Test Nuget Package Restore

[Jack251970]

Fix SystemEvent issue in #3846.

[gitstream-cm]

Be a legend 🏆 by adding a before and after screenshot of the changes you made, especially if they are around UI/UX.

[coderabbitai]

📝 Walkthrough

Walkthrough

Multiple project files and lockfiles were edited to downgrade several NuGet package versions across Flow.Launcher, Flow.Launcher.Core, Flow.Launcher.Plugin, and Flow.Launcher.Infrastructure. Lockfiles updated to reflect resolved transitive versions; a BOM appears before the Core csproj’s tag.

Changes

Cohort / File(s)	Summary of changes
Core project downgrades Flow.Launcher.Core/Flow.Launcher.Core.csproj, Flow.Launcher.Core/packages.lock.json	Downgraded FSharp.Core (9.0.300→9.0.201), StreamJsonRpc (2.22.11→2.21.10), Meziantou.Framework.Win32.Jobs (3.4.3→3.4.0); lockfile shows transitive downgrades (MessagePack, Nerdbank.Streams, Newtonsoft.Json, etc.); BOM added before <Project> tag.
App project Microsoft.Extensions rebase & deps Flow.Launcher/Flow.Launcher.csproj, Flow.Launcher/packages.lock.json	Rebased Microsoft.Extensions.* from 9.x → 7.x (e.g., DependencyInjection 9.0.7→7.0.0, Hosting 9.0.7→7.0.1); downgraded Fody/PropertyChanged.Fody, TaskScheduler, VirtualizingWrapPanel; lockfile updated with many Microsoft.* and System.* transitive changes.
Plugin project tooling downgrades Flow.Launcher.Plugin/Flow.Launcher.Plugin.csproj, Flow.Launcher.Plugin/packages.lock.json	Downgraded Fody (6.9.2→6.5.5) and PropertyChanged.Fody (4.1.0→3.4.0); packages.lock.json updated with resolved versions and content hashes.
Infrastructure project tooling downgrades Flow.Launcher.Infrastructure/Flow.Launcher.Infrastructure.csproj, Flow.Launcher.Infrastructure/packages.lock.json	Downgraded Fody (6.9.2→6.5.5), PropertyChanged.Fody (4.1.0→3.4.0), System.Drawing.Common (9.0.7→7.0.0), ToolGood.Words.Pinyin (3.1.0.3→3.0.1.4); lockfile reflects changed transitive deps (e.g., Microsoft.Win32.SystemEvents).

Estimated code review effort

🎯 4 (Complex) | ⏱️ ~45 minutes

Possibly related PRs

• Bump StreamJsonRpc and Microsoft.VisualStudio.Threading #2916 — touches StreamJsonRpc and related dependencies in Core, matching StreamJsonRpc/Nerdbank.Streams changes.
• Update all Fody dependencies to Fody 6.5.5 #3349 — aligns with project-wide Fody version adjustments (Fody → 6.5.5).
• Fix dependency injection issue in installer #3274 — modifies Microsoft.Extensions.DependencyInjection/Hosting versions similar to this PR’s rebase to 7.0.x.

Suggested reviewers

• jjw24
• taooceros
• onesounds

✨ Finishing Touches

🧪 Generate unit tests

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch test_nuget_dependency

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbit in a new review comment at the desired location with your query.
• PR comments: Tag @coderabbit in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbit gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbit read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.

Support

Need help? Create a ticket on our support page for assistance with any issues or questions.

CodeRabbit Commands (Invoked using PR/Issue comments)

Type @coderabbit help to get the list of available commands.

Other keywords and placeholders

• Add @coderabbit ignore or @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbit summary or @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbit or @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Status, Documentation and Community

• Visit our Status Page to check the current availability of CodeRabbit.
• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 4

🧹 Nitpick comments (2)

Flow.Launcher.Core/Flow.Launcher.Core.csproj (1)

1-1: Remove stray BOM to avoid noisy diffs.

The leading BOM character before the tag creeps into PR noise and sometimes upsets XML tooling.

Apply:

-<Project Sdk="Microsoft.NET.Sdk">
+<Project Sdk="Microsoft.NET.Sdk">

Flow.Launcher/packages.lock.json (1)

834-849: Infrastructure: NLog 4.7.10 and System.Drawing.Common 7.0.0 — coordinate with App project.

Keep versions consistent across App/Core/Infrastructure to avoid probing/version hell. Consider central package management.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 54e4c13 and 5285073.

📒 Files selected for processing (6)

• Flow.Launcher.Core/Flow.Launcher.Core.csproj (2 hunks)
• Flow.Launcher.Core/packages.lock.json (11 hunks)
• Flow.Launcher.Infrastructure/Flow.Launcher.Infrastructure.csproj (1 hunks)
• Flow.Launcher.Infrastructure/packages.lock.json (7 hunks)
• Flow.Launcher/Flow.Launcher.csproj (2 hunks)
• Flow.Launcher/packages.lock.json (17 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: taooceros
PR: Flow-Launcher/Flow.Launcher#2616
File: Flow.Launcher/Flow.Launcher.csproj:7-7
Timestamp: 2024-10-08T15:52:58.573Z
Learning: In the Flow Launcher project, the version number in the `Flow.Launcher.csproj` file is dynamically updated during the CI/CD process.

📚 Learning: 2024-10-08T15:52:58.573Z

Learnt from: taooceros
PR: Flow-Launcher/Flow.Launcher#2616
File: Flow.Launcher/Flow.Launcher.csproj:7-7
Timestamp: 2024-10-08T15:52:58.573Z
Learning: In the Flow Launcher project, the version number in the `Flow.Launcher.csproj` file is dynamically updated during the CI/CD process.

Applied to files:

• Flow.Launcher.Core/Flow.Launcher.Core.csproj
• Flow.Launcher.Infrastructure/Flow.Launcher.Infrastructure.csproj
• Flow.Launcher/Flow.Launcher.csproj
• Flow.Launcher.Core/packages.lock.json
• Flow.Launcher/packages.lock.json
• Flow.Launcher.Infrastructure/packages.lock.json

🪛 GitHub Check: Check Spelling

Flow.Launcher.Core/packages.lock.json

[warning] 174-174:
Newtonsoft is not a recognized word. (unrecognized-spelling)

---

[warning] 246-246:
NLog is not a recognized word. (unrecognized-spelling)

---

[warning] 245-245:
NHotkey is not a recognized word. (unrecognized-spelling)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (2)

• GitHub Check: gitStream.cm
• GitHub Check: build

🔇 Additional comments (23)

Flow.Launcher/Flow.Launcher.csproj (1)

86-110: Verify DI/Hosting API compatibility
Manual check required: run

rg -nP '\b(HostApplicationBuilder|IHostApplicationBuilder|AddKeyed|TryAddKeyed)\b' -g '!**/bin/**' -g '!**/obj/**'

across the solution and build locally targeting net9.0-windows10.0.19041.0 with Microsoft.Extensions.* 7.x to ensure no post-7.0 APIs are used.

Flow.Launcher.Infrastructure/packages.lock.json (1)

70-88: No config references to OutputDebugStringTarget—approve as is.

No .config/.xml/.json files reference OutputDebugStringTarget; the only usage is in Logger/Log.cs, and NLog 4.7.10 includes this target—startup will succeed.

Flow.Launcher.Core/packages.lock.json (1)

49-63: StreamJsonRpc 2.21.10: verify compatibility with peers

2.21.10 pulls in Microsoft.VisualStudio.Threading 17.10.48; confirm no plugin or remote peer relies on StreamJsonRpc 2.22.x features.

Flow.Launcher/packages.lock.json (20)

130-136: PropertyChanged.Fody 3.4.0 with Fody 6.5.x — check attribute usage remains valid.

If you use [AlsoNotify], [DependsOn], etc., confirm the weaver still processes as expected after the downgrade.

