Bump the nuget group with 7 updates

[dependabot]

Updated coverlet.collector from 10.0.0 to 10.0.1.

Release notes

Sourced from coverlet.collector's releases.

10.0.1

Improvements

• Coverlet with MTP 2 doesn't show test coverage statistic in console #​1907
• Avoid unnecessary testhost restarts #​1912 by https://github.com/mawosoft

Fixed

• Fix inconsistent paths in cobertura reports #​1723
• Fix when using "is" with "and" in pattern matching, branch coverage is lower than normal #​1313
• Fix Coverlet flagging a branch for an async functions finally block where none exists #​1337
• Fix Coverlet Tracker Missing CompilerGeneratedAttribute #​1828

Maintenance

• Add architecture docs and diagrams for all integrations #​1927
• Update NuGet packages and .NET SDK versions #​1933

Diff between 10.0.0 and 10.0.1

Commits viewable in compare view.

Updated Microsoft.ApplicationInsights.AspNetCore from 3.1.0 to 3.1.2.

Release notes

Sourced from Microsoft.ApplicationInsights.AspNetCore's releases.

3.1.2

Version 3.1.2

• Fix HttpException: Request is not available in this context in the WEB package when calling TrackDependency from Application_Start in classic ASP.NET. The WEB activity processors now safely handle the case where HttpContext.Request is not yet available.
• Fix #​3163: TelemetryConfiguration.CreateDefault() on classic ASP.NET now returns a configuration already populated from ApplicationInsights.config (connection string, sampling, storage, live metrics, request/dependency tracking, etc.). A new PreApplicationStartMethod (WebApplicationInsightsInitializer) materializes and populates the singleton before Application_Start runs, so customer code calling TelemetryConfiguration.CreateDefault() from Global.asax.cs no longer gets an empty configuration. The ApplicationInsightsHttpModule no longer carries the config-reading bookkeeping. TelemetryConfiguration.PrependOpenTelemetryBuilderConfiguration no longer throws if the configuration was already built — it silently skips, so a second TelemetryClient constructed against an already-built configuration no longer throws InvalidOperationException.

3.1.1

Version 3.1.1

• Update OpenTelemetry and Azure Monitor dependencies to address known security advisories (e.g. GHSA-g94r-2vxg-569j in OpenTelemetry.Api 1.15.1): Update OpenTelemetry and Azure Monitor packages to address vulnerabilities microsoft/ApplicationInsights-dotnet#3174
  • OpenTelemetry 1.15.3
  • OpenTelemetry.Exporter.Console 1.15.3
  • OpenTelemetry.Exporter.InMemory 1.15.3
  • OpenTelemetry.Extensions.Hosting 1.15.3
  • OpenTelemetry.Instrumentation.AspNetCore 1.15.2
  • OpenTelemetry.Instrumentation.AspNet 1.15.2
  • OpenTelemetry.Instrumentation.Http 1.15.1
  • OpenTelemetry.Instrumentation.SqlClient 1.15.2
  • Azure.Monitor.OpenTelemetry.Exporter 1.8.0

Commits viewable in compare view.

Updated Microsoft.Extensions.Logging.Abstractions from 10.0.7 to 10.0.8.

Release notes

Sourced from Microsoft.Extensions.Logging.Abstractions's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Extensions.Options from 10.0.7 to 10.0.8.

Release notes

Sourced from Microsoft.Extensions.Options's releases.

No release notes found for this version range.

Commits viewable in compare view.

Updated Microsoft.Identity.Web from 4.8.0 to 4.10.0.

Release notes

Sourced from Microsoft.Identity.Web's releases.

4.10.0

New features

• Add WithExtraBodyParameters fluent API for attaching extra body parameters to token acquisition requests. See #​3819.
• Add IConfidentialClientApplicationProvider extensibility interface and CachePartitionKey support for silent token acquisition. See #​3822.

Bug fixes

• Redirect URI sanitization in authorization scenarios; centralize redirect URI validation in a shared helper. See #​3825.
• Reject dSTS-shaped Authority values with a clearer exception, steering users to use Instance + TenantId instead. See #​3805.
• Improve regex handling and adding length/timeout safeguards for SameSite User Agent. See #​3811.

Behavior changes

• B2C OpenID Connect event handler: LRU cache for issuer address. Issuer address lookups in the B2C OIDC event handler are now cached with an LRU cache, improving performance for repeated lookups. See #​3821.

Dependencies updates

• Update MSAL.NET to 4.84.1. See #​3822.
• Pin Microsoft.Kiota.Abstractions to 1.22.0 for GraphServiceClient. See #​3817.
• Bump uuid and @​azure/msal-node in SidecarAdapter TypeScript test app. See #​3826.
• Bump qs in SidecarAdapter TypeScript test app. See #​3829.

4.9.0

New features

• Sidecar: per-route override gating. New Sidecar:AllowOverrides configuration section provides explicit, per-route control over whether optionsOverride.* query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. optionsOverride.BaseUrl is unconditionally rejected on all routes as a hardening measure. See #​3794.

Bug fixes

• Fix AccountController.Challenge redirect URI validation to reject percent-encoded protocol-relative bypasses (%2F%2F, %5C%2F, etc.) that could be decoded by misconfigured reverse proxies. See #​3792.

Behavior changes

• DownstreamApi: reserved header filtering. Headers supplied via DownstreamApiOptions.ExtraHeaderParameters whose names match reserved HTTP headers (Authorization, Host, Content-Length, Proxy-Authorization, Sec-*, Proxy-*, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (ReservedHeaderIgnored / DuplicateHeaderIgnored) is emitted so operators can spot misconfigurations. No exception is thrown. See #​3793.

Dependencies updates

• Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.* 8.0.x minimum on older TFMs. Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on Microsoft.Extensions.DependencyInjection.Abstractions 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a CS0433 type collision with the previously-pinned Microsoft.Extensions.DependencyInjection 2.1.0. Rather than patch individual packages, the entire Microsoft.Extensions.* stack on these older TFMs has been bumped to 8.0.x, closing several 5-year version gaps and aligning with the net8.0 baseline. If your application targets net462, net472, or netstandard2.0, your resolved Microsoft.Extensions.* versions will increase (e.g., Extensions.Http 3.1.3 → 8.0.0, Extensions.DependencyInjection 2.1.0 → 8.0.0, Extensions.Caching.Memory 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See #​3787.
• Bump System.Text.Json 8.0.5 → 8.0.6 (CVE-2024-43485). See #​3787.
• Bump Microsoft.AspNetCore.DataProtection to 10.0.7 for CVE fix on net10.0. See #​3796.
• Bump OpenTelemetry.Exporter.OpenTelemetryProtocol 1.14.0 → 1.15.3. See #​3788.

Full Changelog: AzureAD/microsoft-identity-web@4.8.0...4.9.0

Commits viewable in compare view.

Updated Microsoft.Identity.Web.UI from 4.8.0 to 4.10.0.

Release notes

Sourced from Microsoft.Identity.Web.UI's releases.

4.10.0

New features

• Add WithExtraBodyParameters fluent API for attaching extra body parameters to token acquisition requests. See #​3819.
• Add IConfidentialClientApplicationProvider extensibility interface and CachePartitionKey support for silent token acquisition. See #​3822.

Bug fixes

• Redirect URI sanitization in authorization scenarios; centralize redirect URI validation in a shared helper. See #​3825.
• Reject dSTS-shaped Authority values with a clearer exception, steering users to use Instance + TenantId instead. See #​3805.
• Improve regex handling and adding length/timeout safeguards for SameSite User Agent. See #​3811.

Behavior changes

• B2C OpenID Connect event handler: LRU cache for issuer address. Issuer address lookups in the B2C OIDC event handler are now cached with an LRU cache, improving performance for repeated lookups. See #​3821.

Dependencies updates

• Update MSAL.NET to 4.84.1. See #​3822.
• Pin Microsoft.Kiota.Abstractions to 1.22.0 for GraphServiceClient. See #​3817.
• Bump uuid and @​azure/msal-node in SidecarAdapter TypeScript test app. See #​3826.
• Bump qs in SidecarAdapter TypeScript test app. See #​3829.

4.9.0

New features

• Sidecar: per-route override gating. New Sidecar:AllowOverrides configuration section provides explicit, per-route control over whether optionsOverride.* query-string parameters are honored. Authenticated routes default to allowing overrides (preserving existing behavior); unauthenticated routes default to rejecting them. optionsOverride.BaseUrl is unconditionally rejected on all routes as a hardening measure. See #​3794.

Bug fixes

• Fix AccountController.Challenge redirect URI validation to reject percent-encoded protocol-relative bypasses (%2F%2F, %5C%2F, etc.) that could be decoded by misconfigured reverse proxies. See #​3792.

Behavior changes

• DownstreamApi: reserved header filtering. Headers supplied via DownstreamApiOptions.ExtraHeaderParameters whose names match reserved HTTP headers (Authorization, Host, Content-Length, Proxy-Authorization, Sec-*, Proxy-*, etc.) or duplicate a header the library already set are now silently skipped. A warning-level log entry (ReservedHeaderIgnored / DuplicateHeaderIgnored) is emitted so operators can spot misconfigurations. No exception is thrown. See #​3793.

Dependencies updates

• Update Azure.Identity 1.11.4 → 1.17.2 and establish Microsoft.Extensions.* 8.0.x minimum on older TFMs. Azure.Identity 1.17.2 (sovereign-cloud fixes) pulls in Azure.Core 1.50.0, which introduces a transitive dependency on Microsoft.Extensions.DependencyInjection.Abstractions 8.0.2 on non-framework-coupled TFMs (net462, net472, netstandard2.0). This caused a CS0433 type collision with the previously-pinned Microsoft.Extensions.DependencyInjection 2.1.0. Rather than patch individual packages, the entire Microsoft.Extensions.* stack on these older TFMs has been bumped to 8.0.x, closing several 5-year version gaps and aligning with the net8.0 baseline. If your application targets net462, net472, or netstandard2.0, your resolved Microsoft.Extensions.* versions will increase (e.g., Extensions.Http 3.1.3 → 8.0.0, Extensions.DependencyInjection 2.1.0 → 8.0.0, Extensions.Caching.Memory 2.1.0/6.0.2 → 8.0.1). Applications already targeting net8.0+ are unaffected. See #​3787.
• Bump System.Text.Json 8.0.5 → 8.0.6 (CVE-2024-43485). See #​3787.
• Bump Microsoft.AspNetCore.DataProtection to 10.0.7 for CVE fix on net10.0. See #​3796.
• Bump OpenTelemetry.Exporter.OpenTelemetryProtocol 1.14.0 → 1.15.3. See #​3788.

Full Changelog: AzureAD/microsoft-identity-web@4.8.0...4.9.0

Commits viewable in compare view.

Updated Microsoft.NET.Test.Sdk from 18.4.0 to 18.6.0.

Release notes

Sourced from Microsoft.NET.Test.Sdk's releases.

