Skip to content

D/package upgrade#7

Open
CheapNud wants to merge 6 commits intomasterfrom
d/package-upgrade
Open

D/package upgrade#7
CheapNud wants to merge 6 commits intomasterfrom
d/package-upgrade

Conversation

@CheapNud
Copy link
Owner

@CheapNud CheapNud commented Mar 2, 2026

No description provided.

@CheapNud
- Disambiguate SettingsService inject in Settings.razor, AddRenderJo…
f3e8d25 
…bDialog.razor

  - Migrate SharpCompress: Open→OpenArchive, ExtractionOptions→ReaderOptions
  - Fix nullable IProgress<T> warnings in FFmpegRenderService, MeltRenderService
  - Bump EF Core, System.Management 10.0.2→10.0.3 (Core project)
@CheapNud
- MudBlazor 8.15→9.0.0 across all projects
60b2244 
  - CheapHelpers 2.0→2.1.0, MediaProcessing 2.0.1→2.1.0
  - CheapHelpers.Blazor/EF/Models/Services 2.0→2.0.1
  - SharpCompress 0.46.0→0.46.3
  - coverlet 6.0.4→8.0.0, Test.Sdk 18.0.1→18.3.0
  - ShowMessageBox→ShowMessageBoxAsync in RenderQueue.razor
@CheapNud
update workflow
f5f054c
@CheapNud
package udpates
0704659
@github-actions
Copy link

github-actions bot commented Mar 2, 2026
edited
Loading

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 15 package(s) with unknown licenses.
See the Details below.

License Issues

CheapShotcutRandomizer.Core/CheapShotcutRandomizer.Core.csproj

PackageVersionLicenseIssue Type
CheapHelpers3.0.0NullUnknown License
Microsoft.AspNetCore.Components.Web10.0.3NullUnknown License
Microsoft.EntityFrameworkCore10.0.3NullUnknown License
Microsoft.EntityFrameworkCore.Sqlite10.0.3NullUnknown License
MudBlazor9.0.0NullUnknown License

CheapShotcutRandomizer.Tests/CheapShotcutRandomizer.Tests.csproj

PackageVersionLicenseIssue Type
MudBlazor9.0.0NullUnknown License
bunit2.6.2NullUnknown License

CheapShotcutRandomizer.csproj

PackageVersionLicenseIssue Type
CheapAvaloniaBlazor3.0.0NullUnknown License
CheapHelpers3.0.0NullUnknown License
CheapHelpers.Blazor3.0.0NullUnknown License
Microsoft.EntityFrameworkCore10.0.3NullUnknown License
Microsoft.EntityFrameworkCore.Design10.0.3NullUnknown License
Microsoft.EntityFrameworkCore.Sqlite10.0.3NullUnknown License
MudBlazor9.0.0NullUnknown License
SharpCompress0.46.4NullUnknown License
Allowed Licenses: MIT, Apache-2.0, BSD-3-Clause, BSD-2-Clause, ISC, 0BSD, Unlicense

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
nuget/CheapHelpers 3.0.0 UnknownUnknown
nuget/CheapHelpers.MediaProcessing 2.1.0 UnknownUnknown
nuget/Microsoft.AspNetCore.Components.Web 10.0.3 UnknownUnknown
nuget/Microsoft.EntityFrameworkCore 10.0.3 UnknownUnknown
nuget/Microsoft.EntityFrameworkCore.Sqlite 10.0.3 UnknownUnknown
nuget/MudBlazor 9.0.0 UnknownUnknown
nuget/CheapHelpers.MediaProcessing 2.1.0 UnknownUnknown
nuget/Microsoft.NET.Test.Sdk 18.3.0 🟢 4.1
Details
CheckScoreReason
Code-Review⚠️ 2Found 4/15 approved changesets -- score normalized to 2
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 17 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
License🟢 10license file detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Signed-Releases⚠️ -1no releases found
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Binary-Artifacts⚠️ 0binaries present in source code
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
nuget/MudBlazor 9.0.0 UnknownUnknown
nuget/bunit 2.6.2 UnknownUnknown
nuget/coverlet.collector 8.0.0 🟢 5.1
Details
CheckScoreReason
Maintained🟢 1028 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10
Code-Review⚠️ 0Found 0/30 approved changesets -- score normalized to 0
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 9detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 7binaries present in source code
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Security-Policy⚠️ 0security policy file not detected
SAST🟢 10SAST tool is run on all commits
nuget/CheapAvaloniaBlazor 3.0.0 UnknownUnknown
nuget/CheapHelpers 3.0.0 UnknownUnknown
nuget/CheapHelpers.Blazor 3.0.0 UnknownUnknown
nuget/CheapHelpers.EF 2.0.1 UnknownUnknown
nuget/CheapHelpers.MediaProcessing 2.1.0 UnknownUnknown
nuget/CheapHelpers.Models 2.0.1 UnknownUnknown
nuget/CheapHelpers.Services 2.0.1 UnknownUnknown
nuget/Microsoft.EntityFrameworkCore 10.0.3 UnknownUnknown
nuget/Microsoft.EntityFrameworkCore.Design 10.0.3 UnknownUnknown
nuget/Microsoft.EntityFrameworkCore.Sqlite 10.0.3 UnknownUnknown
nuget/MudBlazor 9.0.0 UnknownUnknown
nuget/SharpCompress 0.46.4 🟢 5.3
Details
CheckScoreReason
Code-Review🟢 3Found 2/6 approved changesets -- score normalized to 3
Packaging⚠️ -1packaging workflow not detected
Maintained🟢 1030 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Security-Policy⚠️ 0security policy file not detected
License🟢 10license file detected
Binary-Artifacts🟢 8binaries present in source code
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 1branch protection is not maximal on development and all release branches
SAST🟢 4SAST tool is not run on all commits -- score normalized to 4
nuget/System.Management 10.0.3 UnknownUnknown

