Skip to content

Sync/upstream 20260717#10

Merged
gadeynebram merged 29 commits into
mainfrom
sync/upstream-20260717
Jul 17, 2026
Merged

Sync/upstream 20260717#10
gadeynebram merged 29 commits into
mainfrom
sync/upstream-20260717

Conversation

@gadeynebram

Copy link
Copy Markdown
Owner

Summary

Merge upstream main into fork sync branch sync/upstream-20260717.

Preconditions

  • Upstream impact audit gate: READY_FOR_SYNC_BRANCH_MERGE
  • Explicit merge confirmation received
  • Direct merge to main not used

Merge Result

  • Merge commit: d6cc77b
  • Status: clean merge (no conflicts)
  • Files changed: 21
  • Diff stats: +3761 / -2500

Focus Capability Validation

Pending manual verification for:

  • wit_get_work_item
  • wit_work_item_write_create
  • wit_add_work_item_comment
  • wit_update_work_item_comment
  • repo_create_branch
  • wit_add_artifact_link
  • repo_create_pull_request

Notes

  • Upstream included substantial changes in src/tools/* and tests.
  • No destructive git operations were used.

dependabot Bot and others added 29 commits June 15, 2026 12:53
Bumps [prettier](https://github.com/prettier/prettier) from 3.8.3 to
3.8.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/prettier/prettier/releases">prettier's
releases</a>.</em></p>
<blockquote>
<h2>3.8.4</h2>
<ul>
<li>Markdown: Fix blank lines between list items and nested sub-lists
being removed in Markdown/MDX (<a
href="https://redirect.github.com/prettier/prettier/pull/17746">prettier/prettier#17746</a>
by <a
href="https://github.com/byplayer"><code>@​byplayer</code></a>)</li>
</ul>
<p>🔗 <a
href="https://github.com/prettier/prettier/blob/3.8.4/CHANGELOG.md#384">Changelog</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/prettier/prettier/blob/main/CHANGELOG.md">prettier's
changelog</a>.</em></p>
<blockquote>
<h1>3.8.4</h1>
<p><a
href="https://github.com/prettier/prettier/compare/3.8.3...3.8.4">diff</a></p>
<h4>Markdown: Fix blank lines between list items and nested sub-lists
being removed in Markdown/MDX (<a
href="https://redirect.github.com/prettier/prettier/pull/17746">#17746</a>
by <a
href="https://github.com/byplayer"><code>@​byplayer</code></a>)</h4>
<p>Prettier was removing blank lines between list items and their nested
sub-lists, converting loose lists into tight lists and changing their
semantic meaning.</p>
<!-- raw HTML omitted -->
<pre lang="markdown"><code>&lt;!-- Input --&gt;
- a
<ul>
<li>
<p>b</p>
</li>
<li>
<p>c</p>
<ul>
<li>d</li>
</ul>
</li>
</ul>
<p>&lt;!-- Prettier 3.8.3 --&gt;</p>
<ul>
<li>a
<ul>
<li>b</li>
</ul>
</li>
<li>c
<ul>
<li>d</li>
</ul>
</li>
</ul>
<p>&lt;!-- Prettier 3.8.4 --&gt;</p>
<ul>
<li>
<p>a</p>
<ul>
<li>b</li>
</ul>
</li>
<li>
<p>c</p>
<ul>
<li>d<br />
</code></pre></li>
</ul>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/prettier/prettier/commit/1c6ba5539141552e0e8e22d401ea620d8fdff468"><code>1c6ba55</code></a>
Release 3.8.4</li>
<li><a
href="https://github.com/prettier/prettier/commit/4a673dc9b59ddf7296bbab9822093d2971da84a8"><code>4a673dc</code></a>
Fix blank lines between list items and nested sub-lists being removed in
Mark...</li>
<li><a
href="https://github.com/prettier/prettier/commit/074aaedbb052a288e89d15eb0a4214de37a08866"><code>074aaed</code></a>
Replace <code>main</code> branch in changelog link with tags (<a
href="https://redirect.github.com/prettier/prettier/issues/19054">#19054</a>)</li>
<li><a
href="https://github.com/prettier/prettier/commit/c22a003ae97917c5043e8685b4fdff0f93e978f9"><code>c22a003</code></a>
Bump Prettier dependency to 3.8.3</li>
<li><a
href="https://github.com/prettier/prettier/commit/07bad1f04536e9799927007baf466e67151576f0"><code>07bad1f</code></a>
Clean changelog_unreleased</li>
<li>See full diff in <a
href="https://github.com/prettier/prettier/compare/3.8.3...3.8.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=prettier&package-manager=npm_and_yarn&previous-version=3.8.3&new-version=3.8.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ft#1362)

Bumps
[typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint)
from 8.61.0 to 8.61.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/typescript-eslint/typescript-eslint/releases">typescript-eslint's
releases</a>.</em></p>
<blockquote>
<h2>v8.61.1</h2>
<h2>8.61.1 (2026-06-15)</h2>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>eslint-plugin:</strong> [consistent-indexed-object-style] do
not remove comments when fixing (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12396">#12396</a>,
<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/issues/10577">#10577</a>)</li>
<li><strong>eslint-plugin:</strong> [no-unnecessary-type-assertion]
avoid false positive for template literal expressions (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12281">#12281</a>)</li>
<li><strong>eslint-plugin:</strong> [no-unnecessary-type-assertion] wrap
object literal in parens when removing TSTypeAssertion in arrow body (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12394">#12394</a>,
<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/issues/12393">#12393</a>)</li>
<li><strong>eslint-plugin:</strong>
[no-unnecessary-boolean-literal-compare] fix precedence bug in autofix
(<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12413">#12413</a>)</li>
<li><strong>eslint-plugin:</strong> [no-unnecessary-template-expression]
respect ECMAScript line terminators (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12388">#12388</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>Anas <a
href="https://github.com/anasm266"><code>@​anasm266</code></a></li>
<li>Deftera <a
href="https://github.com/Deftera186"><code>@​Deftera186</code></a></li>
<li>Kirk Waiblinger <a
href="https://github.com/kirkwaiblinger"><code>@​kirkwaiblinger</code></a></li>
<li>lumir</li>
<li>Sarath Francis <a
href="https://github.com/sarathfrancis90"><code>@​sarathfrancis90</code></a></li>
</ul>
<p>See <a
href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.61.1">GitHub
Releases</a> for more information.</p>
<p>You can read about our <a
href="https://typescript-eslint.io/users/versioning">versioning
strategy</a> and <a
href="https://typescript-eslint.io/users/releases">releases</a> on our
website.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md">typescript-eslint's
changelog</a>.</em></p>
<blockquote>
<h2>8.61.1 (2026-06-15)</h2>
<p>This was a version bump only for typescript-eslint to align it with
other projects, there were no code changes.</p>
<p>See <a
href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.61.1">GitHub
Releases</a> for more information.</p>
<p>You can read about our <a
href="https://typescript-eslint.io/users/versioning">versioning
strategy</a> and <a
href="https://typescript-eslint.io/users/releases">releases</a> on our
website.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/typescript-eslint/typescript-eslint/commit/aaad7187b529c4b6ff8088ffd7e948c69c2763b6"><code>aaad718</code></a>
chore(release): publish 8.61.1</li>
<li>See full diff in <a
href="https://github.com/typescript-eslint/typescript-eslint/commits/v8.61.1/packages/typescript-eslint">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typescript-eslint&package-manager=npm_and_yarn&previous-version=8.61.0&new-version=8.61.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [hono](https://github.com/honojs/hono) from 4.12.23 to 4.12.25.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/honojs/hono/releases">hono's
releases</a>.</em></p>
<blockquote>
<h2>v4.12.25</h2>
<h2>Security fixes</h2>
<p>This release includes fixes for the following security issues:</p>
<h3>CORS Middleware reflects any Origin with credentials when
<code>origin</code> defaults to the wildcard</h3>
<p>Affects: <code>hono/cors</code>. Fixes the wildcard origin reflecting
the request <code>Origin</code> and sending
<code>Access-Control-Allow-Credentials: true</code> when
<code>credentials: true</code> is set without an explicit
<code>origin</code>, where any site a logged-in user visited could make
credentialed cross-origin requests and read responses from
cookie-authenticated endpoints. GHSA-88fw-hqm2-52qc</p>
<h3>Body Limit Middleware can be bypassed on AWS Lambda by understating
<code>Content-Length</code></h3>
<p>Affects: <code>hono/body-limit</code> on AWS Lambda
(<code>hono/aws-lambda</code>, <code>hono/lambda-edge</code>). Fixes the
request being built with the client-declared <code>Content-Length</code>
while the body is delivered fully buffered, where a client could declare
a small <code>Content-Length</code> with a much larger body and slip
past the configured size limit. GHSA-rv63-4mwf-qqc2</p>
<h3>Path traversal in <code>serve-static</code> on Windows via encoded
backslash (<code>%5C</code>)</h3>
<p>Affects: <code>serveStatic</code> on Windows (Node, Bun, Deno
adapters). Fixes the path guard allowing a lone backslash, where an
encoded backslash (<code>%5C</code>) decoded to <code>\</code> was
treated as a separator by the Windows path resolver, letting a single
URL segment escape into a middleware-guarded subtree.
GHSA-wwfh-h76j-fc44</p>
<h3>AWS Lambda adapter merges multiple <code>Set-Cookie</code> headers
into one value, dropping cookies on ALB single-header and Lattice</h3>
<p>Affects: <code>hono/aws-lambda</code>. Fixes multiple
<code>Set-Cookie</code> response headers being joined into one
comma-separated value for ALB single-header responses and VPC Lattice
v2, where the value could not be split back into individual cookies and
clients silently dropped or misparsed them. GHSA-j6c9-x7qj-28xf</p>
<h3>Lambda@Edge adapter keeps only the last value of a repeated request
header, dropping the rest</h3>
<p>Affects: <code>hono/lambda-edge</code>. Fixes repeated request
headers being written with overwrite instead of append, where only the
last value of a header such as <code>X-Forwarded-For</code> reached the
application and the remaining values were silently dropped.
GHSA-wgpf-jwqj-8h8p</p>
<h2>v4.12.24</h2>
<h2>What's Changed</h2>
<ul>
<li>docs(contribution): simplifyAI Usage Policy by <a
href="https://github.com/yusukebe"><code>@​yusukebe</code></a> in <a
href="https://redirect.github.com/honojs/hono/pull/4972">honojs/hono#4972</a></li>
<li>chore: remove <code>@​types/glob</code> by <a
href="https://github.com/rtritto"><code>@​rtritto</code></a> in <a
href="https://redirect.github.com/honojs/hono/pull/4978">honojs/hono#4978</a></li>
<li>fix(bearer-auth): mention verifyToken in missing-options error
message by <a
href="https://github.com/tan7vir"><code>@​tan7vir</code></a> in <a
href="https://redirect.github.com/honojs/hono/pull/4987">honojs/hono#4987</a></li>
<li>refactor(language): Test/improve tests on languages middleware by <a
href="https://github.com/iNeoO"><code>@​iNeoO</code></a> in <a
href="https://redirect.github.com/honojs/hono/pull/4980">honojs/hono#4980</a></li>
<li>fix(utils/ipaddr): expand &quot;::&quot; to eight zero groups by <a
href="https://github.com/youcefzemmar"><code>@​youcefzemmar</code></a>
in <a
href="https://redirect.github.com/honojs/hono/pull/4973">honojs/hono#4973</a></li>
<li>fix: clean up config files trailing comma, stale excludes,
typesVersions gaps, jsr paths by <a
href="https://github.com/Mohammad-Faiz-Cloud-Engineer"><code>@​Mohammad-Faiz-Cloud-Engineer</code></a>
in <a
href="https://redirect.github.com/honojs/hono/pull/4982">honojs/hono#4982</a></li>
<li>refactor(timing): Test/add test for middleware timing by <a
href="https://github.com/iNeoO"><code>@​iNeoO</code></a> in <a
href="https://redirect.github.com/honojs/hono/pull/4991">honojs/hono#4991</a></li>
<li>fix(utils/ipaddr): render the unspecified address binary as
&quot;::&quot; by <a
href="https://github.com/sarathfrancis90"><code>@​sarathfrancis90</code></a>
in <a
href="https://redirect.github.com/honojs/hono/pull/4998">honojs/hono#4998</a></li>
</ul>
<p><strong>Full Changelog</strong>: <a
href="https://github.com/honojs/hono/compare/v4.12.23...v4.12.24">https://github.com/honojs/hono/compare/v4.12.23...v4.12.24</a></p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/honojs/hono/commit/fce483e11466b72d27e61d44523c7e6edeb19e50"><code>fce483e</code></a>
4.12.25</li>
<li><a
href="https://github.com/honojs/hono/commit/751ba41ba26dff20351a13964c07627ddcf382b6"><code>751ba41</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/honojs/hono/commit/f0b094db8474696344d98e5665a4ac2a6d5f346e"><code>f0b094d</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/honojs/hono/commit/fa5f9bfcc25d65e08af85211cc2e5ecd0e0ea24b"><code>fa5f9bf</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/honojs/hono/commit/3892a6c2b54f974505de41013fcac88a71908e3d"><code>3892a6c</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/honojs/hono/commit/74c2cf8ef4f5cc29a876380df1ba230ff7128b3f"><code>74c2cf8</code></a>
test(aws-lambda): update integration tests (<a
href="https://redirect.github.com/honojs/hono/issues/5012">#5012</a>)</li>
<li><a
href="https://github.com/honojs/hono/commit/7ae7cbae5d0ed8a40e8b9cc353e13175b9d7e3e1"><code>7ae7cba</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/honojs/hono/commit/1b1384815485f9d6590c6966e23a06fd07166cb7"><code>1b13848</code></a>
chore(ci): bump codecov-action to v7.0.0 (<a
href="https://redirect.github.com/honojs/hono/issues/5011">#5011</a>)</li>
<li><a
href="https://github.com/honojs/hono/commit/5fdde5ab5a7d7c89eba4d1ceab76f4a7c011cd3b"><code>5fdde5a</code></a>
4.12.24</li>
<li><a
href="https://github.com/honojs/hono/commit/c78932d745cdf6284ae131a156479ac930da0262"><code>c78932d</code></a>
fix(utils/ipaddr): render the unspecified address binary as
&quot;::&quot; (<a
href="https://redirect.github.com/honojs/hono/issues/4998">#4998</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/honojs/hono/compare/v4.12.23...v4.12.25">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=hono&package-manager=npm_and_yarn&previous-version=4.12.23&new-version=4.12.25)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)
You can disable automated security fix PRs for this repo from the
[Security Alerts
page](https://github.com/microsoft/azure-devops-mcp/network/alerts).

</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…1367)

Bumps
[@azure/msal-node](https://github.com/AzureAD/microsoft-authentication-library-for-js)
from 5.2.4 to 5.2.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/releases">@​azure/msal-node's
releases</a>.</em></p>
<blockquote>
<h2><code>@​azure/msal-angular</code> v5.2.5</h2>
<h2>5.2.5</h2>
<p>Tue, 19 May 2026 19:29:14 GMT</p>
<h3>Patches</h3>
<ul>
<li>Bump <code>@​azure/msal-browser</code> to v5.11.0 (beachball)</li>
</ul>
<h2><code>@​azure/msal-node-extensions</code> v5.2.5</h2>
<h2>5.2.5</h2>
<p>Tue, 16 Jun 2026 19:46:35 GMT</p>
<h3>Patches</h3>
<ul>
<li>Bump <code>@​azure/msal-common</code> to v16.9.0 (beachball)</li>
</ul>
<h2><code>@​azure/msal-node</code> v5.2.5</h2>
<h2>5.2.5</h2>
<p>Tue, 16 Jun 2026 19:46:35 GMT</p>
<h3>Patches</h3>
<ul>
<li>Bump <code>@​azure/msal-common</code> to v16.9.0 (beachball)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/50542635cb0ddf6f9544114e3aed8495beb0320c"><code>5054263</code></a>
Add Federated Managed Identity (FMI) and User Federated Identity
Credential (...</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/5fbb1e5e2ecbe3a54d60db17640c2f67220bbe6c"><code>5fbb1e5</code></a>
Upgrade dependencies (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8630">#8630</a>)</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/e63bd1abc20ee54fbe391a8b2675089fcc7b94d3"><code>e63bd1a</code></a>
Enforce API Extractor error/none policy and tag internal APIs (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8653">#8653</a>)</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/f34361b77b4f0e22e09eb18c60a9ea82517288b6"><code>f34361b</code></a>
Add package metadata to loggers and fix SKU name (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8647">#8647</a>)</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/54ade28bb2230672bb28f309bee26f55008983da"><code>54ade28</code></a>
Enhance logging functionality by injecting runtime variables into
decoded mes...</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/06f9257cf7646609e6d7edcf165d2cc915d96519"><code>06f9257</code></a>
Initialize <code>BrowserCacheManager</code> in
<code>loadExternalTokens</code> for localStorage-bac...</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/1953a6fcf18150f411e05953a0a4da8147f6c5a3"><code>1953a6f</code></a>
Update E2E testing sample and loadExternalTokens documentation (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8639">#8639</a>)</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/2f340634727fba8240fe64ea7b9b50dcd8f10ac3"><code>2f34063</code></a>
Post-release PR (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8640">#8640</a>)</li>
<li>See full diff in <a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/compare/msal-node-v5.2.4...msal-node-v5.2.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@azure/msal-node&package-manager=npm_and_yarn&previous-version=5.2.4&new-version=5.2.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
## Summary
The `wiki_get_page_content` tool accepts a full wiki page URL and
previously used only the project/wiki path segments while **ignoring the
organization** in the URL, silently issuing the request against the
configured org. A URL pointing at a different organization would
therefore return content from the configured org instead of erroring — a
cross-organization boundary violation

## Changes
- Add `getOrgFromUrl` helper in `src/utils.ts` that extracts the org
from recognized Azure DevOps hosts only:
  - `https://dev.azure.com/{org}/...` -> first path segment
  - `https://{org}.visualstudio.com/...` -> host subdomain
  - any other host returns `null` (treated as a boundary violation)
  - result is normalized to lowercase for case-insensitive comparison
- In `wiki_get_page_content`, reject any user-supplied URL whose org
does not match the connected org (`connection.serverUrl`), returning an
`isError` result without issuing the request.
- Tests: unit tests for `getOrgFromUrl` (incl. non-ADO hosts, casing)
and cross-org rejection tests for the wiki tool; updated existing
same-org fixtures.

## Scope / risk
The other wiki tools (`get_wiki`, `list_wikis`, `list_pages`, `get_page`
metadata, `create_or_update_page`) build their URLs from
`connection.serverUrl` and take only `wikiIdentifier`/`project`/`path`
as input, so they cannot be redirected to another org and are
unaffected.

## Validation
- `npm run build` ✅
- Full test suite: 974 passing (148 in the touched utils + wiki suites)
✅
- `npm run eslint` ✅

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
…1370)

This pull request updates the way comments are created in pull request
threads by explicitly setting the `commentType` field to `1` when
creating comments and threads. This ensures that comments are
consistently recognized as standard comments by the API. Related tests
have also been updated to verify the new behavior.

**API integration updates:**

* Added `commentType: 1` to the payload when creating comments with
`gitApi.createComment` in `src/tools/repositories.ts`, ensuring the
comment type is explicitly set.
* Added `commentType: 1` to each comment in the payload when creating
threads with `gitApi.createThread` in `src/tools/repositories.ts`.

**Test updates:**

* Updated all relevant tests in `test/src/tools/repositories.test.ts` to
expect `commentType: 1` in the payloads for both `createComment` and
`createThread` calls, ensuring tests accurately reflect the new API
usage.
[[1]](diffhunk://#diff-ab08119c40bb674907f4cd70e8c549daaf3bcd559398b0f2eddb463bf8eb160aL5434-R5434)
[[2]](diffhunk://#diff-ab08119c40bb674907f4cd70e8c549daaf3bcd559398b0f2eddb463bf8eb160aL5505-R5505)
[[3]](diffhunk://#diff-ab08119c40bb674907f4cd70e8c549daaf3bcd559398b0f2eddb463bf8eb160aL5542-R5542)
[[4]](diffhunk://#diff-ab08119c40bb674907f4cd70e8c549daaf3bcd559398b0f2eddb463bf8eb160aL5579-R5579)
[[5]](diffhunk://#diff-ab08119c40bb674907f4cd70e8c549daaf3bcd559398b0f2eddb463bf8eb160aL5614-R5614)
[[6]](diffhunk://#diff-ab08119c40bb674907f4cd70e8c549daaf3bcd559398b0f2eddb463bf8eb160aL7048-R7048)
[[7]](diffhunk://#diff-ab08119c40bb674907f4cd70e8c549daaf3bcd559398b0f2eddb463bf8eb160aL7089-R7089)

## GitHub issue number
microsoft#1368

## **Associated Risks**

N/A

## ✅ **PR Checklist**

- [x] **I have read the [contribution
guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md)**
- [x] **I have read the [code of conduct
guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CODE_OF_CONDUCT.md)**
- [x] Title of the pull request is clear and informative.
- [x] 👌 Code hygiene
- [x] 🔭 Telemetry added, updated, or N/A
- [x] 📄 Documentation added, updated, or N/A
- [x] 🛡️ Automated tests added, or N/A

## 🧪 **How did you test it?**

updated automated tests, all are passing
…ft#1379)

Bumps
[typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint)
from 8.61.1 to 8.62.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/typescript-eslint/typescript-eslint/releases">typescript-eslint's
releases</a>.</em></p>
<blockquote>
<h2>v8.62.0</h2>
<h2>8.62.0 (2026-06-22)</h2>
<h3>🚀 Features</h3>
<ul>
<li>remove redundant package.json &quot;files&quot; (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12444">#12444</a>)</li>
</ul>
<h3>🩹 Fixes</h3>
<ul>
<li>add &quot;files&quot; to rule-schema-to-typescript-types (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12441">#12441</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>Kirk Waiblinger <a
href="https://github.com/kirkwaiblinger"><code>@​kirkwaiblinger</code></a></li>
</ul>
<p>See <a
href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.62.0">GitHub
Releases</a> for more information.</p>
<p>You can read about our <a
href="https://typescript-eslint.io/users/versioning">versioning
strategy</a> and <a
href="https://typescript-eslint.io/users/releases">releases</a> on our
website.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md">typescript-eslint's
changelog</a>.</em></p>
<blockquote>
<h2>8.62.0 (2026-06-22)</h2>
<h3>🚀 Features</h3>
<ul>
<li>remove redundant package.json &quot;files&quot; (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12444">#12444</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>Kirk Waiblinger <a
href="https://github.com/kirkwaiblinger"><code>@​kirkwaiblinger</code></a></li>
</ul>
<p>See <a
href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.62.0">GitHub
Releases</a> for more information.</p>
<p>You can read about our <a
href="https://typescript-eslint.io/users/versioning">versioning
strategy</a> and <a
href="https://typescript-eslint.io/users/releases">releases</a> on our
website.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/typescript-eslint/typescript-eslint/commit/54e285728e5d8cb83fadb8041189f0c3b4ab436a"><code>54e2857</code></a>
chore(release): publish 8.62.0</li>
<li><a
href="https://github.com/typescript-eslint/typescript-eslint/commit/81e4c2654c3f4d923766a888691add2c45b5d64a"><code>81e4c26</code></a>
feat: remove redundant package.json &quot;files&quot; (<a
href="https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint/issues/12444">#12444</a>)</li>
<li>See full diff in <a
href="https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.0/packages/typescript-eslint">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typescript-eslint&package-manager=npm_and_yarn&previous-version=8.61.1&new-version=8.62.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [lint-staged](https://github.com/lint-staged/lint-staged) from
17.0.7 to 17.0.8.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/lint-staged/lint-staged/releases">lint-staged's
releases</a>.</em></p>
<blockquote>
<h2>v17.0.8</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1809">#1809</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/179b4372b2528f6fa66f927337d238711694d0e0"><code>179b437</code></a>
- Fix <em>lint-staged</em> discarding the ongoing merge conflict status
(<code>.git/MERGE_HEAD</code>) when using the
<code>--hide-unstaged</code> or <code>--hide-all</code> options.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1811">#1811</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/3d0b2c0709a2a39aa7b134e3741fed21250d808e"><code>3d0b2c0</code></a>
- Fix issues with Git commands that are successful but also emit
warnings to <code>stderr</code>, by ignoring the <code>stderr</code>
output completely when the process exits with code 0. This was the
behavior when using <code>nano-spawn</code> and <code>execa</code>, but
when switching to <code>tinyexec</code> in 16.3.0 both
<code>stdout</code> and <code>stderr</code> were used as interleaved
output.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/lint-staged/lint-staged/blob/main/CHANGELOG.md">lint-staged's
changelog</a>.</em></p>
<blockquote>
<h2>17.0.8</h2>
<h3>Patch Changes</h3>
<ul>
<li>
<p><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1809">#1809</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/179b4372b2528f6fa66f927337d238711694d0e0"><code>179b437</code></a>
- Fix <em>lint-staged</em> discarding the ongoing merge conflict status
(<code>.git/MERGE_HEAD</code>) when using the
<code>--hide-unstaged</code> or <code>--hide-all</code> options.</p>
</li>
<li>
<p><a
href="https://redirect.github.com/lint-staged/lint-staged/pull/1811">#1811</a>
<a
href="https://github.com/lint-staged/lint-staged/commit/3d0b2c0709a2a39aa7b134e3741fed21250d808e"><code>3d0b2c0</code></a>
- Fix issues with Git commands that are successful but also emit
warnings to <code>stderr</code>, by ignoring the <code>stderr</code>
output completely when the process exits with code 0. This was the
behavior when using <code>nano-spawn</code> and <code>execa</code>, but
when switching to <code>tinyexec</code> in 16.3.0 both
<code>stdout</code> and <code>stderr</code> were used as interleaved
output.</p>
</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/5f3b8f28e895972bd5a2cdba733327b49859b91f"><code>5f3b8f2</code></a>
Merge pull request <a
href="https://redirect.github.com/lint-staged/lint-staged/issues/1812">#1812</a>
from lint-staged/changeset-release/main</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/43a9b8d759443d3c313514b8a54af37108b19ac5"><code>43a9b8d</code></a>
chore(changeset): release</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/630e2f60abc9e3964cf62f3f833594a19cdaf3cd"><code>630e2f6</code></a>
Merge pull request <a
href="https://redirect.github.com/lint-staged/lint-staged/issues/1809">#1809</a>
from lint-staged/restore-merge-status</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/179b4372b2528f6fa66f927337d238711694d0e0"><code>179b437</code></a>
fix: restore Git merge status after creating backup stash</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/6bae2e2aac7fd2981cf0b24e266631191760186c"><code>6bae2e2</code></a>
Merge pull request <a
href="https://redirect.github.com/lint-staged/lint-staged/issues/1811">#1811</a>
from lint-staged/exec-git-ignore-stderr</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/b82a83099ddef36fccc26937761f184dfbe7c370"><code>b82a830</code></a>
ci: run npm audit omitting dev, including prod dependencies</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/0b19b80233efc83b8e7c6df3f117d87fe760752c"><code>0b19b80</code></a>
build(deps): update dependencies</li>
<li><a
href="https://github.com/lint-staged/lint-staged/commit/3d0b2c0709a2a39aa7b134e3741fed21250d808e"><code>3d0b2c0</code></a>
fix: ignore stderr when doing Git operations</li>
<li>See full diff in <a
href="https://github.com/lint-staged/lint-staged/compare/v17.0.7...v17.0.8">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=lint-staged&package-manager=npm_and_yarn&previous-version=17.0.7&new-version=17.0.8)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dan Hellem <dahellem@microsoft.com>
Update version for 2.8.0 release
…1382)