---

146-153: System.Diagnostics.EventLog 9.0.2 via TaskScheduler — reconcile with Logging.EventLog 7.0.0 requirement.

Lock resolves EventLog to 9.0.2 (higher than 7.0.0). That should be fine; still, please run app logging paths that write to Windows Event Log.

---

157-160: VirtualizingWrapPanel 2.1.1 — verify UI virtualization behavior/perf hasn’t regressed.

Regression tests for result list scrolling and item recycling recommended.

---

176-178: BitFaster.Caching 2.5.3 — confirm cache policy compatibility.

If custom eviction/metrics integrations exist, ensure API surface matches prior version.

---

199-201: FSharp.Core 9.0.201 — validate any F# components still compile/run.

Run unit/integration tests for F#-based features (if any) to catch subtle compatibility issues.

---

238-249: MessagePack 2.5.187 — check resolver/contract compatibility and AOT source-gen.

If you use ContractlessStandardResolver or source-generated formatters, re-validate serialization of settings/history data to avoid data-shape regressions.

---

252-254: Meziantou.Framework.Win32.Jobs 3.4.0 — verify job object usage on Windows 10+.

Exercise process/job lifetime management paths (plugin process control) to confirm no behavioral changes.

---

256-321: Microsoft.Extensions.Configuration stack at 7.0.x — retest config binding.

Binder went to 7.0.3; re-run options binding for all config sections (plugins, paths) and ensure no missing converters.

---

496-509: VS Threading 17.12.19 while StreamJsonRpc/Nerdbank depend on 17.10.48 — watch for analyzer/runtime skew.

Resolution should float to 17.12.19; verify there are no analyzer warnings or runtime issues.

---

536-543: Nerdbank.Streams 2.11.74 — confirm stream backpressure scenarios.

Exercise RPC/IPC paths for large payloads to ensure no deadlocks/regressions.

---

637-641: DiagnosticSource 7.0.1 added — ensure Activity propagation remains correct.

If you rely on tracing, quickly validate spans/activities in a debug run.

---

648-654: System.Drawing.Common 7.0.0 + Microsoft.Win32.SystemEvents 7.0.0 — test GDI+/SystemEvents paths.

Given issue #3846 context, confirm SystemEvents handlers fire reliably (display changes, power events) on Windows 10/11 with .NET 9 runtime.

---

767-779: System.Text.Json 7.0.0 (transitive) — ensure no accidental switch from Newtonsoft.

Scan for accidental use of System.Text.Json APIs that may diverge from Newtonsoft behavior.

---

804-808: ToolGood.Words.Pinyin 3.0.1.4 — verify IME/Pinyin features.

Run Chinese input/search tests to ensure no segmentation or tone-mark regressions.

---

820-832: Project deps: Core now constrained to older libs — run end-to-end plugin load/update tests.

Especially StreamJsonRpc and MessagePack interactions with plugins.

---

562-566: Manual verification required for NLog upgrade
Heuristic scan (rg -nP '\b(LogFactory|LoggerConfiguration|MethodCallTarget)\b|NLog\.Config\..*?Configuration') returned no matches, but this is not exhaustive. Please run your logging initialization and target configurations in a development environment to confirm compatibility before bumping NLog from 4.7.10.

---

74-109: Compatibility with .NET 9 and Microsoft.Extensions 7.0.x verified. No references to WebApplication, ActivitySource, LoggerMessage.Define, or OptionsBuilder<> found; DiagnosticSource 7.0.1 upgrade is non-breaking.

---

546-548: Newtonsoft.Json 13.0.1 is the first patched version for GHSA-5crp-9r3c-p9vr and GHSA-8rfx-6mr3-5jh3 (vulnerable < 13.0.1) — this downgrade does not reintroduce those CVEs.

