[deps]: Update dorny/test-reporter action to v3

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
dorny/test-reporter	action	major	v2.5.0 → v3.0.0

---

Release Notes

dorny/test-reporter (dorny/test-reporter)

v3.0.0

Compare Source

Note: The v3 release requires NodeJS 24 runtime on GitHub Actions runners.

What's Changed

• Upgrade action runtime to Node.js 24 by @​dav-tb in #​738
• Explicitly use lowest permissions required to run workflow by @​jozefizso in #​745

Other Changes

• Bump @​typescript-eslint/parser from 8.57.0 to 8.57.1 by @​dependabot[bot] in #​742
• Bump @​types/adm-zip from 0.5.7 to 0.5.8 by @​dependabot[bot] in #​743
• Bump flatted from 3.4.1 to 3.4.2 by @​dependabot[bot] in #​744

New Contributors

• @​dav-tb made their first contribution in #​738

Full Changelog: dorny/test-reporter@v2.7.0...v3.0.0

v2.7.0

Compare Source

What's Changed

• Feature: Add slug-prefix output for link anchors #​731
• Feature: Report jest-junit testsuite errors as failures #​155
• Security: Update dependencies to fix reported security vulnerabilities

Other Changes

• Bump eslint from 9.39.3 to 9.39.4 by @​dependabot[bot] in #​732
• Bump @​typescript-eslint/parser from 8.56.1 to 8.57.0 by @​dependabot[bot] in #​733
• Bump jest from 30.2.0 to 30.3.0 by @​dependabot[bot] in #​734
• Bump undici from 6.23.0 to 6.24.1 by @​dependabot[bot] in #​736
• Update flatted package to v3.4.1 to fix a vulnerability by @​jozefizso in #​739

New Contributors

• @​dt-thomas-durand made their first contribution in #​731
• @​johnbartholomew made their first contribution in #​155

Full Changelog: dorny/test-reporter@v2.6.0...v2.7.0

v2.6.0

Compare Source

We updated all dependency packages to latest versions to fix reported security vulnerabilities.

What's Changed

• Fix: For workflow_run events, resolve the commit of the check run from related pull request head commits first (matching workflow_run.head_branch, then first PR), and fall back to workflow_run.head_sha for non-PR runs #​673
• Change: The test-reporter action will listed all artifacts associated with the build run #​693
• Maintenance: Upgrade to ESLint v9 #​629

New Contributors

• @​azchohfi made their first contribution in #​673

Full Changelog: dorny/test-reporter@v2.5.0...v2.6.0

---

Configuration

📅 Schedule: Branch creation - "every 2nd week starting on the 2 week of the year before 4am on Monday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[bitwarden-bot]

Internal tracking:

• ID: PM-34322
• Link: https://bitwarden.atlassian.net/browse/PM-34322

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 62.12%. Comparing base (6547361) to head (449ed05).
⚠️ Report is 34 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7347      +/-   ##
==========================================
+ Coverage   58.01%   62.12%   +4.11%     
==========================================
  Files        2049     2049              
  Lines       90363    90363              
  Branches     8030     8030              
==========================================
+ Hits        52423    56142    +3719     
+ Misses      36076    32275    -3801     
- Partials     1864     1946      +82     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Checkmarx One – Scan Summary & Details – 19185561-6c66-4a54-9c6e-a3a9c8196a09

---

New Issues (121)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		Stored_XSS	/src/SharedWeb/Health/HealthCheckServiceExtensions.cs: 61	details The method embeds untrusted data in generated output with WriteAsync, at line 60 of /src/SharedWeb/Health/HealthCheckServiceExtensions.cs. This ... Attack Vector
2		Stored_XSS	/util/Server/Startup.cs: 57	details The method embeds untrusted data in generated output with WriteAsync, at line 59 of /util/Server/Startup.cs. This untrusted data is embedded int... Attack Vector
3		CSRF	/src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 55	details Method at line 55 of /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs gets a parameter from a user request from user. This pa... Attack Vector
4		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 145	details Method at line 145 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from request. T... Attack Vector
5		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 145	details Method at line 145 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from request. T... Attack Vector
6		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 97	details Method at line 97 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. This... Attack Vector
7		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 97	details Method at line 97 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. This... Attack Vector
8		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 229	details Method at line 229 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. Thi... Attack Vector
9		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1562	details Method at line 1562 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
10		CSRF	/src/Api/Tools/Controllers/SendsController.cs: 73	details Method at line 73 of /src/Api/Tools/Controllers/SendsController.cs gets a parameter from a user request from id. This parameter value flows thro... Attack Vector
11		CSRF	/src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 145	details Method at line 145 of /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs gets a parameter from a user request from user. This p... Attack Vector
12		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 217	details Method at line 217 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
13		CSRF	/src/Api/Public/Controllers/CollectionsController.cs: 91	details Method at line 91 of /src/Api/Public/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value ... Attack Vector
14		CSRF	/src/Api/Public/Controllers/CollectionsController.cs: 91	details Method at line 91 of /src/Api/Public/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value ... Attack Vector
15		CSRF	/src/Api/Public/Controllers/CollectionsController.cs: 91	details Method at line 91 of /src/Api/Public/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value ... Attack Vector
16		CSRF	/src/Api/Public/Controllers/CollectionsController.cs: 91	details Method at line 91 of /src/Api/Public/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value ... Attack Vector
17		CSRF	/src/Api/Controllers/CollectionsController.cs: 176	details Method at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ... Attack Vector
18		CSRF	/src/Api/Controllers/CollectionsController.cs: 176	details Method at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ... Attack Vector
19		CSRF	/src/Api/Controllers/CollectionsController.cs: 176	details Method at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ... Attack Vector
20		CSRF	/src/Api/Controllers/CollectionsController.cs: 176	details Method at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ... Attack Vector
21		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 173	details Method at line 173 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. Thi... Attack Vector
22		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 452	details Method at line 452 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
23		CSRF	/src/Api/Dirt/Controllers/OrganizationReportsController.cs: 189	details Method at line 189 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet... Attack Vector
24		CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 522	details Method at line 522 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from model. This par... Attack Vector
25		CSRF	/src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 104	details Method at line 104 of /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs gets a parameter from a user request from user. This p... Attack Vector
26		CSRF	/src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs: 107	details Method at line 107 of /src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs gets a parameter from a user request from organiza... Attack Vector
27		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1421	details Method at line 1421 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
28		CSRF	/src/Api/Dirt/Controllers/OrganizationReportsController.cs: 286	details Method at line 286 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet... Attack Vector
29		CSRF	/src/Api/Dirt/Controllers/OrganizationReportsController.cs: 233	details Method at line 233 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet... Attack Vector
30		CSRF	/src/Api/Dirt/Controllers/OrganizationReportsController.cs: 189	details Method at line 189 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet... Attack Vector
31		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1421	details Method at line 1421 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
32		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1421	details Method at line 1421 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
33		CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 289	details Method at line 289 of /src/Api/AdminConsole/Controllers/GroupsController.cs gets a parameter from a user request from orgUserId. This parameter ... Attack Vector
34		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1389	details Method at line 1389 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
35		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1450	details Method at line 1450 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
36		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1152	details Method at line 1152 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
37		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1034	details Method at line 1034 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
38		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1285	details Method at line 1285 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from organizationId. This parameter ... Attack Vector
39		CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 390	details Method at line 390 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from model. This par... Attack Vector

More results are available on the CxOne platform

---

Fixed Issues (1)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 534