Bumps
[@azure/msal-node](https://github.com/AzureAD/microsoft-authentication-library-for-js)
from 5.2.5 to 5.3.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/releases">@​azure/msal-node's
releases</a>.</em></p>
<blockquote>
<h2><code>@​azure/msal-react</code> v5.3.0</h2>
<h2>5.3.0</h2>
<p>Thu, 16 Apr 2026 22:44:53 GMT</p>
<h3>Minor changes</h3>
<ul>
<li>Bump <code>@​azure/msal-browser</code> to v5.7.0 (beachball)</li>
</ul>
<h3>Patches</h3>
<ul>
<li>Fix MsalAuthenticationTemplate passing in undefined SsoSilentRequest
<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/pull/8520">#8520</a>
(<a
href="mailto:lalimasharda@microsoft.com">lalimasharda@microsoft.com</a>)</li>
</ul>
<h2><code>@​azure/msal-angular</code> v5.3.0</h2>
<h2>5.3.0</h2>
<p>Tue, 23 Jun 2026 22:19:29 GMT</p>
<h3>Minor changes</h3>
<ul>
<li>Pass correlationId to errors to match the updated msal-browser error
signature <a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/pull/8609">#8609</a>
(<a
href="mailto:sameera.gajjarapu@microsoft.com">sameera.gajjarapu@microsoft.com</a>)</li>
<li>Bump <code>@​azure/msal-browser</code> to v5.15.0 (beachball)</li>
</ul>
<h2><code>@​azure/msal-node-extensions</code> v5.3.0</h2>
<h2>5.3.0</h2>
<p>Tue, 23 Jun 2026 22:19:30 GMT</p>
<h3>Minor changes</h3>
<ul>
<li>Match the updated msal-common error signatures <a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/pull/8609">#8609</a>
(<a
href="mailto:sameera.gajjarapu@microsoft.com">sameera.gajjarapu@microsoft.com</a>)</li>
<li>Bump <code>@​azure/msal-common</code> to v16.10.0 (beachball)</li>
</ul>
<h2><code>@​azure/msal-node</code> v5.3.0</h2>
<h2>5.3.0</h2>
<p>Tue, 23 Jun 2026 22:19:30 GMT</p>
<h3>Minor changes</h3>
<ul>
<li>Add Federated Managed Identity (FMI) and User Federated Identity
Credential (user_fic) grant type support. Also fixes a long-standing bug
where the tokenEndpoint field on ClientAssertionConfig was incorrectly
populated with resourceRequestUri during client-credential flows; it now
correctly contains the AAD token endpoint. <a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/pull/8614">#8614</a>
(<a href="mailto:avdunn@microsoft.com">avdunn@microsoft.com</a>)</li>
<li>Make correlationId a required parameter on NodeAuthError and
ManagedIdentityError, <a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/pull/8609">#8609</a>
(<a
href="mailto:sameera.gajjarapu@microsoft.com">sameera.gajjarapu@microsoft.com</a>)</li>
<li>Bump <code>@​azure/msal-common</code> to v16.10.0 (beachball)</li>
</ul>
<h2><code>@​azure/msal-angular</code> v5.2.8</h2>
<h2>5.2.8</h2>
<p>Tue, 16 Jun 2026 19:46:36 GMT</p>
<h3>Patches</h3>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/f8cf6a4a53416945a15981b8bcee57d7e31b6aed"><code>f8cf6a4</code></a>
feat: add default idToken claims (signin_state, login_hint) and kmsi on
Accou...</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/906f4d887f1ec592a546ccbe01a46937c44d0f62"><code>906f4d8</code></a>
Migrate region discovery to IMDS /compute JSON endpoint (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8660">#8660</a>)</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/6d53ace26af88554bb7fa862b72c58594e67ec73"><code>6d53ace</code></a>
Deprecate the max_age request parameter and stop validating tokens (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8664">#8664</a>)</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/27c074b67bfb808738785b78b1fa68a4b2ed17bb"><code>27c074b</code></a>
[correlationId] Make correlationId a required parameter on AuthError
construc...</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/e5eb6fdd21721d43ea68057a11347700be1aee9c"><code>e5eb6fd</code></a>
Add Native Account Id to TenantProfile (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8649">#8649</a>)</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/f06838b72c39b8ce635baf2ec8f370bafe9e04bb"><code>f06838b</code></a>
Post-release PR (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8657">#8657</a>)</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/994150124684ac71e75b7dd190179307cc88986a"><code>9941501</code></a>
docs: warn that events should not be used for telemetry (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8641">#8641</a>)</li>
<li>See full diff in <a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/compare/msal-node-v5.2.5...msal-node-v5.3.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@azure/msal-node&package-manager=npm_and_yarn&previous-version=5.2.5&new-version=5.3.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dan Hellem <dahellem@microsoft.com>
Bumps [prettier](https://github.com/prettier/prettier) from 3.8.4 to
3.9.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/prettier/prettier/releases">prettier's
releases</a>.</em></p>
<blockquote>
<h2>3.9.4</h2>
<ul>
<li>Angular: Format <code>@content(name)</code> -&gt; <code>@content
(name)</code> to align with other block syntax (<a
href="https://redirect.github.com/prettier/prettier/pull/19499">#19499</a>
by <a href="https://github.com/fisker"><code>@​fisker</code></a>)</li>
</ul>
<p>🔗 <a
href="https://github.com/prettier/prettier/blob/3.9.4/CHANGELOG.md#394">Changelog</a></p>
<h2>3.9.3</h2>
<ul>
<li>Markdown: Fix unexpected removal of characters in liquid syntax (<a
href="https://redirect.github.com/prettier/prettier/pull/19489">prettier/prettier#19489</a>
by <a href="https://github.com/seiyab"><code>@​seiyab</code></a>)</li>
<li>TypeScript: Allow decorators to be used with declare on class fields
(<a
href="https://redirect.github.com/prettier/prettier/pull/19492">prettier/prettier#19492</a>
by <a
href="https://github.com/evoactivity"><code>@​evoactivity</code></a>)</li>
</ul>
<p>🔗 <a
href="https://github.com/prettier/prettier/blob/3.9.3/CHANGELOG.md#393">Changelog</a></p>
<h2>3.9.1</h2>
<ul>
<li>CLI: Fix ignored file has been cached incorrectly (<a
href="https://redirect.github.com/prettier/prettier/pull/19483">#19483</a>
by <a href="https://github.com/kovsu"><code>@​kovsu</code></a>)</li>
</ul>
<p>🔗 <a
href="https://github.com/prettier/prettier/blob/3.9.1/CHANGELOG.md#391">Changelog</a></p>
<h2>3.9.0</h2>
<p><a
href="https://github.com/prettier/prettier/compare/3.8.5...3.9.0">diff</a></p>
<p>🔗 <a href="https://prettier.io/blog/2026/06/27/3.9.0">Prettier 3.9:
Major parser upgrades and Formatting improvements</a></p>
<h2>3.8.5</h2>
<ul>
<li>Fix Flow variance annotation print (<a
href="https://redirect.github.com/prettier/prettier/pull/19022">#19022</a>
by <a
href="https://github.com/marcoww6"><code>@​marcoww6</code></a>)</li>
</ul>
<p>🔗 <a
href="https://github.com/prettier/prettier/blob/3.8.5/CHANGELOG.md#385">Changelog</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/prettier/prettier/blob/main/CHANGELOG.md">prettier's
changelog</a>.</em></p>
<blockquote>
<h1>3.9.4</h1>
<p><a
href="https://github.com/prettier/prettier/compare/3.9.3...3.9.4">diff</a></p>
<h4>Angular: Format <code>@content(name)</code> -&gt; <code>@content
(name)</code> to align with other block syntax (<a
href="https://redirect.github.com/prettier/prettier/pull/19499">#19499</a>
by <a href="https://github.com/fisker"><code>@​fisker</code></a>)</h4>
<!-- raw HTML omitted -->
<pre lang="html"><code>&lt;!-- Input --&gt;
&lt;FancyButton [label]=&quot;title&quot;&gt;
  @content (icon) {
    &lt;span&gt;Icon!&lt;/span&gt;
  }
  @content (description) {
    &lt;span&gt;Description text&lt;/span&gt;
  }
  &lt;span&gt;Other children&lt;/span&gt;
&lt;/FancyButton&gt;
<p>&lt;!-- Prettier 3.9.3 --&gt;
&lt;FancyButton [label]=&quot;title&quot;&gt;
<a href="https://github.com/content"><code>@​content</code></a>(icon) {
&lt;span&gt;Icon!&lt;/span&gt;
}
<a
href="https://github.com/content"><code>@​content</code></a>(description)
{
&lt;span&gt;Description text&lt;/span&gt;
}
&lt;span&gt;Other children&lt;/span&gt;
&lt;/FancyButton&gt;</p>
<p>&lt;!-- Prettier 3.9.4 --&gt;
&lt;FancyButton [label]=&quot;title&quot;&gt;
<a href="https://github.com/content"><code>@​content</code></a> (icon) {
&lt;span&gt;Icon!&lt;/span&gt;
}
<a href="https://github.com/content"><code>@​content</code></a>
(description) {
&lt;span&gt;Description text&lt;/span&gt;
}
&lt;span&gt;Other children&lt;/span&gt;
&lt;/FancyButton&gt;
</code></pre></p>
<h1>3.9.3</h1>
<p><a
href="https://github.com/prettier/prettier/compare/3.9.1...3.9.3">diff</a></p>
<h4>Markdown: Fix unexpected removal of characters in liquid syntax (<a
href="https://redirect.github.com/prettier/prettier/pull/19489">#19489</a>
by <a href="https://github.com/seiyab"><code>@​seiyab</code></a>)</h4>
<!-- raw HTML omitted -->
<pre lang="md"><code>&lt;/tr&gt;&lt;/table&gt; 
</code></pre>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/prettier/prettier/commit/b693cb22b412b759784bc2298fc86880e351cd3a"><code>b693cb2</code></a>
Release 3.9.4</li>
<li><a
href="https://github.com/prettier/prettier/commit/2e92ac0ee29fb83b7ce32277cb914c2eee192955"><code>2e92ac0</code></a>
Angular: Format <code>@content(name)</code> -&gt; <code>@content
(name)</code> to align with other blo...</li>
<li><a
href="https://github.com/prettier/prettier/commit/abed2c22db3cb61e922b7284c3b6c65424353ac2"><code>abed2c2</code></a>
Bump Prettier dependency to 3.9.3</li>
<li><a
href="https://github.com/prettier/prettier/commit/6cfbc00921de451e918b18bb5ab6b80e80f5cd34"><code>6cfbc00</code></a>
Clean changelog_unreleased</li>
<li><a
href="https://github.com/prettier/prettier/commit/3732e1dee6a36bdb2e77a722d206a79ac7e67aa3"><code>3732e1d</code></a>
Release 3.9.3</li>
<li><a
href="https://github.com/prettier/prettier/commit/a74a7b05dee7fbef39a6aeff378c3741e1a8ee15"><code>a74a7b0</code></a>
Allow decorators to be used with <code>declare</code> on class fields
(<a
href="https://redirect.github.com/prettier/prettier/issues/19492">#19492</a>)</li>
<li><a
href="https://github.com/prettier/prettier/commit/bd9e11ab41e17a4f61f363a981c1ec24d2a4167a"><code>bd9e11a</code></a>
Correct text identification in liquid syntax (<a
href="https://redirect.github.com/prettier/prettier/issues/19489">#19489</a>)</li>
<li><a
href="https://github.com/prettier/prettier/commit/269eee3faa1f82b1de07bb7e4d15e1cee70f80d4"><code>269eee3</code></a>
Bump Prettier dependency to 3.9.1</li>
<li><a
href="https://github.com/prettier/prettier/commit/ec7ccd1ea47c965bda3c958239899737e899603d"><code>ec7ccd1</code></a>
Clean changelog_unreleased</li>
<li><a
href="https://github.com/prettier/prettier/commit/c47654c003fe525572e10d5cc1ea64d7b9c0ee55"><code>c47654c</code></a>
Release 3.9.1</li>
<li>Additional commits viewable in <a
href="https://github.com/prettier/prettier/compare/3.8.4...3.9.4">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=prettier&package-manager=npm_and_yarn&previous-version=3.8.4&new-version=3.9.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…ft#1392)

Bumps
[typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint)
from 8.62.0 to 8.62.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/typescript-eslint/typescript-eslint/releases">typescript-eslint's
releases</a>.</em></p>
<blockquote>
<h2>v8.62.1</h2>
<h2>8.62.1 (2026-06-29)</h2>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>eslint-plugin:</strong> [prefer-optional-chain] use
suggestion instead of autofix for trailing binary operator (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12328">#12328</a>)</li>
<li><strong>eslint-plugin:</strong>
[no-unnecessary-boolean-literal-compare] preserve boolean result in
fixer for nullable true comparisons (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12365">#12365</a>)</li>
<li><strong>eslint-plugin:</strong> [no-unnecessary-type-assertion]
parenthesize object literal at left edge of expression statement (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12443">#12443</a>,
<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/issues/12418">#12418</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>Kirk Waiblinger <a
href="https://github.com/kirkwaiblinger"><code>@​kirkwaiblinger</code></a></li>
<li>mdm317</li>
<li>Patrick Aleite</li>
<li>송재욱</li>
</ul>
<p>See <a
href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.62.1">GitHub
Releases</a> for more information.</p>
<p>You can read about our <a
href="https://typescript-eslint.io/users/versioning">versioning
strategy</a> and <a
href="https://typescript-eslint.io/users/releases">releases</a> on our
website.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md">typescript-eslint's
changelog</a>.</em></p>
<blockquote>
<h2>8.62.1 (2026-06-29)</h2>
<p>This was a version bump only for typescript-eslint to align it with
other projects, there were no code changes.</p>
<p>See <a
href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.62.1">GitHub
Releases</a> for more information.</p>
<p>You can read about our <a
href="https://typescript-eslint.io/users/versioning">versioning
strategy</a> and <a
href="https://typescript-eslint.io/users/releases">releases</a> on our
website.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/typescript-eslint/typescript-eslint/commit/3ea32f4ba5e196c08c6da1095619d7f65ba4905e"><code>3ea32f4</code></a>
chore(release): publish 8.62.1</li>
<li>See full diff in <a
href="https://github.com/typescript-eslint/typescript-eslint/commits/v8.62.1/packages/typescript-eslint">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typescript-eslint&package-manager=npm_and_yarn&previous-version=8.62.0&new-version=8.62.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dan Hellem <dahellem@microsoft.com>
…pabilities of the tool (microsoft#1360)

Migrates the `repo_search_commits` tool from the Git REST API
(`GET _apis/git/repositories/{repo}/commits`) to the Azure DevOps
Search API (`POST
almsearch.dev.azure.com/_apis/search/commitSearchResults`).

