Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

build(deps): bump github/codeql-action from 3.25.12 to 3.25.15 #625

Merged

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jul 29, 2024

Bumps github/codeql-action from 3.25.12 to 3.25.15.

Changelog

Sourced from github/codeql-action's changelog.

CodeQL Action Changelog

See the releases page for the relevant changes to the CodeQL CLI and language packs.

Note that the only difference between v2 and v3 of the CodeQL Action is the node version they support, with v3 running on node 20 while we continue to release v2 to support running on node 16. For example 3.22.11 was the first v3 release and is functionally identical to 2.22.11. This approach ensures an easy way to track exactly which features are included in different versions, indicated by the minor and patch version numbers.

[UNRELEASED]

No user facing changes.

3.25.15 - 26 Jul 2024

  • Update default CodeQL bundle version to 2.18.1. #2385

3.25.14 - 25 Jul 2024

  • Experimental: add a new start-proxy action which starts the same HTTP proxy as used by github/dependabot-action. Do not use this in production as it is part of an internal experiment and subject to change at any time.

3.25.13 - 19 Jul 2024

  • Add codeql-version to outputs. #2368
  • Add a deprecation warning for customers using CodeQL version 2.13.4 and earlier. These versions of CodeQL were discontinued on 9 July 2024 alongside GitHub Enterprise Server 3.9, and will be unsupported by CodeQL Action versions 3.26.0 and later and versions 2.26.0 and later. #2375
    • If you are using one of these versions, please update to CodeQL CLI version 2.13.5 or later. For instance, if you have specified a custom version of the CLI using the 'tools' input to the 'init' Action, you can remove this input to use the default version.
    • Alternatively, if you want to continue using a version of the CodeQL CLI between 2.12.6 and 2.13.4, you can replace github/codeql-action/*@v3 by github/codeql-action/*@v3.25.13 and github/codeql-action/*@v2 by github/codeql-action/*@v2.25.13 in your code scanning workflow to ensure you continue using this version of the CodeQL Action.

3.25.12 - 12 Jul 2024

  • Improve the reliability and performance of analyzing code when analyzing a compiled language with the autobuild build mode on GitHub Enterprise Server. This feature is already available to GitHub.com users. #2353
  • Update default CodeQL bundle version to 2.18.0. #2364

3.25.11 - 28 Jun 2024

  • Avoid failing the workflow run if there is an error while uploading debug artifacts. #2349
  • Update default CodeQL bundle version to 2.17.6. #2352

3.25.10 - 13 Jun 2024

  • Update default CodeQL bundle version to 2.17.5. #2327

3.25.9 - 12 Jun 2024

  • Avoid failing database creation if the database folder already exists and contains some unexpected files. Requires CodeQL 2.18.0 or higher. #2330
  • The init Action will attempt to clean up the database cluster directory before creating a new database and at the end of the job. This will help to avoid issues where the database cluster directory is left in an inconsistent state. #2332

3.25.8 - 04 Jun 2024

  • Update default CodeQL bundle version to 2.17.4. #2321

3.25.7 - 31 May 2024

... (truncated)

Commits
  • afb54ba Merge pull request #2391 from github/update-v3.25.15-4b1d7da10
  • 57a4b22 Update changelog for v3.25.15
  • 4b1d7da Merge pull request #2385 from github/update-bundle/codeql-bundle-v2.18.1
  • 97e8f69 Merge branch 'main' into update-bundle/codeql-bundle-v2.18.1
  • f8e94f9 Merge pull request #2389 from github/mergeback/v3.25.14-to-main-5cf07d8b
  • 9e375a8 Update checked-in dependencies
  • 02d73d0 Update changelog and version after v3.25.14
  • 5cf07d8 Merge pull request #2388 from github/update-v3.25.14-1b214db07
  • ecab108 Update changelog for v3.25.14
  • 1b214db Merge pull request #2387 from github/aibaars/remove-set-secret
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot requested a review from a team as a code owner July 29, 2024 04:14
@dependabot dependabot bot added github_actions Pull requests that update GitHub Actions code z-dependencies (Deprecated label) Pull requests that update a dependency file labels Jul 29, 2024
@dependabot dependabot bot requested review from JoseRenan and DaveTryon July 29, 2024 04:14
@dependabot dependabot bot force-pushed the dependabot/github_actions/github/codeql-action-3.25.15 branch from 3ad37d7 to fca16f9 Compare August 1, 2024 21:08
@DaveTryon
Copy link
Contributor

