Fix High severity security vulnerability: Update .NET SDK 8.0.415 → 8.0.418

[Copilot]

Fixes - https://identitydivision.visualstudio.com/IDDP/_componentGovernance/98561/alert/14329417?typeId=35216781&pipelinesTrackingFilter=1

.NET SDK 8.0.415 has a High severity security vulnerability (DOTNET-Security-8.0). Two places in the repo explicitly pin this version.

Changes proposed in this request

• build/template-run-mi-e2e-imds.yaml: Update UseDotNet@2 task — displayName and version from 8.0.415 → 8.0.418 so the MI E2E test pipeline installs the patched SDK
• global.json: Update pinned SDK version from 8.0.415 → 8.0.418 so local dev builds use the patched version

Testing
No code logic changes; pipeline YAML and SDK pin only. Validated both files reflect the correct version post-edit.

Performance impact
None.

Documentation

• All relevant documentation is updated.

Original prompt

The repository has a High severity security vulnerability (DOTNET-Security-8.0) related to .NET SDK 8.0.415.

The issue is in the Managed Identity E2E Tests build template which explicitly installs a vulnerable SDK version.

Changes needed:

1. Update build/template-run-mi-e2e-imds.yaml to install .NET SDK 8.0.418 instead of 8.0.415

   • Change the displayName from 'Install .NET SDK 8.0.415' to 'Install .NET SDK 8.0.418'
   • Change the version from '8.0.415' to '8.0.418'

2. Keep global.json set to SDK version 8.0.418 to ensure all development builds also use the patched version

This will ensure that the E2E test pipeline uses the patched SDK version that mitigates the security vulnerability.

This pull request was created from Copilot chat.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.