## GitHub issue number

Closes microsoft#1327

## **Associated Risks**

None

## ✅ **PR Checklist**

- [X] **I have read the [contribution
guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md)**
- [X] **I have read the [code of conduct
guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CODE_OF_CONDUCT.md)**
- [X] Title of the pull request is clear and informative.
- [X] 👌 Code hygiene
- [ ] 🔭 Telemetry added, updated, or N/A
- [X] 📄 Documentation added, updated, or N/A
- [X] 🛡️ Automated tests added, or N/A

## 🧪 **How did you test it?**
Tested the updated unit tests.

1. Test Suites: 18 passed, 18 total
2. Tests:       987 passed, 987 total

Manually tested the tool.

<img width="1296" height="771" alt="image"
src="https://github.com/user-attachments/assets/7dacebaa-3476-4f0e-9e73-5ca227f4e315"
/>

<img width="1270" height="759" alt="image"
src="https://github.com/user-attachments/assets/10241137-866f-4d75-9c18-1babebbbbca8"
/>

---------

Co-authored-by: Krishna Prasath D <krid@microsoft.com>
…1396)

Bumps
[@azure/msal-node](https://github.com/AzureAD/microsoft-authentication-library-for-js)
from 5.3.0 to 5.3.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/releases">@​azure/msal-node's
releases</a>.</em></p>
<blockquote>
<h2><code>@​azure/msal-react</code> v5.3.1</h2>
<h2>5.3.1</h2>
<p>Tue, 21 Apr 2026 22:41:19 GMT</p>
<h3>Patches</h3>
<ul>
<li>Bump <code>@​azure/msal-browser</code> to v5.8.0 (beachball)</li>
</ul>
<h2><code>@​azure/msal-angular</code> v5.3.1</h2>
<h2>5.3.1</h2>
<p>Tue, 30 Jun 2026 21:04:20 GMT</p>
<h3>Patches</h3>
<ul>
<li>Bump <code>@​azure/msal-browser</code> to v5.16.0 (beachball)</li>
</ul>
<h2><code>@​azure/msal-node-extensions</code> v5.3.1</h2>
<h2>5.3.1</h2>
<p>Tue, 30 Jun 2026 21:04:20 GMT</p>
<h3>Patches</h3>
<ul>
<li>Bump <code>@​azure/msal-common</code> to v16.11.0 (beachball)</li>
</ul>
<h2><code>@​azure/msal-node</code> v5.3.1</h2>
<h2>5.3.1</h2>
<p>Tue, 30 Jun 2026 21:04:20 GMT</p>
<h3>Patches</h3>
<ul>
<li>Bump <code>@​azure/msal-common</code> to v16.11.0 (beachball)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/8bb8acbc03c6bf968b8577e7d9e8b0a9b20ca65f"><code>8bb8acb</code></a>
feat: add previousLibraryVersion to all telemetry events (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8688">#8688</a>)</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/22bc4e36dd2b1a54d8a5ca4dfa86641d7ba54439"><code>22bc4e3</code></a>
Fix: include resource in silent request thumbprint to prevent MCP
cross-resou...</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/abb257a8b7b95b22947864cb2bf007ed70515330"><code>abb257a</code></a>
Post-release PR (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8675">#8675</a>)</li>
<li>See full diff in <a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/compare/msal-node-v5.3.0...msal-node-v5.3.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@azure/msal-node&package-manager=npm_and_yarn&previous-version=5.3.0&new-version=5.3.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dan Hellem <dahellem@microsoft.com>
…ft#1403)

Bumps
[typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint)
from 8.62.1 to 8.63.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/typescript-eslint/typescript-eslint/releases">typescript-eslint's
releases</a>.</em></p>
<blockquote>
<h2>v8.63.0</h2>
<h2>8.63.0 (2026-07-06)</h2>
<h3>🚀 Features</h3>
<ul>
<li><strong>eslint-plugin:</strong> [no-misused-promises] detect async
usage of a sync dispose usage (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12426">#12426</a>)</li>
</ul>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>eslint-plugin:</strong> [method-signature-style] suggest
converting readonly function properties instead of emitting invalid
syntax (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12447">#12447</a>,
<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/issues/12446">#12446</a>)</li>
<li><strong>eslint-plugin:</strong> [no-unnecessary-type-assertion]
handle optional-chained calls to overloaded functions (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12491">#12491</a>,
<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/issues/12485">#12485</a>)</li>
<li><strong>eslint-plugin:</strong> [no-base-to-string] don't flag a
shadowed String() call (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12492">#12492</a>)</li>
<li><strong>scope-manager:</strong> export ClassStaticBlockScope (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12460">#12460</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>Evyatar Daud <a
href="https://github.com/StyleShit"><code>@​StyleShit</code></a></li>
<li>Kristjan <a
href="https://github.com/KristjanTammekivi"><code>@​KristjanTammekivi</code></a></li>
<li>Michael Naumov <a
href="https://github.com/mnaoumov"><code>@​mnaoumov</code></a></li>
<li>Serhii Leniv <a
href="https://github.com/Serhii-Leniv"><code>@​Serhii-Leniv</code></a></li>
<li>송재욱</li>
</ul>
<p>See <a
href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.63.0">GitHub
Releases</a> for more information.</p>
<p>You can read about our <a
href="https://typescript-eslint.io/users/versioning">versioning
strategy</a> and <a
href="https://typescript-eslint.io/users/releases">releases</a> on our
website.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md">typescript-eslint's
changelog</a>.</em></p>
<blockquote>
<h2>8.63.0 (2026-07-06)</h2>
<p>This was a version bump only for typescript-eslint to align it with
other projects, there were no code changes.</p>
<p>See <a
href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.63.0">GitHub
Releases</a> for more information.</p>
<p>You can read about our <a
href="https://typescript-eslint.io/users/versioning">versioning
strategy</a> and <a
href="https://typescript-eslint.io/users/releases">releases</a> on our
website.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/typescript-eslint/typescript-eslint/commit/290cf6cdcc5ffb00c5b8f3e1e0e9f2fd8cc96374"><code>290cf6c</code></a>
chore(release): publish 8.63.0</li>
<li>See full diff in <a
href="https://github.com/typescript-eslint/typescript-eslint/commits/v8.63.0/packages/typescript-eslint">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typescript-eslint&package-manager=npm_and_yarn&previous-version=8.62.1&new-version=8.63.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
….0 (microsoft#1400)

Bumps
[azure-devops-extension-api](https://github.com/Microsoft/azure-devops-extension-api)
from 5.273.0 to 5.274.0.
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/microsoft/azure-devops-extension-api/commit/3fbf94bbcc8dba679b6872dac8ae9d80c68f7475"><code>3fbf94b</code></a>
All files have been added to the repo</li>
<li><a
href="https://github.com/microsoft/azure-devops-extension-api/commit/697b34459a9d88f749633c4f81c57b35d9565725"><code>697b344</code></a>
All files have been added to the repo (<a
href="https://redirect.github.com/Microsoft/azure-devops-extension-api/issues/204">#204</a>)</li>
<li>See full diff in <a
href="https://github.com/Microsoft/azure-devops-extension-api/compare/5.273.0...5.274.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=azure-devops-extension-api&package-manager=npm_and_yarn&previous-version=5.273.0&new-version=5.274.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dan Hellem <dahellem@microsoft.com>
…icrosoft#1402)

This pull request enhances the formatting of test case steps in Azure
DevOps by supporting Markdown-to-HTML conversion and ensuring proper
XML-escaping for safe storage. It introduces a new helper function to
handle the formatting and updates both the implementation and tests to
verify correct behavior for various Markdown features and HTML escaping.

**Formatting and Conversion Enhancements:**

- Added `formatStepContent` function in `src/tools/test-plans.ts` to
convert Markdown markers (bold, italic, inline code, and links) to
corresponding HTML tags, wrap the result in the ADO rich text envelope,
and XML-escape the final string for storage.
- Updated `convertStepsToXml` to use `formatStepContent` for both step
and expected result content, ensuring all step content is consistently
formatted and escaped.

**Testing Improvements:**

- Added comprehensive tests in `test/src/tools/test-plan.test.ts` to
verify that:
  - HTML tags in step content are properly XML-escaped.
  - Markdown bold and italic are converted to XML-escaped HTML.
  - Markdown inline code is converted to XML-escaped `<CODE>` tags.
- Non-whitelisted HTML tags (e.g., `<script>`) are escaped and not
rendered.
  - Markdown links are converted to XML-escaped anchor tags.

## GitHub issue number
microsoft#1399 1398

## **Associated Risks**

N/A

## ✅ **PR Checklist**

- [x] **I have read the [contribution
guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md)**
- [x] **I have read the [code of conduct
guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CODE_OF_CONDUCT.md)**
- [x] Title of the pull request is clear and informative.
- [x] 👌 Code hygiene
- [x] 🔭 Telemetry added, updated, or N/A
- [x] 📄 Documentation added, updated, or N/A
- [x] 🛡️ Automated tests added, or N/A

## 🧪 **How did you test it?**

Updated tests and tested manually with success
…rosoft#1411)

This pull request updates the `formatStepContent` function in
`src/tools/test-plans.ts` to improve the HTML output generated from
Markdown content. The main change is to use standard lowercase HTML tags
instead of uppercase tags for formatting, ensuring better compatibility
and adherence to HTML standards.

Formatting improvements:

* Changed the Markdown-to-HTML conversion to use lowercase tags (`<b>`,
`<i>`, `<u>`, `<code>`, `<a>`) instead of uppercase tags (`<B>`, `<I>`,
`<U>`, `<CODE>`, `<A>`), which aligns with HTML best practices and
improves rendering consistency.

