Thank you for your feedback.
We have a bug in our current C# and VB .Net analysis. We are working on it and I will come back to you as soon as it is fixed.
In the meantime you can unblock your pull requests by ignoring external roslyn error in your project like this:
Go to your project’s Administration tab > General Settings > External analyzers > C# Ignore issues from external Roslyn analyzers > enable the option. The security hotspot issues will disappear the next time your pull requests are analyzed.
Just to give some context: The issue you mention is a Security Hotspot. Those issues are meant to help security auditors during code reviews. They are created on code which is security-sensitive, i.e. code where vulnerabilities generally occur, but which doesn’t necessarily contain a vulnerability. Security Hotspot issues should never impact the quality gate, nor should they be visible on Pull Requests.
We apologize for the inconvenience.