---

1-856: Enforce locked restore mode in CI
RestorePackagesWithLockFile is enabled in all project files; CI must invoke restore with --use-lock-file --locked-mode to fail on unintended upgrades. No explicit open-ended ranges ([x, )) were found in csproj. Optional: pin exact versions (Version="[x.y.z]") or adopt Central Package Management for stricter control.

---

19-21: CI lock-file enforcement and weaver packages verified – All projects define <RestorePackagesWithLockFile>true</RestorePackagesWithLockFile>, all Fody and PropertyChanged.Fody references include <PrivateAssets>all</PrivateAssets>, and a FodyWeavers.xml exists in each project. Confirm your CI pipeline performs a full restore and build so the lock file is regenerated deterministically.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Pin Microsoft.Win32.SystemEvents explicitly instead of broad downgrades.

If #3846 is due to SystemEvents regressions, rely on an explicit, direct pin rather than downgrading unrelated packages (StreamJsonRpc, FSharp.Core, etc.). This makes intent clear and prevents future transitive bumps from reintroducing the bug.

Apply:

   <ItemGroup>
     <PackageReference Include="Droplex" Version="1.7.0" />
     <PackageReference Include="FSharp.Core" Version="9.0.201" />
     <PackageReference Include="Meziantou.Framework.Win32.Jobs" Version="3.4.0" />
     <PackageReference Include="Microsoft.IO.RecyclableMemoryStream" Version="3.0.1" />
     <PackageReference Include="SemanticVersioning" Version="3.0.0" />
     <PackageReference Include="squirrel.windows" Version="1.5.2" NoWarn="NU1701" />
     <PackageReference Include="StreamJsonRpc" Version="2.21.10" />
+    <PackageReference Include="Microsoft.Win32.SystemEvents" Version="7.0.0" />
   </ItemGroup>

Follow-up: after pinning, consider reverting unrelated downgrades if they weren’t required.

---

🏁 Script executed:

#!/bin/bash

git diff HEAD~1 -- Flow.Launcher.Core/Flow.Launcher.Core.csproj

Length of output: 1279

---

🏁 Script executed:

#!/bin/bash
# Search for any references to SystemEvents in the codebase
rg -n 'SystemEvents' -C3 .

Length of output: 3791

---

🏁 Script executed:

#!/bin/bash
# Show context around the transitive Microsoft.Win32.SystemEvents entry
sed -n '200,230p' Flow.Launcher.Core/packages.lock.json

# Show dependencies for each direct PackageReference to identify which pulls in SystemEvents
for pkg in Droplex FSharp.Core Meziantou.Framework.Win32.Jobs Microsoft.IO.RecyclableMemoryStream SemanticVersioning squirrel.windows StreamJsonRpc; do
  echo "=== $pkg ==="
  grep -R -n "\"$pkg\"" -A5 -B2 Flow.Launcher.Core/packages.lock.json
done

Length of output: 5926

---

Pin Microsoft.Win32.SystemEvents explicitly to 7.0.0.

Add this direct reference in Flow.Launcher.Core/Flow.Launcher.Core.csproj to lock the transitive SystemEvents version instead of downgrading unrelated packages:

   <ItemGroup>
     <PackageReference Include="Droplex" Version="1.7.0" />
     <PackageReference Include="FSharp.Core" Version="9.0.201" />
     <PackageReference Include="Meziantou.Framework.Win32.Jobs" Version="3.4.0" />
     <PackageReference Include="Microsoft.IO.RecyclableMemoryStream" Version="3.0.1" />
     <PackageReference Include="SemanticVersioning" Version="3.0.0" />
     <PackageReference Include="squirrel.windows" Version="1.5.2" NoWarn="NU1701" />
     <PackageReference Include="StreamJsonRpc" Version="2.21.10" />
+    <PackageReference Include="Microsoft.Win32.SystemEvents" Version="7.0.0" />
   </ItemGroup>

This makes the intent clear and prevents future transitive bumps (via System.Drawing.Common) from reintroducing the issue.