## GitHub issue number
N/A

## **Associated Risks**

None

## ✅ **PR Checklist**

- [x] **I have read the [contribution
guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md)**
- [x] **I have read the [code of conduct
guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CODE_OF_CONDUCT.md)**
- [x] Title of the pull request is clear and informative.
- [x] 👌 Code hygiene
- [x] 🔭 Telemetry added, updated, or N/A
- [x] 📄 Documentation added, updated, or N/A
- [x] 🛡️ Automated tests added, or N/A

## 🧪 **How did you test it?**

manual testing
…icrosoft#1415)

This pull request adds support for linking Azure DevOps work items to
Wiki pages via artifact links. It introduces new parameters for
specifying Wiki page information, handles URI construction for Wiki
links, and updates tests to cover these scenarios.

**Wiki link support:**

* Added new parameters (`wikiId`, `pageId`, `pagePath`) to the
`wit_add_artifact_link` tool for specifying Wiki page information. The
handler now resolves the full Wiki page path from either `pageId` (via
API lookup) or `pagePath`, and constructs the correct `vstfs` URI for
Wiki pages.
[[1]](diffhunk://#diff-ceebe3f2554b2fdf7c02d32394ee2293ac80b4c51ee0f3bd05f5f633ec4d0311R1309-R1322)
[[2]](diffhunk://#diff-ceebe3f2554b2fdf7c02d32394ee2293ac80b4c51ee0f3bd05f5f633ec4d0311R1408-R1451)
* Introduced the helper function `getArtifactLinkAttributeName` to
ensure the attribute name for Wiki links is set to `"Wiki Page"` instead
of just `"Wiki"`.
[[1]](diffhunk://#diff-ceebe3f2554b2fdf7c02d32394ee2293ac80b4c51ee0f3bd05f5f633ec4d0311R72-R80)
[[2]](diffhunk://#diff-ceebe3f2554b2fdf7c02d32394ee2293ac80b4c51ee0f3bd05f5f633ec4d0311L1402-R1469)

**Validation and error handling:**

* Added validation to require `projectId`, `wikiId`, and either
`pagePath` or `pageId` for Wiki links, with clear error messages if any
are missing.

**Testing:**

* Added and updated tests in `work-items.test.ts` to verify Wiki link
creation, including correct URI encoding, attribute naming, and error
handling for missing parameters.

## GitHub issue number
microsoft#1412

## **Associated Risks**

N/A

## ✅ **PR Checklist**

- [x] **I have read the [contribution
guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md)**
- [x] **I have read the [code of conduct
guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CODE_OF_CONDUCT.md)**
- [x] Title of the pull request is clear and informative.
- [x] 👌 Code hygiene
- [x] 🔭 Telemetry added, updated, or N/A
- [x] 📄 Documentation added, updated, or N/A
- [x] 🛡️ Automated tests added, or N/A

## 🧪 **How did you test it?**

manually tested and updated auto tests
…1409)

Bumps
[@azure/msal-node](https://github.com/AzureAD/microsoft-authentication-library-for-js)
from 5.3.1 to 5.4.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/releases">@​azure/msal-node's
releases</a>.</em></p>
<blockquote>
<h2><code>@​azure/msal-react</code> v5.4.0</h2>
<h2>5.4.0</h2>
<p>Thu, 07 May 2026 19:01:04 GMT</p>
<h3>Minor changes</h3>
<ul>
<li>Remove duplicate typings in the build output <a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/pull/8557">#8557</a>
(<a
href="mailto:thomas.norling@microsoft.com">thomas.norling@microsoft.com</a>)</li>
<li>Bump <code>@​azure/msal-browser</code> to v5.10.0 (beachball)</li>
</ul>
<h2><code>@​azure/msal-node</code> v5.4.0</h2>
<h2>5.4.0</h2>
<p>Tue, 07 Jul 2026 22:16:01 GMT</p>
<h3>Minor changes</h3>
<ul>
<li>Add form_post response mode support, preferredPort option, and
deprecate custom loopbackClient <a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/pull/8694">#8694</a>
(<a
href="mailto:joarroyo@microsoft.com">joarroyo@microsoft.com</a>)</li>
<li>Bump <code>@​azure/msal-common</code> to v16.11.1 (beachball)</li>
</ul>
<h2><code>@​azure/msal-react</code> v5.3.2</h2>
<h2>5.3.2</h2>
<p>Tue, 28 Apr 2026 21:30:33 GMT</p>
<h3>Patches</h3>
<ul>
<li>Bump <code>@​azure/msal-browser</code> to v5.9.0 (beachball)</li>
</ul>
<h2><code>@​azure/msal-node-extensions</code> v5.3.2</h2>
<h2>5.3.2</h2>
<p>Tue, 07 Jul 2026 22:16:01 GMT</p>
<h3>Patches</h3>
<ul>
<li>Bump <code>@​azure/msal-common</code> to v16.11.1 (beachball)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/aa48c36402b908a4a7ef36a1b254d73fc66e4b3f"><code>aa48c36</code></a>
msal-angular v6 (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8646">#8646</a>)</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/8faf80d98b949cc98040a66039efddeb4e478cd1"><code>8faf80d</code></a>
Fix decode logs script for the standalone mode (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8697">#8697</a>)</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/63f4ca4cb6b2e7d79e4cc6e5a63838c2cbf2b3e3"><code>63f4ca4</code></a>
feat(msal-node): add form_post response mode support for interactive
auth (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8">#8</a>...</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/20d6e76ef1e6ae9d6d2a981150cbbd0f0903138e"><code>20d6e76</code></a>
Implement nested popup broker for acquiring tokens in untrusted
cross-origin ...</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/2151dd40ace0a50c9def3173e13a52954ccee060"><code>2151dd4</code></a>
Post-release PR (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8692">#8692</a>)</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/995d93c7c662e5f83fc0444a96f8a03faf3d4658"><code>995d93c</code></a>
Remove coop sample (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8691">#8691</a>)</li>
<li>See full diff in <a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/compare/msal-node-v5.3.1...msal-node-v5.4.0">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@azure/msal-node&package-manager=npm_and_yarn&previous-version=5.3.1&new-version=5.4.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dan Hellem <dahellem@microsoft.com>
Bumps [prettier](https://github.com/prettier/prettier) from 3.9.4 to
3.9.5.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/prettier/prettier/releases">prettier's
releases</a>.</em></p>
<blockquote>
<h2>3.9.5</h2>
<p>🔗 <a
href="https://github.com/prettier/prettier/blob/3.9.5/CHANGELOG.md#395">Changelog</a></p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/prettier/prettier/blob/main/CHANGELOG.md">prettier's
changelog</a>.</em></p>
<blockquote>
<h1>3.9.5</h1>
<p><a
href="https://github.com/prettier/prettier/compare/3.9.4...3.9.5">diff</a></p>
<h4>Markdown: Cap ordered list mark at 999,999,999 (<a
href="https://redirect.github.com/prettier/prettier/pull/19351">#19351</a>
by <a href="https://github.com/tats-u"><code>@​tats-u</code></a>)</h4>
<p>CommonMark parsers only support ordered list item numbers up to
999,999,999.</p>
<p>With this change, Prettier now caps the ordered list item number at
999,999,999 to ensure that the output is correctly parsed as an ordered
list by CommonMark parsers. Numbers larger than 999,999,999 are not
parsed as list item numbers and are left unchanged in the output:</p>
<!-- raw HTML omitted -->
<pre lang="markdown"><code>&lt;!-- Input --&gt;
999999998. text
999999998. text
999999998. text
999999998. text
<p>1234567890123456789012) text</p>
<p>&lt;!-- Prettier 3.9.4 --&gt;
999999998. text
999999999. text
1000000000. text
1000000001. text</p>
<p>1234567890123456789012) text</p>
<p>&lt;!-- Prettier 3.9.5 --&gt;
999999998. text
999999999. text
999999999. text
999999999. text</p>
<p>1234567890123456789012) text
</code></pre></p>
<h4>Markdown: Avoid corrupting empty link with title (<a
href="https://redirect.github.com/prettier/prettier/pull/19487">#19487</a>
by <a href="https://github.com/andersk"><code>@​andersk</code></a>)</h4>
<p>Do not remove <code>&lt;&gt;</code> from an inline link or image with
an empty URL and a title, as this removal would change its
interpretation.</p>
<!-- raw HTML omitted -->
<pre lang="md"><code>&lt;!-- Input --&gt;
[link](https://github.com/prettier/prettier/blob/main/&lt;&gt;
&quot;title&quot;)
<p>&lt;!-- Prettier 3.9.4 --&gt;
[link](<a
href="https://github.com/prettier/prettier/blob/main/">https://github.com/prettier/prettier/blob/main/</a>
&quot;title&quot;)</p>
<p>&lt;!-- Prettier 3.9.5 --&gt;
&lt;/tr&gt;&lt;/table&gt;
</code></pre></p>
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/prettier/prettier/commit/b6c7d1806807162658fd5694d002b54b778c3756"><code>b6c7d18</code></a>
Release 3.9.5</li>
<li><a
href="https://github.com/prettier/prettier/commit/cd54ccc7288f2a4585ba5bf96883e2ed3b18e781"><code>cd54ccc</code></a>
Avoid corrupting empty Markdown link with title (<a
href="https://redirect.github.com/prettier/prettier/issues/19487">#19487</a>)</li>
<li><a
href="https://github.com/prettier/prettier/commit/2bb67ce8cd326dbaccbdec97e7578985f6009a14"><code>2bb67ce</code></a>
Preserving comments' <code>placement</code> property (<a
href="https://redirect.github.com/prettier/prettier/issues/19567">#19567</a>)</li>
<li><a
href="https://github.com/prettier/prettier/commit/91bcac88ec1d784767ebbf5ec4686a5dbf37c3c1"><code>91bcac8</code></a>
Add more tests for comment-only object type (<a
href="https://redirect.github.com/prettier/prettier/issues/19587">#19587</a>)</li>
<li><a
href="https://github.com/prettier/prettier/commit/cbee7377a1875686558bfc9416b789d66771d9e7"><code>cbee737</code></a>
Remove space in empty object type (<a
href="https://redirect.github.com/prettier/prettier/issues/19583">#19583</a>)</li>
<li><a
href="https://github.com/prettier/prettier/commit/6394c732090efdf7798e0c8dc44c46583b4131c3"><code>6394c73</code></a>
Align empty module declaration with TS (<a
href="https://redirect.github.com/prettier/prettier/issues/19568">#19568</a>)</li>
<li><a
href="https://github.com/prettier/prettier/commit/a4e6f7a0264bad45f3c153773111f60a5d406d55"><code>a4e6f7a</code></a>
Prevent the addition of space in <code>type()</code> with <code>+</code>
(<a
href="https://redirect.github.com/prettier/prettier/issues/19516">#19516</a>)</li>
<li><a
href="https://github.com/prettier/prettier/commit/3d063b57b1a2fdc660341b6e1c719e09997cc72c"><code>3d063b5</code></a>
Ignore dangling comments when checking type parameter comments (<a
href="https://redirect.github.com/prettier/prettier/issues/19572">#19572</a>)</li>
<li><a
href="https://github.com/prettier/prettier/commit/908503e9ee02718ef0ec21a023f2c0fd5fb00603"><code>908503e</code></a>
Handle dangling comments in <code>SwitchStatement</code> (<a
href="https://redirect.github.com/prettier/prettier/issues/19581">#19581</a>)</li>
<li><a
href="https://github.com/prettier/prettier/commit/943a475c3592149aad6062ad235338da548365ea"><code>943a475</code></a>
Angular: Support expression for exhaustive typechecking (<a
href="https://redirect.github.com/prettier/prettier/issues/19571">#19571</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/prettier/prettier/compare/3.9.4...3.9.5">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=prettier&package-manager=npm_and_yarn&previous-version=3.9.4&new-version=3.9.5)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Remove script that maybe in conflict with enterprise or engineering team
settings/env