@dependabot recreate

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.12 to 3.25.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@4fa2a79...afb54ba)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot force-pushed the dependabot/github_actions/github/codeql-action-3.25.15 branch from fca16f9 to 72337b7 Compare August 1, 2024 23:01
@DaveTryon DaveTryon merged commit ef991d5 into main Aug 1, 2024
6 checks passed
@DaveTryon DaveTryon deleted the dependabot/github_actions/github/codeql-action-3.25.15 branch August 1, 2024 23:17
gustavoaca1997 added a commit that referenced this pull request Aug 16, 2024
* Bump Component Detection version (#624)

* Bump Component Detection version

* Bump NuGet Config and Framework versions

* Raise dependabot PR limit (#629)

* build(deps): bump stefanzweifel/git-auto-commit-action (#552)

Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases)
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md)
- [Commits](stefanzweifel/git-auto-commit-action@8756aa0...8621497)

---
updated-dependencies:
- dependency-name: stefanzweifel/git-auto-commit-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dave Tryon <[email protected]>

* build(deps): bump Microsoft.NET.Test.Sdk from 17.7.2 to 17.10.0 (#630)

Bumps [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 17.7.2 to 17.10.0.
- [Release notes](https://github.com/microsoft/vstest/releases)
- [Changelog](https://github.com/microsoft/vstest/blob/main/docs/releases.md)
- [Commits](microsoft/vstest@v17.7.2...v17.10.0)

---
updated-dependencies:
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump MSTest.TestAdapter from 3.1.1 to 3.5.0 (#644)

Bumps [MSTest.TestAdapter](https://github.com/microsoft/testfx) from 3.1.1 to 3.5.0.
- [Release notes](https://github.com/microsoft/testfx/releases)
- [Changelog](https://github.com/microsoft/testfx/blob/main/docs/Changelog.md)
- [Commits](microsoft/testfx@v3.1.1...v3.5.0)

---
updated-dependencies:
- dependency-name: MSTest.TestAdapter
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump Spectre.Console.Cli from 0.48.0 to 0.49.1 (#637)

Bumps [Spectre.Console.Cli](https://github.com/spectreconsole/spectre.console) from 0.48.0 to 0.49.1.
- [Release notes](https://github.com/spectreconsole/spectre.console/releases)
- [Commits](spectreconsole/spectre.console@0.48.0...0.49.1)

---
updated-dependencies:
- dependency-name: Spectre.Console.Cli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github/codeql-action from 3.25.12 to 3.25.15 (#625)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.12 to 3.25.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@4fa2a79...afb54ba)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump MSTest.TestFramework from 3.1.1 to 3.5.0 (#642)

Bumps [MSTest.TestFramework](https://github.com/microsoft/testfx) from 3.1.1 to 3.5.0.
- [Release notes](https://github.com/microsoft/testfx/releases)
- [Changelog](https://github.com/microsoft/testfx/blob/main/docs/Changelog.md)
- [Commits](microsoft/testfx@v3.1.1...v3.5.0)

---
updated-dependencies:
- dependency-name: MSTest.TestFramework
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump Microsoft.VisualStudio.Threading.Analyzers (#638)

Bumps [Microsoft.VisualStudio.Threading.Analyzers](https://github.com/microsoft/vs-threading) from 17.7.30 to 17.10.48.
- [Release notes](https://github.com/microsoft/vs-threading/releases)
- [Commits](microsoft/vs-threading@v17.7.30...v17.10.48)

