Bump coverlet.collector and 2 others

[dependabot]

Updated coverlet.collector from 10.0.0 to 10.0.1.

Release notes

Sourced from coverlet.collector's releases.

10.0.1

Improvements

• Coverlet with MTP 2 doesn't show test coverage statistic in console #​1907
• Avoid unnecessary testhost restarts #​1912 by https://github.com/mawosoft

Fixed

• Fix inconsistent paths in cobertura reports #​1723
• Fix when using "is" with "and" in pattern matching, branch coverage is lower than normal #​1313
• Fix Coverlet flagging a branch for an async functions finally block where none exists #​1337
• Fix Coverlet Tracker Missing CompilerGeneratedAttribute #​1828

Maintenance

• Add architecture docs and diagrams for all integrations #​1927
• Update NuGet packages and .NET SDK versions #​1933

Diff between 10.0.0 and 10.0.1

Commits viewable in compare view.

Updated JsonSchema.Net from 7.4.0 to 9.2.1.

Release notes

Sourced from JsonSchema.Net's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.DependencyInjection from 10.0.7 to 10.0.8.

Release notes

Sourced from Microsoft.Extensions.DependencyInjection's releases.

No release notes found for this version range.

Commits viewable in compare view.

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 3 package(s) with unknown licenses.
• ⚠️ 1 packages with OpenSSF Scorecard issues.

See the Details below.

License Issues

source/AAS.TwinEngine.Plugin.RelationalDatabase/AAS.TwinEngine.Plugin.RelationalDatabase.csproj

Package	Version	License	Issue Type
JsonSchema.Net	9.2.1	Null	Unknown License
Microsoft.Extensions.DependencyInjection	10.0.8	Null	Unknown License
Humanizer.Core	3.0.10	Null	Unknown License

Allowed Licenses:

Apache-1.0, Apache-1.1, Apache-2.0, BSL-1.0, BSD-1-Clause, BSD-2-Clause, BSD-2-Clause-FreeBSD, BSD-2-Clause-NetBSD, BSD-3-Clause, BSD-3-Clause-Clear, BSD-3-Clause-No-Nuclear-License, BSD-3-Clause-No-Nuclear-License-2014, BSD-3-Clause-No-Nuclear-Warranty, BSD-3-Clause-Open-MPI, BSD-4-Clause, BSD-Protection, BSD-Source-Code, BSD-3-Clause-Attribution, 0BSD, BSD-2-Clause-Patent, BSD-4-Clause-UC, MIT-CMU, CC-BY-3.0, CC-BY-SA-1.0, CC-BY-SA-2.0, CC-BY-SA-2.5, CC-BY-SA-3.0, CC-BY-SA-4.0, CC0-1.0, WTFPL, MIT-enna, MIT-feh, ISC, JSON, BSD-3-Clause-LBNL, MITNFA, MIT, MIT-0, UPL-1.0, NCSA, X11, Xerox, BlueOak-1.0.0, CC-BY-4.0, MS-PL, PostgreSQL, Python-2.0, SSPL-1.0, OFL-1.1, Unlicense, Unicode-DFS-2016, Unicode-3.0

Excluded from license check:

pkg:nuget/AasCore.Aas3_0, pkg:nuget/AasCore.Aas3.Package

OpenSSF Scorecard

Package	Version	Score	Details
nuget/coverlet.collector	10.0.1	⚠️ 4.2	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review ⚠️ 0 Found 1/26 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 7 binaries present in source code CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Security-Policy ⚠️ 0 security policy file not detected SAST 🟢 10 SAST tool is run on all commits
nuget/Humanizer.Core	3.0.10	🟢 5.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 9 Found 27/30 approved changesets -- score normalized to 9 Packaging ⚠️ -1 packaging workflow not detected CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 9 license file detected Fuzzing ⚠️ 0 project is not fuzzed Security-Policy ⚠️ 0 security policy file not detected Branch-Protection ⚠️ 3 branch protection is not maximal on development and all release branches Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. SAST 🟢 10 SAST tool is run on all commits
nuget/Json.More.Net	3.0.1	Unknown	Unknown
nuget/JsonPointer.Net	7.0.1	Unknown	Unknown
nuget/JsonSchema.Net	9.2.1	Unknown	Unknown
nuget/Microsoft.Extensions.DependencyInjection	10.0.8	Unknown	Unknown

Scanned Files

• source/AAS.TwinEngine.Plugin.RelationalDatabase.UnitTests/AAS.TwinEngine.Plugin.RelationalDatabase.UnitTests.csproj
• source/AAS.TwinEngine.Plugin.RelationalDatabase/AAS.TwinEngine.Plugin.RelationalDatabase.csproj

[dependabot]

Superseded by #100.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud