Feature/package updates 20260205

[frigini]

Summary by CodeRabbit

• Chores

  • Bumped Microsoft.OpenApi, Hangfire suite, Aspire.Hosting.Redis and SonarAnalyzer.CSharp
  • Updated dependency resolutions across projects to align versions

• Documentation

  • Added "Sprint 7.21" to the roadmap and removed a resolved technical-debt entry
  • Updated README: new timestamp/sprint, added tech entries, and replaced simple URLs with a detailed services table and local-dev warning

[coderabbitai]

📝 Walkthrough

Walkthrough

Updated package versions across the repository: Microsoft.OpenApi 2.3.0→2.6.1, Hangfire packages 1.8.22→1.8.23, Aspire.Hosting.Redis 13.0.2→13.1.0, SonarAnalyzer.CSharp 10.18.0.131500→10.19.0.132793; corresponding packages.lock.json files and docs updated (roadmap, technical-debt, README).

Changes

Cohort / File(s)	Summary
Central Package Configuration Directory.Packages.props	Bumped versions: Microsoft.OpenApi 2.3.0→2.6.1, Hangfire.Core & Hangfire.AspNetCore 1.8.22→1.8.23, Aspire.Hosting.Redis 13.0.2→13.1.0, SonarAnalyzer.CSharp 10.18.0.131500→10.19.0.132793.
Documentation docs/roadmap.md, docs/technical-debt.md, README.md	Added sprint note to roadmap, removed Microsoft.OpenApi blocker from technical-debt, updated README service/table and tech list entries.
Aspire & Hosting lockfiles src/Aspire/.../packages.lock.json, tests/... (select)tests/MeAjudaAi.E2E.Tests/packages.lock.json	Locked Aspire.Hosting.Redis →13.1.0, adjusted transitive Aspire.Hosting and added Microsoft.Extensions.FileSystemGlobbing; updated Hangfire/OpenApi/SonarAnalyzer locks and content hashes.
Module & Project lockfiles (bulk) src/**/**/packages.lock.json, tests/**/packages.lock.json, src/Shared/packages.lock.json	Wide, consistent lockfile updates across modules (Documents, Locations, Providers, SearchProviders, ServiceCatalogs, Users, Shared, tests): Hangfire →1.8.23, Microsoft.OpenApi →2.6.1, SonarAnalyzer.CSharp →10.19.0; contentHash and dependency mappings updated.
Bootstrapper / Client / Contracts lockfiles src/Bootstrapper/.../packages.lock.json, src/Client/.../packages.lock.json, src/Contracts/packages.lock.json	Aligned resolved versions and hashes for Hangfire, Microsoft.OpenApi, SonarAnalyzer across bootstrapper and client/contract projects.

Sequence Diagram(s)

(omitted)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

• chore: resolve Aspire.Npgsql.EntityFrameworkCore.PostgreSQL investigation #55 — Changes the same package pins in Directory.Packages.props (OpenAPI, Hangfire).
• Migration to dotnet 10 #8 — Overlaps on central package version adjustments in Directory.Packages.props.
• Fix/aspire initialization #99 — Concurrent Aspire package updates (Aspire.Hosting.*) and related lockfile edits.

Poem

🐇 I hopped through locks and props today,

bumped versions neatly on my way.
OpenApi, Hangfire—new shoes to try,
Redis refreshed beneath the sky.
A tiny rabbit clap—deps up, hip‑hooray!

🚥 Pre-merge checks | ✅ 1 | ❌ 2

❌ Failed checks (1 warning, 1 inconclusive)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	No pull request description was provided; the template requires sections like Summary, Problem, Solution, Changes, Impact, and Testing, all of which are missing.	Add a comprehensive pull request description following the template, including summary of changes, rationale, testing performed, and any relevant notes for reviewers.
Title check	❓ Inconclusive	The title 'Feature/package updates 20260205' is vague and generic—it lacks specificity about which packages were updated or the main change's significance.	Revise the title to be more specific, e.g., 'Update NuGet packages: Hangfire 1.8.23, Microsoft.OpenApi 2.6.1, and related dependencies'.

✅ Passed checks (1 passed)

Check name	Status	Explanation
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feature/package-updates-20260205

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 2

Caution

Some comments are outside the diff and can’t be posted inline due to platform limitations.

⚠️ Outside diff range comments (1)

tests/MeAjudaAi.E2E.Tests/packages.lock.json (1)

1-3186: ⚠️ Potential issue | 🟡 Minor

Verify Aspire.Hosting.Keycloak pre-release version compatibility and check transitive dependencies for known vulnerabilities.

One package uses a pre-release version: Aspire.Hosting.Keycloak 13.1.0-preview.1.25616.3. Confirm this is intentional, as pre-release versions are not recommended for production. For other major packages reviewed (Hangfire.Core 1.8.23, RabbitMQ.Client 7.2.0, Rebus 8.9.0, Microsoft.OpenApi 2.6.1), no direct CVEs were found in current advisories. However, verify transitive dependencies—particularly System.Text.Json versions—have no known vulnerabilities using dotnet list package --vulnerable.

🤖 Fix all issues with AI agents

In `@docs/roadmap.md`:
- Around line 38-41: The sprint entries are out of chronological order: update
the ordering or dates so "Sprint 7.21 - Package Updates & Bug Fixes (5 Fev
2026)" does not appear after "Sprint 8 - Customer App (22 Jan - 4 Fev 2026)";
either move the "Sprint 7.21" line to its correct chronological position or
correct its date, ensuring "Sprint 8 - Customer App (Web + Mobile)" and "Sprint
9 - BUFFER (Polishing...)" remain in proper sequence and the timeline reads
monotonically by date.

In `@src/Modules/Locations/Tests/packages.lock.json`:
- Around line 186-190: The project updated Hangfire.Core to 1.8.23 which uses a
stable sort for background job filters; verify tests and adjust filter ordering
so behavior is deterministic: run the relevant test suite and reproduction
scenarios that exercise background job filters (e.g., jobs using filters with
the same Order value), and if failures appear, make ordering explicit by setting
distinct Order values on your IServerFilter/IClientFilter/IApplyStateFilter
implementations or introduce a deterministic tie-breaker (e.g., add a secondary
sort key such as filter type name) where filters are collected (references:
Hangfire.Core, Hangfire.InMemory, Hangfire.PostgreSql and your filter
implementations that set Order) to prevent regressions introduced by the
stable-sorting change.

🧹 Nitpick comments (1)

src/Modules/Locations/Domain/packages.lock.json (1)

7-9: Package version updates are safe and consistent.

The lock file correctly reflects the updated package versions with no breaking changes in the target versions:

• SonarAnalyzer.CSharp: 10.18.0 → 10.19.0 (minor, includes VS 2026 compatibility fix)
• Hangfire packages: 1.8.22 → 1.8.23 (patch with bug fixes, applied consistently across all related packages)
• Microsoft.OpenApi: 2.3.0 → 2.6.1 (patch; 2.6.1 fixes breaking changes from the deprecated 2.6.0)

Review the Microsoft.OpenApi 2.6.0 changelog since you're upgrading from 2.3.0 and skipping the breaking-change version. All dependency constraints and contentHash values are properly synchronized.

[github-actions]

📊 Code Coverage Report

Coverage: 90.25% (extracted from Cobertura (Aggregated Direct))

📈 Coverage Details

• Coverage badges:
• Minimum threshold: 80% (warning) / 90% (good)
• Report format: Auto-detected from OpenCover/Cobertura XML files
• Coverage source: Cobertura (Aggregated Direct)

📋 Coverage Analysis

• Line Coverage: Shows percentage of code lines executed during tests
• Branch Coverage: Shows percentage of code branches/conditions tested
• Complexity: Code complexity metrics for maintainability

🎯 Quality Gates

• ✅ Pass: Coverage ≥ 90%
• ⚠️ Warning: Coverage 80-89%
• ❌ Fail: Coverage < 80%

📁 Artifacts

• Coverage reports: Available in workflow artifacts
• Test results: TRX files with detailed test execution data

This comment is updated automatically on each push to track coverage trends.