---
updated-dependencies:
- dependency-name: Microsoft.VisualStudio.Threading.Analyzers
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 (#654)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.15 to 3.26.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@afb54ba...eb055d7)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump MSTest.TestAdapter from 3.5.0 to 3.5.1 (#653)

Bumps [MSTest.TestAdapter](https://github.com/microsoft/testfx) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/microsoft/testfx/releases)
- [Changelog](https://github.com/microsoft/testfx/blob/main/docs/Changelog.md)
- [Commits](microsoft/testfx@v3.5.0...v3.5.1)

---
updated-dependencies:
- dependency-name: MSTest.TestAdapter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sarah Oslund <[email protected]>

* build(deps): bump MSTest.TestFramework from 3.5.0 to 3.5.1 (#652)

Bumps [MSTest.TestFramework](https://github.com/microsoft/testfx) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/microsoft/testfx/releases)
- [Changelog](https://github.com/microsoft/testfx/blob/main/docs/Changelog.md)
- [Commits](microsoft/testfx@v3.5.0...v3.5.1)

---
updated-dependencies:
- dependency-name: MSTest.TestFramework
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sarah Oslund <[email protected]>

* build(deps): bump Moq from 4.17.2 to 4.20.70 (#640)

Bumps [Moq](https://github.com/moq/moq) from 4.17.2 to 4.20.70.
- [Release notes](https://github.com/moq/moq/releases)
- [Changelog](https://github.com/devlooped/moq/blob/main/CHANGELOG.md)
- [Commits](moq/moq.spikes@v4.17.2...v4.20.70)

---
updated-dependencies:
- dependency-name: Moq
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump coverlet.collector from 6.0.0 to 6.0.2 (#641)

Bumps [coverlet.collector](https://github.com/coverlet-coverage/coverlet) from 6.0.0 to 6.0.2.
- [Release notes](https://github.com/coverlet-coverage/coverlet/releases)
- [Commits](coverlet-coverage/coverlet@v6.0.0...v6.0.2)

---
updated-dependencies:
- dependency-name: coverlet.collector
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump StyleCop.Analyzers (#636)

Bumps [StyleCop.Analyzers](https://github.com/DotNetAnalyzers/StyleCopAnalyzers) from 1.2.0-beta.507 to 1.2.0-beta.556.
- [Release notes](https://github.com/DotNetAnalyzers/StyleCopAnalyzers/releases)
- [Changelog](https://github.com/DotNetAnalyzers/StyleCopAnalyzers/blob/master/documentation/KnownChanges.md)
- [Commits](DotNetAnalyzers/StyleCopAnalyzers@1.2.0-beta.507...1.2.0-beta.556)

---
updated-dependencies:
- dependency-name: StyleCop.Analyzers
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump Microsoft.SourceLink.GitHub from 1.1.1 to 8.0.0 (#645)

Bumps [Microsoft.SourceLink.GitHub](https://github.com/dotnet/sourcelink) from 1.1.1 to 8.0.0.
- [Release notes](https://github.com/dotnet/sourcelink/releases)
- [Commits](dotnet/sourcelink@1.1.1...8.0.0)

---
updated-dependencies:
- dependency-name: Microsoft.SourceLink.GitHub
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump MinVer from 4.3.0 to 5.0.0 (#634)

Bumps [MinVer](https://github.com/adamralph/minver) from 4.3.0 to 5.0.0.
- [Changelog](https://github.com/adamralph/minver/blob/main/CHANGELOG.md)
- [Commits](adamralph/minver@4.3.0...5.0.0)

---
updated-dependencies:
- dependency-name: MinVer
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump Microsoft.Extensions.Http, Microsoft.Extensions.Logging.Abstractions and Microsoft.Extensions.DependencyInjection (#649)

Bumps [Microsoft.Extensions.Http](https://github.com/dotnet/runtime), [Microsoft.Extensions.Logging.Abstractions](https://github.com/dotnet/runtime) and [Microsoft.Extensions.DependencyInjection](https://github.com/dotnet/runtime). These dependencies needed to be updated together.