18.6.0

What's Changed

• Revert removal of Video Recorder by @​nohwnd in Revert removal of Video Recorder microsoft/vstest#15336
• Speed up blame by filtering non-.NET processes from dump collection by @​nohwnd in Speed up blame tests by filtering non-.NET processes from dump collection microsoft/vstest#15518
• Add README.md to NuGet packages by @​nohwnd in Add README.md to NuGet packages microsoft/vstest#15550
• Report child process info on connection timeout by @​nohwnd in Report child process info on connection timeout microsoft/vstest#15603

Changes to tests and infra

• Brand as 18.6 by @​nohwnd in Brand as 18.6 microsoft/vstest#15423
• Upgrading code coverage version to 18.5.1, by @​fhnaseer in Upgrading code coverage version to 18.5.1, microsoft/vstest#15422
• Updating System.Collections.Immutable to 9.0.11 by @​MSLukeWest in Updating System.Collections.Immutable to 9.0.11 microsoft/vstest#15425
• Fix attachVS when used for debugging integration tests by @​nohwnd in Fix attachVS when used for debugging integration tests microsoft/vstest#15451
• Replace dotnet.config, with global.json by @​nohwnd in Replace dotnet.config, with global.json microsoft/vstest#15449
• Document debugging integration tests with AttachVS by @​Copilot in Document debugging integration tests with AttachVS microsoft/vstest#15452
• Fix stack overflow tests by @​nohwnd in Fix stack overflow tests microsoft/vstest#15461
• Make TestAssets.sln buildable locally by @​Youssef1313 in Make TestAssets.sln buildable locally microsoft/vstest#15466
• Try filtering out tests by @​nohwnd in Try filtering out tests microsoft/vstest#15463
• Build just once when tfms run in parallel by @​nohwnd in Build just once when tfms run in parallel microsoft/vstest#15465
• Review simplify compatibility sources, deduplicate tests by @​nohwnd in Review simplify compatibility sources, deduplicate tests microsoft/vstest#15472
• Cleanup dead TRX code by @​Youssef1313 in Cleanup dead TRX code microsoft/vstest#15474
• Update .NET runtimes to 8.0.25, 9.0.14, and 10.0.4 by @​nohwnd in Update .NET runtimes to 8.0.25, 9.0.14, and 10.0.4 microsoft/vstest#15481
• Compat matrix checker by @​nohwnd in Compat matrix checker microsoft/vstest#15480
• Add trx analysis skill by @​nohwnd in Add trx analysis skill microsoft/vstest#15486
• Split integration tests to single tfm and multi tfm project by @​nohwnd in Split integration tests to single tfm and multi tfm project microsoft/vstest#15484
• Update matrix by @​nohwnd in Update matrix microsoft/vstest#15477
• Break infinite restore loop in VS by @​nohwnd in Break infinite restore loop in VS microsoft/vstest#15503
• Use global package cache for build, and local for running integration tests by @​nohwnd in Use global package cache for build, and local for running integration tests microsoft/vstest#15500
• Update contributing by @​nohwnd in Update contributing microsoft/vstest#15505
• Reduce test wall-clock time by increasing minThreads by @​drognanar in Reduce test wall-clock time by increasing minThreads microsoft/vstest#15502
• Indicator flakiness by @​nohwnd in Indicator flakiness microsoft/vstest#15513
• Fix ci build by @​nohwnd in Fix ci build microsoft/vstest#15515
• Fix thread safety issues by @​Evangelink in Fix thread safety issues microsoft/vstest#15512
• Optimize DotnetSDKSimulation_PostProcessing test (163s → 61s) by @​nohwnd in Optimize DotnetSDKSimulation_PostProcessing test (163s → 61s) microsoft/vstest#15516
• Build isolated test assets for single TFM instead of 7 by @​nohwnd in Build isolated test assets for single TFM instead of 7 microsoft/vstest#15517
• Remove unused dependencies from Library.IntegrationTests by @​nohwnd in Remove unused dependencies from Library.IntegrationTests microsoft/vstest#15527
• Remove printing _attachments content to console by @​nohwnd in Remove printing _attachments content to console microsoft/vstest#15520
• Add Linux/macOS test filtering guide to CONTRIBUTING.md by @​nohwnd in Add Linux/macOS test filtering guide to CONTRIBUTING.md microsoft/vstest#15521
• Change integration test parallelization from ClassLevel to MethodLevel by @​nohwnd in Change integration test parallelization from ClassLevel to MethodLevel microsoft/vstest#15526
• Unify target framework checks with IsNetFrameworkTarget/IsNetTarget by @​nohwnd in Unify target framework checks with IsNetFrameworkTarget/IsNetTarget microsoft/vstest#15523
• Add unattended work instructions to copilot-instructions.md by @​nohwnd in Add unattended work instructions to copilot-instructions.md microsoft/vstest#15531
• Reduce code style rule severity from warning to suggestion by @​nohwnd in Reduce code style rule severity from warning to suggestion microsoft/vstest#15522
• Remove Debug/Release line number branching from tests by @​nohwnd in Remove Debug/Release line number branching from tests microsoft/vstest#15519
• Revise unattended work instructions in copilot-instructions.md by @​nohwnd in Revise unattended work instructions in copilot-instructions.md microsoft/vstest#15532
• Improve CompatibilityRowsBuilder error message with diagnostic details by @​nohwnd in Improve CompatibilityRowsBuilder error message with diagnostic details microsoft/vstest#15529
• docs: add git worktree and upstream sync workflow to copilot-instructions.md by @​nohwnd in docs: add git worktree and upstream sync workflow to copilot-instructions.md microsoft/vstest#15538
• Add VSIX runner to smoke tests by @​nohwnd in Add VSIX runner to smoke tests microsoft/vstest#15541
• Remove deprecated WebTest and TMI test methods by @​nohwnd in Remove deprecated WebTest and TMI test methods microsoft/vstest#15525
• Fix compatibility test failures for legacy vstest.console and MSTest adapter by @​nohwnd in Fix compatibility test failures for legacy vstest.console and MSTest adapter microsoft/vstest#15534
• Convert TestPlatform.sln to slnx format by @​nohwnd in Convert TestPlatform.sln to slnx format microsoft/vstest#15551
• Convert test/TestAssets .sln files to .slnx format by @​nohwnd in Convert test/TestAssets .sln files to .slnx format microsoft/vstest#15557
  ... (truncated)

18.5.1

What's Changed

• Fix System.Collections.Immutable binding mismatch in Common.dll (rel/18.5) by @​nohwnd in Fix System.Collections.Immutable binding mismatch in Common.dll (rel/18.5) microsoft/vstest#15720
• Port verify-binding-redirects.ps1 to rel/18.5 by @​nohwnd in Port verify-binding-redirects.ps1 to rel/18.5 microsoft/vstest#15719
• Bump to 18.5.1 by @​nohwnd in Bump to 18.5.1 microsoft/vstest#15721

Full Changelog: microsoft/vstest@v18.5.0...v18.5.1

18.5.0

⚠️ Unlisted on Nuget, because of #​15718

What's Changed

• Add runtime configs by @​nohwnd in Add runtime configs microsoft/vstest#15377
• Add net8.0 target for TranslationLayer by @​nohwnd in Add net8.0 target for TranslationLayer microsoft/vstest#15375
• Determine architecture of remote process on windows by @​nohwnd in Determine architecture of remote process on windows microsoft/vstest#15396
• Updating System.Collections.Immutable package reference to version 9.0.0 by @​MSLukeWest in Updating System.Collections.Immutable package reference to version 9.0.0 microsoft/vstest#15392
• Dump via netcore tool on windows by @​nohwnd in Dump via netcore tool on windows microsoft/vstest#15397
• Fix answer file splitting by @​nohwnd in Fix answer file splitting microsoft/vstest#15381
• Run tests against vsix runner by @​nohwnd in Run tests against vsix runner microsoft/vstest#15419

Full Changelog: microsoft/vstest@v18.4.0...v18.5.0

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 8 package(s) with unknown licenses.

See the Details below.

License Issues

src/MX.TalkWithTiles.CoreEngine.Tests/MX.TalkWithTiles.CoreEngine.Tests.csproj

Package	Version	License	Issue Type
Microsoft.NET.Test.Sdk	18.6.0	Null	Unknown License

src/MX.TalkWithTiles.Repository/MX.TalkWithTiles.Repository.csproj

Package	Version	License	Issue Type
Microsoft.Extensions.Logging.Abstractions	10.0.8	Null	Unknown License
Microsoft.Extensions.Options	10.0.8	Null	Unknown License

src/MX.TalkWithTiles.Scrabble.Tests/MX.TalkWithTiles.Scrabble.Tests.csproj

Package	Version	License	Issue Type
Microsoft.NET.Test.Sdk	18.6.0	Null	Unknown License

src/MX.TalkWithTiles.Web.Tests/MX.TalkWithTiles.Web.Tests.csproj

Package	Version	License	Issue Type
Microsoft.NET.Test.Sdk	18.6.0	Null	Unknown License

src/MX.TalkWithTiles.Web/MX.TalkWithTiles.Web.csproj

Package	Version	License	Issue Type
Microsoft.ApplicationInsights.AspNetCore	3.1.2	Null	Unknown License
Microsoft.Identity.Web	4.10.0	Null	Unknown License
Microsoft.Identity.Web.UI	4.10.0	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
nuget/Microsoft.NET.Test.Sdk	18.6.0	🟢 5.1	Details Check Score Reason Code-Review ⚠️ 2 Found 7/28 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 29 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts ⚠️ 0 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9
nuget/Microsoft.Extensions.Logging.Abstractions	10.0.8	Unknown	Unknown
nuget/Microsoft.Extensions.Options	10.0.8	Unknown	Unknown
nuget/Microsoft.NET.Test.Sdk	18.6.0	🟢 5.1	Details Check Score Reason Code-Review ⚠️ 2 Found 7/28 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 29 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts ⚠️ 0 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9
nuget/Microsoft.NET.Test.Sdk	18.6.0	🟢 5.1	Details Check Score Reason Code-Review ⚠️ 2 Found 7/28 approved changesets -- score normalized to 2 Maintained 🟢 10 30 commit(s) and 29 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy 🟢 10 security policy file detected License 🟢 10 license file detected Packaging ⚠️ -1 packaging workflow not detected Signed-Releases ⚠️ -1 no releases found Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts ⚠️ 0 binaries present in source code Fuzzing ⚠️ 0 project is not fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies 🟢 9 dependency not pinned by hash detected -- score normalized to 9
nuget/coverlet.collector	10.0.1	🟢 4.2	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 1/26 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 7 binaries present in source code License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Security-Policy ⚠️ 0 security policy file not detected SAST 🟢 10 SAST tool is run on all commits
nuget/Microsoft.ApplicationInsights.AspNetCore	3.1.2	Unknown	Unknown
nuget/Microsoft.Identity.Web	4.10.0	Unknown	Unknown
nuget/Microsoft.Identity.Web.UI	4.10.0	Unknown	Unknown

Scanned Files

• src/MX.TalkWithTiles.CoreEngine.Tests/MX.TalkWithTiles.CoreEngine.Tests.csproj
• src/MX.TalkWithTiles.Repository/MX.TalkWithTiles.Repository.csproj
• src/MX.TalkWithTiles.Scrabble.Tests/MX.TalkWithTiles.Scrabble.Tests.csproj
• src/MX.TalkWithTiles.Web.Tests/MX.TalkWithTiles.Web.Tests.csproj
• src/MX.TalkWithTiles.Web/MX.TalkWithTiles.Web.csproj

[github-actions]

⛔ Superseded — A newer run has replaced this result.

⛔ Superseded — A newer run has replaced this result.

🏗️ Terraform Plan

🌍 Environment: dev

✅ Validate — Passed

✅ Plan

	Count
➕ Add	21

📋 Resource Details

Action	Resource
➕ Create	azuread_application.web
➕ Create	azuread_application_password.web
➕ Create	azuread_service_principal.web
➕ Create	azurerm_app_service_certificate_binding.primary
➕ Create	azurerm_app_service_custom_hostname_binding.primary
➕ Create	azurerm_app_service_managed_certificate.primary
➕ Create	azurerm_application_insights.ai
➕ Create	azurerm_dns_cname_record.web_app
➕ Create	azurerm_dns_txt_record.app_service_verification
➕ Create	azurerm_linux_web_app.app
➕ Create	azurerm_role_assignment.web_table_data_contributor
➕ Create	azurerm_storage_account.data
➕ Create	azurerm_storage_table.tables["contacts"]
➕ Create	azurerm_storage_table.tables["gameinvites"]
➕ Create	azurerm_storage_table.tables["scrabble"]
➕ Create	azurerm_storage_table.tables["scrabbleindex"]
➕ Create	azurerm_storage_table.tables["scrabbletiles"]
➕ Create	random_id.environment_id
➕ Create	random_id.storage
➕ Create	time_rotating.thirty_days
➕ Create	time_sleep.wait_for_hostname_binding

[github-actions]

⛔ Superseded — A newer run has replaced this result.

🏗️ Terraform Plan

🌍 Environment: dev

✅ Validate — Passed

✅ Plan

	Count
➕ Add	21

📋 Resource Details

Action	Resource
➕ Create	azuread_application.web
➕ Create	azuread_application_password.web
➕ Create	azuread_service_principal.web
➕ Create	azurerm_app_service_certificate_binding.primary
➕ Create	azurerm_app_service_custom_hostname_binding.primary
➕ Create	azurerm_app_service_managed_certificate.primary
➕ Create	azurerm_application_insights.ai
➕ Create	azurerm_dns_cname_record.web_app
➕ Create	azurerm_dns_txt_record.app_service_verification
➕ Create	azurerm_linux_web_app.app
➕ Create	azurerm_role_assignment.web_table_data_contributor
➕ Create	azurerm_storage_account.data
➕ Create	azurerm_storage_table.tables["contacts"]
➕ Create	azurerm_storage_table.tables["gameinvites"]
➕ Create	azurerm_storage_table.tables["scrabble"]
➕ Create	azurerm_storage_table.tables["scrabbleindex"]
➕ Create	azurerm_storage_table.tables["scrabbletiles"]
➕ Create	random_id.environment_id
➕ Create	random_id.storage
➕ Create	time_rotating.thirty_days
➕ Create	time_sleep.wait_for_hostname_binding

[github-actions]

🏗️ Terraform Plan

🌍 Environment: dev

✅ Validate — Passed

✅ Plan

	Count
➕ Add	21

📋 Resource Details

Action	Resource
➕ Create	azuread_application.web
➕ Create	azuread_application_password.web
➕ Create	azuread_service_principal.web
➕ Create	azurerm_app_service_certificate_binding.primary
➕ Create	azurerm_app_service_custom_hostname_binding.primary
➕ Create	azurerm_app_service_managed_certificate.primary
➕ Create	azurerm_application_insights.ai
➕ Create	azurerm_dns_cname_record.web_app
➕ Create	azurerm_dns_txt_record.app_service_verification
➕ Create	azurerm_linux_web_app.app
➕ Create	azurerm_role_assignment.web_table_data_contributor
➕ Create	azurerm_storage_account.data
➕ Create	azurerm_storage_table.tables["contacts"]
➕ Create	azurerm_storage_table.tables["gameinvites"]
➕ Create	azurerm_storage_table.tables["scrabble"]
➕ Create	azurerm_storage_table.tables["scrabbleindex"]
➕ Create	azurerm_storage_table.tables["scrabbletiles"]
➕ Create	random_id.environment_id
➕ Create	random_id.storage
➕ Create	time_rotating.thirty_days
➕ Create	time_sleep.wait_for_hostname_binding

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud