fix(scripts): ensure reliable array count operations in linting and security scripts

[katriendg]

Description

This PR fixes PowerShell array handling issues in linting and security validation scripts by ensuring array assignments and count operations use proper array coercion with @(). These changes prevent potential errors when pipeline operations return null or single items instead of arrays.

• fix(linting): wrapped array assignments in Invoke-PSScriptAnalyzer, Invoke-YamlLint, and Markdown-Link-Check with @() to ensure consistent array behavior

  • Applied to file collection calls from Get-ChangedFilesFromGit and Get-FilesRecursive
  • Added array coercion to all .Count property accesses for reliable zero-count checks

• fix(linting): added array coercion to count checks in Validate-MarkdownFrontmatter

  • Wrapped Get-ChangedMarkdownFileGroup result with @() for consistent array handling
  • Applied to count checks to prevent null reference errors

• fix(security): improved array handling in Test-DependencyPinning script

  • Added @() wrapping to violation collection and grouping operations
  • Applied to measure-object count operations and group-by filtering

• fix(security): enhanced array coercion in Test-SHAStaleness script

  • Wrapped all count checks and array operations with @() for reliable behavior
  • Added initialization of $script:StaleDependencies as empty array
  • Applied to tool staleness detection and error collection

Related Issue(s)

Fixes #394

Type of Change

Select all that apply:

Code & Documentation:

• Bug fix (non-breaking change fixing an issue)
• New feature (non-breaking change adding functionality)
• Breaking change (fix or feature causing existing functionality to change)
• Documentation update

Infrastructure & Configuration:

• GitHub Actions workflow
• Linting configuration (markdown, PowerShell, etc.)
• Security configuration
• DevContainer configuration
• Dependency update

AI Artifacts:

• Reviewed contribution with prompt-builder agent and addressed all feedback
• Copilot instructions (.github/instructions/*.instructions.md)
• Copilot prompt (.github/prompts/*.prompt.md)
• Copilot agent (.github/agents/*.agent.md)

Other:

• Script/automation (.ps1, .sh, .py)
• Other (please describe):

Testing

Tested by running the affected scripts with various file count scenarios:

• Zero files found (empty array handling)
• Single file (automatic array coercion)
• Multiple files (existing array behavior)

All scripts now handle edge cases consistently without null reference errors.

Checklist

Required Checks

• Documentation is updated (if applicable)
• Files follow existing naming conventions
• Changes are backwards compatible (if applicable)
• Tests added for new functionality (if applicable)

AI Artifact Contributions

• Used /prompt-analyze to review contribution
• Addressed all feedback from prompt-builder review
• Verified contribution follows common standards and type-specific requirements

Required Automated Checks

The following validation commands must pass before merging:

• Markdown linting: npm run lint:md
• Spell checking: npm run spell-check
• Frontmatter validation: npm run lint:frontmatter
• Link validation: npm run lint:md-links
• PowerShell analysis: npm run lint:ps

Security Considerations

• This PR does not contain any sensitive or NDA information
• Any new dependencies have been reviewed for security issues
• Security-related scripts follow the principle of least privilege

Additional Notes

These changes follow PowerShell best practices for defensive array handling. The @() operator ensures that pipeline results are always treated as arrays, even when they return null or single items, preventing runtime errors in count operations and foreach loops.

🔧 - Generated by Copilot

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

Scanned Files

None

[codecov-commenter]

Codecov Report

❌ Patch coverage is 77.77778% with 12 lines in your changes missing coverage. Please review.
✅ Project coverage is 61.45%. Comparing base (d92c4e1) to head (b40e0f9).
⚠️ Report is 1 commits behind head on main.

Files with missing lines	Patch %	Lines
scripts/security/Test-SHAStaleness.ps1	73.91%	6 Missing ⚠️
scripts/linting/Validate-MarkdownFrontmatter.ps1	0.00%	3 Missing ⚠️
scripts/linting/Markdown-Link-Check.ps1	0.00%	2 Missing ⚠️
scripts/security/Test-DependencyPinning.ps1	90.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #395      +/-   ##
==========================================
+ Coverage   52.44%   61.45%   +9.01%     
==========================================
  Files          17       17              
  Lines        3110     3111       +1     
==========================================
+ Hits         1631     1912     +281     
+ Misses       1479     1199     -280     

Flag	Coverage Δ
pester	61.45% <77.77%> (+9.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files with missing lines	Coverage Δ
scripts/linting/Invoke-PSScriptAnalyzer.ps1	91.89% <100.00%> (ø)
scripts/linting/Invoke-YamlLint.ps1	93.15% <100.00%> (ø)
scripts/security/Test-DependencyPinning.ps1	80.05% <90.00%> (+24.27%)	⬆️
scripts/linting/Markdown-Link-Check.ps1	0.00% <0.00%> (ø)
scripts/linting/Validate-MarkdownFrontmatter.ps1	64.70% <0.00%> (ø)
scripts/security/Test-SHAStaleness.ps1	48.52% <73.91%> (+48.52%)	⬆️

... and 1 file with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[Copilot]

Pull request overview

This PR fixes PowerShell array handling issues across linting and security validation scripts by applying defensive array coercion with @(). The changes prevent "property 'Count' cannot be found" errors that occur when pipeline operations return null or single items instead of arrays, particularly affecting functions like Get-ChangedFilesFromGit and Get-FilesRecursive.

Changes:

• Added @() array coercion to function return values and count operations across all linting scripts (PSScriptAnalyzer, YamlLint, Markdown-Link-Check, Validate-MarkdownFrontmatter)
• Enhanced array handling in security validation scripts (Test-DependencyPinning, Test-SHAStaleness) for violation collections, grouping operations, and measure-object counts
• Initialized $script:StaleDependencies as an empty array in Test-SHAStaleness.ps1

Reviewed changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
scripts/security/Test-SHAStaleness.ps1	Added array coercion to 11 count operations, tool staleness detection, and initialized StaleDependencies array
scripts/security/Test-DependencyPinning.ps1	Added array coercion to 5 violation collection and measure-object operations
scripts/linting/Validate-MarkdownFrontmatter.ps1	Wrapped Get-ChangedMarkdownFileGroup results and count checks with @()
scripts/linting/Markdown-Link-Check.ps1	Added array coercion to Get-MarkdownTarget return value and count check
scripts/linting/Invoke-YamlLint.ps1	Wrapped Get-ChangedFilesFromGit, Get-ChildItem results, and count operations with @()
scripts/linting/Invoke-PSScriptAnalyzer.ps1	Added array coercion to Get-ChangedFilesFromGit, Get-FilesRecursive results, and all count operations in summary

[Copilot]

Pull request overview

Copilot reviewed 10 out of 10 changed files in this pull request and generated no new comments.