Updates `Microsoft.Extensions.Http` from 7.0.0 to 8.0.0
- [Release notes](https://github.com/dotnet/runtime/releases)
- [Commits](dotnet/runtime@v7.0.0...v8.0.0)

Updates `Microsoft.Extensions.Logging.Abstractions` from 7.0.1 to 8.0.0
- [Release notes](https://github.com/dotnet/runtime/releases)
- [Commits](dotnet/runtime@v7.0.1...v8.0.0)

Updates `Microsoft.Extensions.DependencyInjection` from 7.0.0 to 8.0.0
- [Release notes](https://github.com/dotnet/runtime/releases)
- [Commits](dotnet/runtime@v7.0.0...v8.0.0)

---
updated-dependencies:
- dependency-name: Microsoft.Extensions.Http
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: Microsoft.Extensions.Logging.Abstractions
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: Microsoft.Extensions.DependencyInjection
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump Microsoft.Extensions.Logging.Abstractions and Microsoft.Extensions.DependencyInjection.Abstractions (#650)

Bumps [Microsoft.Extensions.Logging.Abstractions](https://github.com/dotnet/runtime) and [Microsoft.Extensions.DependencyInjection.Abstractions](https://github.com/dotnet/runtime). These dependencies needed to be updated together.

Updates `Microsoft.Extensions.Logging.Abstractions` from 7.0.1 to 8.0.1
- [Release notes](https://github.com/dotnet/runtime/releases)
- [Commits](dotnet/runtime@v7.0.1...v8.0.1)

Updates `Microsoft.Extensions.DependencyInjection.Abstractions` from 8.0.0 to 8.0.1
- [Release notes](https://github.com/dotnet/runtime/releases)
- [Commits](dotnet/runtime@v8.0.0...v8.0.1)

---
updated-dependencies:
- dependency-name: Microsoft.Extensions.Logging.Abstractions
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: Microsoft.Extensions.DependencyInjection.Abstractions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump Scrutor from 4.2.0 to 4.2.2 (#646)

Bumps [Scrutor](https://github.com/khellang/Scrutor) from 4.2.0 to 4.2.2.
- [Release notes](https://github.com/khellang/Scrutor/releases)
- [Commits](khellang/Scrutor@v4.2.0...v4.2.2)

---
updated-dependencies:
- dependency-name: Scrutor
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix tests

* Bump Microsoft.Extensions.Hosting

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: José Renan <[email protected]>
Co-authored-by: Dave Tryon <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sarah Oslund <[email protected]>
gustavoaca1997 added a commit that referenced this pull request Sep 9, 2024
* Experimenting with dotnet

* Add comments

* Make the Sbom.Targets project to build.

* Add all arguments to GenerateSBOMTask (#1)

Co-authored-by: vpatakottu <[email protected]>

* Add call to the SBOM API from GenerateSbomTask#Execute (#2)

* Start implementing Execute

* Make SBOM Targets test target .NET 8 only.

* Make the Component Path not required.

* Build the current project in test, and check that the manifest was generated.

* Ad a few comments for TODOs.

* Validate and Sanitize Arguments  (#3)

* Validate arguments

* ignore case for enum conversion

* create method for manifestinfo

---------

Co-authored-by: vpatakottu <[email protected]>

* Add tests for Generate SBOM Task (#4)

* Add more tests for GenerateSbomTask.Execute logic

* Add SBOM Validation to the Generate SBOM Task tests.

* Add a utility method that validates the SBOM being generated during tests

* Make more tests use the new utility validator method

* Pass sbom specification during tests

* Refactor GenerateSbomTask tests to be parametrized through the SBOM Specification

* Fix typo

* Add an abstract method for the Sbom Specification of the AbstractGenerateSbomTaskTests

* Address PR suggestions

* Made fields internal instead of private in AbstractGenerateSbomTaskTests

* Add unit tests for GenerateSbomTask inputs (#6)

* add unit tests for GenerateSbomTask inputs

* remove console print

* Addressing feedback

* addressing feedback and adding more tests'

---------

Co-authored-by: vpatakottu <[email protected]>

* Add additional unit tests for valid cases (#7)

