From 3244f680a292caa0aaf8caf1275df68a89f9ef6b Mon Sep 17 00:00:00 2001
From: Arufonsu <17498701+Arufonsu@users.noreply.github.com>
Date: Sat, 21 Feb 2026 19:19:55 -0300
Subject: [PATCH] deps(tests): upgrade coverlet.collector to 8.0.0 to fix
 CVE-2024-21907
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Bumps coverlet.collector from 3.1.2 (and 6.0.4) to 8.0.0 across all test
projects to resolve a transitive dependency vulnerability introduced via
the older Newtonsoft.Json version bundled with earlier coverlet releases.

CVE-2024-21907 (CVSS 7.5 / High) affects Newtonsoft.Json < 13.0.1:
crafted deeply-nested JSON payloads passed to JsonConvert.DeserializeObject
can exhaust the call stack and trigger a StackOverflowException, resulting
in a Denial of Service condition. No authentication is required to exploit
this remotely.

Affected projects:
- Intersect.Tests (3.1.2 → 8.0.0)
- Intersect.Tests.Client.Framework (3.1.2 → 8.0.0)
- Intersect.Tests.Client (6.0.4 → 8.0.0)
- Intersect.Tests.Server (6.0.4 → 8.0.0)

Also standardized all coverlet.collector references to include the
recommended PrivateAssets/IncludeAssets metadata, ensuring the package
remains a dev-only dependency and is not propagated to production intersect projects.

Ref: https://www.mend.io/vulnerability-database/CVE-2024-21907/
Signed-off-by: Arufonsu <17498701+Arufonsu@users.noreply.github.com>
---
 .../Intersect.Tests.Client.Framework.csproj                  | 5 ++++-
 Intersect.Tests.Client/Intersect.Tests.Client.csproj         | 2 +-
 Intersect.Tests.Server/Intersect.Tests.Server.csproj         | 2 +-
 Intersect.Tests/Intersect.Tests.csproj                       | 5 ++++-
 4 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/Intersect.Tests.Client.Framework/Intersect.Tests.Client.Framework.csproj b/Intersect.Tests.Client.Framework/Intersect.Tests.Client.Framework.csproj
index e39fb603ed..f257889d82 100644
--- a/Intersect.Tests.Client.Framework/Intersect.Tests.Client.Framework.csproj
+++ b/Intersect.Tests.Client.Framework/Intersect.Tests.Client.Framework.csproj
@@ -16,7 +16,10 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="coverlet.collector" Version="3.1.2" />
+    <PackageReference Include="coverlet.collector" Version="8.0.0">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+    </PackageReference>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.3.2" />
     <PackageReference Include="MSTest.TestAdapter" Version="1.3.2" />
     <PackageReference Include="MSTest.TestFramework" Version="1.3.2" />
diff --git a/Intersect.Tests.Client/Intersect.Tests.Client.csproj b/Intersect.Tests.Client/Intersect.Tests.Client.csproj
index 0b9677e1b6..5092c9a93a 100644
--- a/Intersect.Tests.Client/Intersect.Tests.Client.csproj
+++ b/Intersect.Tests.Client/Intersect.Tests.Client.csproj
@@ -16,7 +16,7 @@
 	</ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="coverlet.collector" Version="6.0.4">
+    <PackageReference Include="coverlet.collector" Version="8.0.0">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
diff --git a/Intersect.Tests.Server/Intersect.Tests.Server.csproj b/Intersect.Tests.Server/Intersect.Tests.Server.csproj
index 1c87aa55db..e1bc10f3ec 100644
--- a/Intersect.Tests.Server/Intersect.Tests.Server.csproj
+++ b/Intersect.Tests.Server/Intersect.Tests.Server.csproj
@@ -16,7 +16,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="coverlet.collector" Version="6.0.4">
+    <PackageReference Include="coverlet.collector" Version="8.0.0">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
     </PackageReference>
diff --git a/Intersect.Tests/Intersect.Tests.csproj b/Intersect.Tests/Intersect.Tests.csproj
index 79b399204f..d893158ff4 100644
--- a/Intersect.Tests/Intersect.Tests.csproj
+++ b/Intersect.Tests/Intersect.Tests.csproj
@@ -16,7 +16,10 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="coverlet.collector" Version="3.1.2" />
+    <PackageReference Include="coverlet.collector" Version="8.0.0">
+      <PrivateAssets>all</PrivateAssets>
+      <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
+    </PackageReference>
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.3.2" />
     <PackageReference Include="Moq" Version="4.14.1" />
     <PackageReference Include="MSTest.TestAdapter" Version="1.3.2" />