feat: update project dependencies

[Harish-osmosys]

Description

Update the project dependencies

• Update the project to use latest dotnet 8
• Updated the nugget packages

ScreenShot

Working local setup

Working docker setup

Summary by CodeRabbit

• Upgrades

  • Updated .NET SDK and ASP.NET runtime to version 8.0.11
  • Updated Microsoft.AspNetCore.Authentication.JwtBearer package to version 8.0.11
  • Updated NPOI package to version 2.7.2

• Infrastructure

  • Modified Docker configuration to use .NET 8.0 base images
  • Updated docker-compose network binding configuration to allow connections from any network interface

• Framework Changes

  • Transitioned project target frameworks from .NET 6.0 and .NET Standard to .NET 8.0

[coderabbitai]

Warning

Rate limit exceeded

@Harish-osmosys has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 13 minutes and 52 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between 77602aa and 3553d74.

📒 Files selected for processing (1)

• Dockerfile (2 hunks)

Walkthrough

The pull request focuses on upgrading the project to .NET 8.0, involving updates to the Dockerfile, project configuration files, and docker-compose setup. The changes include updating base images, target frameworks, and package references across multiple project files. The modifications streamline the project configuration by consolidating target frameworks and updating to the latest .NET version, with minor adjustments to networking configurations.

Changes

File	Change Summary
Dockerfile	- Updated base images from .NET 6.0 to .NET 8.0 - Removed DOTNET_URLS environment variable
DocumentService.API/DocumentService.API.csproj	- Changed target framework from net6.0 to net8.0 - Updated Microsoft.AspNetCore.Authentication.JwtBearer package to version 8.0.11
DocumentService/DocumentService.csproj	- Consolidated target framework to net8.0 - Removed multi-framework package references - Updated NPOI package to version 2.7.2
docker-compose.yaml	- Modified ASPNETCORE_URLS to use http://+:5000 instead of http://0.0.0.0:5000
.github/workflows/build.yaml	- Updated .NET version in workflow from 6.0.x to 8.0.x

Poem

🐰 Hop, hop, upgrade we go!
From .NET 6 to 8, watch it grow
Packages updated, frameworks refined
A bunny's code leap, perfectly aligned
Containers dancing with renewed might 🚀

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🔭 Outside diff range comments (1)

Dockerfile (1)

Production readiness improvements needed in Dockerfile configuration

The verification confirms several issues that need to be addressed:

1. The Dockerfile explicitly sets ASPNETCORE_ENVIRONMENT=Development, which is not suitable for production images.
2. BUILD_CONFIGURATION is indeed set to Debug mode, which includes development assets and debugging symbols.
3. The --fix-missing flag is being used with apt-get installations for both wkhtmltopdf and nodejs.
4. The .dockerignore file exists but lacks several important exclusions for development files.

Recommended changes:

• Remove the hardcoded Development environment setting
• Change BUILD_CONFIGURATION to Release mode
• Remove the --fix-missing flag from apt-get commands
• Enhance .dockerignore to include additional development-specific files:

  *.suo
  *.user
  *.userosscache
  *.sln.docstates
  .vs/
  .vscode/
  *.swp
  .DS_Store
  node_modules/
  

🔗 Analysis chain

Line range hint 5-6: Several improvements recommended for production readiness.

1. Setting ASPNETCORE_ENVIRONMENT=Development in the Dockerfile is not recommended for production images.
2. The --fix-missing flag with apt-get might mask package resolution issues.
3. The default BUILD_CONFIGURATION=Debug might include development assets in the final image.

Consider these improvements:

- ENV ASPNETCORE_ENVIRONMENT=Development
+ # Let environment be configured through docker-compose or deployment config

- ENV BUILD_CONFIGURATION=Debug
+ ENV BUILD_CONFIGURATION=Release

- RUN apt-get install -y --fix-missing wkhtmltopdf \
-     && apt-get install -y --fix-missing nodejs \
+ RUN apt-get install -y wkhtmltopdf \
+     && apt-get install -y nodejs \

Let's check for the presence of a .dockerignore file to ensure we're not copying unnecessary files:

Also applies to: 31-39

---

Let me verify the presence of the BUILD_CONFIGURATION environment variable and check the actual apt-get commands in the Dockerfile.

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Check for .dockerignore and its contents
if [ -f .dockerignore ]; then
    echo "Found .dockerignore with contents:"
    cat .dockerignore
else
    echo ".dockerignore not found. Consider adding one to exclude:"
    echo "*.suo
*.user
*.userosscache
*.sln.docstates
[Dd]ebug/
[Rr]elease/
[Bb]in/
[Oo]bj/
.vs/
.vscode/
*.swp
.DS_Store
node_modules/"
fi

Length of output: 153

---

Script:

#!/bin/bash
# Check for BUILD_CONFIGURATION and apt-get install commands in Dockerfile
rg -U "ENV BUILD_CONFIGURATION|apt-get install.*(?:wkhtmltopdf|nodejs)" Dockerfile

Length of output: 217

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between c00fcef and 09bffb6.

📒 Files selected for processing (4)

• Dockerfile (2 hunks)
• DocumentService.API/DocumentService.API.csproj (1 hunks)
• DocumentService/DocumentService.csproj (1 hunks)
• docker-compose.yaml (1 hunks)

🔇 Additional comments (6)

docker-compose.yaml (1)

14-14: LGTM! Verify container networking after deployment

The change from http://0.0.0.0:5000 to http://+:5000 is valid. Both notations allow the service to listen on all network interfaces, with + being the preferred notation in .NET.

Please verify the container's network accessibility in your deployment environment. The service should still be accessible via:

• localhost:5000 from the host
• document-service:5000 from other containers in the same network

DocumentService/DocumentService.csproj (2)

4-4: Verify compatibility with existing consumers

The change from multi-targeting (netstandard2.0;net48) to single target (net8.0) is a breaking change. This means the library will no longer be compatible with:

• .NET Framework applications
• .NET Core/Standard applications targeting versions below .NET 8

Consider:

1. Are all consumers of this library ready to migrate to .NET 8?
2. If not, consider keeping multi-targeting or creating a compatibility package

---

12-12: Verify NPOI 2.7.2 breaking changes

The NPOI package has been updated from 2.4.1/2.6.0 to 2.7.2. This is a significant version jump that might include breaking changes.

Run this script to check for potential breaking changes:

Please verify:

1. Review the NPOI changelog for breaking changes
2. Test all Excel/Office file operations thoroughly

✅ Verification successful

NPOI usage is limited and safe to update

Based on the codebase analysis, the NPOI usage is very limited and straightforward:

• Only used in WordDocumentGenerator.cs for basic document operations
• Main operations: document reading, writing, and text replacement
• No usage of deprecated or complex NPOI features
• The code already has a separation between NPOI (text handling) and OpenXML (image handling)

The update from 2.7.2 should be safe as:

1. The code only uses core NPOI.XWPF functionality (XWPFDocument, XWPFParagraph, XWPFTable)
2. These are stable APIs that rarely have breaking changes
3. The implementation is well-isolated and has clear separation of concerns

However, please test these specific operations:

• Document template loading
• Text placeholder replacements
• Table manipulations
• Document saving

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Search for NPOI usage patterns that might be affected
ast-grep --pattern 'NPOI.$$$' -l

Length of output: 140

---

Script:

#!/bin/bash
# Search for NPOI usage in C# files
rg -t cs "NPOI\." -A 3

Length of output: 300

---

Script:

#!/bin/bash
# Search for NPOI imports/using statements
rg -t cs "using.*NPOI"

Length of output: 97

---

Script:

#!/bin/bash
# Find files that might contain NPOI related code
fd -e cs -e csproj -x grep -l "NPOI"

Length of output: 125

---

Script:

#!/bin/bash
# Let's examine the actual usage of NPOI in WordDocumentGenerator.cs
rg -t cs -A 10 "class.*WordDocumentGenerator" DocumentService/Word/WordDocumentGenerator.cs

Length of output: 772

---

Script:

#!/bin/bash
# Check the previous version of NPOI in the csproj file
git show HEAD^:DocumentService/DocumentService.csproj | grep -A 1 -B 1 "NPOI"

Length of output: 213

---

Script:

#!/bin/bash
# Let's see the full implementation to understand NPOI usage
rg -t cs -l "NPOI" DocumentService/Word/WordDocumentGenerator.cs | xargs cat

Length of output: 14603

---

Script:

#!/bin/bash
# Check git history for the csproj file to find the previous version
git log -p DocumentService/DocumentService.csproj | grep -A 5 -B 5 "NPOI"

Length of output: 0

DocumentService.API/DocumentService.API.csproj (2)

3-3: Verify .NET 8 migration checklist

The upgrade from net6.0 to net8.0 looks good, but requires verification of breaking changes.

Key areas to verify:

1. Review the .NET 8 Migration Guide
2. Test JWT authentication thoroughly as authentication middleware has significant changes in .NET 8
3. Verify minimal API endpoints if used, as they have behavior changes in .NET 8

---

9-12: Verify security implications of updated packages

The JWT authentication package has been updated to match .NET 8. Other security-related packages are at compatible versions.

Run this script to check for known vulnerabilities:

✅ Verification successful

No security vulnerabilities found in the updated JWT authentication package

The GitHub Security Advisory scan shows that version 8.0.11 of Microsoft.AspNetCore.Authentication.JwtBearer is not affected by any known vulnerabilities. The historical vulnerabilities found were in much older versions (2.1.x, 3.x, and 5.x) and have been patched.

Let's verify the other security-related packages:

---

Package updates are secure and compatible

The security scan confirms that both Microsoft.AspNetCore.Authentication.JwtBearer (8.0.11) and Swashbuckle.AspNetCore (6.5.0) have no known vulnerabilities. The package versions are compatible with .NET 8 and maintain a secure configuration.

• Microsoft.AspNetCore.Authentication.JwtBearer 8.0.11 is the latest secure version for .NET 8
• Swashbuckle.AspNetCore 6.5.0 has no reported vulnerabilities
• Swashbuckle.AspNetCore.Filters 8.0.1 is compatible with the Swashbuckle.AspNetCore version
• Serilog.AspNetCore 8.0.0 follows the .NET 8 versioning

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Check for known vulnerabilities in the updated packages
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: NUGET, package: "Microsoft.AspNetCore.Authentication.JwtBearer") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Length of output: 1061

---

Script:

#!/bin/bash
# Check for known vulnerabilities in Swashbuckle.AspNetCore and Swashbuckle.AspNetCore.Filters
gh api graphql -f query='
{
  securityVulnerabilities(first: 5, ecosystem: NUGET, package: "Swashbuckle.AspNetCore") {
    nodes {
      advisory {
        summary
        severity
        publishedAt
      }
      vulnerableVersionRange
      firstPatchedVersion {
        identifier
      }
    }
  }
}'

Length of output: 357

Dockerfile (1)

2-2: LGTM! Verify SDK version compatibility.

The upgrade to .NET SDK 8.0 aligns with the PR objectives. The specific version tag is good for reproducibility.

Let's verify if this is the latest patch version of .NET 8 SDK:

[coderabbitai]

Actionable comments posted: 0

🔭 Outside diff range comments (1)

.github/workflows/build.yaml (1)

Line range hint 11-12: Update actions/setup-dotnet to v3

The workflow is using an outdated version of actions/setup-dotnet@v1. Version 3 is recommended for better .NET 8 support and improved performance.

Apply this diff:

-      - uses: actions/setup-dotnet@v1
+      - uses: actions/setup-dotnet@v3

🧰 Tools

🪛 actionlint (1.7.4)

13-13: the runner of "actions/setup-dotnet@v1" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🧹 Nitpick comments (1)

.github/workflows/build.yaml (1)

Line range hint 11-16: Add NuGet package caching to improve build performance

Consider adding package caching to speed up builds by avoiding repeated package downloads.

Add the following cache step before the build step:

       - uses: actions/setup-dotnet@v1
         with:
           dotnet-version: '8.0.x'
+      - uses: actions/cache@v3
+        with:
+          path: ~/.nuget/packages
+          key: ${{ runner.os }}-nuget-${{ hashFiles('**/*.csproj') }}
+          restore-keys: |
+            ${{ runner.os }}-nuget-
       - name: Build

🧰 Tools

🪛 actionlint (1.7.4)

13-13: the runner of "actions/setup-dotnet@v1" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 09bffb6 and e71e62a.

📒 Files selected for processing (1)

• .github/workflows/build.yaml (1 hunks)

🔇 Additional comments (1)

.github/workflows/build.yaml (1)

15-15: LGTM! Version update looks good

The update to .NET 8.0.x aligns with the PR objectives to upgrade the project dependencies.

Let's verify that all project files are consistently targeting .NET 8:

✅ Verification successful

All project files are correctly targeting .NET 8.0

The verification confirms that both project files in the solution are consistently targeting .NET 8.0:

• DocumentService/DocumentService.csproj: <TargetFrameworks>net8.0</TargetFrameworks>
• DocumentService.API/DocumentService.API.csproj: <TargetFramework>net8.0</TargetFramework>

🏁 Scripts executed

The following scripts were executed for the analysis:

Script:

#!/bin/bash
# Description: Verify .NET version consistency across project files
# Expected: All files should target net8.0

# Find and check all .csproj files
fd -e csproj --exec grep -l "TargetFramework" {} \; | while read -r file; do
  echo "Checking $file:"
  cat "$file" | grep -A 1 -B 1 "TargetFramework"
done

Length of output: 735