* add additional unit tests for valid cases

* address feedback and add few more cases

---------

Co-authored-by: vpatakottu <[email protected]>

* Merging Varshita's branch into our feature branch (#12)

* setting up imports

* Add reference to local Nuget package, for testing purposes

* rename targets and props, export them to the build folder

* Fix test project

* Fix Targets file to include props

* Manually adding the Sources Providers that support ProviderType.Packages

* Manually add the missing classes for SBOM generation

* Add MSBuild properties to our Props file (#8)

* Use MSBuild/.NET props for default values of the Generate SBOM task.

* Remove hardcoded path from the Targets

* Add default value to props file for SbomGenerationManifestDirPath

* Add final ManifestDirPath to SbomGenerationResult.

* Fix typo

* Change Summary comment for ManifestDirPath

* include sbom files in user's nuget packages (#11)

Co-authored-by: vpatakottu <[email protected]>

* Make the task target .net 8 and .net 6 (#13)

* Remove unrooted checks (#14)

* Downgrade Microsoft.Extensions.Hosting back to 7.0.1

* Remove LocalNuget configuration

* Stop tracking nuspec file

* Remove unnecessary comments.

* Remove reference to Microsoft.Sbom.Targets Nuget

* Apply suggestions from the linter and PR comments.

---------

Co-authored-by: vpatakottu <[email protected]>
Co-authored-by: vpatakottu <[email protected]>

* Fix ubuntu tests (#16)

* add users/gustavoca/net-sdk-sbom-tool branch to PR pipelines

* Fix Ubuntu tests for Targets project

* Update feature branch (#17)

* build(deps): bump actions/checkout from 4.1.1 to 4.1.6 (#574)

Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](actions/checkout@b4ffde6...a5ac7e5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github/codeql-action from 3.24.3 to 3.25.8 (#591)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.3 to 3.25.8.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@3796146...2e230e8)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add missing header to AbstractGenerateSbomTaskTests (#598)

* Create template tool task (#600)

* create template tool task

* Make the tests successfully run

* Include the SBOM CLI Tool to the .NET Framework package folder.

* refactor code a little and address feedback

@microsoft-github-policy-service agree company="Microsoft"

---------

Co-authored-by: vpatakottu <[email protected]>
Co-authored-by: gustavoaca1997 <[email protected]>

* Run the Github build also for feature branches.

* Implement SBOM CLI ToolTask (#607)

* implement ToolTask

* addressing feedback

* addressing feedback pt. 2

---------

Co-authored-by: vpatakottu <[email protected]>

* Update System.Text.Json

* Stop importing the props twice when referencing the Nuget package (#612)

* Add tests for the MSBuild Full version of the Generate SBOM task (#613)

* Bring changes from feautre branch

* Make the Targets.Tests project also target .NET Framework

* Remove props file

* Implement tests for MSBuild Full version of the task

* Simplify how the CLI tool is called from the tests.

* Add test for file being in use.

* Test the output of the ToolTask.

* Change the name of AbstractGenerateSBomTaskInputTests to AbstractGenerateSbomTaskInputTests

* Include .NET Framework output in Sbom_Generation_Succeeds_For_Null_Verbosity

* Update src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs

Co-authored-by: Dave Tryon <[email protected]>

* Skip tests that are failing due to known issues

* Add debug messages for the test pipeline

* Fix .net core tests

* Target .NET Framework only on Windows

* Remove unnecessary comment.

* Update default Verbosity.

* Address comments.

* Change name of AbstractGenerateSbomTaskInputTests

* Address PR Comments

---------

Co-authored-by: Dave Tryon <[email protected]>

* Update NuGet Package Format and Surface Errors (#619)

* update nuget package format and surface errors

* simplify sbom output

* update targets to use SbomPath output var for ToolTask

* fix bad merge

* append manifest folder name for manifestdirpath

* add path.combine and property checks

* append platform version

* create ManifestDirPath if needed

* temporarily comment out

* remove manifestdirpath logic for now

* use path.combine and full path

---------

Co-authored-by: vpatakottu <[email protected]>

* Add README for Microsoft.Sbom.Targets project (#651)

* Adding readme

* add code quotes

---------

Co-authored-by: vpatakottu <[email protected]>

* Workaround for generating a SBOM manifest at the root level of the Nuget Package (#656)

* Add buildMultiTargeting folder to the Nuget package

* Unzip and Zip again for including the SBOM into the Nuget package.

