potential impact on TUnit
• Run basic validation tests
• Provide comprehensive review feedback

Code Quality Review

✅ Positive Aspects

1. Minimal scope: Only one line changed (_TUnitPolyfillVersion from 9.0.2 to 9.0.3)
2. Patch version update: Low risk of breaking changes
3. Proper automated dependency management: Renovate PR with good release notes format
4. Conditional inclusion: Polyfill only included when needed (older frameworks)

⚠️ Issues Identified

1. Version Mismatch (Medium Priority)

• File: Directory.Packages.props:62
• Issue: Still references Polyfill 9.0.2 while TUnit.Core.targets was updated to 9.0.3
• Impact: Potential version conflicts in internal TUnit projects using Central Package Management

2. Missing Information

• Issue: PR description doesn't show what changed in Polyfill 9.0.3 (only shows compare link)
• Impact: Harder to assess risk without knowing specific changes

Performance Considerations

✅ No Performance Impact Expected

• Polyfill only affects compile-time type availability for older frameworks
• No runtime impact on supported frameworks (netcoreapp, net6.0+)
• Uses PrivateAssets=all so no transitive dependencies

Security Assessment

✅ Low Security Risk

• Patch version update from trusted maintainer (Simon Cropp)
• Polyfill provides modern .NET API backports, not introducing new attack vectors
• Compile-time only dependency for older frameworks

Test Coverage

⚠️ Recommendation: Run these test suites to validate:

# Test projects targeting older frameworks
dotnet test --framework netstandard2.0  # if available
dotnet test --framework net472          # if available

# Ensure AOT compatibility not affected
cd TUnit.TestProject && dotnet publish -c Release -p:PublishAot=true

# Run core tests 
dotnet test TUnit.Engine.Tests
dotnet test TUnit.Core.SourceGenerator.Tests

Recommendations

1. Fix Version Mismatch: Update Directory.Packages.props:62 to match:

   <PackageVersion Include="Polyfill" Version="9.0.3" />

2. Research Changes: Since the PR compare link shows no commits between 9.0.2 and 9.0.3, this appears to be a metadata-only update

3. Low Risk Approval: This is a safe dependency update with minimal scope

Conclusion

Recommendation: ✅ APPROVE after fixing the version mismatch.

This is a low-risk patch update to a compile-time dependency. The main concern is the version inconsistency between files, which should be resolved for consistency.