🤖 Prompt for AI Agents

In Flow.Launcher.Core/Flow.Launcher.Core.csproj around lines 56 to 64, add a
direct PackageReference to Microsoft.Win32.SystemEvents with Version="7.0.0"
inside the existing ItemGroup to pin the transitive SystemEvents version; this
locks the dependency (preventing future transitive bumps via
System.Drawing.Common) and makes the intent explicit—add the reference alongside
the other PackageReference entries in that ItemGroup.

[coderabbitai]

🛠️ Refactor suggestion

SystemEvents fixed at 7.0.0 (transitive).

Good for the immediate bug, but pin directly in csproj to avoid accidental bumps via unrelated package updates.

🤖 Prompt for AI Agents

In Flow.Launcher.Core/packages.lock.json around lines 154 to 158,
Microsoft.Win32.SystemEvents is pinned transitively to 7.0.0 but not declared
directly in the project; add a direct PackageReference for
Microsoft.Win32.SystemEvents with Version="7.0.0" to the appropriate .csproj (or
Directory.Build.props) to lock the version explicitly, include
PrivateAssets="All" if you want it to be non-transitive for consumers, save the
file and run dotnet restore to ensure the lockfile reflects the direct pin.

[coderabbitai]

💡 Verification agent

🧩 Analysis chain

Guard against runtime/config breaks from NLog and SystemEvents changes.

• NLog 4.7.10 is a major downgrade; ensure no 5.x APIs/targets (e.g., OutputDebugString target) are referenced in code or NLog configs.
• Add an explicit pin for Microsoft.Win32.SystemEvents to stabilize the fix across future transitive changes.

Apply:

   <ItemGroup>
     <PackageReference Include="Ben.Demystifier" Version="0.4.1" />
     <PackageReference Include="BitFaster.Caching" Version="2.5.3" />
     <PackageReference Include="CommunityToolkit.Mvvm" Version="8.4.0" />
     <PackageReference Include="Fody" Version="6.5.5">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
     <PackageReference Include="InputSimulator" Version="1.0.4" />
     <PackageReference Include="MemoryPack" Version="1.21.4" />
     <PackageReference Include="Microsoft.VisualStudio.Threading" Version="17.12.19" />
     <PackageReference Include="Microsoft.Windows.CsWin32" Version="0.3.183">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
     <PackageReference Include="NHotkey.Wpf" Version="3.0.0" />
     <PackageReference Include="NLog" Version="4.7.10" />
     <PackageReference Include="PropertyChanged.Fody" Version="3.4.0">
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
     <PackageReference Include="SharpVectors.Wpf" Version="1.8.4.2" />
     <PackageReference Include="System.Drawing.Common" Version="7.0.0" />
     <PackageReference Include="ToolGood.Words.Pinyin" Version="3.0.1.4" />
+    <PackageReference Include="Microsoft.Win32.SystemEvents" Version="7.0.0" />
   </ItemGroup>

To verify NLog/config, search for removed targets/usages:

---

🏁 Script executed:

#!/bin/bash
rg -n -i -C2 'OutputDebugString|NLog\.Target.*OutputDebugString|WriteToDebug|UseNLog5' --type-add 'xml:*.config' --type xml --type cs

Length of output: 547

---

🏁 Script executed:

#!/bin/bash
rg -n -C2 'SystemEvents' --type cs
rg -n -C2 'using Microsoft.Win32' --type cs

Length of output: 4982

---

Pin or restore the OutputDebugStringTarget in NLog
Log.cs line 43 instantiates OutputDebugStringTarget, which isn’t provided by NLog 4.7.10 and will throw at runtime. Either upgrade the NLog reference to ≥5.x or add the appropriate target package (e.g. NLog.Targets.Debugger) to your csproj.

🤖 Prompt for AI Agents

Flow.Launcher.Infrastructure/Flow.Launcher.Infrastructure.csproj lines 55-78:
the project references NLog 4.7.10 but Log.cs constructs OutputDebugStringTarget
which is not included in that NLog version and will throw at runtime; fix by
either updating the NLog PackageReference to a 5.x version that includes
OutputDebugStringTarget (bump Version to >=5.0.0) or add the appropriate targets
package by adding a PackageReference for NLog.Targets.Debugger (choose a
compatible version) to this ItemGroup so the OutputDebugStringTarget type is
available.

