[BRE-1413] Investigation for supporting Canary via header based routing

[pixman20]

🎟️ Tracking

BRE-1413

📔 Objective

Investigation for supporting Canary via header based routing:

• CANARY-ISSUES.md: Lists issues in current state
• CANARY-FIXES.md: Lists what this PR address

📸 Screenshots

[github-actions]

Checkmarx One – Scan Summary & Details – 7c19a9f9-158a-43b3-b41a-959e03225df1

---

New Issues (1)

Checkmarx found the following issues in this Pull Request

#	Severity	Issue	Source File / Package	Checkmarx Insight
1		CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 289	details Method at line 289 of /src/Api/AdminConsole/Controllers/GroupsController.cs gets a parameter from a user request from orgUserId. This parameter ... Attack Vector

---

Fixed Issues (21)

Great job! The following issues were fixed in this Pull Request

Severity	Issue	Source File / Package
	CVE-2026-4800	Npm-lodash-4.17.21
	CVE-2022-37620	Npm-html-minifier-4.0.0
	CVE-2025-64756	Npm-glob-10.4.5
	CVE-2026-26996	Npm-minimatch-9.0.5
	CVE-2026-26996	Npm-minimatch-3.1.2
	CVE-2026-26996	Npm-minimatch-9.0.1
	CVE-2026-27903	Npm-minimatch-9.0.1
	CVE-2026-27903	Npm-minimatch-3.1.2
	CVE-2026-27903	Npm-minimatch-9.0.5
	CVE-2026-27904	Npm-minimatch-9.0.5
	CVE-2026-27904	Npm-minimatch-3.1.2
	CVE-2026-27904	Npm-minimatch-9.0.1
	CVE-2026-29063	Npm-immutable-5.1.3
	CVE-2026-32933	Nuget-AutoMapper-12.0.1
	CVE-2026-33671	Npm-picomatch-2.3.1
	CVE-2026-34043	Npm-serialize-javascript-6.0.2
	Cxf5fb15b0-6576	Npm-serialize-javascript-6.0.2
	CSRF	/src/Api/AdminConsole/Controllers/GroupsController.cs: 275
	CVE-2025-13465	Npm-lodash-4.17.21
	CVE-2025-67898	Npm-mjml-parser-xml-4.15.3
	CVE-2025-69873	Npm-ajv-8.17.1

[codecov]

Codecov Report

❌ Patch coverage is 57.81250% with 27 lines in your changes missing coverage. Please review.
✅ Project coverage is 58.66%. Comparing base (0618444) to head (eda720a).
⚠️ Report is 9 commits behind head on main.

Files with missing lines	Patch %	Lines
...SharedWeb/Utilities/ServiceCollectionExtensions.cs	9.09%	18 Missing and 2 partials ⚠️
src/Admin/Startup.cs	0.00%	2 Missing ⚠️
src/Billing/Startup.cs	0.00%	2 Missing ⚠️
src/Icons/Startup.cs	0.00%	1 Missing ⚠️
src/Notifications/Startup.cs	0.00%	1 Missing ⚠️
...b/Utilities/HeaderPropagationResponseMiddleware.cs	95.45%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #7461      +/-   ##
==========================================
+ Coverage   58.49%   58.66%   +0.17%     
==========================================
  Files        2066     2067       +1     
  Lines       91141    91143       +2     
  Branches     8111     8119       +8     
==========================================
+ Hits        53309    53471     +162     
+ Misses      35924    35760     -164     
- Partials     1908     1912       +4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud