Feature/update vulnerable packages

[CodeWolf86]

Update Vulnerable Packages
Update .Net 8 LTS
Update Unit Tests for required fields that were causing a failure when connecting to conductor.

Main vulnerability looking to resolve is this one in RestSharp: https://nvd.nist.gov/vuln/detail/CVE-2024-45302
Which is consumed by the Conductor-C# Sdk.

Unit tests have passed.
Those that have failed were targeting unknown endpoints on the conductor-oss image, the /Environment or /Integrations don't seem to exist so would appreciate any advice on that one.

Vulnerabilities highlighted:
GHSA-qj66-m88j-hmgj
GHSA-4rr6-2v9v-wcpc
GHSA-7jgj-8wvc-jh57
GHSA-hh2w-p6rv-4g7w
GHSA-cmhx-cq75-c4mj

[nprorekhin]

Good PR, I would also like to have these changes approved 👍

Since you bumped .NET version to 8.0 you should also probably bump the image version in the Docker file. It is used in GitHub actions during CI/CD.

FROM mcr.microsoft.com/dotnet/sdk:6.0 AS csharp-sdk -> FROM mcr.microsoft.com/dotnet/sdk:8.0 AS csharp-sdk

[CodeWolf86]

Thanks @nprorekhin Good catch. Have updated 👍

[CodeWolf86]

Apologies not familiar with your CI but obviously all tests failing isn't going to allow this PR to merge. I notice that when the CI for the test stage kicks off the Docker Build input is the following

DOCKER_BUILDKIT=1 docker build --target=test --build-arg KEY= --build-arg SECRET= --build-arg CONDUCTOR_SERVER_URL= 

But the last run on main which only passed 63/65 tests has the following setup

  DOCKER_BUILDKIT=1 docker build --target=test --build-arg KEY=*** --build-arg SECRET=*** --build-arg CONDUCTOR_SERVER_URL=*** .

So for the run on my PR there is no Server Url or Secret being passed in to assist with the tests / worker setup nor the Orks client so it will fail.

Can anyone assist in how I can re-trigger the CI? or make sure the values are provided in the Docker build for it to succeed? ( or at least get some steps further? )

Can see the Git Hub workflow is here https://github.com/conductor-sdk/conductor-csharp/blob/main/.github/workflows/pull_request.yml

which is attempting to provide the parameters.

Can anyone help? As i'm keen to try to move this along and merge if possible.

[CodeWolf86]

Ah so because I had to Fork the repo to work on it I'm unable to run the workflow because the forked repo doesn't have access to sensitive data such as secrets -> https://docs.github.com/en/actions/managing-workflow-runs-and-deployments/managing-workflow-runs/approving-workflow-runs-from-public-forks#about-workflow-runs-from-public-forks

If anyone is able to create a feature branch for me on this repo without the restrictions, i'll merge into the feature branch from my fork, then recreate the PR which will allow the workflow to run correctly for the CI regarding the build and test stages. Unless there are any alternatives?

@gardusig @manan164 @Jithesh-poojary @jmigueprieto would any of you be able to assist? Thank you.

[jack4it]

would love to see this PR merged. will reduce so many warnings

[jack4it]

thx @manan164 for merging the PR! look forward to a nuget release soon