Bump Microsoft.Build.Utilities.Core from 18.6.3 to 18.7.1

[dependabot]

Updated Microsoft.Build.Utilities.Core from 18.6.3 to 18.7.1.

Release notes

Sourced from Microsoft.Build.Utilities.Core's releases.

18.7.1

What's Changed

• Fix TraceEngine file contention deadlock in multithreaded mode by @​JanProvaznik in Fix TraceEngine file contention deadlock in multithreaded mode dotnet/msbuild#13446
• Remove duplicate test cases in MultithreadableTaskAnalyzer by @​Youssef1313 in Remove duplicate test cases in MultithreadableTaskAnalyzer dotnet/msbuild#13483
• Ensure ThreadSafeTaskAnalyzer.Tests is considered as a unit test project by @​Youssef1313 in Ensure ThreadSafeTaskAnalyzer.Tests is considered as a unit test project dotnet/msbuild#13481
• Fix MSBuildTask0002 analyzer warnings in already-migrated tasks by @​JanProvaznik in Fix MSBuildTask0002 analyzer warnings in already-migrated tasks dotnet/msbuild#13466
• Fix race conditions in task host path resolution by @​AR-May in Fix race conditions in task host path resolution dotnet/msbuild#13485
• Migrate ToolTask and Al task to TaskEnvironment API by @​OvesN in Migrate ToolTask and Al task to TaskEnvironment API dotnet/msbuild#13423
• Bump main to 18.7, add vs18.6 to merge flow by @​MichalPavlik in Bump main to 18.7, add vs18.6 to merge flow dotnet/msbuild#13472
• Avoid allocations in GetHashCode implementations by @​DustinCampbell in Avoid allocations in GetHashCode implementations dotnet/msbuild#13475
• Add PATs rotation to agentic workflow(s) by @​JanKrivanek in Add PATs rotation to agentic workflow(s) dotnet/msbuild#13496
• Fix ASP.NET WebSite projects to copy netstandard.dll facade when required by @​JanProvaznik in Fix ASP.NET WebSite projects to copy netstandard.dll facade when required dotnet/msbuild#13058
• Migrate AspNetCompiler to TaskEnvironment API by @​OvesN in Migrate AspNetCompiler to TaskEnvironment API dotnet/msbuild#13424
• Add review workflow by @​JanKrivanek in Add review workflow dotnet/msbuild#13503
• Strengthen reviewer skill: add step-back analysis dimensions by @​JanProvaznik in Strengthen reviewer skill: add step-back analysis dimensions dotnet/msbuild#13504
• Add 'Request Speedometer Perf Run' to VS experimental insertion build policies by @​Copilot in Add 'Request Speedometer Perf Run' to VS experimental insertion build policies dotnet/msbuild#13505
• Remove duplicate @ prefix from issueAuthor in GitOps by @​akoeplinger in Remove duplicate @ prefix from issueAuthor in GitOps dotnet/msbuild#13492
• Improve review aw by @​JanKrivanek in Improve review aw dotnet/msbuild#13510
• Migrates unit tests to use RoslynCodeTaskFactory to enable running tests under .NET Core by @​jankratochvilcz in Migrates unit tests to use RoslynCodeTaskFactory to enable running tests under .NET Core dotnet/msbuild#13500
• Fix cross-AppDomain TaskItem modifier cache regression by @​DustinCampbell in Fix cross-AppDomain TaskItem modifier cache regression dotnet/msbuild#13493
• Discourage review agent from approving PRs by @​JanKrivanek in Discourage review agent from approving PRs dotnet/msbuild#13512
• Stop trying to deploy ValueTuple by @​rainersigwald in Stop trying to deploy ValueTuple dotnet/msbuild#13507
• Ad-hoc re-sign bootstrap dotnet on macOS to prevent SIGKILL by @​jankratochvilcz in Ad-hoc re-sign bootstrap dotnet on macOS to prevent SIGKILL dotnet/msbuild#13513
• RoslynCodeTaskFactory: Log MSB3753 when task class does not implement ITask by @​jankratochvilcz in RoslynCodeTaskFactory: Log MSB3753 when task class does not implement ITask dotnet/msbuild#13517
• Update gh-aw (upon mcp policy changes) by @​JanKrivanek in Update gh-aw (upon mcp policy changes) dotnet/msbuild#13526
• Eliminate XmlChildNodes allocations in GetXmlNodeInnerContents by @​nareshjo in Eliminate XmlChildNodes allocations in GetXmlNodeInnerContents dotnet/msbuild#13509
• Fix telemetry allocation regression: per-engine collector ownership by @​JanProvaznik in Fix telemetry allocation regression: per-engine collector ownership dotnet/msbuild#13516
• Migrate to xunit.v3 by @​Youssef1313 in Migrate to xunit.v3 dotnet/msbuild#13482
• Fix stray brace in HandleBuildCancel trace string causing MSB1025 by @​Copilot in Fix stray brace in HandleBuildCancel trace string causing MSB1025 dotnet/msbuild#13535
• Bumping to 10.0.4 runtime packages by @​MichalPavlik in Bumping to 10.0.4 runtime packages dotnet/msbuild#13533
• Remove early return in GetCanonicalForm, always call System.IO.Path by @​OvesN in Remove early return in GetCanonicalForm, always call System.IO.Path dotnet/msbuild#13532
• Do not overwrite GetCopyToOutputDirectoryItemsDependsOn, just add new… by @​snechaev in Do not overwrite GetCopyToOutputDirectoryItemsDependsOn, just add new… dotnet/msbuild#13474
• Migrate GetReferenceAssemblyPaths task to TaskEnvironment API by @​OvesN in Migrate GetReferenceAssemblyPaths task to TaskEnvironment API dotnet/msbuild#13495
• Stabilize ToolTaskThatTimeoutAndRetry test by @​rainersigwald in Stabilize ToolTaskThatTimeoutAndRetry test dotnet/msbuild#13489
• [automated] Merge branch 'vs18.6' => 'main' by @​github-actions[bot] in [automated] Merge branch 'vs18.6' => 'main' dotnet/msbuild#13506
• Add extra test assertions around tests by @​Youssef1313 in Add extra test assertions around tests dotnet/msbuild#13536
• Add static eval for repo skills/agents via skill-validator by @​JanKrivanek in Add static eval for repo skills/agents via skill-validator dotnet/msbuild#13537
• Migrate SGen task to Task environment API by @​OvesN in Migrate SGen task to Task environment API dotnet/msbuild#13457
• Fix TerminalLogger assert failure for metaproj files and cached project eval ID by @​OvesN in Fix TerminalLogger assert failure for metaproj files and cached project eval ID dotnet/msbuild#13480
• Filter out approving review from pr-reviewer agent by @​JanKrivanek in Filter out approving review from pr-reviewer agent dotnet/msbuild#13553
• Use a unique task name per invocation to tabilize RoslynCodeTaskFactory_ReuseCompilation test by @​huulinhnguyen-dev in Use a unique task name per invocation to tabilize RoslynCodeTaskFactory_ReuseCompilation test dotnet/msbuild#13551
• Brief doc on feedback/logging/data systems by @​rainersigwald in Brief doc on feedback/logging/data systems dotnet/msbuild#13554
• Localized file check-in by OneLocBuild Task: Build definition ID 9434: Build ID 13881982 by @​dotnet-bot in Localized file check-in by OneLocBuild Task: Build definition ID 9434: Build ID 13881982 dotnet/msbuild#13437
• Stage 3: Forward BuildProjectFile* callbacks from OOP TaskHost to worker node by @​JanProvaznik in Stage 3: Forward BuildProjectFile* callbacks from OOP TaskHost to worker node dotnet/msbuild#13350
• Enable TaskHost Callbacks by default by @​JanProvaznik in Enable TaskHost Callbacks by default dotnet/msbuild#13579
• Remove unactionable info from reviewer agent by @​JanKrivanek in Remove unactionable info from reviewer agent dotnet/msbuild#13578
• Enlighten RequiresFramework35SP1Assembly task for multithreaded mode by @​jankratochvilcz in Enlighten RequiresFramework35SP1Assembly task for multithreaded mode dotnet/msbuild#13575
• Make SdkResolver-provided environment variables take precedence over ambient environment by @​Copilot in Make SdkResolver-provided environment variables take precedence over ambient environment dotnet/msbuild#12655
• Add dotnet/skills marketplace and enable plugins by @​Evangelink in Add dotnet/skills marketplace and enable plugins dotnet/msbuild#13582
• The skills/agents check filters-in only touched files by @​JanKrivanek in The skills/agents check filters-in only touched files dotnet/msbuild#13586
• Fix skill-validation workflow failing when agents directory is deleted by @​JeremyKuhne in Fix skill-validation workflow failing when agents directory is deleted dotnet/msbuild#13592
  ... (truncated)

Commits viewable in compare view.

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (14fb4eb) to head (d141443).
✅ All tests successful. No failed tests found.

Additional details and impacted files

@@            Coverage Diff            @@
##              main       #80   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            2         2           
  Lines           37        37           
  Branches         3         3           
=========================================
  Hits            37        37           

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

[github-actions]

❌MegaLinter analysis: Error

Descriptor	Linter	Files	Fixed	Errors	Warnings	Elapsed time
✅ ACTION	actionlint	4		0	0	0.06s
❌ ACTION	zizmor	4		1	0	0.34s
✅ EDITORCONFIG	editorconfig-checker	42		0	0	0.06s
✅ JSON	jsonlint	2		0	0	0.16s
✅ JSON	prettier	2		0	0	0.49s
✅ JSON	v8r	2		0	0	3.38s
✅ MARKDOWN	markdownlint	1		0	0	0.7s
✅ MARKDOWN	markdown-table-formatter	1		0	0	0.34s
✅ REPOSITORY	checkov	yes		no	no	19.49s
✅ REPOSITORY	gitleaks	yes		no	no	0.22s
✅ REPOSITORY	git_diff	yes		no	no	0.01s
✅ REPOSITORY	grype	yes		no	no	50.51s
❌ REPOSITORY	osv-scanner	yes		1	no	0.14s
✅ REPOSITORY	secretlint	yes		no	no	1.03s
✅ REPOSITORY	syft	yes		no	no	2.23s
✅ REPOSITORY	trivy-sbom	yes		no	no	0.31s
✅ REPOSITORY	trufflehog	yes		no	no	5.34s
✅ XML	xmllint	14		0	0	0.64s
✅ YAML	prettier	9		0	0	0.69s
✅ YAML	v8r	9		0	0	8.2s
✅ YAML	yamllint	9		0	0	0.55s

Detailed Issues

❌ REPOSITORY / osv-scanner - 1 error

Scanning dir .
Starting filesystem walk for root: /
End status: 42 dirs visited, 134 inodes visited, 0 Extract calls, 3.941675ms elapsed, 3.941905ms wall time
No package sources found, --help for usage information.

❌ ACTION / zizmor - 1 error

INFO zizmor: 🌈 zizmor v1.25.0
fatal: no audit was performed
'ref-confusion' audit failed on file://.github/workflows/codeql.yml

Caused by:
    0: error in 'ref-confusion' audit
    1: couldn't list branches for actions/checkout
    2: request error while accessing GitHub API
    3: HTTP status client error (401 Unauthorized) for url (https://github.com/actions/checkout.git/git-upload-pack)


[ZizmorLinter] Zizmor failed to reach the GitHub API.
To allow zizmor to use GITHUB_TOKEN, add the following to your .mega-linter.yml:
ACTION_ZIZMOR_UNSECURED_ENV_VARIABLES:
  - GITHUB_TOKEN

Notices

📣 MegaLinter 9.5.0 is out! Discover the new features and security recommendations in the release announcement. (Skip this info by defining SECURITY_SUGGESTIONS: false)

See detailed reports in MegaLinter artifacts

You could have the same capabilities but better runtime performances if you use a MegaLinter flavor:

• oxsecurity/megalinter/flavors/documentation@v9.5.0 (52 linters)
• oxsecurity/megalinter/flavors/ruby@v9.5.0 (53 linters)
• oxsecurity/megalinter/flavors/rust@v9.5.0 (53 linters)

Your project could benefit from a custom flavor, which would allow you to run only the linters you need, and thus improve runtime performances. (Skip this info by defining FLAVOR_SUGGESTIONS: false)

• Documentation: Custom Flavors
• Command: npx mega-linter-runner@9.5.0 --custom-flavor-setup --custom-flavor-linters ACTION_ACTIONLINT,ACTION_ZIZMOR,EDITORCONFIG_EDITORCONFIG_CHECKER,JSON_JSONLINT,JSON_V8R,JSON_PRETTIER,MARKDOWN_MARKDOWNLINT,MARKDOWN_MARKDOWN_TABLE_FORMATTER,REPOSITORY_CHECKOV,REPOSITORY_GIT_DIFF,REPOSITORY_GITLEAKS,REPOSITORY_GRYPE,REPOSITORY_OSV_SCANNER,REPOSITORY_SECRETLINT,REPOSITORY_SYFT,REPOSITORY_TRIVY_SBOM,REPOSITORY_TRUFFLEHOG,XML_XMLLINT,YAML_PRETTIER,YAML_YAMLLINT,YAML_V8R

Show us your support by starring ⭐ the repository