Scanned Files

  • CheapShotcutRandomizer.Core/CheapShotcutRandomizer.Core.csproj
  • CheapShotcutRandomizer.Tests/CheapShotcutRandomizer.Tests.csproj
  • CheapShotcutRandomizer.csproj

@github-actions
Copy link

github-actions bot commented Mar 2, 2026

🤖 Claude AI Code Review

Summary

Routine package upgrades across the solution (MudBlazor 8→9, CheapHelpers 2→3, EF Core/ASP.NET 10.0.2→10.0.3, SharpCompress, etc.) with corresponding API compatibility fixes.

Code Quality ⭐⭐⭐⭐☆

Nullable annotations on IProgress<T> parameters are a good correctness improvement alongside the required API fixes.

Issues

🟡 Settings.razor — ExtractionOptions no longer passed to WriteToDirectory

The ReaderOptions (with ExtractFullPath/Overwrite) is set on the archive open call, but WriteToDirectory(extractPath) no longer passes ExtractionOptions per-entry. Verify that SharpCompress 0.46.4's ReaderOptions actually controls per-entry extraction behaviour the same way the old ExtractionOptions did — particularly Overwrite. If not, existing files won't be overwritten silently, which could leave stale binaries after an upgrade.

Verdict

APPROVE — contingent on confirming the SharpCompress extraction behaviour noted above behaves as intended. All other changes are straightforward and correct.

📊 Tokens: 5313 input + 301 output | 💰 Cost: ~$.0204
Generated by Claude Sonnet 4.6 via GitHub Actions

@github-actions
Copy link

github-actions bot commented Mar 2, 2026

🤖 Claude AI Code Review

Summary

Routine package upgrade: .sln.slnx solution format migration, dependency version bumps, Claude model update in PR review workflow, and nullable annotation fixes.

Code Quality

⭐⭐⭐⭐☆
All workflows, labeler config, and project files are updated consistently across the board — no stragglers left referencing the old .sln file.

Issues

🟡 Settings.razor — ReaderOptions passed to OpenArchive but WriteToDirectory called without ExtractionOptions
The ReaderOptions (which controls reader behaviour like password/encoding) is being constructed with ExtractFullPath = true and Overwrite = true, but those are ExtractionOptions properties, not ReaderOptions properties. ReaderOptions does not have ExtractFullPath or Overwrite members — this would fail to compile, or if SharpCompress 0.46.x added them, they may not propagate to WriteToDirectory() the way intended. The old code passed ExtractionOptions directly to WriteToDirectory, which was correct. The new code drops the ExtractionOptions from WriteToDirectory entirely, meaning extraction may overwrite or path-strip behaviour is now uncontrolled. Verify the SharpCompress 0.46.x API and pass an ExtractionOptions to WriteToDirectory explicitly if needed.

Verdict

REQUEST CHANGES

  • Verify ReaderOptions in SharpCompress 0.46.x actually accepts ExtractFullPath/Overwrite — if not, restore ExtractionOptions passed directly to WriteToDirectory() for both archive extraction blocks in Settings.razor.

📊 Tokens: 7150 input + 417 output | 💰 Cost: ~$.0277
Generated by Claude Sonnet 4.6 via GitHub Actions

@github-actions
Copy link

github-actions bot commented Mar 2, 2026

🤖 Claude AI Code Review

Summary

Routine dependency upgrades (.sln → .slnx migration, NuGet package version bumps, SharpCompress API update for v0.46, MudBlazor 9.0 API migration, Claude model bump) with no logic changes.

Code Quality

⭐⭐⭐⭐☆
All CI/CD workflows are consistently updated in lockstep with the solution file rename — no missed references.

Issues

🟡 Settings.razor — extraction options silently dropped

The ReaderOptions with ExtractFullPath = true, Overwrite = true is passed to OpenArchive, but those options control reading, not extraction. WriteToDirectory(extractPath) is now called without any ExtractionOptions, meaning ExtractFullPath and Overwrite are no longer applied at extraction time. In SharpCompress 0.46, ExtractionOptions still exists and WriteToDirectory still accepts it. Dropping it means files may extract flat (ignoring subdirectory paths) and fail to overwrite existing files silently, breaking re-downloads/updates.

Fix: Pass extraction options explicitly:

entry.WriteToDirectory(extractPath, new ExtractionOptions { ExtractFullPath = true, Overwrite = true });

Same applies to the SevenZipArchive block below.

Verdict

REQUEST CHANGES

  • Restore ExtractionOptions { ExtractFullPath = true, Overwrite = true } in both WriteToDirectory calls in Settings.razor — the options passed to OpenArchive/ReaderOptions do not substitute for them.

📊 Tokens: 9351 input + 399 output | 💰 Cost: ~$.0340
Generated by Claude Sonnet 4.6 via GitHub Actions

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

area/services area/tests area/ui area/video-processing dependencies type/build type/config

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@CheapNud