Users/ksigmund/sbom api oss #12
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
ksigmund
force-pushed
the
users/ksigmund/sbom-api-oss
branch
from
098e133
to
86fbef0
Compare
aasim
reviewed
Jun 22, 2022
aasim
reviewed
Jun 22, 2022
aasim
reviewed
Jun 22, 2022
aasim
approved these changes
Jun 22, 2022
ByAgenT
reviewed
Jun 22, 2022
| @@ -12,7 +12,7 @@ | |||
| <PackageVersion Include="Microsoft.CodeAnalysis.FxCopAnalyzers" Version="3.3.0"/> | |||
| <PackageVersion Include="Newtonsoft.Json" Version="13.0.1"/> | |||
| <PackageVersion Include="StyleCop.Analyzers" Version="1.1.118"/> | |||
| <PackageVersion Include="System.Text.Json" Version="6.0.5" /> | |||
| <PackageVersion Include="System.Text.Json" Version="6.0.0" /> | |||
There was a problem hiding this comment.
Is this a fix for the issue you mentioned today?
|
|
||
| #endregion | ||
|
|
||
| #region QuickBuild Manifest workflow bindings |
| /// Creates the Ninject bindings for the whole project. | ||
| /// </summary> | ||
| /// <remarks> | ||
| /// Microsoft.ManifestTool.Api.dll is the assembly name of the SBOM API project. |
There was a problem hiding this comment.
ManifestTool is an old name
| public string ManifestPath { get; set; } | ||
|
|
||
| /// <summary> | ||
| /// Gets or sets the root folder where the generated manifest (and other files like bsi.json) files will be placed. |
| /// <summary> | ||
| /// Generate a manifest.json and a bsi.json for all the files in the given build drop folder. | ||
| /// </summary> | ||
| [ArgActionMethod, ArgDescription("Generate a manifest.json and a bsi.json for all the files " + |
There was a problem hiding this comment.
Same here w/ manifest.json and bsi.json
| catch (AccessDeniedValidationArgException e) | ||
| { | ||
| var message = e.InnerException != null ? e.InnerException.Message : e.Message; | ||
| Console.WriteLine($"Encountered error while running ManifestTool generation workflow. Error: {message}"); |
There was a problem hiding this comment.
ManifestTool -> SBOM Tool
| catch (Exception e) | ||
| { | ||
| var message = e.InnerException != null ? e.InnerException.Message : e.Message; | ||
| Console.WriteLine($"Encountered error while running ManifestTool generation workflow. Error: {message}"); |
There was a problem hiding this comment.
ManifestTool -> SBOM Tool
| /// Thrown when the manifest tool is unable to serialize the SBOM component. | ||
| /// </summary> | ||
| [Serializable] | ||
| public class ManifestToolSerializerException : Exception |
There was a problem hiding this comment.
Should we rename it to SbomTool?
| // Licensed under the MIT license. See LICENSE file in the project root for full license information. | ||
|
|
||
| using Castle.Core.Internal; | ||
| using DropValidator.Api.Config.Extensions; |
ByAgenT
reviewed
Jun 23, 2022
| </PropertyGroup> | ||
|
|
||
| <ItemGroup> | ||
| <PackageReference Include="AutoMapper" /> |
There was a problem hiding this comment.
Should we lock packages on specific version?
|
|
||
| using System; | ||
| using System.Collections.Generic; | ||
| using DropValidator.Api.Output.Telemetry.Entities; |
| SBOMConfigs.TryGetMetadata(MetadataKey.ImageVersion, out object imageVersionObj)) | ||
| { | ||
| Log.Debug($"Adding the image OS package to the packages list as a dependency."); | ||
| string name = $"Azure Pipelines Hosted Image {imageOsObj}"; |
There was a problem hiding this comment.
Is this expected to be public?
There was a problem hiding this comment.
Same question to code below
| @@ -0,0 +1,43 @@ | |||
| Generates Software Bill of Materials (SBOM) | |||
There was a problem hiding this comment.
Is this Readme up-to-date? Should we update it, add more information besides example, etc.?
|
|
||
| public static AlgorithmName DefaultHashAlgorithmName = AlgorithmName.SHA256; | ||
|
|
||
| public const string ManifestBsiFileName = "bsi.json"; |
| nuget, | ||
| bower, | ||
| purl, | ||
| Maven_central, |
There was a problem hiding this comment.
It looks like this enum is JSON serializable, does it affect output SBOM and is it safe to do this change?
There was a problem hiding this comment.
Good call. I'll revert and add an exception for StyleCop.
| @@ -10,10 +10,6 @@ | |||
| <PackageVersion>$(SBOMPackageVersion)</PackageVersion> | |||
There was a problem hiding this comment.
This file also has signing and mention of a signing key that should not be in this repo.
| Assert.IsFalse(result); | ||
| } | ||
|
|
||
| private const string goodJson = "{\"Outputs\":[{\"Source\":\"/child1/file2\",\"AzureArtifactsHash\":" + |
There was a problem hiding this comment.
This is an example json from CB manifest. Should we remove it?
gustavoaca1997
added a commit
that referenced
this pull request
Jun 24, 2024
* setting up imports * Add reference to local Nuget package, for testing purposes * rename targets and props, export them to the build folder * Fix test project * Fix Targets file to include props * Manually adding the Sources Providers that support ProviderType.Packages * Manually add the missing classes for SBOM generation * Add MSBuild properties to our Props file (#8) * Use MSBuild/.NET props for default values of the Generate SBOM task. * Remove hardcoded path from the Targets * Add default value to props file for SbomGenerationManifestDirPath * