chore(shieldsio-badges): v2026.1.1 manual update

[fntyler]

🎟️ Tracking

null

📔 Objective

As an interim step, manually updating JSON documents on metadata branch to reflect what is deployed to production.

📸 Screenshots

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[github-actions]

Checkmarx One – Scan Summary & Details – b5993572-b31f-4268-a67f-c98a96443124

New Issues (113)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		Stored_XSS	/src/SharedWeb/Health/HealthCheckServiceExtensions.cs: 61	details The method embeds untrusted data in generated output with WriteAsync, at line 60 of /src/SharedWeb/Health/HealthCheckServiceExtensions.cs. This ... Attack Vector
2		Stored_XSS	/util/Server/Startup.cs: 57	details The method embeds untrusted data in generated output with WriteAsync, at line 59 of /util/Server/Startup.cs. This untrusted data is embedded int... Attack Vector
3		CVE-2022-37620	Npm-html-minifier-4.0.0	details Description: A Regular Expression Denial of Service (ReDoS) flaw was found in html-minifier versions 2.1.0 through 4.0.0 via the "candidate" variable in "htmlmi... Attack Vector: NETWORK Attack Complexity: LOW Vulnerable Package
4		CVE-2025-64756	Npm-glob-10.4.5	details Recommended version: 10.5.0 Description: Glob matches files using patterns the shell uses. In versions 10.2.0 prior to 10.5.0 and 11.0.0 prior to 11.1.0, the glob CLI contains a command in... Attack Vector: NETWORK Attack Complexity: HIGH Vulnerable Package
5		CSRF	/src/Api/Public/Controllers/CollectionsController.cs: 90	details Method at line 90 of /src/Api/Public/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value ... Attack Vector
6		CSRF	/src/Api/Public/Controllers/CollectionsController.cs: 90	details Method at line 90 of /src/Api/Public/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value ... Attack Vector
7		CSRF	/src/Api/Controllers/CollectionsController.cs: 176	details Method at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ... Attack Vector
8		CSRF	/src/Api/Controllers/CollectionsController.cs: 176	details Method at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ... Attack Vector
9		CSRF	/src/Api/Controllers/CollectionsController.cs: 176	details Method at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ... Attack Vector
10		CSRF	/src/Api/Controllers/CollectionsController.cs: 176	details Method at line 176 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ... Attack Vector
11		CSRF	/src/Api/Public/Controllers/CollectionsController.cs: 90	details Method at line 90 of /src/Api/Public/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value ... Attack Vector
12		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 431	details Method at line 431 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
13		CSRF	/src/Api/Dirt/Controllers/OrganizationReportsController.cs: 173	details Method at line 173 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet... Attack Vector
14		CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 507	details Method at line 507 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from model. This par... Attack Vector
15		CSRF	/src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 72	details Method at line 72 of /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs gets a parameter from a user request from user. This pa... Attack Vector
16		CSRF	/src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs: 108	details Method at line 108 of /src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs gets a parameter from a user request from organiza... Attack Vector
17		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1420	details Method at line 1420 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
18		CSRF	/src/Api/Dirt/Controllers/OrganizationReportsController.cs: 270	details Method at line 270 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet... Attack Vector
19		CSRF	/src/Api/Dirt/Controllers/OrganizationReportsController.cs: 217	details Method at line 217 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet... Attack Vector
20		CSRF	/src/Api/Dirt/Controllers/OrganizationReportsController.cs: 173	details Method at line 173 of /src/Api/Dirt/Controllers/OrganizationReportsController.cs gets a parameter from a user request from request. This paramet... Attack Vector
21		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1420	details Method at line 1420 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
22		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1420	details Method at line 1420 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
23		CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 289	details Method at line 289 of /src/Api/AdminConsole/Controllers/GroupsController.cs gets a parameter from a user request from orgUserId. This parameter ... Attack Vector
24		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1395	details Method at line 1395 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
25		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1519	details Method at line 1519 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
26		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1449	details Method at line 1449 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
27		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 270	details Method at line 270 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
28		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1303	details Method at line 1303 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from organizationId. This parameter ... Attack Vector
29		CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 375	details Method at line 375 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from model. This par... Attack Vector
30		CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 366	details Method at line 366 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from model. This par... Attack Vector
31		CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 366	details Method at line 366 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from id. This parame... Attack Vector
32		CSRF	/src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs: 96	details Method at line 96 of /src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs gets a parameter from a user request from organizat... Attack Vector
33		CSRF	/src/Api/Billing/Controllers/VNext/ProviderBillingVNextController.cs: 82	details Method at line 82 of /src/Api/Billing/Controllers/VNext/ProviderBillingVNextController.cs gets a parameter from a user request from provider. Th... Attack Vector
34		CSRF	/src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs: 60	details Method at line 60 of /src/Api/Billing/Controllers/VNext/AccountBillingVNextController.cs gets a parameter from a user request from user. This pa... Attack Vector
35		CSRF	/src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs: 50	details Method at line 50 of /src/Api/Billing/Controllers/VNext/OrganizationBillingVNextController.cs gets a parameter from a user request from organizat... Attack Vector
36		CSRF	/src/Api/Billing/Controllers/VNext/ProviderBillingVNextController.cs: 40	details Method at line 40 of /src/Api/Billing/Controllers/VNext/ProviderBillingVNextController.cs gets a parameter from a user request from provider. Th... Attack Vector
37		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1248	details Method at line 1248 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from model. This parameter value flo... Attack Vector
38		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 141	details Method at line 141 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. Thi... Attack Vector
39		CSRF	/src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs: 101	details Method at line 101 of /src/Api/KeyManagement/Controllers/AccountsKeyManagementController.cs gets a parameter from a user request from model. Thi... Attack Vector
40		CSRF	/src/Api/Vault/Controllers/SecurityTaskController.cs: 66	details Method at line 66 of /src/Api/Vault/Controllers/SecurityTaskController.cs gets a parameter from a user request from taskId. This parameter value... Attack Vector
41		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 700	details Method at line 700 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from request. This parameter value fl... Attack Vector
42		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 211	details Method at line 211 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
43		CSRF	/src/Api/Auth/Controllers/EmergencyAccessController.cs: 173	details Method at line 173 of /src/Api/Auth/Controllers/EmergencyAccessController.cs gets a parameter from a user request from model. This parameter val... Attack Vector
44		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 643	details Method at line 643 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
45		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 364	details Method at line 364 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
46		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 391	details Method at line 391 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
47		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 620	details Method at line 620 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
48		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 186	details Method at line 186 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
49		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 120	details Method at line 120 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
50		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 855	details Method at line 855 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
51		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 855	details Method at line 855 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows t... Attack Vector
52		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 855	details Method at line 855 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
53		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 855	details Method at line 855 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows t... Attack Vector
54		CSRF	/src/Api/NotificationCenter/Controllers/NotificationsController.cs: 67	details Method at line 67 of /src/Api/NotificationCenter/Controllers/NotificationsController.cs gets a parameter from a user request from id. This param... Attack Vector
55		CSRF	/src/Api/NotificationCenter/Controllers/NotificationsController.cs: 61	details Method at line 61 of /src/Api/NotificationCenter/Controllers/NotificationsController.cs gets a parameter from a user request from id. This param... Attack Vector
56		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1449	details Method at line 1449 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
57		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 815	details Method at line 815 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows t... Attack Vector
58		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 783	details Method at line 783 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows t... Attack Vector
59		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 783	details Method at line 783 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
60		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 815	details Method at line 815 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
61		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 815	details Method at line 815 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows t... Attack Vector
62		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 815	details Method at line 815 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
63		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 783	details Method at line 783 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows t... Attack Vector
64		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 783	details Method at line 783 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
65		CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 138	details Method at line 138 of /src/Api/AdminConsole/Controllers/GroupsController.cs gets a parameter from a user request from model. This parameter valu... Attack Vector
66		CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 166	details Method at line 166 of /src/Api/AdminConsole/Controllers/GroupsController.cs gets a parameter from a user request from model. This parameter valu... Attack Vector
67		CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 166	details Method at line 166 of /src/Api/AdminConsole/Controllers/GroupsController.cs gets a parameter from a user request from model. This parameter valu... Attack Vector
68		CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 395	details Method at line 395 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from model. This par... Attack Vector
69		CSRF	/src/Api/AdminConsole/Controllers/OrganizationUsersController.cs: 395	details Method at line 395 of /src/Api/AdminConsole/Controllers/OrganizationUsersController.cs gets a parameter from a user request from model. This par... Attack Vector
70		CSRF	/src/Api/Auth/Controllers/AccountsController.cs: 537	details Method at line 537 of /src/Api/Auth/Controllers/AccountsController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
71		CSRF	/src/Api/AdminConsole/Public/Controllers/GroupsController.cs: 136	details Method at line 136 of /src/Api/AdminConsole/Public/Controllers/GroupsController.cs gets a parameter from a user request from model. This paramet... Attack Vector
72		CSRF	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 87	details Method at line 87 of /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs gets a parameter from a user request from model. This param... Attack Vector
73		CSRF	/bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs: 97	details Method at line 97 of /bitwarden_license/src/Scim/Controllers/v2/GroupsController.cs gets a parameter from a user request from model. This param... Attack Vector
74		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 300	details Method at line 300 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
75		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1048	details Method at line 1048 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
76		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 1152	details Method at line 1152 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from id. This parameter value flows ... Attack Vector
77		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 223	details Method at line 223 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector
78		CSRF	/src/Api/Controllers/CollectionsController.cs: 208	details Method at line 208 of /src/Api/Controllers/CollectionsController.cs gets a parameter from a user request from model. This parameter value flows ... Attack Vector
79		CSRF	/src/Api/Vault/Controllers/CiphersController.cs: 198	details Method at line 198 of /src/Api/Vault/Controllers/CiphersController.cs gets a parameter from a user request from model. This parameter value flow... Attack Vector

More results are available on the CxOne platform

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
⚠️ Please upload report for BASE (metadata/badges@9048372). Learn more about missing BASE report.

Additional details and impacted files

@@                Coverage Diff                 @@
##             metadata/badges    #6948   +/-   ##
==================================================
  Coverage                   ?   54.57%           
==================================================
  Files                      ?     1921           
  Lines                      ?    85405           
  Branches                   ?     7635           
==================================================
  Hits                       ?    46608           
  Misses                     ?    37026           
  Partials                   ?     1771           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.