Consolidate Dependabot version bumps

[johnml1135]

Supersedes Dependabot PRs #859, #860, and #861.

What changed from each one:

• Chore: Bump softprops/action-gh-release from 2.6.1 to 3.0.0 #859: bumped softprops/action-gh-release from 2.6.1 to 3.0.0, which moves the action to the Node 24 runtime.
• Chore: Bump the nuget-minor group with 6 updates #860: consolidated the NuGet minor-group refresh and updated the current compatible package line for System.Drawing.Common, System.Reflection.Metadata, System.Resources.Extensions, and System.Security.Permissions. The NativeBuild project now uses the dedicated SilLibPalasoL10nsVersion property for SIL.LibPalaso.L10ns.
• Chore: Bump Microsoft.Extensions.DependencyModel and 4 others #861: carried forward the smaller dependency refresh for Microsoft.Extensions.DependencyModel and the SIL/Core family. I verified the latest versions independently, but kept Microsoft.Extensions.DependencyModel at 9.0.14 because 9.0.16 breaks ICU initialization in the .NET Framework test host.

Validation:

• .�uild.ps1 succeeded.
• . est.ps1 still has remaining native/Views failures: 2215 passed, 72 failed, 53 skipped. The failures are access violations in _VwRootBoxClass.Layout plus native TestViews exiting -1.

Notes:

• PR Chore: Bump softprops/action-gh-release from 2.6.1 to 3.0.0 #859 is the only GitHub Actions update here.
• The remaining package/version changes are the latest compatible current-line updates, not the exact Dependabot patch levels, because the repo needs a later SIL/LibPalaso pairing and DependencyModel 9.0.16 is not viable here.

---

This change is 

[github-actions]

NUnit Tests

    1 files  ±0      1 suites  ±0   11m 3s ⏱️ +23s
4 205 tests ±0  4 134 ✅ ±0  71 💤 ±0  0 ❌ ±0 
4 214 runs  ±0  4 143 ✅ ±0  71 💤 ±0  0 ❌ ±0 

Results for commit 924dd07. ± Comparison against base commit 32da25c.

♻️ This comment has been updated with latest results.

[johnml1135]

Follow-up note on this PR: I added a small guidance update in .github/skills/verify-test/SKILL.md and .github/instructions/build.instructions.md to explicitly call for ./build.ps1 -Clean before validation when switching branches or worktrees, after package/version bumps, when stale Obj/ or Output/ artifacts are plausible, or any time we need a fully clean validation baseline.

Reason for the change: these package-upgrade tests exposed a misleading failure mode. The branch initially looked red with native TestViews / Views Layout failed crashes in one checkout, but the same commit passed from a fresh worktree and also behaved correctly after a clean rebuild. In other words, the failures were caused by stale mixed build artifacts, not by the committed dependency updates themselves.

This comment is here so reviewers understand why this guidance changed as part of a dependency-upgrade PR rather than in a separate cleanup PR.

[Copilot]

Pull request overview

Note

Copilot was unable to run its full agentic suite in this review.

Consolidates multiple Dependabot updates into a single dependency refresh across GitHub Actions and .NET package version pins, including a targeted hold on Microsoft.Extensions.DependencyModel due to runtime compatibility concerns.

Changes:

• Bumped transitive/pinned .NET package versions (incl. several System.* packages) and refreshed SIL ecosystem version properties.
• Updated NativeBuild to reference the dedicated SilLibPalasoL10nsVersion property for SIL.LibPalaso.L10ns.
• Updated the GitHub Actions release step to a newer pinned commit of softprops/action-gh-release.

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 4 comments.

Show a summary per file

File	Description
Directory.Packages.props	Updates transitive pins and refines the rationale for keeping DependencyModel at 9.0.14.
Build/Src/NativeBuild/NativeBuild.csproj	Switches SIL.LibPalaso.L10ns to use a dedicated version property.
Build/SilVersions.props	Bumps SIL-related version properties and adjusts formatting.
.github/workflows/base-installer-cd.yml	Updates the pinned commit for the release action.
.github/skills/verify-test/SKILL.md	Expands verification guidance around clean builds; modifies constraints.
.github/instructions/build.instructions.md	Updates docs to recommend build.ps1 -Clean in relevant scenarios.

[johnml1135]

@copilot apply changes based on the comments in this thread

[johnml1135]

Cleanup follow-up is pushed in 89f6ddb33.

Fresh validation on this branch:

• ./build.ps1 -Clean
• ./build.ps1
• ./test.ps1
• Result: 21,257 passed, 0 failed, 0 skipped, exit code 0

The open review threads from the Copilot review have been addressed and resolved.