chore(deps): update dependency polly to 8.7.0

[thomhurst]

This PR contains the following updates:

Package	Type	Update	Change
Polly	nuget	minor	8.6.6 → 8.7.0

---

Release Notes

App-vNext/Polly (Polly)

v8.7.0

Compare Source

Highlights

• Adds caller cancellation token propagation in hedging and timeout strategies by @​DaRosenberg in #​3094
• Telemetry refactoring by @​martincostello in #​2985

What's Changed

• Update zizmor to 1.22.0 by @​martincostello in #​2955
• Increase test timeout by @​martincostello in #​2956
• Disable secrets-outside-env audit by @​martincostello in #​2969
• Update zizmor to 1.23.1 by @​martincostello in #​2970
• Update .NET NuGet packages by @​martincostello in #​2982
• Add AGENTS.md by @​martincostello in #​2983
• Fix typo in HTTP client integrations documentation by @​alexravenna in #​2984
• Remove unused constant by @​martincostello in #​2986
• Fix non-deterministic branch coverage in HedgingExecutionContext hedging delay tests by @​Copilot in #​2997
• Bump GitHubActionsTestLogger to 3.0.2 by @​martincostello in #​3000
• Bump actionlint to v1.7.12 by @​martincostello in #​3006
• Bump sign by @​martincostello in #​3008
• Move Public API baselines by @​martincostello in #​3016
• Formatting tweaks by @​martincostello in #​3017
• Formatting tweaks by @​martincostello in #​3018
• Remove ZIZMOR_VERSION by @​martincostello in #​3025
• Assert nullable has result by @​martincostello in #​3028
• Update deprecated action input by @​martincostello in #​3035
• Move dependabot to Friday by @​martincostello in #​3044
• Fix tag comment by @​martincostello in #​3045
• Fix dependabot group by @​martincostello in #​3047
• Pin runner images by @​martincostello in #​3065
• Bump Refit to 10.2.0 by @​martincostello in #​3096
• Disable Azure deployments by @​martincostello in #​3105

New Contributors

• @​alexravenna made their first contribution in #​2984
• @​DaRosenberg made their first contribution in #​3094

Full Changelog: App-vNext/Polly@8.6.6...8.7.0

---

Configuration

📅 Schedule: (UTC)

• Branch creation
  • At any time (no schedule defined)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate.

[claude]

PR Review: chore(deps): update dependency polly to 8.7.0

Summary

This is a Renovate-bot-generated automated dependency bump of Polly from 8.6.6 to 8.7.0, touching a single line in Directory.Packages.props. It is a minor (semver) release with no breaking changes.

What the PR Does

Updates the centralised NuGet version pin for Polly in Directory.Packages.props. Two projects consume this package:

• TUnit.TestProject — uses Polly.CircuitBreaker.CircuitState as a test argument type to exercise the analyzer against an external enum; the actual Polly resilience pipeline is not exercised at all.
• TUnit.Analyzers.Tests — references the Polly assembly to provide CircuitState as a MetadataReference in Roslyn analyzer test scaffolding.

Polly is not used in any production engine code — TUnit.Engine/Services/DiscoveryCircuitBreaker.cs is a custom, Polly-free implementation that merely borrows the "circuit breaker" naming pattern.

Issues Found

None. This is a minimal, low-risk change.

• The diff is exactly one line: 8.6.6 → 8.7.0.
• Polly 8.7.0 is a non-breaking minor release. The highlighted features (caller cancellation token propagation in hedging/timeout, telemetry refactoring) are in strategies that are not used at all in this repo.
• The CircuitState enum used in test fixtures is part of Polly.CircuitBreaker and has not changed between these versions.
• auto-merge is already enabled with squash strategy, which is appropriate for this class of update.

Suggested Improvements

No code changes are required or recommended. A few observations for awareness:

1. Polly usage is test-only, not production. If the intent is ever to use Polly for resilience logic in the engine (e.g., retry policies around flaky discovery I/O), the existing DiscoveryCircuitBreaker would need to be evaluated alongside it. For now, Polly is purely a test fixture dependency and that is fine.

2. Version pin scope. The version is pinned only in Directory.Packages.props (Central Package Management), which is correct — no individual .csproj overrides the version. This is the right pattern.

3. Changelogs worth noting (no action needed): Polly 8.7.0 adds cancellation token propagation in hedging/timeout strategies and refactors telemetry. Neither feature is exercised here, so there is zero functional impact on TUnit.

Overall Assessment

Approve and merge. Routine, fully automated minor dependency update confined to a single version string in the centralised package manifest. No breaking API changes in Polly 8.7.0 affect TUnit's usage. The auto-merge + squash configuration is appropriate and can be left to proceed automatically.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 0 complexity

Metric	Results
Complexity	0

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}