Fuchs_Intranet/.github/upgrades/scenarios/new-dotnet-version_16123a/plan.md

.NET 10.0 Upgrade Plan — Fuchs Intranet Solution

Table of Contents

• 1. Executive Summary
• 2. Migration Strategy
• 3. Detailed Dependency Analysis
• 4. Project-by-Project Migration Plans
  • 4.1 MT940Parser.csproj
  • 4.2 MFR_RESTClient.vbproj
  • 4.3 Fuchs_DataService.vbproj
  • 4.4 Fuchs.vbproj
  • 4.5 Fuchs.Tests (New)
• 5. Package Update Reference
• 6. Breaking Changes Catalog
• 7. Risk Management
• 8. Testing & Validation Strategy
• 9. Complexity & Effort Assessment
• 10. Source Control Strategy
• 11. Success Criteria

---

1. Executive Summary

Scenario

Upgrade the Fuchs Intranet solution from .NET Framework 4.8 to .NET 10.0 (LTS). The solution contains 4 existing projects (3 VB.NET + 1 C#), all currently targeting .NET Framework 4.8 except MT940Parser which multi-targets netstandard2.0 and net472. As part of the upgrade, a new C# unit test project (Fuchs.Tests) will be created to provide automated validation coverage.

Scope

Metric	Value
Total Projects	4 (+1 new test project)
Total NuGet Packages	75 (32 require action)
Total Lines of Code	10,521
Total Issues	439 (164 mandatory, 252 potential, 23 optional)
Estimated LOC to Modify	358+ (3.4% of codebase)
Security Vulnerabilities	5 packages with known CVEs
Projects Needing SDK-style Conversion	3 of 4

Selected Strategy

All-At-Once Strategy — All projects upgraded simultaneously in a single atomic operation.

Rationale:

• 4 projects (small solution, well under 30-project threshold)
• All currently on .NET Framework 4.8 (homogeneous)
• Clean dependency structure with no circular dependencies
• Dependency depth of only 3 levels
• All packages have known target versions, clear replacements, or are framework-included

Complexity Classification

Simple — 4 projects, dependency depth ≤ 2, clean dependency graph, no circular dependencies. This enables a fast-batch approach with 2–3 detail iterations.

Critical Issues

1. SDK-style conversion required: 3 of 4 projects must be converted from classic to SDK-style project format before framework upgrade
2. ASP.NET Framework → ASP.NET Core: Fuchs.vbproj is a WAP (Web Application Project) using System.Web, requiring migration to ASP.NET Core patterns
3. Incompatible packages: 17 packages have no compatible version for .NET 10.0 — require replacement or removal
4. Security vulnerabilities: BouncyCastle.Cryptography, Microsoft.IdentityModel.JsonWebTokens, MimeKit, RestSharp, System.IdentityModel.Tokens.Jwt, and TinyMCE have known CVEs
5. Deprecated packages: Microsoft.Data.OData, Microsoft.IdentityModel.Abstractions/Logging/Tokens, Microsoft.IdentityModel.Clients.ActiveDirectory, Microsoft.Rest.ClientRuntime — require replacement strategies
6. WCF usage: MFR_RESTClient uses WCF services that may need CoreWCF migration
7. GDI+/System.Drawing: Fuchs.vbproj uses System.Drawing which has limited cross-platform support on .NET 10.0

Iteration Strategy

Phase 1 (Foundation): Skeleton, classification, strategy — 3 iterations Phase 2 (Foundation): Dependency analysis, strategy detail, project stubs — 3 iterations Phase 3 (Details): All project details batched in 2–3 iterations (simple classification)

---

2. Migration Strategy

Approach: All-At-Once

All 4 projects are upgraded simultaneously in a single coordinated operation. There are no intermediate states — the solution moves atomically from .NET Framework 4.8 to .NET 10.0.

Justification

Factor	Assessment	Supports All-At-Once
Project count	4 projects	✅ Well under 30-project threshold
Framework uniformity	All net48 (except MT940Parser multi-target)	✅ Homogeneous
Dependency structure	Clean 3-level DAG, no cycles	✅ Simple
Total LOC	10,521	✅ Small codebase
Package compatibility	All packages have known paths	✅ Clear
Test projects	New Fuchs.Tests project to be created	✅ Automated validation via xUnit

All-At-Once Strategy Rationale

• Fastest completion: No multi-targeting complexity or intermediate build states
• Clean dependency resolution: All projects move together, avoiding version conflicts between upgraded and non-upgraded projects
• No intermediate states: The solution is either fully on .NET Framework 4.8 or fully on .NET 10.0
• Unified upgrade: All package references updated atomically, preventing dependency conflicts

Execution Sequence (Within Single Atomic Operation)

1. Convert all 3 classic projects to SDK-style (MT940Parser is already SDK-style)
2. Update TargetFramework in all 4 project files simultaneously
3. Update all package references across all projects
4. Remove packages now included in framework (System.Buffers, System.Memory, etc.)
5. Restore dependencies (dotnet restore)
6. Build solution and fix all compilation errors — address breaking changes from ASP.NET Framework → ASP.NET Core, System.Drawing, Configuration, SqlClient namespace changes
7. Verify solution builds with 0 errors
8. Create Fuchs.Tests project — new xUnit test project targeting net10.0, add to solution
9. Write initial test suite — cover MT940 parsing, data models, business logic
10. Run all tests — dotnet test, verify all pass

Parallel vs. Sequential

Within the atomic operation, project file edits can happen in parallel (they are independent file modifications). Build and fix cycles are inherently sequential since compilation errors must be identified before they can be fixed.

---

3. Detailed Dependency Analysis

Dependency Graph

Level 0 (Foundation — no project dependencies):
  ├── MT940Parser.csproj          [netstandard2.0;net472] — ClassLibrary, SDK-style
  └── MFR_RESTClient.vbproj       [net48]                 — ClassicWinForms, Classic-style

Level 1 (depends on Level 0 only):
  └── Fuchs_DataService.vbproj    [net48]                 — ClassicDotNetApp, Classic-style
       └── depends on: MFR_RESTClient

Level 2 (depends on Levels 0–1):
  └── Fuchs.vbproj                [net48]                 — WAP (ASP.NET MVC), Classic-style
       └── depends on: MT940Parser, Fuchs_DataService, MFR_RESTClient

Level 3 (test — depends on all):
  └── Fuchs.Tests.csproj          [NEW → net10.0]         — xUnit test project, C#
       └── depends on: MT940Parser, MFR_RESTClient, Fuchs_DataService, Fuchs

Project Groupings (All-At-Once — Single Atomic Operation)

Since all 4 projects are upgraded simultaneously, the dependency levels serve as context for understanding impact, not as separate phases:

Level	Projects	Role
0	MT940Parser.csproj, MFR_RESTClient.vbproj	Foundation libraries — no downstream dependencies
1	Fuchs_DataService.vbproj	Middle layer — data service consuming MFR_RESTClient
2	Fuchs.vbproj	Top-level web application — consumes all other projects

Critical Path

The critical path runs through: MFR_RESTClient → Fuchs_DataService → Fuchs

• MFR_RESTClient is referenced by both Fuchs_DataService and Fuchs directly
• MT940Parser is only referenced by Fuchs and is already SDK-style with minimal changes needed
• Breaking changes in MFR_RESTClient (WCF, RestSharp, deprecated packages) will cascade to its dependants

Circular Dependencies

None detected. The dependency graph is a clean DAG (Directed Acyclic Graph).

---

4. Project-by-Project Migration Plans

4.1 MT940Parser.csproj

Current State: netstandard2.0;net472 | SDK-style | ClassLibrary | 1,342 LOC | 15 files | 0 API issues | 1 package (NETStandard.Library transitive) Target State: netstandard2.0;net472;net10.0 (append new target framework) Risk Level: 🟢 Low Complexity: Low

Prerequisites

• None — project is already SDK-style

Framework Update

• Append net10.0 to the existing <TargetFrameworks> element:
  • Before: <TargetFrameworks>netstandard2.0;net472</TargetFrameworks>
  • After: <TargetFrameworks>netstandard2.0;net472;net10.0</TargetFrameworks>

Package Updates

• No package changes required — NETStandard.Library is a transitive dependency and compatible

Expected Breaking Changes

• None — 0 API issues detected, fully compatible

Code Modifications

• None expected

Validation Checklist

• net10.0 target added to TargetFrameworks
• Builds without errors for all 3 target frameworks
• Builds without warnings
• No new dependency conflicts

4.2 MFR_RESTClient.vbproj

Current State: net48 | Classic-style | ClassicWinForms | 621 LOC | 13 files | 26 API issues | 38 package issues Target State: net10.0-windows | SDK-style Risk Level: 🟡 Medium Complexity: Medium

Prerequisites

• Convert from classic to SDK-style project format (Project.0001)
• Project is classified as ClassicWinForms — use Microsoft.NET.Sdk.WindowsDesktop or Microsoft.NET.Sdk with <UseWindowsForms>true</UseWindowsForms> if WinForms references are needed, otherwise use Microsoft.NET.Sdk

Framework Update

• Before: <TargetFrameworkVersion>v4.8</TargetFrameworkVersion> (classic format)
• After: <TargetFramework>net10.0-windows</TargetFramework> (SDK-style)

Package Updates

Remove (included in framework):

• Microsoft.AspNet.WebApi (5.2.9)
• Microsoft.NETCore.Platforms (7.0.4)
• System.Buffers (4.5.1)
• System.IO (4.3.0)
• System.Memory (4.5.5)
• System.Net.Http (4.3.4)
• System.Numerics.Vectors (4.5.0)
• System.Runtime (4.3.1)
• System.Security.Cryptography.Algorithms (4.3.1)
• System.Security.Cryptography.Encoding (4.3.0)
• System.Security.Cryptography.Primitives (4.3.0)
• System.Security.Cryptography.X509Certificates (4.3.2)
• System.Text.Encoding (4.3.0)
• System.Threading.Tasks.Extensions (4.5.4)
• System.ValueTuple (4.5.0)

Update:

• Microsoft.Bcl.AsyncInterfaces: 7.0.0 → 10.0.5
• Microsoft.IdentityModel.JsonWebTokens: 7.0.2 → 8.17.0 (🔒 security)
• Newtonsoft.Json: 13.0.3 → 13.0.4
• RestSharp: 110.2.0 → 114.0.0 (🔒 security)
• System.IdentityModel.Tokens.Jwt: 7.0.2 → 8.17.0 (🔒 security)
• System.Runtime.CompilerServices.Unsafe: 6.0.0 → 6.1.2
• System.Text.Encodings.Web: 7.0.0 → 10.0.5
• System.Text.Json: 7.0.3 → 10.0.5

Remove/Replace (incompatible):

• Microsoft.AspNet.WebApi.Core (5.2.9) — no supported version; remove if not directly used, or replace with ASP.NET Core Web API
• Microsoft.AspNet.WebApi.WebHost (5.2.9) — no supported version; remove
• Microsoft.WindowsAzure.ConfigurationManager (3.2.3) — replace with Microsoft.Extensions.Configuration
• WindowsAzure.ServiceBus (6.2.2) — replace with Azure.Messaging.ServiceBus

Review (deprecated):

• Microsoft.Data.OData (5.8.5) — deprecated; evaluate if still needed
• Microsoft.IdentityModel.Abstractions (7.0.2) — deprecated
• Microsoft.IdentityModel.Clients.ActiveDirectory (5.3.0) — deprecated; replace with Microsoft.Identity.Client (MSAL)
• Microsoft.IdentityModel.Logging (7.0.2) — deprecated
• Microsoft.IdentityModel.Tokens (7.0.2) — deprecated
• Microsoft.Rest.ClientRuntime (2.3.24) — deprecated

Keep (compatible):

• Microsoft.AspNet.SignalR.Client (2.4.3)
• Microsoft.AspNet.WebApi.Client (5.2.9)
• Microsoft.Azure.Services.AppAuthentication (1.6.2)
• Microsoft.Data.Edm (5.8.5)
• Microsoft.Data.Services.Client (5.8.5)
• Microsoft.NETCore.Targets (5.0.0)
• Portable.BouncyCastle — if used transitively
• System.Private.Uri (4.3.2)
• System.Spatial (5.8.5)

Expected Breaking Changes

• Legacy Configuration (6 issues): ConfigurationManager usage needs System.Configuration.ConfigurationManager NuGet or migration to Microsoft.Extensions.Configuration
• System.Uri behavioral change (18 issues): URI parsing behavior may differ — test URL handling code
• Source incompatible APIs (8 issues): SqlClient types, vbNewLine deprecation
• WCF services (UpgradeScenario.0040): Evaluate if WCF references are used; migrate to CoreWCF if needed

Code Modifications

• Replace Imports System.Data.SqlClient with Imports Microsoft.Data.SqlClient
• Replace vbNewLine with Environment.NewLine where flagged
• Update RestSharp API calls for v114 compatibility
• Update ConfigurationManager references
• ⚠️ Review WCF service references and determine if CoreWCF migration is needed

Validation Checklist

• Converted to SDK-style project
• TargetFramework set to net10.0-windows
• All incompatible packages removed/replaced
• All security vulnerability packages updated
• Builds without errors
• Builds without warnings
• No dependency conflicts

4.3 Fuchs_DataService.vbproj

Current State: net48 | Classic-style | ClassicDotNetApp | 2,281 LOC | 13 files | 108 API issues | 4 package issues Target State: net10.0 | SDK-style Risk Level: 🔴 High Complexity: Medium

Prerequisites

• Convert from classic to SDK-style project format (Project.0001)
• Depends on MFR_RESTClient — must be updated as part of the same atomic operation

Framework Update

• Before: <TargetFrameworkVersion>v4.8</TargetFrameworkVersion> (classic format)
• After: <TargetFramework>net10.0</TargetFramework> (SDK-style)

Package Updates

Remove (included in framework):

• Microsoft.AspNet.Razor (3.2.9)
• Microsoft.Web.Infrastructure (2.0.0)
• System.Runtime.InteropServices.RuntimeInformation (4.3.0)

Update:

• Newtonsoft.Json: 13.0.3 → 13.0.4

Keep (compatible):

• Squid-Box.SevenZipSharp (1.6.1.23)
• Topshelf (4.3.0)

Expected Breaking Changes

• Legacy Configuration System (23 issues): Heavy use of ConfigurationManager, ApplicationSettingsBase, ConnectionStringSettingsCollection, ConnectionStringSettings — the most impacted area. Requires System.Configuration.ConfigurationManager NuGet package or migration to Microsoft.Extensions.Configuration.
• SqlClient namespace (87+ source incompatible): System.Data.SqlClient → Microsoft.Data.SqlClient across 6 affected files
• Binary incompatible APIs (16 issues): DirectoryInfo.FullName, My.Computer.FileSystem (FileSystemProxy) — may need alternative implementations
• ASP.NET references (2 issues): Minor System.Web usage — remove or replace
• System.Uri behavioral change (5 issues): URI parsing differences

Code Modifications

• Add NuGet reference to Microsoft.Data.SqlClient
• Replace Imports System.Data.SqlClient with Imports Microsoft.Data.SqlClient across all files
• Add NuGet reference to System.Configuration.ConfigurationManager (bridge package) or migrate to Microsoft.Extensions.Configuration
• Replace My.Computer.FileSystem calls with System.IO.File / System.IO.Directory equivalents
• Remove any System.Web references — replace with modern equivalents
• Replace vbNewLine with Environment.NewLine where flagged

Validation Checklist

• Converted to SDK-style project
• TargetFramework set to net10.0
• All packages updated/removed per package update table
• SqlClient namespace migrated
• Configuration system bridged or migrated
• My.Computer.FileSystem replaced
• Builds without errors
• Builds without warnings
• No dependency conflicts

4.4 Fuchs.vbproj

Current State: net48 | Classic-style | WAP (ASP.NET MVC) | 6,277 LOC | 485 files | 224 API issues | 29 package issues Target State: net10.0 | SDK-style Risk Level: 🔴 High Complexity: High

Prerequisites

• Convert from classic WAP to SDK-style project format (Project.0001)
• This is the top-level application — depends on all other projects (MT940Parser, Fuchs_DataService, MFR_RESTClient)
• WAP → ASP.NET Core conversion is the most complex part of the entire upgrade

Framework Update

• Before: <TargetFrameworkVersion>v4.8</TargetFrameworkVersion> (classic WAP format)
• After: <TargetFramework>net10.0</TargetFramework> (SDK-style with Microsoft.NET.Sdk.Web)

Package Updates

Remove (included in framework / ASP.NET Core):

• Microsoft.AspNet.Mvc (5.2.9) — replaced by Microsoft.AspNetCore.Mvc
• Microsoft.AspNet.Razor (3.2.9)
• Microsoft.AspNet.TelemetryCorrelation (1.0.8)
• Microsoft.AspNet.WebPages (3.2.9)
• Microsoft.CodeDom.Providers.DotNetCompilerPlatform (4.1.0)
• Microsoft.Web.Infrastructure (2.0.0)
• System.Buffers (4.5.1)
• System.Data.DataSetExtensions (4.5.0)
• System.Memory (4.5.5)
• System.Numerics.Vectors (4.5.0)
• System.Threading.Tasks.Extensions (4.5.4)
• System.ValueTuple (4.5.0)

