Add Microsoft.Sbom.Common #6
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Update Microsoft.Sbom.Extensions with latest from internal repo
aasim
reviewed
Jun 20, 2022
src/Microsoft.Sbom.Common/Config/Attributes/ComponentDetectorArgumentAttribute.cs
Outdated
Show resolved
Hide resolved
aasim
reviewed
Jun 20, 2022
src/Microsoft.Sbom.Common/Config/Attributes/DefaultNamespaceBaseUriAttribute.cs
Outdated
Show resolved
Hide resolved
aasim
reviewed
Jun 20, 2022
src/Microsoft.Sbom.Common/Config/Attributes/ValidUriAttribute.cs
Outdated
Show resolved
Hide resolved
aasim
reviewed
Jun 20, 2022
src/Microsoft.Sbom.Common/Config/Attributes/IntRangeAttribute.cs
Outdated
Show resolved
Hide resolved
aasim
reviewed
Jun 20, 2022
aasim
reviewed
Jun 20, 2022
aasim
reviewed
Jun 20, 2022
aasim
reviewed
Jun 20, 2022
aasim
reviewed
Jun 20, 2022
aasim
reviewed
Jun 20, 2022
aasim
reviewed
Jun 20, 2022
aasim
reviewed
Jun 20, 2022
aasim
reviewed
Jun 20, 2022
aasim
reviewed
Jun 20, 2022
aasim
suggested changes
Jun 20, 2022
ByAgenT
reviewed
Jun 21, 2022
8a43f6a to
73e0e7e
Compare
ff6b5a3 to
9cf7086
Compare
ByAgenT
reviewed
Jun 21, 2022
Directory.Packages.props
Outdated
| <PackageVersion Include="Ninject" Version="3.3.4" /> | ||
| <PackageVersion Include="System.IO.FileSystem.AccessControl" Version="5.0.0" /> | ||
| <PackageVersion Include="Mono.Posix.NETStandard" Version="1.0.0" /> | ||
| <PackageVersion Include="Microsoft.ComponentDetection.Contracts" Version="1.0.12" /> |
There was a problem hiding this comment.
Should this not be a common dependency? I think we don't use it in Sbom.Extensions and in a couple of other projects and I could see people complaining why we have unnecessary dependency :)
There was a problem hiding this comment.
This is just specifying package versions right? It's up to the individual projects to pull in the dependencies that they need.
| using Microsoft.ComponentDetection.Contracts.TypedComponent; | ||
| using Microsoft.Sbom.Contracts; | ||
|
|
||
| namespace Microsoft.Sbom.Adapters.Adapters.ComponentDetection |
There was a problem hiding this comment.
This is not something you have to do in this PR, but I want to complain about Adapters.Adapters :) What do you think if we create an issue to simplify this duplicate Adapters in namespace?
There was a problem hiding this comment.
Yeah, lets do it as part of a seperate PR like you have for the contracts ns
| <ItemGroup> | ||
| <PackageReference Include="Microsoft.ComponentDetection.Contracts" /> | ||
| <PackageReference Include="Newtonsoft.Json" /> | ||
| <PackageReference Include="PackageUrl" /> |
| <Authors>Microsoft Corporation</Authors> | ||
| <Description>Provides a set of adapters from external component formats to a single SBOM format.</Description> | ||
| <PackageVersion>$(SBOMPackageVersion)</PackageVersion> | ||
| <!--NU5104: Warning thrown because Microsoft.VisualStudio.Services.Governance.ComponentDetection.Contracts is a "prerelease" package.--> |
There was a problem hiding this comment.
This comment is for non-public package
| <!--NU5104: Warning thrown because Microsoft.VisualStudio.Services.Governance.ComponentDetection.Contracts is a "prerelease" package.--> | ||
| <!--Note: due to a bug in dotnet, this needs to be a global nowarn instead of for the specific package it is trying to suppress.--> | ||
| <NoWarn>NU5104</NoWarn> | ||
| <AssemblyOriginatorKeyFile>Microsoft.SBOM.Adapters.snk</AssemblyOriginatorKeyFile> |
There was a problem hiding this comment.
Is this also should be in OSS?
There was a problem hiding this comment.
I see you also moved this key file to OSS repo. Let's confirm whether we should do that
There was a problem hiding this comment.
I agree, I don't think we should move the signing file
| <TargetFramework>netstandard2.0</TargetFramework> | ||
| <Nullable>enable</Nullable> | ||
| <AssemblyName>Microsoft.SBOM.Adapters</AssemblyName> | ||
| <SignAssembly>True</SignAssembly> |
There was a problem hiding this comment.
It seems like we should not sign it this way. I think signing along w/ keys shouldn't be as part of OSS repo
There was a problem hiding this comment.
Yes, we should remove this from here.
| // Copyright (c) Microsoft. All rights reserved. | ||
| // Licensed under the MIT license. See LICENSE file in the project root for full license information. | ||
|
|
||
| using Mono.Unix; |
| public class SBOMMetadata | ||
| { | ||
| /// <summary> | ||
| /// Gets or sets the name of your build environment, like CloudBuild or Azure Pipelines. |
| <PropertyGroup> | ||
| <TargetFramework>netstandard2.0</TargetFramework> | ||
| <AssemblyName>Microsoft.Sbom.Contracts</AssemblyName> | ||
| <SignAssembly>true</SignAssembly> |
There was a problem hiding this comment.
Same about signing and key file
| @@ -46,7 +46,7 @@ public enum MetadataKey | |||
| /// https://docs.microsoft.com/en-us/azure/devops/pipelines/build/variables?view=azure-devops&tabs=yaml#build-variables-devops-services | |||
| /// </summary> | |||
| #region Azure DevOps Pipelines metadata | |||
There was a problem hiding this comment.
Remove mention of ADO pipelines?
added 2 commits
June 21, 2022 17:36
edgarrs
reviewed
Jun 22, 2022
| <Rule Id="CA1724" Action="None" /> | ||
| <Rule Id="CA1801" Action="None" /> | ||
| <Rule Id="CA1802" Action="None" /> | ||
| <Rule Id="CA1805" Action="None" /> |
edgarrs
reviewed
Jun 22, 2022
| <PackageVersion Include="System.IO.FileSystem.AccessControl" Version="5.0.0" /> | ||
| <PackageVersion Include="System.Threading.Channels" Version="6.0.0" /> | ||
| <PackageVersion Include="System.Threading.Tasks.Extensions" Version="4.5.4" /> | ||
| <!-- <PackageVersion include="Microsoft.Bcl.AsyncInterfaces" Version="6.0.0" /> --> |
edgarrs
reviewed
Jun 22, 2022
| <PackageVersion Include="Serilog.Sinks.Console" Version="4.0.0" /> | ||
| <PackageVersion Include="System.IO.FileSystem.AccessControl" Version="5.0.0" /> | ||
| <PackageVersion Include="Mono.Posix.NETStandard" Version="1.0.0" /> | ||
| <!-- <PackageVersion Include="Microsoft.ComponentDetection" Version="1.1.7" /> --> |
There was a problem hiding this comment.
<!-- <PackageVersion Include="Microsoft.ComponentDetection" Version="1.1.7" /> --> [](http://example.com/codeflow?start=3&length=87)
Delete commented line
edgarrs
reviewed
Jun 22, 2022
| } | ||
| catch (Exception) | ||
| { | ||
| // TODO Add logger with debug |
edgarrs
reviewed
Jun 22, 2022
| <AssemblyName>Microsoft.Parsers.SPDX22SBOMParser</AssemblyName> | ||
| <RootNamespace>Microsoft.SPDX22SBOMParser</RootNamespace> | ||
| <GeneratePackageOnBuild>True</GeneratePackageOnBuild> | ||
| <SignAssembly>True</SignAssembly> |
aasim
reviewed
Jun 22, 2022
| <GeneratePackageOnBuild>True</GeneratePackageOnBuild> | ||
| <Authors>Microsoft Corporation</Authors> | ||
| <Description>Provides a set of adapters from external component formats to a single SBOM format.</Description> | ||
| <PackageVersion>$(SBOMPackageVersion)</PackageVersion> |
There was a problem hiding this comment.