As a backup there is mention of that step in troubleshooting guide:
https://github.com/microsoft/azure-devops-mcp/blob/544f445599e22862dc4af2a8c39f8f0b9db9070b/docs/TROUBLESHOOTING.md?plain=1#L63



## ✅ **PR Checklist**

- [ ] **I have read the [contribution
guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md)**
- [ ] **I have read the [code of conduct
guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CODE_OF_CONDUCT.md)**
- [ ] Title of the pull request is clear and informative.
- [ ] 👌 Code hygiene
- [ ] 🔭 Telemetry added, updated, or N/A
- [ ] 📄 Documentation added, updated, or N/A
- [ ] 🛡️ Automated tests added, or N/A

## 🧪 **How did you test it?**

_Replace_ with use cases tested and models used
…icrosoft#1418)

This pull request updates the tests for the `configureWorkTools`
function to reflect recent changes in tool registration and handler
invocation. The main focus is on consolidating tool names and ensuring
the correct action parameters are passed in test cases.

**Test suite alignment with new tool registration:**

* Updated all test cases to look for the `"work"` tool instead of the
previous `"work_list_team_iterations"` and `"work_list_iterations"` tool
names, ensuring consistency with the refactored tool registration logic.
[[1]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL86-R87)
[[2]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL135-R144)
[[3]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL158-R167)
[[4]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL180-R190)
[[5]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL202-R207)
[[6]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL225-R238)
[[7]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL243-R248)
[[8]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL262-R267)
[[9]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL285-R290)
[[10]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL394-R400)
[[11]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL438-R445)
[[12]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL494-R502)
[[13]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL526-R541)
[[14]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL547-R563)
[[15]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL568-R579)
[[16]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL612-R631)
[[17]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL634-R653)

**Parameterization improvements:**

* Added the appropriate `action` field (e.g., `"list_team_iterations"`
or `"list_iterations"`) to the parameters passed to tool handlers in all
relevant test cases, ensuring that the handler receives the correct
context for each action.
[[1]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caR103)
[[2]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL214-R218)
[[3]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL253-R257)
[[4]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL272-R276)
[[5]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caR344)
[[6]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caR417)
[[7]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caR472)
[[8]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caR519)
[[9]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caR596)
[[10]](diffhunk://#diff-e86dda859f8f366f41092af9e4ed76e59d7bd2ec43a3a85740b872bfc60339caL634-R653)

These changes keep the test suite in sync with the updated
implementation and improve clarity and maintainability.

## GitHub issue number
N/A

## **Associated Risks**

Changing signatures of tools and consolidating. Starting with smaller
toolsets to make sure this goes well.

## ✅ **PR Checklist**

- [x] **I have read the [contribution
guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md)**
- [x] **I have read the [code of conduct
guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CODE_OF_CONDUCT.md)**
- [x] Title of the pull request is clear and informative.
- [x] 👌 Code hygiene
- [x] 🔭 Telemetry added, updated, or N/A
- [x] 📄 Documentation added, updated, or N/A
- [x] 🛡️ Automated tests added, or N/A

## 🧪 **How did you test it?**
Ran several manual tests. Updated the automated tests
…ft#1421)

Bumps
[typescript-eslint](https://github.com/typescript-eslint/typescript-eslint/tree/HEAD/packages/typescript-eslint)
from 8.63.0 to 8.64.0.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/typescript-eslint/typescript-eslint/releases">typescript-eslint's
releases</a>.</em></p>
<blockquote>
<h2>v8.64.0</h2>
<h2>8.64.0 (2026-07-13)</h2>
<h3>🚀 Features</h3>
<ul>
<li>support parsing <code>import defer</code> (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12513">#12513</a>)</li>
<li><strong>eslint-plugin:</strong> [no-loop-func] support
<code>using</code> / <code>await using</code> declarations and deprecate
the rule (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12500">#12500</a>)</li>
<li><strong>typescript-estree:</strong> throw for invalid definite
assignment in class properties (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12543">#12543</a>)</li>
</ul>
<h3>🩹 Fixes</h3>
<ul>
<li><strong>eslint-plugin:</strong> [require-array-sort-compare] handle
constrained arrays (<a
href="https://redirect.github.com/typescript-eslint/typescript-eslint/pull/12512">#12512</a>)</li>
</ul>
<h3>❤️ Thank You</h3>
<ul>
<li>Evyatar Daud <a
href="https://github.com/StyleShit"><code>@​StyleShit</code></a></li>
<li>송재욱</li>
</ul>
<p>See <a
href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.64.0">GitHub
Releases</a> for more information.</p>
<p>You can read about our <a
href="https://typescript-eslint.io/users/versioning">versioning
strategy</a> and <a
href="https://typescript-eslint.io/users/releases">releases</a> on our
website.</p>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/typescript-eslint/typescript-eslint/blob/main/packages/typescript-eslint/CHANGELOG.md">typescript-eslint's
changelog</a>.</em></p>
<blockquote>
<h2>8.64.0 (2026-07-13)</h2>
<p>This was a version bump only for typescript-eslint to align it with
other projects, there were no code changes.</p>
<p>See <a
href="https://github.com/typescript-eslint/typescript-eslint/releases/tag/v8.64.0">GitHub
Releases</a> for more information.</p>
<p>You can read about our <a
href="https://typescript-eslint.io/users/versioning">versioning
strategy</a> and <a
href="https://typescript-eslint.io/users/releases">releases</a> on our
website.</p>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/typescript-eslint/typescript-eslint/commit/414d9abbf66f77796ab12ec7e75b07722e592832"><code>414d9ab</code></a>
chore(release): publish 8.64.0</li>
<li>See full diff in <a
href="https://github.com/typescript-eslint/typescript-eslint/commits/v8.64.0/packages/typescript-eslint">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=typescript-eslint&package-manager=npm_and_yarn&previous-version=8.63.0&new-version=8.64.0)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dan Hellem <dahellem@microsoft.com>
This pull request refactors and consolidates the Azure DevOps wiki
toolset to align with the remote MCP server's structure. It replaces
multiple specialized wiki tools with a single dispatcher tool using an
`action` parameter, updates documentation for clarity, and improves
error handling and parameter validation.

**Wiki tool consolidation and refactoring:**
- Consolidated all read-only wiki operations into a single `wiki` tool
that uses an `action` parameter to select between listing wikis, getting
wiki details, listing pages, getting page metadata, and retrieving page
content. The previous individual tools (e.g., `mcp_ado_wiki_list_wikis`,
`mcp_ado_wiki_get_wiki`, etc.) are removed. (`src/tools/wiki.ts`,
`docs/TOOLSET.md`)
[[1]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0L12-L96)
[[2]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0L112-L142)
[[3]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0L155-R132)
[[4]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0L174-R151)
[[5]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0L211)
[[6]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0R248-R271)
[[7]](diffhunk://#diff-63809bcf7da46bf515d3deeb8551a8a5cd63b3fff00ee8dd3517e46bb2bd6025L90-R99)
[[8]](diffhunk://#diff-63809bcf7da46bf515d3deeb8551a8a5cd63b3fff00ee8dd3517e46bb2bd6025L539-R552)

**Documentation updates:**
- Updated the `docs/TOOLSET.md` to reflect the new tool grouping,
parameter structure, and to note alignment with the Azure DevOps remote
MCP server. The documentation now describes the new `action`-based
dispatcher and clarifies which parameters are required for each
operation.
[[1]](diffhunk://#diff-63809bcf7da46bf515d3deeb8551a8a5cd63b3fff00ee8dd3517e46bb2bd6025L90-R99)
[[2]](diffhunk://#diff-63809bcf7da46bf515d3deeb8551a8a5cd63b3fff00ee8dd3517e46bb2bd6025L539-R552)

**Error handling improvements:**
- Centralized and clarified error messages for each wiki action,
ensuring consistent and informative feedback for failed operations.

**Parameter validation and flexibility:**
- Improved validation for required parameters based on the chosen
action, and added support for optional parameters such as `url` for page
content retrieval.
[[1]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0L12-L96)
[[2]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0L112-L142)
[[3]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0L174-R151)

**Write operation tool renaming:**
- Renamed the create/update wiki page tool to `wiki_upsert_page` for
consistency with the new naming scheme.
[[1]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0L12-L96)
[[2]](diffhunk://#diff-b17fb169ab8df3740ad297819df82b07c47565474ef0a50c23d3f63c42ed2da0R248-R271)

These changes simplify the codebase, make the API more intuitive, and
ensure the toolset is consistent with Azure DevOps standards.

