Lab 7: bump vulnerable deps and enable Dependabot#24
Open
nik-bykoff wants to merge 8 commits intolenagrin:masterfrom
Open
Lab 7: bump vulnerable deps and enable Dependabot#24nik-bykoff wants to merge 8 commits intolenagrin:masterfrom
nik-bykoff wants to merge 8 commits intolenagrin:masterfrom
Conversation
- Move SONAR_PROJECT_KEY/SONAR_ORGANIZATION into workflow env block with explicit setup instructions for fork-based usage. - Update README with student header, fork/upstream links and a table of all eight lab reports. - Replace SonarCloud badges with placeholders for nik-bykoff fork. - Add docs/labs/lab-01.md report describing manual SonarCloud steps, CI workflow layout and verification checklist. - Ignore local .env files to prevent accidental token leaks.
- Rename NetSdrClient.Disconect to Disconnect (typo) and update callers/tests. - Remove stray semicolon in StartIQAsync and unused JSType using-statics. - Make responseTaskSource thread-safe via Interlocked.Exchange + TrySetResult. - Replace Aggregate-on-empty-may-throw log formatting with string.Join in three places. - Rewrite GetSamples from O(n^2) IEnumerable.Count loop to O(n) for-loop with reusable byte[4] buffer. - Replace MD5-based UdpClientWrapper.GetHashCode with HashCode.Combine and add Equals override. - Make TcpClientWrapper._cts nullable, mark _host/_port readonly, drop unused exception variable names. - All eight existing unit tests still pass; compiler warnings dropped from 18 to 15 (rest are EchoTcpServer or NuGet).
- Add coverlet.msbuild to NetSdrClientAppTests with PrivateAssets=all. - Add four NetSdrClient tests (ChangeFrequency, idempotent IQ flag, listener startup, no-op when disconnected). - Add six NetSdrMessageHelper tests covering control-item/data-item roundtrip and GetSamples edge cases (8/16 bit, empty body, oversized width). - Fix latent bug in TranslateMessage where Enum.IsDefined was called with ushort while ControlItemCodes underlying type is int. - Re-enable Tests with coverage step in CI workflow with opencover output and Program exclusion. - 18/18 tests passing locally; coverage of NetSdrClientApp module: line 45.86%, branch 26.92%, method 48.48%.
- Add internal HexFormatter.ToSpaceSeparatedHex used by TCP send log, TCP receive log and UDP samples log. - Replace TcpClientWrapper.SendMessageAsync(byte[]) and SendMessageAsync(string) overloads with thin wrappers around private SendCoreAsync(byte[]). - Collapse identical UdpClientWrapper.StopListening and Exit into StopCore via thin delegating wrappers. - 18/18 tests still pass; behavior unchanged.
- Add NetSdrClient.ArchTests project (NUnit + NetArchTest.Rules 1.3.2) with reference to NetSdrClientApp.
- Encode four architecture rules:
* Messages namespace must not depend on Networking.
* Networking namespace must not depend on Messages.
* Interfaces in Networking namespace start with I.
* Wrapper classes in Networking namespace are sealed.
- Run is intentionally red on this commit (TcpClientWrapper is not sealed) to demonstrate ArchTest catching a real violation; the green fix follows in the next commit.
- Mark TcpClientWrapper and UdpClientWrapper as sealed to satisfy NetworkingWrappers_ShouldBeSealed. - Move UdpClientWrapper and IUdpClient into the NetSdrClientApp.Networking namespace so they are scoped by the architectural rules. - All four ArchTests now pass; existing 18 unit tests remain green. - Adds docs/labs/lab-05.md describing the red-then-green CI demo.
- Extract pure echo algorithm into EchoCore.EchoLoopAsync(Stream, CancellationToken, int) so it can be exercised against an in-memory Stream. - Introduce IEchoServer contract; mark EchoServer sealed and make Stop() idempotent. - Move UdpTimedSender into its own file with namespace, argument validation (null host, non-positive interval), an internal UdpClient seam and an IsRunning flag. - Reduce Program.cs to a thin Main composition root. - Add new EchoTcpServer.Tests project (NUnit + Moq + coverlet.msbuild) with ten unit tests covering EchoCore and UdpTimedSender lifecycles and validation. - 18+4+10 = 32 tests pass overall; EchoServer module coverage rises from 0% to line 55.12% / branch 65.38% / method 61.53%; project compiler warnings drop from 5 to 0.
- Update Newtonsoft.Json 13.0.0 -> 13.0.3 in NetSdrClientApp.csproj (removes NU1603 approximate-match warning). - Update SharpZipLib 1.3.2 -> 1.4.2 in NetSdrClientApp.csproj (resolves three GHSA advisories: 2x7h-96h5-rq84, m22m-h4rf-pwq3, mm6g-mmq6-53ff). - Add .github/dependabot.yml watching nuget (with a grouped test-stack rule) and github-actions weekly with deps(nuget) / deps(actions) commit prefixes. - Solution-level NuGet warnings drop from 15 to 0; 32/32 tests still pass.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Eliminate the vulnerable / outdated dependency warnings flagged by
dotnet restore, and wire Dependabot to keep the solution healthy going forward.Production dependency bumps (
NetSdrClientApp.csproj)Newtonsoft.Json13.0.0 -> 13.0.3 (removes the NU1603 approximate-match warning that resolved 13.0.0 -> 13.0.1).SharpZipLib1.3.2 -> 1.4.2 (resolves three GHSA advisories: GHSA-2x7h-96h5-rq84, GHSA-m22m-h4rf-pwq3, GHSA-mm6g-mmq6-53ff).Both updates stay within the same major version; no API surface change for the production code.
Dependabot configuration (
.github/dependabot.yml)nuget: weekly (Monday 08:00 Europe/Kyiv),commit-message.prefix: deps(nuget),open-pull-requests-limit: 5. Atest-stackgroup bundlesNUnit*,Microsoft.NET.Test.Sdk,coverlet.*andMoqso they always upgrade together.github-actions: weekly withdeps(actions)prefix.Manual follow-ups (cannot be automated)
Settings -> Code security and analysisfor the fork.dependabot.ymland start scanning; the historicalSharpZipLib 1.3.2advisory will appear and be auto-resolved as soon as this PR merges.Test plan
dotnet restore NetSdrClient.sln-> 0 NU1603/NU1902/NU1903 warnings.dotnet build NetSdrClient.sln -c Release --no-restore-> 0 warnings, 0 errors.dotnet test NetSdrClient.sln -c Release --no-build-> 32/32 passing (18 + 4 + 10).Discipline / Author