V9.0.7/service update

[gimlichael]

This pull request is a service update focused on keeping package dependencies and related infrastructure up to date. It upgrades several dependencies to their latest compatible versions, updates release notes, and makes minor adjustments to build and test configurations to ensure compatibility with the latest frameworks.

Dependency updates:

• Updated all Cuemon.* and Codebelt.* package versions in Directory.Packages.props to their latest releases, including Microsoft.AspNetCore.Mvc.NewtonsoftJson for both .NET 9 and .NET 8 target frameworks. [1] [2]

Release notes and documentation:

• Added release notes for version 9.0.7 in CHANGELOG.md and updated PackageReleaseNotes.txt files for Codebelt.Extensions.AspNetCore.Mvc.Formatters.Newtonsoft.Json, Codebelt.Extensions.AspNetCore.Newtonsoft.Json, and Codebelt.Extensions.Newtonsoft.Json to reflect dependency upgrades and framework availability. [1] [2] [3] [4]

Build and test infrastructure:

• Updated Docker image tag in testenvironments.json for the Ubuntu test runner to use the latest .NET 8 and .NET 9 patch versions.
• Bumped NGINX base image version in .docfx/Dockerfile.docfx to 1.29.1-alpine.
• Ensured explicit build and restore steps for net48 in the GitHub Actions workflow (pipelines.yml).

Summary by CodeRabbit

• Documentation

  • Added 9.0.7 release notes across Newtonsoft.Json packages and updated CHANGELOG with dependency updates (no API changes).

• Chores

  • Upgraded central dependencies (Cuemon libraries, Codebelt test packages) and Microsoft.AspNetCore.Mvc.NewtonsoftJson for .NET 9/.NET 8.
  • Bumped NGINX base image to 1.29.1-alpine for documentation site container.
  • Updated test runner Docker image to net8.0.414-9.0.305.
  • CI: Enabled explicit build for net48 in tests and clarified restore step.

[coderabbitai]

Walkthrough

Version increments and documentation updates: bumped NGINX image in DocFX Dockerfile, added an explicit build step in CI for net48, updated central package versions, refreshed test runner Docker image, and added 9.0.7 release notes across changelog and three NuGet package notes.

Changes

Cohort / File(s)	Summary of Changes
DocFX Docker image ./.docfx/Dockerfile.docfx	Updated ARG NGINX_VERSION from 1.29.0-alpine to 1.29.1-alpine; propagates to stages using nginx:${NGINX_VERSION}.
CI workflow (tests) ./.github/workflows/pipelines.yml	In test job with: kept restore: true (commented), added build: true specifically for net48.
Release notes (NuGet packages) .nuget/Codebelt.Extensions.AspNetCore.Mvc.Formatters.Newtonsoft.Json/PackageReleaseNotes.txt, .nuget/Codebelt.Extensions.AspNetCore.Newtonsoft.Json/PackageReleaseNotes.txt, .nuget/Codebelt.Extensions.Newtonsoft.Json/PackageReleaseNotes.txt	Added Version 9.0.7 entries; noted dependency upgrades; moved dependency-change bullet from 9.0.6 to 9.0.7 where applicable.
Changelog ./CHANGELOG.md	Added entry for 9.0.7 (2025-09-15) describing dependency-focused service update.
Central package versions ./Directory.Packages.props	Bumped multiple package versions: Codebelt.Extensions.Xunit(.App) 10.0.5→10.0.6; Cuemon.* 9.0.8→9.0.9; Microsoft.AspNetCore.Mvc.NewtonsoftJson net9 9.0.8→9.0.9, net8 8.0.19→8.0.20.
Test environments ./testenvironments.json	Updated Docker-Ubuntu dockerImage tag from net8.0.413-9.0.304 to net8.0.414-9.0.305.

Sequence Diagram(s)

sequenceDiagram
  autonumber
  participant Dev as Developer
  participant GH as GitHub Actions
  participant Job as Test Job
  participant SDK as .NET SDK
  participant Test as Test Runner

  Dev->>GH: Push/PR
  GH->>Job: Trigger workflow
  Job->>SDK: Restore (restore: true)
  Note right of SDK: net48 requires restore
  Job->>SDK: Build (build: true)
  Note right of SDK: Newly added step for net48
  Job->>Test: Run tests
  Test-->>Job: Results
  Job-->>GH: Report status

Loading

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• V9.0.6/service update #14 — Prior batch updating package versions, release notes, changelog, and test environment files; closely mirrors this PR’s scope.
• V9.0.5/service update #13 — Introduced the NGINX_VERSION arg in .docfx/Dockerfile.docfx; this PR bumps that same arg.
• V9.0.1/package maintenance #9 — Previous NGINX base image version bump in the same DocFX Dockerfile.

