fix openapi compatibility

[yileicn]

PR Type

Bug fix

---

Description

• Downgrade Swashbuckle.AspNetCore to 8.1.4 for NET8_0 compatibility

• Add conditional compilation for OpenAPI security requirement definitions

• Support both NET8_0 and NET10_0 framework targets with different API patterns

---

Diagram Walkthrough

flowchart LR
  A["NET8_0 & NET10_0<br/>Framework Support"] --> B["Conditional<br/>Compilation"]
  B --> C["OpenAPI Security<br/>Requirement Setup"]
  D["Swashbuckle.AspNetCore<br/>Version Downgrade"] --> E["Compatibility<br/>Fix"]
  C --> E

Loading

File Walkthrough

	Relevant files
Bug fix	BotSharpOpenApiExtensions.cs Add framework-specific OpenAPI security configuration        src/Infrastructure/BotSharp.OpenAPI/BotSharpOpenApiExtensions.cs Added conditional compilation directives for NET8_0 and NET10_0 frameworks Implemented NET8_0-specific OpenAPI security requirement using OpenApiSecurityRequirement object Implemented NET10_0-specific OpenAPI security requirement using OpenApiSecuritySchemeReference Added missing using statement for Microsoft.OpenApi.Models under NET8_0 condition +20/-0
Dependencies	Directory.Packages.props Downgrade Swashbuckle.AspNetCore for NET8_0                            Directory.Packages.props Downgraded Swashbuckle.AspNetCore version from 10.1.0 to 8.1.4 for NET8_0 target framework Ensures compatibility with NET8_0 OpenAPI implementation +1/-1

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance
⚪	Dependency downgrade risk Description: The PR downgrades Swashbuckle.AspNetCore to 8.1.4 for net8.0, which may reintroduce previously fixed vulnerabilities or miss later security patches in the OpenAPI/Swagger tooling (dependency CVEs should be checked before merging). Directory.Packages.props [141-146] Referred Code <ItemGroup Condition="'$(TargetFramework)' == 'net8.0'"> <PackageVersion Include="Swashbuckle.AspNetCore" Version="8.1.4" /> <PackageVersion Include="AspNet.Security.OAuth.GitHub" Version="8.3.0" /> <PackageVersion Include="AspNet.Security.OAuth.Keycloak" Version="8.3.0" /> <PackageVersion Include="AspNet.Security.OAuth.Weixin" Version="8.3.0" /> <PackageVersion Include="Microsoft.AspNetCore.Http.Abstractions" Version="2.3.0" />
Ticket Compliance
⚪	🎫 No ticket provided Create ticket/issue
Codebase Duplication Compliance
⚪	Codebase context is not defined Follow the guide to enable codebase context checks.
Custom Compliance
🟢	Generic: Comprehensive Audit Trails Objective: To create a detailed and reliable record of critical system actions for security analysis and compliance. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Meaningful Naming and Self-Documenting Code Objective: Ensure all identifiers clearly express their purpose and intent, making code self-documenting Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Robust Error Handling and Edge Case Management Objective: Ensure comprehensive error handling that provides meaningful context and graceful degradation Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Error Handling Objective: To prevent the leakage of sensitive system information through error messages while providing sufficient detail for internal debugging. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Secure Logging Practices Objective: To ensure logs are useful for debugging and auditing without exposing sensitive information like PII, PHI, or cardholder data. Status: Passed Learn more about managing compliance generic rules or creating your own custom rules
	Generic: Security-First Input Validation and Data Handling Objective: Ensure all data inputs are validated, sanitized, and handled securely to prevent vulnerabilities Status: Passed Learn more about managing compliance generic rules or creating your own custom rules

Compliance status legend

🟢 - Fully Compliant
🟡 - Partial Compliant
🔴 - Not Compliant
⚪ - Requires Further Human Verification
🏷️ - Compliance label

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
Possible issue	Fix invalid lambda and type usage Correct the NET10_0 conditional block by removing the invalid lambda expression and using the correct object initialization for the security requirement, mirroring the NET8_0 implementation. src/Infrastructure/BotSharp.OpenAPI/BotSharpOpenApiExtensions.cs [188-196] #elif NET10_0 - c.AddSecurityRequirement(x => new OpenApiSecurityRequirement + c.AddSecurityRequirement(new OpenApiSecurityRequirement { - { - new OpenApiSecuritySchemeReference("Bearer"), - [] - } + { + new OpenApiSecurityScheme + { + Reference = new OpenApiReference + { + Type = ReferenceType.SecurityScheme, + Id = "Bearer" + } + }, + Array.Empty<string>() + } }); #endif Apply / Chat Suggestion importance[1-10]: 9 __ Why: This suggestion correctly identifies multiple compilation errors in the NET10_0 block and provides a comprehensive fix, making the code for NET10_0 consistent with the working NET8_0 implementation.	High
More