* Append GUID to the temporary unzipped folder.

* Use Path.Combine for Unzip and Nupkg paths (#663)

* Add E2E tests for Microsoft.Sbom.Targets project (#658)

* add base setup for tests

* updates to test

* cleanup

* Add more tests

* update package version

* cleanup

* mini fix for copying sample project

* add unloading step

* create separate project for E2E tests

* cleanup

* rearrange method

* cleanup

* check for platform

* try with locator

* disable analyzers for sample project

---------

Co-authored-by: vpatakottu <[email protected]>

* Remove GenerateSBOMTest project (#673)

* Remove GenerateSBOMTest project

* Remove N/A comment

* Add ContinueOnError=ErrorAndContinue to the ZipDirectory, GenerateSBOM and Unzip (#672)

* User/gustavoca/update with main (#675)

* Bump Component Detection version (#624)

* Bump Component Detection version

* Bump NuGet Config and Framework versions

* Raise dependabot PR limit (#629)

* build(deps): bump stefanzweifel/git-auto-commit-action (#552)

Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases)
- [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md)
- [Commits](stefanzweifel/git-auto-commit-action@8756aa0...8621497)

---
updated-dependencies:
- dependency-name: stefanzweifel/git-auto-commit-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dave Tryon <[email protected]>

* build(deps): bump Microsoft.NET.Test.Sdk from 17.7.2 to 17.10.0 (#630)

Bumps [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 17.7.2 to 17.10.0.
- [Release notes](https://github.com/microsoft/vstest/releases)
- [Changelog](https://github.com/microsoft/vstest/blob/main/docs/releases.md)
- [Commits](microsoft/vstest@v17.7.2...v17.10.0)

---
updated-dependencies:
- dependency-name: Microsoft.NET.Test.Sdk
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump MSTest.TestAdapter from 3.1.1 to 3.5.0 (#644)

Bumps [MSTest.TestAdapter](https://github.com/microsoft/testfx) from 3.1.1 to 3.5.0.
- [Release notes](https://github.com/microsoft/testfx/releases)
- [Changelog](https://github.com/microsoft/testfx/blob/main/docs/Changelog.md)
- [Commits](microsoft/testfx@v3.1.1...v3.5.0)

---
updated-dependencies:
- dependency-name: MSTest.TestAdapter
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump Spectre.Console.Cli from 0.48.0 to 0.49.1 (#637)

Bumps [Spectre.Console.Cli](https://github.com/spectreconsole/spectre.console) from 0.48.0 to 0.49.1.
- [Release notes](https://github.com/spectreconsole/spectre.console/releases)
- [Commits](spectreconsole/spectre.console@0.48.0...0.49.1)

---
updated-dependencies:
- dependency-name: Spectre.Console.Cli
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github/codeql-action from 3.25.12 to 3.25.15 (#625)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.12 to 3.25.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@4fa2a79...afb54ba)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump MSTest.TestFramework from 3.1.1 to 3.5.0 (#642)

Bumps [MSTest.TestFramework](https://github.com/microsoft/testfx) from 3.1.1 to 3.5.0.
- [Release notes](https://github.com/microsoft/testfx/releases)
- [Changelog](https://github.com/microsoft/testfx/blob/main/docs/Changelog.md)
- [Commits](microsoft/testfx@v3.1.1...v3.5.0)

---
updated-dependencies:
- dependency-name: MSTest.TestFramework
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump Microsoft.VisualStudio.Threading.Analyzers (#638)

Bumps [Microsoft.VisualStudio.Threading.Analyzers](https://github.com/microsoft/vs-threading) from 17.7.30 to 17.10.48.
- [Release notes](https://github.com/microsoft/vs-threading/releases)
- [Commits](microsoft/vs-threading@v17.7.30...v17.10.48)

---
updated-dependencies:
- dependency-name: Microsoft.VisualStudio.Threading.Analyzers
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 (#654)

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.15 to 3.26.0.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](github/codeql-action@afb54ba...eb055d7)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump MSTest.TestAdapter from 3.5.0 to 3.5.1 (#653)

Bumps [MSTest.TestAdapter](https://github.com/microsoft/testfx) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/microsoft/testfx/releases)
- [Changelog](https://github.com/microsoft/testfx/blob/main/docs/Changelog.md)
- [Commits](microsoft/testfx@v3.5.0...v3.5.1)

---
updated-dependencies:
- dependency-name: MSTest.TestAdapter
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sarah Oslund <[email protected]>

* build(deps): bump MSTest.TestFramework from 3.5.0 to 3.5.1 (#652)

Bumps [MSTest.TestFramework](https://github.com/microsoft/testfx) from 3.5.0 to 3.5.1.
- [Release notes](https://github.com/microsoft/testfx/releases)
- [Changelog](https://github.com/microsoft/testfx/blob/main/docs/Changelog.md)
- [Commits](microsoft/testfx@v3.5.0...v3.5.1)

---
updated-dependencies:
- dependency-name: MSTest.TestFramework
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sarah Oslund <[email protected]>

* build(deps): bump Moq from 4.17.2 to 4.20.70 (#640)

Bumps [Moq](https://github.com/moq/moq) from 4.17.2 to 4.20.70.
- [Release notes](https://github.com/moq/moq/releases)
- [Changelog](https://github.com/devlooped/moq/blob/main/CHANGELOG.md)
- [Commits](moq/moq.spikes@v4.17.2...v4.20.70)

---
updated-dependencies:
- dependency-name: Moq
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump coverlet.collector from 6.0.0 to 6.0.2 (#641)

Bumps [coverlet.collector](https://github.com/coverlet-coverage/coverlet) from 6.0.0 to 6.0.2.
- [Release notes](https://github.com/coverlet-coverage/coverlet/releases)
- [Commits](coverlet-coverage/coverlet@v6.0.0...v6.0.2)

---
updated-dependencies:
- dependency-name: coverlet.collector
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump StyleCop.Analyzers (#636)

Bumps [StyleCop.Analyzers](https://github.com/DotNetAnalyzers/StyleCopAnalyzers) from 1.2.0-beta.507 to 1.2.0-beta.556.
- [Release notes](https://github.com/DotNetAnalyzers/StyleCopAnalyzers/releases)
- [Changelog](https://github.com/DotNetAnalyzers/StyleCopAnalyzers/blob/master/documentation/KnownChanges.md)
- [Commits](DotNetAnalyzers/StyleCopAnalyzers@1.2.0-beta.507...1.2.0-beta.556)

---
updated-dependencies:
- dependency-name: StyleCop.Analyzers
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump Microsoft.SourceLink.GitHub from 1.1.1 to 8.0.0 (#645)

Bumps [Microsoft.SourceLink.GitHub](https://github.com/dotnet/sourcelink) from 1.1.1 to 8.0.0.
- [Release notes](https://github.com/dotnet/sourcelink/releases)
- [Commits](dotnet/sourcelink@1.1.1...8.0.0)

---
updated-dependencies:
- dependency-name: Microsoft.SourceLink.GitHub
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump MinVer from 4.3.0 to 5.0.0 (#634)

Bumps [MinVer](https://github.com/adamralph/minver) from 4.3.0 to 5.0.0.
- [Changelog](https://github.com/adamralph/minver/blob/main/CHANGELOG.md)
- [Commits](adamralph/minver@4.3.0...5.0.0)

---
updated-dependencies:
- dependency-name: MinVer
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump Microsoft.Extensions.Http, Microsoft.Extensions.Logging.Abstractions and Microsoft.Extensions.DependencyInjection (#649)

Bumps [Microsoft.Extensions.Http](https://github.com/dotnet/runtime), [Microsoft.Extensions.Logging.Abstractions](https://github.com/dotnet/runtime) and [Microsoft.Extensions.DependencyInjection](https://github.com/dotnet/runtime). These dependencies needed to be updated together.