Update:

• BouncyCastle.Cryptography: 2.3.0 → 2.6.2 (🔒 security)
• MimeKit: 4.4.0 → 4.15.1 (🔒 security)
• Newtonsoft.Json: 13.0.3 → 13.0.4
• PDFsharp: 1.50.5147 → 6.2.4 (incompatible — major upgrade)
• PDFsharp-MigraDoc: 1.50.5147 → 6.2.4 (incompatible — major upgrade)
• System.Diagnostics.DiagnosticSource: 7.0.2 → 10.0.5
• System.Formats.Asn1: 8.0.0 → 10.0.5
• System.Runtime.CompilerServices.Unsafe: 6.0.0 → 6.1.2
• System.Text.Encoding.CodePages: 7.0.0 → 10.0.5
• TinyMCE: 6.3.1 → 8.3.2 (🔒 security)

Remove/Replace (incompatible):

• ImageProcessor (2.9.1) — Replace with SixLabors.ImageSharp or SkiaSharp
• ImageProcessor.Plugins.WebP (1.3.0) — Replace (ImageSharp supports WebP natively)
• ImageProcessor.Web (4.12.1) — Replace with custom middleware or ImageSharp.Web
• ImageProcessor.Web.Config (2.6.0) — Replace

Keep (compatible):

• BouncyCastle (1.8.9)
• HtmlAgilityPack (1.11.54)
• jQuery (3.7.1)
• jQuery.Validation (1.19.5)
• MailKit (4.4.0)
• Microsoft.IO.RecyclableMemoryStream (2.3.2)
• Microsoft.jQuery.Unobtrusive.Validation (4.0.0)
• Modernizr (2.8.3)
• Portable.BouncyCastle (1.9.0)
• QRCoder (1.4.3)
• Spire.PDF (8.10.5)
• Squid-Box.SevenZipSharp (1.6.1.23)

New packages to add:

• Microsoft.Data.SqlClient — replacement for System.Data.SqlClient
• System.Drawing.Common — for GDI+ compatibility on .NET 10.0 (Windows only)
• SixLabors.ImageSharp (or SkiaSharp) — replacement for ImageProcessor

Expected Breaking Changes

ASP.NET Framework → ASP.NET Core (123 issues — 54% of this project's issues):

• System.Web.Mvc.ContentResult → Microsoft.AspNetCore.Mvc.ContentResult (9 constructor + property changes)
• System.Web.Mvc.HttpStatusCodeResult → Microsoft.AspNetCore.Mvc.StatusCodeResult (11 issues)
• System.Web.Mvc.ViewResult → Microsoft.AspNetCore.Mvc.ViewResult (1 issue)
• System.Web.Mvc.UrlParameter → ASP.NET Core routing equivalents (9 issues)
• System.Web.Mvc.GlobalFilterCollection → IServiceCollection filter registration (2 issues)
• System.Web.Routing.Route / RouteCollection → ASP.NET Core endpoint routing (7 issues)
• System.Web.HttpPostedFile / HttpPostedFileWrapper → IFormFile (9 issues)
• Application startup: Global.asax → Program.cs / Startup.cs
• Route configuration: RouteConfig.cs → Endpoint routing in Program.cs
• Filter registration: FilterConfig.cs → Service collection configuration

Legacy Configuration (19 issues):

• ConfigurationManager.ConnectionStrings → IConfiguration / appsettings.json
• ConfigurationManager.AppSettings → IConfiguration / appsettings.json

GDI+ / System.Drawing (14 issues):

• System.Drawing.Bitmap, System.Drawing.Imaging.ImageFormat — require System.Drawing.Common NuGet
• Bitmap.SetPixel — compatible via System.Drawing.Common but Windows-only

SqlClient (37+ issues):

• System.Data.SqlClient.SqlParameter constructors (37 occurrences)
• System.Data.SqlClient.SqlConnection (10 occurrences)
• System.Data.SqlClient.SqlCommand (3 occurrences)

PDFsharp/MigraDoc 1.50 → 6.2.4:

• MigraDoc.DocumentObjectModel.Document API may have changed
• MigraDoc.Rendering.PdfDocumentRenderer — rendering pipeline restructured
• PdfDocument.Save() method signature may differ
• All PDF generation code in fuchs_fds_pdf.vb and fuchs_intranet.vb needs review

Other:

• vbNewLine deprecated (11 issues) → use Environment.NewLine
• My.Computer.FileSystem (3 issues) → use System.IO directly

Code Modifications

High Priority — Structural Changes:

1. Create Program.cs (or Program.vb) with ASP.NET Core host builder
2. Migrate Global.asax application startup to Program.cs/Startup.cs
3. Migrate RouteConfig to ASP.NET Core endpoint routing
4. Migrate FilterConfig to service collection registration
5. Convert web.config settings to appsettings.json

High Priority — Namespace Changes: 6. Replace all Imports System.Web.Mvc with Imports Microsoft.AspNetCore.Mvc 7. Replace all Imports System.Data.SqlClient with Imports Microsoft.Data.SqlClient 8. Replace HttpPostedFile/HttpPostedFileWrapper with IFormFile 9. Replace System.Web.Routing with ASP.NET Core routing

Medium Priority — Package Migration: 10. Replace ImageProcessor usage with SixLabors.ImageSharp (or SkiaSharp) 11. Update PDFsharp/MigraDoc code to v6.2.4 API 12. Add System.Drawing.Common NuGet for remaining GDI+ usage

Low Priority — Code Cleanup: 13. Replace vbNewLine with Environment.NewLine 14. Replace My.Computer.FileSystem with System.IO equivalents 15. Update ConfigurationManager references to use IConfiguration