## GitHub issue number
N/A

## **Associated Risks**

Changing the signature of tools in wiki

## ✅ **PR Checklist**

- [x] **I have read the [contribution
guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md)**
- [x] **I have read the [code of conduct
guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CODE_OF_CONDUCT.md)**
- [x] Title of the pull request is clear and informative.
- [x] 👌 Code hygiene
- [x] 🔭 Telemetry added, updated, or N/A
- [x] 📄 Documentation added, updated, or N/A
- [x] 🛡️ Automated tests added, or N/A

## 🧪 **How did you test it?**

manually testing all of the wiki tools and made sure automated tests are
updated
…1427)

Bumps
[@azure/msal-node](https://github.com/AzureAD/microsoft-authentication-library-for-js)
from 5.4.0 to 5.4.1.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/releases">@​azure/msal-node's
releases</a>.</em></p>
<blockquote>
<h2><code>@​azure/msal-react</code> v5.4.1</h2>
<h2>5.4.1</h2>
<p>Mon, 11 May 2026 21:48:15 GMT</p>
<h3>Patches</h3>
<ul>
<li>Bump <code>@​azure/msal-browser</code> to v5.10.1 (beachball)</li>
</ul>
<h2><code>@​azure/msal-node</code> v5.4.1</h2>
<h2>5.4.1</h2>
<p>Wed, 15 Jul 2026 22:35:35 GMT</p>
<h3>Patches</h3>
<ul>
<li>Bump <code>@​azure/msal-common</code> to v16.11.2 (beachball)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/5d1a16e9103853601886375dbcb15f06a02bc545"><code>5d1a16e</code></a>
feat(msal-common/msal-browser): Add internal DPoP proof seams (RFC 9449)
— in...</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/a6cd101f9bb2fdd93fd52a87bcafba139c8306cd"><code>a6cd101</code></a>
ci: grant pull-requests:write to client-credential benchmark workflow
(<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8706">#8706</a>)</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/2b2de141bc28799cfe8073ebc9299724e8f3990c"><code>2b2de14</code></a>
Disallow major changes in MSAL Angular (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8702">#8702</a>)</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/1be16ad9be8180ed763d98075813f31c30af4407"><code>1be16ad</code></a>
Bump nightly-build pipeline to Node 22 for Angular 22 (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8703">#8703</a>)</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/48f4b3b0a6c26585afb7bb79437f7bc06f0c8e79"><code>48f4b3b</code></a>
Post-release PR (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8701">#8701</a>)</li>
<li><a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/commit/462b2ff048fed0f875f354329aeeb1e85eb62f3d"><code>462b2ff</code></a>
Bump dependencies in msal-react samples (<a
href="https://redirect.github.com/AzureAD/microsoft-authentication-library-for-js/issues/8695">#8695</a>)</li>
<li>See full diff in <a
href="https://github.com/AzureAD/microsoft-authentication-library-for-js/compare/msal-node-v5.4.0...msal-node-v5.4.1">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=@azure/msal-node&package-manager=npm_and_yarn&previous-version=5.4.0&new-version=5.4.1)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
…evels default (microsoft#1395) (microsoft#1420)

Fixes microsoft#1395

## Summary
`advsec_get_alerts` returned an empty array for secret alerts that exist
(and are visible in the Advanced Security UI). The root cause is the
tool's `confidenceLevels` handling: the schema **force-defaulted** it to
all levels (`[High, Other]`), and the `azure-devops-node-api` SDK
serializes a multi-value confidence filter as
`criteria.confidenceLevels=0,1` — a form the Alerts service rejects by
returning **zero** alerts. So every secret query silently sent a filter
that guaranteed an empty result. This PR removes that default, forwards
`confidenceLevels` only when it narrows to a single level, and corrects
the related secret-alert request construction. Verified end-to-end
against a live org.

## Root cause — `confidenceLevels` multi-value filter
- The Alerts service does **not** accept the multi-value
(comma-serialized) confidence filter the SDK emits.
`criteria.confidenceLevels=0,1` (both `High` and `Other`) returns **0**
alerts; a single value (`=0`) works.
- The schema force-defaulted `confidenceLevels` to every level, so
*every* secret query — even one that intended no confidence filter —
sent the broken `0,1` and got `[]`. This is the actual cause of the
"secret alerts return empty" reports in microsoft#1395.
- **Fix:** removed the forced default; the tool now forwards
`confidenceLevels` only when it narrows the result to a proper subset (a
single level), and omits it when all — or no — levels are selected (all
levels = no filter anyway).

## Other changes
- **Secret branch filters:** `onlyDefaultBranch` and `ref` are "Not
applicable for secret alerts" per the REST API (secrets carry `gitRef:
null`). For an explicit `alertType: "Secret"` query the tool no longer
sends them. Live testing confirmed these filters are a no-op for secrets
(they neither include nor exclude), so this is a correctness/clarity
change rather than the root-cause fix.
- **Zod default crash (found while fixing this):** the original default
was lowercase `["high","other"]` while the schema enum keys are
PascalCase, so Zod threw `invalid_enum_value` whenever
`confidenceLevels` was omitted. Removing the default eliminates this
class of bug entirely.
- **Descriptions updated:** the tool and parameter descriptions now
state that branch filters apply only to code/dependency/license alerts,
and that a single `confidenceLevels` value narrows secrets while
selecting every level is treated as no filter.

## Verification (live org)
Ran directly against a live Advanced Security repository with 4 open
secret alerts:

| criteria | result |
| --- | --- |
| `{ alertType: Secret }` | 4 secrets |
| `{ alertType: Secret, confidenceLevels: [High, Other] }` | **0**
(multi-value rejected by service) |
| `{ alertType: Secret, confidenceLevels: [High] }` | 4 |
| `{ alertType: Secret, confidenceLevels: [Other] }` | 0 (all 4 are High
confidence) |
| `{ alertType: Secret, onlyDefaultBranch: false }` | 4 (branch flag
ignored for secrets) |

Through the fixed tool, an `alertType: "Secret"` query — including one
that selects both confidence levels — now returns the alerts instead of
`[]`.

## Tests
- Schema-driven tests that parse through the real Zod schema; updated to
assert that no `confidenceLevels` default is sent, that a single level
is forwarded, and that an all-levels selection is omitted.
- `npx jest`: **1021 passed / 18 suites**. `tsc --noEmit`: clean. `node
scripts/build-validate-tools.js`: clean.

---------

Co-authored-by: David Mavrodiev <dmavrodiev@microsoft.com>
Co-authored-by: Dan Hellem <dahellem@microsoft.com>
Consolidation of pipeline tools and updated tests

## GitHub issue number
N/A

## **Associated Risks**

Signatures have changed

## ✅ **PR Checklist**

- [x] **I have read the [contribution
guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CONTRIBUTING.md)**
- [x] **I have read the [code of conduct
guidelines](https://github.com/microsoft/azure-devops-mcp/blob/main/CODE_OF_CONDUCT.md)**
- [x] Title of the pull request is clear and informative.
- [x] 👌 Code hygiene
- [x] 🔭 Telemetry added, updated, or N/A
- [x] 📄 Documentation added, updated, or N/A
- [x] 🛡️ Automated tests added, or N/A

## 🧪 **How did you test it?**

Manually tested all tools and updated all automated tests
@gadeynebram
gadeynebram merged commit 31edcf8 into main Jul 17, 2026
2 checks passed
@gadeynebram
gadeynebram deleted the sync/upstream-20260717 branch July 17, 2026 07:51
@github-actions

Copy link
Copy Markdown

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details
PackageVersionScoreDetails
npm/@azure/msal-common 16.11.2 🟢 6.4
Details
CheckScoreReason
Security-Policy🟢 9security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 10license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 9branch protection is not maximal on development and all release branches
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@azure/msal-node 5.4.1 🟢 6.4
Details
CheckScoreReason
Security-Policy🟢 9security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review🟢 10all changesets reviewed
Maintained🟢 1030 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
License🟢 10license file detected
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases⚠️ -1no releases found
Branch-Protection🟢 9branch protection is not maximal on development and all release branches
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/eslint-plugin 8.64.0 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/parser 8.64.0 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/project-service 8.64.0 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/scope-manager 8.64.0 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/tsconfig-utils 8.64.0 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/type-utils 8.64.0 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/types 8.64.0 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/typescript-estree 8.64.0 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/utils 8.64.0 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/@typescript-eslint/visitor-keys 8.64.0 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/azure-devops-extension-api 5.274.0 UnknownUnknown
npm/brace-expansion 5.0.7 🟢 7.2
Details
CheckScoreReason
Maintained🟢 1014 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Binary-Artifacts🟢 10no binaries found in the repo
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Security-Policy🟢 10security policy file detected
Packaging⚠️ -1packaging workflow not detected
Code-Review🟢 3Found 7/18 approved changesets -- score normalized to 3
Pinned-Dependencies🟢 10all dependencies are pinned
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Fuzzing⚠️ 0project is not fuzzed
License🟢 9license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/hono 4.12.25 UnknownUnknown
npm/ignore 7.0.6 🟢 3.3
Details
CheckScoreReason
Code-Review⚠️ 1Found 3/19 approved changesets -- score normalized to 1
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 56 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 5
Binary-Artifacts🟢 10no binaries found in the repo
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Security-Policy⚠️ 0security policy file not detected
License🟢 9license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
npm/lint-staged 17.0.8 UnknownUnknown
npm/picomatch 4.0.5 🟢 6.2
Details
CheckScoreReason
Code-Review🟢 3Found 7/21 approved changesets -- score normalized to 3
Packaging⚠️ -1packaging workflow not detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Maintained🟢 1010 commit(s) and 2 issue activity found in the last 90 days -- score normalized to 10
Token-Permissions🟢 10GitHub workflow tokens follow principle of least privilege
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 4dependency not pinned by hash detected -- score normalized to 4
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Branch-Protection⚠️ 0branch protection not enabled on development/release branches
Signed-Releases⚠️ -1no releases found
Security-Policy🟢 10security policy file detected
SAST⚠️ 2SAST tool is not run on all commits -- score normalized to 2
npm/prettier 3.9.5 🟢 6.6
Details
CheckScoreReason
Maintained🟢 1030 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Code-Review⚠️ 2Found 4/19 approved changesets -- score normalized to 2
Packaging⚠️ -1packaging workflow not detected
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Binary-Artifacts🟢 10no binaries found in the repo
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Fuzzing⚠️ 0project is not fuzzed
SAST🟢 10SAST tool is run on all commits
npm/semver 7.8.5 🟢 6.7
Details
CheckScoreReason
Maintained🟢 1018 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 10
Security-Policy🟢 10security policy file detected
Code-Review🟢 9Found 14/15 approved changesets -- score normalized to 9
Packaging⚠️ -1packaging workflow not detected
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Fuzzing⚠️ 0project is not fuzzed
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
SAST🟢 9SAST tool detected but not run on all commits
npm/typescript-eslint 8.64.0 🟢 6.7
Details
CheckScoreReason
Code-Review🟢 9Found 21/23 approved changesets -- score normalized to 9
Maintained🟢 1030 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
Packaging⚠️ -1packaging workflow not detected
Security-Policy🟢 10security policy file detected
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
License🟢 10license file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
Signed-Releases⚠️ -1no releases found
Pinned-Dependencies🟢 8dependency not pinned by hash detected -- score normalized to 8
Binary-Artifacts🟢 10no binaries found in the repo
Fuzzing⚠️ 0project is not fuzzed
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0

Scanned Files

  • package-lock.json

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

6 participants