Updates `Microsoft.Extensions.Http` from 7.0.0 to 8.0.0
- [Release notes](https://github.com/dotnet/runtime/releases)
- [Commits](dotnet/runtime@v7.0.0...v8.0.0)

Updates `Microsoft.Extensions.Logging.Abstractions` from 7.0.1 to 8.0.0
- [Release notes](https://github.com/dotnet/runtime/releases)
- [Commits](dotnet/runtime@v7.0.1...v8.0.0)

Updates `Microsoft.Extensions.DependencyInjection` from 7.0.0 to 8.0.0
- [Release notes](https://github.com/dotnet/runtime/releases)
- [Commits](dotnet/runtime@v7.0.0...v8.0.0)

---
updated-dependencies:
- dependency-name: Microsoft.Extensions.Http
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: Microsoft.Extensions.Logging.Abstractions
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: Microsoft.Extensions.DependencyInjection
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump Microsoft.Extensions.Logging.Abstractions and Microsoft.Extensions.DependencyInjection.Abstractions (#650)

Bumps [Microsoft.Extensions.Logging.Abstractions](https://github.com/dotnet/runtime) and [Microsoft.Extensions.DependencyInjection.Abstractions](https://github.com/dotnet/runtime). These dependencies needed to be updated together.

Updates `Microsoft.Extensions.Logging.Abstractions` from 7.0.1 to 8.0.1
- [Release notes](https://github.com/dotnet/runtime/releases)
- [Commits](dotnet/runtime@v7.0.1...v8.0.1)

Updates `Microsoft.Extensions.DependencyInjection.Abstractions` from 8.0.0 to 8.0.1
- [Release notes](https://github.com/dotnet/runtime/releases)
- [Commits](dotnet/runtime@v8.0.0...v8.0.1)

---
updated-dependencies:
- dependency-name: Microsoft.Extensions.Logging.Abstractions
  dependency-type: direct:production
  update-type: version-update:semver-major
- dependency-name: Microsoft.Extensions.DependencyInjection.Abstractions
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* build(deps): bump Scrutor from 4.2.0 to 4.2.2 (#646)

Bumps [Scrutor](https://github.com/khellang/Scrutor) from 4.2.0 to 4.2.2.
- [Release notes](https://github.com/khellang/Scrutor/releases)
- [Commits](khellang/Scrutor@v4.2.0...v4.2.2)

---
updated-dependencies:
- dependency-name: Scrutor
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix tests

* Bump Microsoft.Extensions.Hosting

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: José Renan <[email protected]>
Co-authored-by: Dave Tryon <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sarah Oslund <[email protected]>

* Update README

* Address Feedback (#679)

* Address feedback and remove SbomPath

* remove whitespace

* remove comment

---------

Co-authored-by: vpatakottu <[email protected]>

* address more feedback (#682)

Co-authored-by: vpatakottu <[email protected]>

* Pack each project separately (#681)

* Pack each project separately

* Remove extra dotnet apck

* Inspect the content of the Nuget package instead of extracting to disk during e2e tests.

* User/gustavoca/dont extract e2e tests (#684)

* Inspect the content of the Nuget package instead of extracting to disk during e2e tests.

* Remove extra changes in Directory.Packages.Props

* Remove instance of Newtonsoft.Json

* Remove not needed Message

* Revert "Remove instance of Newtonsoft.Json"

This reverts commit 52329d4.

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Sarah Oslund <[email protected]>
Co-authored-by: vpatakottu <[email protected]>
Co-authored-by: vpatakottu <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Dave Tryon <[email protected]>
Co-authored-by: José Renan <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
github_actions Pull requests that update GitHub Actions code z-dependencies (Deprecated label) Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant