Merge branch 'main' into transform-select-to-sar-add

Author: BoyBaykiller

.CodeQL.yml

@@ -31,3 +31,27 @@ queries:
         # APIs. Those call sites are well-reviewed and don't benefit from extra alerts regarding
         # the possibility of loading malicious code.
         - "cs/deserialization-unexpected-subtypes"
+  #
+  # Don't warn about usage of non-compliant crypto within our own implementations or interop code,
+  # since the rule would noisily try to warn us about *ourselves*. These exclusions are scoped
+  # to just the crypto code itself. We still want alerts when consumers of crypto (even within this
+  # repo) try to use non-compliant primitives; those call sites must be manually inspected
+  # and suppressed if appropriate.
+  #
+  - exclude:
+      queryid:
+        - "cs/ecb-encryption"
+        - "cs/encryption-with-vulnerable-cipher-mode"
+        - "cs/weak-symmetric-algorithm"
+        - "cs/obsolete-password-key-derivation"
+        - "cs/cryptography/unapproved-usage-of-dsa"
+        - "cs/weak-crypto"
+        - "cs/weak-hmacs"
+        - "java/weak-crypto-algorithm-or-hash"
+      path:
+        - "src/libraries/Common/src/Interop/Windows/BCrypt/**"
+        - "src/libraries/Common/src/System/Security/Cryptography/**"
+        - "src/libraries/Microsoft.Bcl.Cryptography/**"
+        - "src/libraries/System.Security.Cryptography/**"
+        - "src/libraries/System.Security.Cryptography.*/**"
+        - "src/native/libs/System.Security.Cryptography.*/**"

.config/dotnet-tools.json

@@ -15,7 +15,7 @@
       ]
     },
     "microsoft.dotnet.xharness.cli": {
-      "version": "11.0.0-prerelease.26064.3",
+      "version": "11.0.0-prerelease.26160.2",
       "commands": [
         "xharness"
       ]

.editorconfig

@@ -165,6 +165,10 @@ csharp_space_between_square_brackets = false
 # License header
 file_header_template = Licensed to the .NET Foundation under one or more agreements.\nThe .NET Foundation licenses this file to you under the MIT license.
 
+# xUnit1051: recommends TestContext.Current.CancellationToken (v3 pattern) which
+# is not yet adopted; suppress until a full v3 migration is performed.
+dotnet_diagnostic.xUnit1051.severity = none
+
 [src/libraries/System.Net.Http/src/System/Net/Http/{SocketsHttpHandler/Http3RequestStream.cs,BrowserHttpHandler/BrowserHttpHandler.cs}]
 # disable CA2025, the analyzer throws a NullReferenceException when processing this file: https://github.com/dotnet/roslyn-analyzers/issues/7652
 dotnet_diagnostic.CA2025.severity = none

.github/copilot-instructions.md

@@ -8,7 +8,9 @@ You MUST make your best effort to ensure any code changes satisfy those criteria
 
 If you make code changes, do not complete without checking the relevant code builds and relevant tests still pass after the last edits you make. Do not simply assume that your changes fix test failures you see, actually build and run those tests again to confirm.
 
-Before completing, use the `code-review` skill to review your code changes. Any issues flagged as errors or warnings should be addressed before completing.
+When running under CCA and before completing, use the `code-review` skill to review your code changes. Any issues flagged as errors or warnings should be addressed before the task is considered complete.
+
+When NOT running under CCA, skip the `code-review` skill if the user has stated they will review the changes themselves.
 
 Before making changes to a directory, search for `README.md` files in that directory and its parent directories up to the repository root. Read any you find — they contain conventions, patterns, and architectural context relevant to your work.
 
@@ -38,6 +40,13 @@ In addition to the rules enforced by `.editorconfig`, you SHOULD:
 - For markdown (`.md`) files, ensure there is no trailing whitespace at the end of any line.
 - When adding XML documentation to APIs, follow the guidelines at [`docs.prompt.md`](/.github/prompts/docs.prompt.md).
 
+When NOT running under CCA, guidance for creating commits and pushing changes:
+
+- Never squash and force push unless explicitly instructed. Always push incremental commits on top of previous PR changes.
+- Never push to an active PR without being explicitly asked, even in autopilot/yolo mode. Always wait for explicit instruction to push.
+- Never chain commit and push in the same command. Always commit first, report what was committed, then wait for an explicit push instruction. This creates a mandatory decision point.
+- Prefer creating a new commit rather than amending an existing one. Exceptions: (1) explicitly asked to amend, or (2) the existing commit is obviously broken with something minor (e.g., typo or comment fix) and hasn't been pushed yet.
+
 ---
 
 # Building & Testing in dotnet/runtime

THIRD-PARTY-NOTICES.TXT

@@ -12,7 +12,7 @@ License notice for ASP.NET
 -------------------------------
 
 Copyright (c) .NET Foundation. All rights reserved.
-Licensed under the Apache License, Version 2.0.
+Licensed under the MIT License (MIT)
 
 Available at
 https://github.com/dotnet/aspnetcore/blob/main/LICENSE.txt
@@ -1424,3 +1424,36 @@ NIST-developed software is expressly provided "AS IS." NIST MAKES NO WARRANTY OF
 
 You are solely responsible for determining the appropriateness of using and distributing the software and you assume all risks associated with its use, including but not limited to the risks and costs of program errors, compliance with applicable laws, damage to or loss of data, programs or equipment, and the unavailability or interruption of operation. This software is not intended to be used in any situation where a failure could cause risk of injury or damage to property. The software developed by NIST employees is not subject to copyright protection within the United States.
 
+License notice for ANTLR 4
+-------------------------------
+
+https://github.com/antlr/antlr4
+
+Copyright (c) 2012-2022 The ANTLR Project. All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted provided that the following conditions
+are met:
+
+1. Redistributions of source code must retain the above copyright
+   notice, this list of conditions and the following disclaimer.
+
+2. Redistributions in binary form must reproduce the above copyright
+   notice, this list of conditions and the following disclaimer in the
+   documentation and/or other materials provided with the distribution.
+
+3. Neither name of copyright holders nor the names of its contributors
+   may be used to endorse or promote products derived from this software
+   without specific prior written permission.
+
+THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR
+CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

docs/design/coreclr/botr/clr-abi.md

@@ -116,6 +116,7 @@ To return `Continuation` we use a volatile/calee-trash register that cannot be u
 | arm | r2  |
 | arm64  | x2  |
 | risc-v  | a2  |
+| loongarch64  | a2  |
 
 ### Passing `Continuation` argument
 The `Continuation` parameter is passed at the same position as generic instantiation parameter or immediately after, if both present. For x86 the argument order is reversed.