we should remove this package version also, but we can do it as part of a seperate PR.
gustavoaca1997
pushed a commit
that referenced
this pull request
Jun 24, 2024
* add unit tests for GenerateSbomTask inputs * remove console print * Addressing feedback * addressing feedback and adding more tests' --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com>
gustavoaca1997
added a commit
that referenced
this pull request
Sep 9, 2024
* Experimenting with dotnet * Add comments * Make the Sbom.Targets project to build. * Add all arguments to GenerateSBOMTask (#1) Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Add call to the SBOM API from GenerateSbomTask#Execute (#2) * Start implementing Execute * Make SBOM Targets test target .NET 8 only. * Make the Component Path not required. * Build the current project in test, and check that the manifest was generated. * Ad a few comments for TODOs. * Validate and Sanitize Arguments (#3) * Validate arguments * ignore case for enum conversion * create method for manifestinfo --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Add tests for Generate SBOM Task (#4) * Add more tests for GenerateSbomTask.Execute logic * Add SBOM Validation to the Generate SBOM Task tests. * Add a utility method that validates the SBOM being generated during tests * Make more tests use the new utility validator method * Pass sbom specification during tests * Refactor GenerateSbomTask tests to be parametrized through the SBOM Specification * Fix typo * Add an abstract method for the Sbom Specification of the AbstractGenerateSbomTaskTests * Address PR suggestions * Made fields internal instead of private in AbstractGenerateSbomTaskTests * Add unit tests for GenerateSbomTask inputs (#6) * add unit tests for GenerateSbomTask inputs * remove console print * Addressing feedback * addressing feedback and adding more tests' --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Add additional unit tests for valid cases (#7) * add additional unit tests for valid cases * address feedback and add few more cases --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Merging Varshita's branch into our feature branch (#12) * setting up imports * Add reference to local Nuget package, for testing purposes * rename targets and props, export them to the build folder * Fix test project * Fix Targets file to include props * Manually adding the Sources Providers that support ProviderType.Packages * Manually add the missing classes for SBOM generation * Add MSBuild properties to our Props file (#8) * Use MSBuild/.NET props for default values of the Generate SBOM task. * Remove hardcoded path from the Targets * Add default value to props file for SbomGenerationManifestDirPath * Add final ManifestDirPath to SbomGenerationResult. * Fix typo * Change Summary comment for ManifestDirPath * include sbom files in user's nuget packages (#11) Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Make the task target .net 8 and .net 6 (#13) * Remove unrooted checks (#14) * Downgrade Microsoft.Extensions.Hosting back to 7.0.1 * Remove LocalNuget configuration * Stop tracking nuspec file * Remove unnecessary comments. * Remove reference to Microsoft.Sbom.Targets Nuget * Apply suggestions from the linter and PR comments. --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> Co-authored-by: vpatakottu <47004464+vpatakottu@users.noreply.github.com> * Fix ubuntu tests (#16) * add users/gustavoca/net-sdk-sbom-tool branch to PR pipelines * Fix Ubuntu tests for Targets project * Update feature branch (#17) * build(deps): bump actions/checkout from 4.1.1 to 4.1.6 (#574) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@b4ffde6...a5ac7e5) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github/codeql-action from 3.24.3 to 3.25.8 (#591) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.3 to 3.25.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@3796146...2e230e8) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add missing header to AbstractGenerateSbomTaskTests (#598) * Create template tool task (#600) * create template tool task * Make the tests successfully run * Include the SBOM CLI Tool to the .NET Framework package folder. * refactor code a little and address feedback @microsoft-github-policy-service agree company="Microsoft" --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> Co-authored-by: gustavoaca1997 <gustavoaca1997@gmail.com> * Run the Github build also for feature branches. * Implement SBOM CLI ToolTask (#607) * implement ToolTask * addressing feedback * addressing feedback pt. 2 --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Update System.Text.Json * Stop importing the props twice when referencing the Nuget package (#612) * Add tests for the MSBuild Full version of the Generate SBOM task (#613) * Bring changes from feautre branch * Make the Targets.Tests project also target .NET Framework * Remove props file * Implement tests for MSBuild Full version of the task * Simplify how the CLI tool is called from the tests. * Add test for file being in use. * Test the output of the ToolTask. * Change the name of AbstractGenerateSBomTaskInputTests to AbstractGenerateSbomTaskInputTests * Include .NET Framework output in Sbom_Generation_Succeeds_For_Null_Verbosity * Update src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs Co-authored-by: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> * Skip tests that are failing due to known issues * Add debug messages for the test pipeline * Fix .net core tests * Target .NET Framework only on Windows * Remove unnecessary comment. * Update default Verbosity. * Address comments. * Change name of AbstractGenerateSbomTaskInputTests * Address PR Comments --------- Co-authored-by: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> * Update NuGet Package Format and Surface Errors (#619) * update nuget package format and surface errors * simplify sbom output * update targets to use SbomPath output var for ToolTask * fix bad merge * append manifest folder name for manifestdirpath * add path.combine and property checks * append platform version * create ManifestDirPath if needed * temporarily comment out * remove manifestdirpath logic for now * use path.combine and full path --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Add README for Microsoft.Sbom.Targets project (#651) * Adding readme * add code quotes --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Workaround for generating a SBOM manifest at the root level of the Nuget Package (#656) * Add buildMultiTargeting folder to the Nuget package * Unzip and Zip again for including the SBOM into the Nuget package. * Append GUID to the temporary unzipped folder. * Use Path.Combine for Unzip and Nupkg paths (#663) * Add E2E tests for Microsoft.Sbom.Targets project (#658) * add base setup for tests * updates to test * cleanup * Add more tests * update package version * cleanup * mini fix for copying sample project * add unloading step * create separate project for E2E tests * cleanup * rearrange method * cleanup * check for platform * try with locator * disable analyzers for sample project --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Remove GenerateSBOMTest project (#673) * Remove GenerateSBOMTest project * Remove N/A comment * Add ContinueOnError=ErrorAndContinue to the ZipDirectory, GenerateSBOM and Unzip (#672) * User/gustavoca/update with main (#675) * Bump Component Detection version (#624) * Bump Component Detection version * Bump NuGet Config and Framework versions * Raise dependabot PR limit (#629) * build(deps): bump stefanzweifel/git-auto-commit-action (#552) Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](stefanzweifel/git-auto-commit-action@8756aa0...8621497) --- updated-dependencies: - dependency-name: stefanzweifel/git-auto-commit-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> * build(deps): bump Microsoft.NET.Test.Sdk from 17.7.2 to 17.10.0 (#630) Bumps [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 17.7.2 to 17.10.0. - [Release notes](https://github.com/microsoft/vstest/releases) - [Changelog](https://github.com/microsoft/vstest/blob/main/docs/releases.md) - [Commits](microsoft/vstest@v17.7.2...v17.10.0) --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump MSTest.TestAdapter from 3.1.1 to 3.5.0 (#644) Bumps [MSTest.TestAdapter](https://github.com/microsoft/testfx) from 3.1.1 to 3.5.0. - [Release notes](https://github.com/microsoft/testfx/releases) - [Changelog](https://github.com/microsoft/testfx/blob/main/docs/Changelog.md) - [Commits](microsoft/testfx@v3.1.1...v3.5.0) --- updated-dependencies: - dependency-name: MSTest.TestAdapter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump Spectre.Console.Cli from 0.48.0 to 0.49.1 (#637) Bumps [Spectre.Console.Cli](https://github.com/spectreconsole/spectre.console) from 0.48.0 to 0.49.1. - [Release notes](https://github.com/spectreconsole/spectre.console/releases) - [Commits](spectreconsole/spectre.console@0.48.0...0.49.1) --- updated-dependencies: - dependency-name: Spectre.Console.Cli dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github/codeql-action from 3.25.12 to 3.25.15 (#625) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.12 to 3.25.15. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@4fa2a79...afb54ba) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump MSTest.TestFramework from 3.1.1 to 3.5.0 (#642) Bumps [MSTest.TestFramework](https://github.com/microsoft/testfx) from 3.1.1 to 3.5.0. - [Release notes](https://github.com/microsoft/testfx/releases) - [Changelog](https://github.com/microsoft/testfx/blob/main/docs/Changelog.md) - [Commits](microsoft/testfx@v3.1.1...v3.5.0) --- updated-dependencies: - dependency-name: MSTest.TestFramework dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump Microsoft.VisualStudio.Threading.Analyzers (#638) Bumps [Microsoft.VisualStudio.Threading.Analyzers](https://github.com/microsoft/vs-threading) from 17.7.30 to 17.10.48. - [Release notes](https://github.com/microsoft/vs-threading/releases) - [Commits](microsoft/vs-threading@v17.7.30...v17.10.48) --- updated-dependencies: - dependency-name: Microsoft.VisualStudio.Threading.Analyzers dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 (#654) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.15 to 3.26.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@afb54ba...eb055d7) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump MSTest.TestAdapter from 3.5.0 to 3.5.1 (#653) Bumps [MSTest.TestAdapter](https://github.com/microsoft/testfx) from 3.5.0 to 3.5.1. - [Release notes](https://github.com/microsoft/testfx/releases) - [Changelog](https://github.com/microsoft/testfx/blob/main/docs/Changelog.md) - [Commits](microsoft/testfx@v3.5.0...v3.5.1) --- updated-dependencies: - dependency-name: MSTest.TestAdapter dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sarah Oslund <sfoslund@microsoft.com> * build(deps): bump MSTest.TestFramework from 3.5.0 to 3.5.1 (#652) Bumps [MSTest.TestFramework](https://github.com/microsoft/testfx) from 3.5.0 to 3.5.1. - [Release notes](https://github.com/microsoft/testfx/releases) - [Changelog](https://github.com/microsoft/testfx/blob/main/docs/Changelog.md) - [Commits](microsoft/testfx@v3.5.0...v3.5.1) --- updated-dependencies: - dependency-name: MSTest.TestFramework dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sarah Oslund <sfoslund@microsoft.com> * build(deps): bump Moq from 4.17.2 to 4.20.70 (#640) Bumps [Moq](https://github.com/moq/moq) from 4.17.2 to 4.20.70. - [Release notes](https://github.com/moq/moq/releases) - [Changelog](https://github.com/devlooped/moq/blob/main/CHANGELOG.md) - [Commits](moq/moq.spikes@v4.17.2...v4.20.70) --- updated-dependencies: - dependency-name: Moq dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump coverlet.collector from 6.0.0 to 6.0.2 (#641) Bumps [coverlet.collector](https://github.com/coverlet-coverage/coverlet) from 6.0.0 to 6.0.2. - [Release notes](https://github.com/coverlet-coverage/coverlet/releases) - [Commits](coverlet-coverage/coverlet@v6.0.0...v6.0.2) --- updated-dependencies: - dependency-name: coverlet.collector dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump StyleCop.Analyzers (#636) Bumps [StyleCop.Analyzers](https://github.com/DotNetAnalyzers/StyleCopAnalyzers) from 1.2.0-beta.507 to 1.2.0-beta.556. - [Release notes](https://github.com/DotNetAnalyzers/StyleCopAnalyzers/releases) - [Changelog](https://github.com/DotNetAnalyzers/StyleCopAnalyzers/blob/master/documentation/KnownChanges.md) - [Commits](DotNetAnalyzers/StyleCopAnalyzers@1.2.0-beta.507...1.2.0-beta.556) --- updated-dependencies: - dependency-name: StyleCop.Analyzers dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump Microsoft.SourceLink.GitHub from 1.1.1 to 8.0.0 (#645) Bumps [Microsoft.SourceLink.GitHub](https://github.com/dotnet/sourcelink) from 1.1.1 to 8.0.0. - [Release notes](https://github.com/dotnet/sourcelink/releases) - [Commits](dotnet/sourcelink@1.1.1...8.0.0) --- updated-dependencies: - dependency-name: Microsoft.SourceLink.GitHub dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump MinVer from 4.3.0 to 5.0.0 (#634) Bumps [MinVer](https://github.com/adamralph/minver) from 4.3.0 to 5.0.0. - [Changelog](https://github.com/adamralph/minver/blob/main/CHANGELOG.md) - [Commits](adamralph/minver@4.3.0...5.0.0) --- updated-dependencies: - dependency-name: MinVer dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump Microsoft.Extensions.Http, Microsoft.Extensions.Logging.Abstractions and Microsoft.Extensions.DependencyInjection (#649) Bumps [Microsoft.Extensions.Http](https://github.com/dotnet/runtime), [Microsoft.Extensions.Logging.Abstractions](https://github.com/dotnet/runtime) and [Microsoft.Extensions.DependencyInjection](https://github.com/dotnet/runtime). These dependencies needed to be updated together. Updates `Microsoft.Extensions.Http` from 7.0.0 to 8.0.0 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](dotnet/runtime@v7.0.0...v8.0.0) Updates `Microsoft.Extensions.Logging.Abstractions` from 7.0.1 to 8.0.0 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](dotnet/runtime@v7.0.1...v8.0.0) Updates `Microsoft.Extensions.DependencyInjection` from 7.0.0 to 8.0.0 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](dotnet/runtime@v7.0.0...v8.0.0) --- updated-dependencies: - dependency-name: Microsoft.Extensions.Http dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.Extensions.Logging.Abstractions dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.Extensions.DependencyInjection dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump Microsoft.Extensions.Logging.Abstractions and Microsoft.Extensions.DependencyInjection.Abstractions (#650) Bumps [Microsoft.Extensions.Logging.Abstractions](https://github.com/dotnet/runtime) and [Microsoft.Extensions.DependencyInjection.Abstractions](https://github.com/dotnet/runtime). These dependencies needed to be updated together. Updates `Microsoft.Extensions.Logging.Abstractions` from 7.0.1 to 8.0.1 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](dotnet/runtime@v7.0.1...v8.0.1) Updates `Microsoft.Extensions.DependencyInjection.Abstractions` from 8.0.0 to 8.0.1 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](dotnet/runtime@v8.0.0...v8.0.1) --- updated-dependencies: - dependency-name: Microsoft.Extensions.Logging.Abstractions dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.Extensions.DependencyInjection.Abstractions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump Scrutor from 4.2.0 to 4.2.2 (#646) Bumps [Scrutor](https://github.com/khellang/Scrutor) from 4.2.0 to 4.2.2. - [Release notes](https://github.com/khellang/Scrutor/releases) - [Commits](khellang/Scrutor@v4.2.0...v4.2.2) --- updated-dependencies: - dependency-name: Scrutor dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix tests * Bump Microsoft.Extensions.Hosting --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: José Renan <joserenansl99@gmail.com> Co-authored-by: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sarah Oslund <sfoslund@microsoft.com> * Update README * Address Feedback (#679) * Address feedback and remove SbomPath * remove whitespace * remove comment --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * address more feedback (#682) Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Pack each project separately (#681) * Pack each project separately * Remove extra dotnet apck * Inspect the content of the Nuget package instead of extracting to disk during e2e tests. * User/gustavoca/dont extract e2e tests (#684) * Inspect the content of the Nuget package instead of extracting to disk during e2e tests. * Remove extra changes in Directory.Packages.Props * Remove instance of Newtonsoft.Json * Remove not needed Message * Revert "Remove instance of Newtonsoft.Json" This reverts commit 52329d4. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Sarah Oslund <sfoslund@microsoft.com> Co-authored-by: vpatakottu <47004464+vpatakottu@users.noreply.github.com> Co-authored-by: vpatakottu <vpatakottu@microsoft.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Co-authored-by: José Renan <joserenansl99@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Update Microsoft.Sbom.Extensions with latest from internal repo