[coderabbitai]

🛠️ Refactor suggestion

SystemEvents version is only transitive. Consider direct pin.

System.Drawing.Common pulls Microsoft.Win32.SystemEvents 7.0.0 transitively. Make it explicit in the project to ensure future transitive updates don’t regress #3846.

🤖 Prompt for AI Agents

Flow.Launcher.Infrastructure/packages.lock.json around lines 100 to 107:
Microsoft.Win32.SystemEvents 7.0.0 is only pulled transitively via
System.Drawing.Common—make it an explicit direct dependency and pin its version
to 7.0.0 in the project file (e.g., add a PackageReference for
Microsoft.Win32.SystemEvents Version="7.0.0" with appropriate Include and
PrivateAssets as needed) so future transitive updates cannot change it.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

Flow.Launcher.Plugin/Flow.Launcher.Plugin.csproj (1)

70-84: Enforce locked restores in CI to prevent accidental drift.

Since this PR centers on NuGet restore behavior, consider enabling locked-mode in CI so package graphs can’t change unexpectedly.

Apply this diff (works with GitHub Actions, leaves local dev unchanged):

+  <PropertyGroup Condition="'$(CI)' == 'true'">
+    <RestoreLockedMode>true</RestoreLockedMode>
+  </PropertyGroup>

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 5285073 and 0cc36e5.

📒 Files selected for processing (2)

• Flow.Launcher.Plugin/Flow.Launcher.Plugin.csproj (2 hunks)
• Flow.Launcher.Plugin/packages.lock.json (2 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: taooceros
PR: Flow-Launcher/Flow.Launcher#2616
File: Flow.Launcher/Flow.Launcher.csproj:7-7
Timestamp: 2024-10-08T15:52:58.573Z
Learning: In the Flow Launcher project, the version number in the `Flow.Launcher.csproj` file is dynamically updated during the CI/CD process.

📚 Learning: 2024-10-08T15:52:58.573Z

Learnt from: taooceros
PR: Flow-Launcher/Flow.Launcher#2616
File: Flow.Launcher/Flow.Launcher.csproj:7-7
Timestamp: 2024-10-08T15:52:58.573Z
Learning: In the Flow Launcher project, the version number in the `Flow.Launcher.csproj` file is dynamically updated during the CI/CD process.

Applied to files:

• Flow.Launcher.Plugin/Flow.Launcher.Plugin.csproj
• Flow.Launcher.Plugin/packages.lock.json

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (3)

• GitHub Check: gitStream.cm
• GitHub Check: gitStream.cm
• GitHub Check: build

🔇 Additional comments (4)

Flow.Launcher.Plugin/Flow.Launcher.Plugin.csproj (2)

71-74: Downgrade to Fody 6.5.5 looks fine and matches the lockfile.

PrivateAssets=all avoids flowing the weaver to consumers. No functional risk spotted here.

---

81-83: PropertyChanged.Fody 3.4.0 compatibility verified
All FodyWeavers.xml files contain only <PropertyChanged />, and no [DependsOn], [AlsoNotifyFor], [DoNotNotify] or OnChangedMethodName attributes were found in the codebase.

Flow.Launcher.Plugin/packages.lock.json (2)

7-9: Lock pinned to Fody 6.5.5 — consistent with csproj.

Resolved version and hash align with the downgrade intent. Good.

---

40-45: Fody version unification verified
Both Flow.Launcher.Infrastructure/packages.lock.json and Flow.Launcher.Plugin/packages.lock.json resolve Fody to 6.5.5.

[gitstream-cm]

🥷 Code experts: no user but you matched threshold 10

Jack251970 has most 👩‍💻 activity in the files.
Jack251970 has most 🧠 knowledge in the files.

See details

Flow.Launcher.Core/Flow.Launcher.Core.csproj

Activity based on git-commit:

	Jack251970
AUG
JUL	3 additions & 3 deletions
JUN
MAY
APR
MAR

Knowledge based on git-blame:
Jack251970: 4%

Flow.Launcher.Core/packages.lock.json

Activity based on git-commit:

	Jack251970
AUG
JUL	103 additions & 64 deletions
JUN
MAY
APR
MAR

Knowledge based on git-blame:
Jack251970: 37%

Flow.Launcher.Plugin/Flow.Launcher.Plugin.csproj

Activity based on git-commit:

	Jack251970
AUG
JUL	5 additions & 4 deletions
JUN
MAY
APR	3 additions & 1 deletions
MAR

Knowledge based on git-blame:
Jack251970: 17%

Flow.Launcher.Plugin/packages.lock.json

Activity based on git-commit:

	Jack251970
AUG
JUL	26 additions & 26 deletions
JUN
MAY
APR
MAR

Knowledge based on git-blame:
Jack251970: 34%

Flow.Launcher/Flow.Launcher.csproj

Activity based on git-commit:

	Jack251970
AUG	84 additions & 43 deletions
JUL	7 additions & 8 deletions
JUN	5 additions & 0 deletions
MAY
APR	3 additions & 1 deletions
MAR	1 additions & 5 deletions

Knowledge based on git-blame:
Jack251970: 30%

Flow.Launcher/packages.lock.json

Activity based on git-commit:

	Jack251970
AUG
JUL	498 additions & 282 deletions
JUN
MAY
APR
MAR

Knowledge based on git-blame:
Jack251970: 56%

✨ Comment /gs review for LinearB AI review. Learn how to automate it here.

[coderabbitai]

Actionable comments posted: 1

♻️ Duplicate comments (3)

Flow.Launcher.Infrastructure/Flow.Launcher.Infrastructure.csproj (1)

77-78: Pin Microsoft.Win32.SystemEvents explicitly to prevent regressions (#3846).

System.Drawing.Common 7.0.0 pulls SystemEvents 7.0.0 transitively; make it direct to avoid future drift.

Apply:

   <ItemGroup>
     <PackageReference Include="Ben.Demystifier" Version="0.4.1" />
@@
     <PackageReference Include="NLog" Version="6.0.1" />
     <PackageReference Include="NLog.OutputDebugString" Version="6.0.1" />
@@
     <PackageReference Include="System.Drawing.Common" Version="7.0.0" />
+    <PackageReference Include="Microsoft.Win32.SystemEvents" Version="7.0.0" />
     <PackageReference Include="ToolGood.Words.Pinyin" Version="3.0.1.4" />
   </ItemGroup>

Flow.Launcher.Infrastructure/packages.lock.json (1)

111-117: SystemEvents is only transitive here—pin in csproj.

Lock shows Microsoft.Win32.SystemEvents 7.0.0 coming via System.Drawing.Common; add a direct PackageReference in the Infrastructure csproj to lock it.

Also applies to: 159-161

Flow.Launcher/packages.lock.json (1)

535-537: Centralize SystemEvents version management.

Add a single, explicit Microsoft.Win32.SystemEvents 7.0.0 pin at the solution level (Directory.Packages.props) or in each affected project to prevent future transitive bumps.

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

💡 Knowledge Base configuration:

• MCP integration is disabled by default for public repositories
• Jira integration is disabled by default for public repositories
• Linear integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between aef0993 and ec7b18f.

📒 Files selected for processing (4)

• Flow.Launcher.Core/packages.lock.json (8 hunks)
• Flow.Launcher.Infrastructure/Flow.Launcher.Infrastructure.csproj (2 hunks)
• Flow.Launcher.Infrastructure/packages.lock.json (4 hunks)
• Flow.Launcher/packages.lock.json (15 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: taooceros
PR: Flow-Launcher/Flow.Launcher#2616
File: Flow.Launcher/Flow.Launcher.csproj:7-7
Timestamp: 2024-10-08T15:52:58.573Z
Learning: In the Flow Launcher project, the version number in the `Flow.Launcher.csproj` file is dynamically updated during the CI/CD process.