Validation Checklist

• Converted to SDK-style project (Microsoft.NET.Sdk.Web)
• TargetFramework set to net10.0
• Program.cs/Startup.cs created with ASP.NET Core host
• All ASP.NET MVC controllers migrated to ASP.NET Core MVC
• Route configuration migrated to endpoint routing
• All incompatible packages removed/replaced
• All security vulnerability packages updated
• ImageProcessor replaced with alternative
• PDFsharp/MigraDoc code updated for v6.x
• SqlClient namespace migrated
• System.Drawing.Common added for GDI+ usage
• web.config settings migrated to appsettings.json
• Builds without errors
• Builds without warnings
• No dependency conflicts

4.5 Fuchs.Tests (New)

Current State: Does not exist — no automated test coverage in the solution Target State: net10.0 | SDK-style | xUnit test project | C# Risk Level: 🟢 Low Complexity: Low

Purpose

Create a new C# xUnit test project to provide automated validation of critical business logic after the .NET 10.0 upgrade. This project bridges the gap identified in the assessment: zero existing test coverage.

Project Setup

• Project Name: Fuchs.Tests
• Location: Fuchs.Tests\Fuchs.Tests.csproj (in solution root)
• SDK: Microsoft.NET.Sdk
• Target Framework: net10.0
• Test Framework: xUnit (latest stable)
• Language: C# (aligns with modern .NET ecosystem; can reference VB.NET projects)

Package References

Package	Version	Purpose
Microsoft.NET.Test.Sdk	latest	Test host infrastructure
xunit	latest	Test framework
xunit.runner.visualstudio	latest	Visual Studio test runner
Moq	latest	Mocking framework for isolating dependencies
coverlet.collector	latest	Code coverage collection

Project References

• Fuchs.vbproj — test the main web application logic
• Fuchs_DataService.vbproj — test data service business logic
• MFR_RESTClient.vbproj — test REST client utilities
• MT940Parser.csproj — test MT940 parsing logic

Test Coverage Strategy

Priority 1 — MT940Parser (highest testability):

• MT940 statement parsing correctness
• Edge cases: empty files, malformed records, multi-statement files
• Currency/amount parsing across cultures

Priority 2 — Data Service Logic (Fuchs_DataService):

• SQL parameter construction helpers
• Configuration value resolution
• Business logic that can be tested without database

Priority 3 — REST Client (MFR_RESTClient):

• Request construction and parameter serialization
• Response deserialization
• Error handling paths

Priority 4 — Web Application (Fuchs):

• Invoice data model properties and calculations
• Reminder data model properties
• PDF text block construction
• Address parsing and HTML-decode logic (e.g., raw_InvoiceAddress, raw_ProvisionLocation)

Validation Checklist

• Fuchs.Tests.csproj created with xUnit, net10.0
• Project added to solution
• References to all 4 projects added
• Initial test suite passes
• Tests execute via dotnet test

---

5. Package Update Reference

Common Package Updates (affecting multiple projects)

Package	Current	Target	Projects Affected	Action	Reason
Newtonsoft.Json	13.0.3	13.0.4	3 (Fuchs, Fuchs_DataService, MFR_RESTClient)	Update	Recommended upgrade
System.Runtime.CompilerServices.Unsafe	6.0.0	6.1.2	2 (Fuchs, MFR_RESTClient)	Update	Recommended upgrade
System.Buffers	4.5.1	—	2 (Fuchs, MFR_RESTClient)	Remove	Included in framework
System.Memory	4.5.5	—	2 (Fuchs, MFR_RESTClient)	Remove	Included in framework
System.Numerics.Vectors	4.5.0	—	2 (Fuchs, MFR_RESTClient)	Remove	Included in framework
System.Threading.Tasks.Extensions	4.5.4	—	2 (Fuchs, MFR_RESTClient)	Remove	Included in framework
System.ValueTuple	4.5.0	—	2 (Fuchs, MFR_RESTClient)	Remove	Included in framework
Squid-Box.SevenZipSharp	1.6.1.23	—	2 (Fuchs, Fuchs_DataService)	Keep	Compatible
Microsoft.Web.Infrastructure	2.0.0	—	2 (Fuchs, Fuchs_DataService)	Remove	Included in framework
Microsoft.AspNet.Razor	3.2.9	—	2 (Fuchs, Fuchs_DataService)	Remove	Included in framework

Security Vulnerability Updates (Critical)

Package	Current	Target	Project	Action	Reason
BouncyCastle.Cryptography	2.3.0	2.6.2	Fuchs	Update	🔒 Security vulnerability
Microsoft.IdentityModel.JsonWebTokens	7.0.2	8.17.0	MFR_RESTClient	Update	🔒 Security vulnerability
MimeKit	4.4.0	4.15.1	Fuchs	Update	🔒 Security vulnerability
RestSharp	110.2.0	114.0.0	MFR_RESTClient	Update	🔒 Security vulnerability
System.IdentityModel.Tokens.Jwt	7.0.2	8.17.0	MFR_RESTClient	Update	🔒 Security vulnerability
TinyMCE	6.3.1	8.3.2	Fuchs	Update	🔒 Security vulnerability

Fuchs.vbproj Package Updates

Package	Current	Target	Action	Reason
BouncyCastle	1.8.9	1.8.9	Keep/Update	Security vulnerability (same version flagged)
BouncyCastle.Cryptography	2.3.0	2.6.2	Update	Security vulnerability
HtmlAgilityPack	1.11.54	—	Keep	Compatible
ImageProcessor	2.9.1	—	Remove/Replace	Incompatible — replace with ImageSharp or SkiaSharp
ImageProcessor.Plugins.WebP	1.3.0	—	Remove/Replace	Incompatible — replace with ImageSharp or SkiaSharp
ImageProcessor.Web	4.12.1	—	Remove/Replace	Incompatible — replace with ImageSharp or SkiaSharp
ImageProcessor.Web.Config	2.6.0	—	Remove/Replace	Incompatible — replace with ImageSharp or SkiaSharp
jQuery	3.7.1	—	Keep	Compatible
jQuery.Validation	1.19.5	—	Keep	Compatible
MailKit	4.4.0	—	Keep	Compatible
Microsoft.AspNet.Mvc	5.2.9	—	Remove	Included in framework (ASP.NET Core)
Microsoft.AspNet.TelemetryCorrelation	1.0.8	—	Remove	Incompatible; functionality in ASP.NET Core
Microsoft.AspNet.WebPages	3.2.9	—	Remove	Included in framework
Microsoft.CodeDom.Providers.DotNetCompilerPlatform	4.1.0	—	Remove	Included in framework
Microsoft.IO.RecyclableMemoryStream	2.3.2	—	Keep	Compatible
Microsoft.jQuery.Unobtrusive.Validation	4.0.0	—	Keep	Compatible
MimeKit	4.4.0	4.15.1	Update	Security vulnerability
Modernizr	2.8.3	—	Keep	Compatible
PDFsharp	1.50.5147	6.2.4	Update	Incompatible — major version upgrade
PDFsharp-MigraDoc	1.50.5147	6.2.4	Update	Incompatible — major version upgrade
Portable.BouncyCastle	1.9.0	—	Keep	Compatible
QRCoder	1.4.3	—	Keep	Compatible
Spire.PDF	8.10.5	—	Keep	Compatible
System.Data.DataSetExtensions	4.5.0	—	Remove	Included in framework
System.Diagnostics.DiagnosticSource	7.0.2	10.0.5	Update	Recommended upgrade
System.Formats.Asn1	8.0.0	10.0.5	Update	Recommended upgrade
System.Text.Encoding.CodePages	7.0.0	10.0.5	Update	Recommended upgrade
TinyMCE	6.3.1	8.3.2	Update	Security vulnerability

MFR_RESTClient.vbproj Package Updates

Package	Current	Target	Action	Reason
Microsoft.AspNet.SignalR.Client	2.4.3	—	Keep	Compatible
Microsoft.AspNet.WebApi	5.2.9	—	Remove	Included in framework
Microsoft.AspNet.WebApi.Client	5.2.9	—	Keep	Compatible
Microsoft.AspNet.WebApi.Core	5.2.9	—	Remove/Replace	Incompatible — no supported version
Microsoft.AspNet.WebApi.WebHost	5.2.9	—	Remove/Replace	Incompatible — no supported version
Microsoft.Azure.Services.AppAuthentication	1.6.2	—	Keep	Compatible
Microsoft.Bcl.AsyncInterfaces	7.0.0	10.0.5	Update	Recommended upgrade
Microsoft.Data.Edm	5.8.5	—	Keep	Compatible
Microsoft.Data.OData	5.8.5	—	Review	⚠️ Deprecated — find replacement
Microsoft.Data.Services.Client	5.8.5	—	Keep	Compatible
Microsoft.IdentityModel.Abstractions	7.0.2	—	Review	⚠️ Deprecated
Microsoft.IdentityModel.Clients.ActiveDirectory	5.3.0	—	Replace	⚠️ Deprecated — use Microsoft.Identity.Client (MSAL)
Microsoft.IdentityModel.JsonWebTokens	7.0.2	8.17.0	Update	Security vulnerability
Microsoft.IdentityModel.Logging	7.0.2	—	Review	⚠️ Deprecated
Microsoft.IdentityModel.Tokens	7.0.2	—	Review	⚠️ Deprecated
Microsoft.NETCore.Platforms	7.0.4	—	Remove	Included in framework
Microsoft.NETCore.Targets	5.0.0	—	Keep	Compatible
Microsoft.Rest.ClientRuntime	2.3.24	—	Review	⚠️ Deprecated — find replacement
Microsoft.WindowsAzure.ConfigurationManager	3.2.3	—	Replace	Incompatible — use Microsoft.Extensions.Configuration
RestSharp	110.2.0	114.0.0	Update	Security vulnerability
System.IdentityModel.Tokens.Jwt	7.0.2	8.17.0	Update	Security vulnerability
System.IO	4.3.0	—	Remove	Included in framework
System.Net.Http	4.3.4	—	Remove	Included in framework
System.Private.Uri	4.3.2	—	Keep	Compatible
System.Runtime	4.3.1	—	Remove	Included in framework
System.Security.Cryptography.Algorithms	4.3.1	—	Remove	Included in framework
System.Security.Cryptography.Encoding	4.3.0	—	Remove	Included in framework
System.Security.Cryptography.Primitives	4.3.0	—	Remove	Included in framework
System.Security.Cryptography.X509Certificates	4.3.2	—	Remove	Included in framework
System.Spatial	5.8.5	—	Keep	Compatible
System.Text.Encoding	4.3.0	—	Remove	Included in framework
System.Text.Encodings.Web	7.0.0	10.0.5	Update	Recommended upgrade
System.Text.Json	7.0.3	10.0.5	Update	Recommended upgrade
WindowsAzure.ServiceBus	6.2.2	—	Replace	Incompatible — use Azure.Messaging.ServiceBus

Fuchs_DataService.vbproj Package Updates

Package	Current	Target	Action	Reason
Microsoft.AspNet.Razor	3.2.9	—	Remove	Included in framework
Microsoft.Web.Infrastructure	2.0.0	—	Remove	Included in framework
Newtonsoft.Json	13.0.3	13.0.4	Update	Recommended upgrade
Squid-Box.SevenZipSharp	1.6.1.23	—	Keep	Compatible
System.Runtime.InteropServices.RuntimeInformation	4.3.0	—	Remove	Included in framework
Topshelf	4.3.0	—	Keep	Compatible

MT940Parser.csproj Package Updates

Package	Current	Target	Action	Reason
NETStandard.Library	2.0.3 (transitive)	—	Keep	Compatible

---

6. Breaking Changes Catalog

Framework Breaking Changes

Category	Issue Count	Impact	Description
System.Data.SqlClient → Microsoft.Data.SqlClient	72+	Source Incompatible	SqlParameter, SqlConnection, SqlCommand constructors and types moved to Microsoft.Data.SqlClient namespace. All Imports System.Data.SqlClient / using System.Data.SqlClient must change.
System.Web.Mvc → Microsoft.AspNetCore.Mvc	101+	Binary Incompatible	ContentResult, HttpStatusCodeResult, ViewResult, UrlParameter, GlobalFilterCollection, RouteCollection — all ASP.NET MVC types replaced by ASP.NET Core equivalents
System.Configuration.ConfigurationManager	48	Source Incompatible	ApplicationSettingsBase, ConnectionStringSettingsCollection, ConfigurationManager.AppSettings/ConnectionStrings — available via NuGet System.Configuration.ConfigurationManager or migrate to Microsoft.Extensions.Configuration
Microsoft.VisualBasic.Constants	11	Source Incompatible	vbNewLine — deprecated in modern .NET; replace with Environment.NewLine or vbCrLf
System.Uri	23	Behavioral Change	URI parsing behavior changes in .NET 10.0 — may affect URL construction/comparison
System.Drawing / GDI+	14	Source Incompatible	Bitmap, ImageFormat types — require System.Drawing.Common NuGet on .NET 10.0; Windows-only
System.Web.HttpPostedFile / HttpPostedFileWrapper	9	Source Incompatible	File upload types replaced by IFormFile in ASP.NET Core
System.Web.Routing	5	Binary Incompatible	Route, RouteCollection — replaced by ASP.NET Core routing
Microsoft.VisualBasic.MyServices.FileSystemProxy	3	Binary Incompatible	My.Computer.FileSystem — may have limited support; use System.IO directly
System.TimeSpan.FromMilliseconds	2	Source Incompatible	Overload resolution may change

Package Breaking Changes

Package	Change	Impact
PDFsharp 1.50 → 6.2.4	Major version upgrade. API restructured; namespace changes; PdfDocument, PdfPage APIs may differ. MigraDoc rendering API changed.	High — review PDFsharp 6.x migration guide
RestSharp 110.2 → 114.0	API changes in request/response handling	Medium — review changelog
ImageProcessor → (replacement)	Package removed entirely; no .NET 10 version	High — must replace with alternative (ImageSharp, SkiaSharp)
WindowsAzure.ServiceBus → Azure.Messaging.ServiceBus	Completely different API surface	High — full rewrite of ServiceBus integration
Microsoft.IdentityModel.Clients.ActiveDirectory → Microsoft.Identity.Client	ADAL deprecated; migrate to MSAL	Medium -

---

7. Risk Management

Risk Identification

Risk ID	Category	Description	Impact	Likelihood	Level
01	Technical	Issues during SDK-style conversion	High	Medium	🔴 High
02	Technical	Inability to upgrade WCF services to CoreWCF	High	Medium	🔴 High
03	Technical	GDI+ / System.Drawing compatibility issues	High	Medium	🔴 High
04	Technical	Breakage due to ASP.NET Framework → ASP.NET Core migration	High	High	🔴 High
05	Technical	SQL Client namespace changes not fully resolved	Medium	Medium	🟡 Medium
06	Technical	PDFsharp/MigraDoc API changes not addressed	Medium	Medium	🟡 Medium
07	Technical	RestSharp API changes not compatible	Medium	Medium	🟡 Medium
08	Technical	Legacy configuration system issues	Medium	High	🟡 Medium
09	Technical	Incomplete or flawed all-at-once migration	High	Medium	🔴 High
10	Process	Insufficient testing due to lack of automated tests	High	High	🔴 High

Risk Assessment

• High Level Risks (🔴):

  • 01: Technical issues during SDK-style conversion could block the migration.
  • 02: WCF services that cannot be upgraded to CoreWCF may require significant rearchitecture.
  • 03: GDI+ / System.Drawing issues could lead to runtime failures on .NET 10.0.
  • 04: ASP.NET Framework to ASP.NET Core migration causing critical application failures.
  • 09: An incomplete all-at-once migration could leave the solution in an unstable state.
  • 10: Lack of automated tests increases the likelihood of undetected issues.

• Medium Level Risks (🟡):

  • 05: Changes in the SQL Client namespace not being fully resolved may cause runtime errors.
  • 06: PDFsharp/MigraDoc API changes that are not addressed could lead to PDF generation failures.
  • 07: RestSharp API changes not being compatible with existing code may disrupt external service integrations.
  • 08: Issues arising from the legacy configuration system might be overlooked in the migration.

Risk Response Strategies

1. Mitigation:

   • Extensive backup and restore strategy: Complete backups of all projects and solution states will be created before starting the migration. This allows reverting to the original state in case of critical issues.
   • Incremental migration approach: Where possible, migrate projects or components incrementally rather than all-at-once. This reduces the impact of unforeseen issues.
   • Feature flags / toggles: Implement feature flags for critical path changes (e.g., SDK-style conversion, WCF to CoreWCF migration) to enable quick disabling if severe issues are encountered.
   • Automated tests: Where feasible, develop automated tests for critical functionality before migration. This will help in validating the success of the migration and catching issues early.

2. Contingency:

   • Rollback plan: If the all-at-once migration fails, revert to the backuped state and reassess the migration strategy.
   • Staged upgrade: Consider a staged upgrade approach, where projects are upgraded in phases rather than a single atomic operation, allowing for easier pinpointing of issues.

3. Acceptance:

   • Some low probability, high impact risks (e.g., undocumented breaking changes in third-party packages) may be accepted if mitigation strategies are not feasible, with a plan to address issues as they arise post-migration.

---

8. Testing & Validation Strategy

Automated Testing (Fuchs.Tests)

A new xUnit test project (Fuchs.Tests) targeting net10.0 will be created as part of this upgrade to provide automated validation. See §4.5 Fuchs.Tests for full project details.

Test projects to run:

• Fuchs.Tests.csproj — xUnit tests covering MT940 parsing, data models, REST client utilities, and business logic

Execution:

• Run via dotnet test on the entire solution after the atomic upgrade completes
• Expected outcome: All tests pass

Build Verification (Automated)

After the atomic upgrade operation:

1. Restore dependencies: dotnet restore on entire solution
2. Build solution: dotnet build — target: 0 errors, 0 warnings
3. Run tests: dotnet test — target: all tests pass
4. Verify no dependency conflicts: Check for package downgrade warnings or version conflicts

Testing Approaches

1. Automated Unit Testing: Where feasible, develop and run automated unit tests for critical components and functionality. These tests should cover:

   • Key business logic
   • Public APIs
   • Critical integrations (e.g., database, external services)

2. Manual Testing: Perform manual testing for areas not covered by automated tests, including:

   • UI/UX validation
   • Exploratory testing to find edge cases or issues not anticipated

3. Performance Testing: Validate that the application meets performance benchmarks, especially for critical paths such as:

   • Application startup time
   • Response times for key APIs
   • PDF generation time (post-migration to PDFsharp 6.x)

4. Security Testing: Perform security testing to ensure that known vulnerabilities are addressed and no new vulnerabilities are introduced during the migration.

5. Regression Testing: Conduct regression testing to ensure that existing functionality is not broken by the migration. This includes:

   • Running the full suite of automated tests
   • Manual verification of critical paths

Success Criteria for Testing

• All critical and high-priority automated tests pass
• Manual testing sign-off for all key scenarios
• Performance benchmarks met or exceeded
• No new security vulnerabilities introduced
• Successful migration of all projects to .NET 10.0 with no critical issues

---

9. Complexity & Effort Assessment

Complexity Factors

1. Project Count: 4 projects, which is relatively small and manageable.
2. Dependency Depth: Shallow dependency depth (≤ 2), with no circular dependencies detected. This simplifies the migration as inter-project dependencies are minimal.
3. Codebase Size: Total of 10,521 lines of code, with an estimated 358+ lines affected by the migration (3.4% of codebase). This is a small codebase, reducing the potential impact of migration issues.
4. Package Compatibility: All packages have known target versions, clear replacements, or are framework-included. This reduces uncertainty during the migration process.

Effort Estimation

Task	Estimated Effort (Person-Days)
1. Project Setup and Initial Analysis	2
2. SDK-style Conversion (3 projects)	6
3. Framework Update	2
4. Package Updates and Dependency Resolution	3
5. Code Modifications for Breaking Changes	5
6. Testing and Validation	4
7. Documentation and Cleanup	2
Total Estimated Effort	24 Person-Days

Note: This is a high-level estimate and actual effort may vary based on detailed analysis and unforeseen issues during the migration.

---

10. Source Control Strategy

Branching Strategy

1. Main Branch: main or master branch contains the production-ready code.
2. Development Branch: develop branch is used for integrating all feature branches and is the primary branch for development work.
3. Feature Branches: Each feature or migration task is done on a separate branch off of develop, named descriptively (e.g., feature/sdk-style-conversion).
4. Release Branch: A release branch (e.g., release/10.0-upgrade) is created from develop when preparing for a new release, allowing for final testing and bug fixing.

Commit Messages

Adhere to the following conventions for commit messages:

• Feature: feat(<scope>): <short description> - Example: feat(migration): add .NET 10.0 upgrade plan
• Fix: fix(<scope>): <short description> - Example: fix(migration): resolve RestSharp API changes
• Docs: docs(<scope>): <short description> - Example: docs(migration): update breaking changes catalog
• Chore: chore(<scope>): <short description> - Example: chore(deps): update Newtonsoft.Json to 13.0.4

Pull Requests

• All changes are to be merged via pull requests (PRs) to ensure code review and automated testing.
• PRs should be small and focused, addressing one migration task or feature at a time.
• Require at least one reviewer approval before merging.
• Ensure the PR description includes:
  • What: A brief description of the changes made.
  • Why: The reason for the change, including any relevant issue or task links.
  • Testing: Any specific testing that was done or needs to be done.

---

11. Success Criteria

Technical Criteria

• All 4 existing projects target their proposed framework:
  • MT940Parser.csproj → netstandard2.0;net472;net10.0
  • MFR_RESTClient.vbproj → net10.0-windows
  • Fuchs_DataService.vbproj → net10.0
  • Fuchs.vbproj → net10.0
• New test project created: Fuchs.Tests.csproj → net10.0
• All 3 classic projects converted to SDK-style format
• All package updates from assessment applied (32 packages requiring action)
• All 5 security vulnerability packages updated to secure versions
• Solution builds with 0 errors
• Solution builds with 0 warnings (or only pre-existing warnings)
• All unit tests pass (dotnet test)
• No package dependency conflicts
• No TypeLoadException or MissingMethodException at runtime

Quality Criteria

• Code quality maintained — no hacks or workarounds without documentation
• All deprecated package replacements documented
• Breaking change resolutions follow recommended patterns
• Configuration migration follows modern .NET patterns

Process Criteria

• All-At-Once strategy followed — single atomic upgrade operation
• All projects upgraded simultaneously — no intermediate states
• Backup created before upgrade started
• All changes can be committed as a single atomic unit

Definition of Done

The migration is complete when:

1. All technical criteria above are met
2. The solution builds successfully on .NET 10.0
3. All security vulnerabilities are resolved
4. All unit tests in Fuchs.Tests pass
5. The application can start and serve requests (manual verification)