Poem

I nudge the tags, hop-hop, then build,
A greener field of versions filled.
The runner’s coat gets fresh new dye,
DocFX hums with NGINX spry.
9.0.7—notes neatly spun—
Carrots merged, another run! 🥕✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check	✅ Passed	The title "V9.0.7/service update" is concise and directly related to the changeset’s primary intent — a v9.0.7 release that includes dependency bumps, release-note additions, and small CI/Docker updates — so it communicates the main purpose to reviewers.
Docstring Coverage	✅ Passed	No functions found in the changes. Docstring coverage check skipped.

✨ Finishing touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch v9.0.7/service-update

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (4)

.nuget/Codebelt.Extensions.AspNetCore.Newtonsoft.Json/PackageReleaseNotes.txt (1)

1-6: Release note reads well; unify “Version” header style across files.

Some entries use “Version x.y.z” while older ones use “Version: x.y.z”. Pick one style for consistency going forward.

.nuget/Codebelt.Extensions.AspNetCore.Mvc.Formatters.Newtonsoft.Json/PackageReleaseNotes.txt (1)

1-6: 9.0.7 entry looks good; keep “Version” header punctuation consistent.

Match the colon/no‑colon convention used elsewhere in the repo’s NuGet notes.

.nuget/Codebelt.Extensions.Newtonsoft.Json/PackageReleaseNotes.txt (1)

1-6: Notes updated correctly; minor style nit.

Standardize “Version” header formatting to reduce churn in future diffs.

.docfx/Dockerfile.docfx (1)

1-1: NGINX 1.29.1-alpine bump LGTM — pin image to sha256 digest (recommended)

1.29.1 is a patch release that fixes CVE-2025-53859; pin nginx:${NGINX_VERSION} in both stages (file: .docfx/Dockerfile.docfx) to the exact sha256 digest (e.g. nginx:1.29.1-alpine@sha256: from Docker Hub/manifest) to avoid tag‑drift and supply‑chain risk.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 84589f0 and d4eaa67.

📒 Files selected for processing (8)

• .docfx/Dockerfile.docfx (1 hunks)
• .github/workflows/pipelines.yml (1 hunks)
• .nuget/Codebelt.Extensions.AspNetCore.Mvc.Formatters.Newtonsoft.Json/PackageReleaseNotes.txt (1 hunks)
• .nuget/Codebelt.Extensions.AspNetCore.Newtonsoft.Json/PackageReleaseNotes.txt (1 hunks)
• .nuget/Codebelt.Extensions.Newtonsoft.Json/PackageReleaseNotes.txt (1 hunks)
• CHANGELOG.md (1 hunks)
• Directory.Packages.props (2 hunks)
• testenvironments.json (1 hunks)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (4)

• GitHub Check: call-test (windows-2022, Release) / 🧪 Test
• GitHub Check: call-test (ubuntu-24.04, Release) / 🧪 Test
• GitHub Check: call-test (ubuntu-24.04, Debug) / 🧪 Test
• GitHub Check: call-test (windows-2022, Debug) / 🧪 Test

🔇 Additional comments (4)

CHANGELOG.md (1)

10-13: Changelog entry LGTM; add explicit “no code/API behavior changes” for clarity.
[ suggest_nitpick_refactor ]
Apply this minimal clarification:

 ## [9.0.7] - 2025-09-15

 This is a service update that focuses on package dependencies.
+No code, API, or behavioral changes.

Directory.Packages.props (1)

6-15: Central version bumps LGTM — run vuln/compat sweep locally (dotnet not available here). Cuemon.* and Codebelt.* updates look coherent; I couldn't run dotnet list package --vulnerable --include-transitive in the sandbox. Run locally/CI: dotnet restore && dotnet list package --vulnerable --include-transitive and verify TargetFramework(s) include net8/net9 (e.g., rg -nP 'TargetFrameworks?\s*<' --glob '**/*.csproj').

testenvironments.json (1)

12-12: Tag exists — confirm image contains both SDKs

Docker Hub reports tag net8.0.414-9.0.305 is published. Confirm the image includes both .NET 8 and .NET 9 SDKs (CI/local parity). Context: testenvironments.json (line 12). Quick verification: docker run --rm gimlichael/ubuntu-testrunner:net8.0.414-9.0.305 dotnet --list-sdks

.github/workflows/pipelines.yml (1)

62-63: Gate restore/build to Windows (net48 only).

Codebelt's reusable workflow delegates to codebeltnet/dotnet-restore and dotnet-build (they expose restore/build inputs); gate the inputs on Windows and verify the reusable workflow accepts/pass‑through them.

-      restore: true # net48 requires restore
-      build: true # net48 requires build
+      restore: ${{ matrix.os == 'windows-2022' }} # net48 only on Windows
+      build:   ${{ matrix.os == 'windows-2022' }} # net48 only on Windows

Verify codebeltnet/jobs-dotnet-test/.github/workflows/default.yml@v2 defines/pass‑through the 'restore' and 'build' inputs and accepts boolean-like values.