📚 Learning: 2024-10-08T15:52:58.573Z

Learnt from: taooceros
PR: Flow-Launcher/Flow.Launcher#2616
File: Flow.Launcher/Flow.Launcher.csproj:7-7
Timestamp: 2024-10-08T15:52:58.573Z
Learning: In the Flow Launcher project, the version number in the `Flow.Launcher.csproj` file is dynamically updated during the CI/CD process.

Applied to files:

• Flow.Launcher.Infrastructure/Flow.Launcher.Infrastructure.csproj
• Flow.Launcher.Infrastructure/packages.lock.json
• Flow.Launcher/packages.lock.json
• Flow.Launcher.Core/packages.lock.json

🪛 GitHub Check: Check Spelling

Flow.Launcher.Core/packages.lock.json

[warning] 183-183:
Newtonsoft is not a recognized word. (unrecognized-spelling)

⏰ Context from checks skipped due to timeout of 90000ms. You can increase the timeout in your CodeRabbit configuration to a maximum of 15 minutes (900000ms). (1)

• GitHub Check: build

🔇 Additional comments (7)

Flow.Launcher.Infrastructure/Flow.Launcher.Infrastructure.csproj (2)

71-73: Good fix: NLog + OutputDebugString target aligned.

Moving to NLog 6.0.1 and adding NLog.OutputDebugString 6.0.1 resolves the missing OutputDebugStringTarget at runtime.

---

59-62: Confirm Fody/Weavers compatibility.

Downgrade to Fody 6.5.5; ensure FodyWeavers.xml and PropertyChanged.Fody usage are still valid. Clean obj/bin and restore to catch weaver breakages.

Flow.Launcher.Infrastructure/packages.lock.json (1)

28-31: Lock updates look consistent with csproj.

Fody 6.5.5 / PropertyChanged.Fody 3.4.0 and ToolGood.Words.Pinyin 3.0.1.4 align with the project file.

Also applies to: 96-101, 120-123

Flow.Launcher.Core/packages.lock.json (2)

51-63: Broad downgrades (StreamJsonRpc/Nerdbank/MessagePack/Newtonsoft) — validate API usage.

Run smoke tests for RPC, serialization, and JSON parsing paths to ensure no removed APIs or behavior changes impact plugins/IPC.

Also applies to: 175-182, 116-124, 185-187

---

16-25: FSharp.Core/Meziantou downgrades—check feature usage.

Ensure no code depends on APIs introduced after 9.0.201 (F#) or 3.4.0 (Jobs).

Flow.Launcher/packages.lock.json (2)

72-110: Microsoft.Extensions 7.x baseline—verify host wiring.

Confirm HostBuilder/config/logging code paths are compatible with the 7.x packages (options binding, logging providers).

---

609-622: Align StreamJsonRpc across projects.

Flow.Launcher resolves 2.21.10; ensure Core/Infrastructure match to avoid assembly binding issues at runtime.

[coderabbitai]

🛠️ Refactor suggestion

Also pin SystemEvents in Core or centrally.

SystemEvents 7.0.0 is transitive; add a direct PackageReference in Flow.Launcher.Core.csproj or centralize via Directory.Packages.props to keep versions uniform.

🤖 Prompt for AI Agents

Flow.Launcher.Core/packages.lock.json lines 165-166: SystemEvents is only pulled
transitively at 7.0.0—add a direct pin so the version stays explicit; either add
a PackageReference Include="SystemEvents" Version="7.0.0" to
Flow.Launcher.Core.csproj, or add a central entry in Directory.Packages.props
(e.g., <PackageVersion Include="SystemEvents" Version="7.0.0" />) and ensure the
project references it, then run dotnet restore/update lock file to commit the
pinned version.