Dependency Dashboard

[renovate[bot]]

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• [ ] Update github/codeql-action action to v3.26.6
• [ ] Update actions/upload-artifact action to v4.4.0
• [ ] Update step-security/harden-runner action to v2.10.1
• [ ] Click on this checkbox to rebase all open PRs at once

Detected dependencies

github-actions

.github/workflows/dependency-review.yml

- `step-security/harden-runner v2.9.1@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `actions/dependency-review-action v4.3.4@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c`

.github/workflows/scorecards.yml

- `step-security/harden-runner v2.9.1@5c7944e73c4c2a096b17a9cb74d65b6c2bbafbde` - `actions/checkout v4.1.7@692973e3d937129bcbf40652eb9f2f61becf3332` - `ossf/scorecard-action v2.4.0@62b2cac7ed8198b15735ed49ab1e5cf35480ba46` - `actions/upload-artifact v4.3.6@834a144ee995460fba8ed112a2fc961b36a5ec5a` - `github/codeql-action v3.26.5@2c779ab0d087cd7fe7b826087247c2c81f27bfa6`

---

• [ ] Check this box to trigger a request for Renovate to run again on this repository

[secure-code-warrior-for-github[bot]]

Micro-Learning Topic: Cross-site scripting (Detected by phrase)

Matched on "xss"

What is this? (2min video)

Cross-site scripting vulnerabilities occur when unescaped input is rendered into a page displayed to the user. When HTML or script is included in the input, it will be processed by a user's browser as HTML or script and can alter the appearance of the page or execute malicious scripts in their user context.

Try a challenge in Secure Code Warrior

Helpful references

• Prevent Cross-Site Scripting (XSS) in ASP.NET Core - A detailed Microsoft article on how to prevent cross-site scripting in ASP.NET Core.
• OWASP Cross Site Scripting (XSS) Software Attack - OWASP community page with comprehensive information about cross site scripting, and links to various OWASP resources to help detect or prevent it.
• OWASP Cross Site Scripting Prevention Cheat Sheet - This article provides a simple positive model for preventing XSS using output encoding properly.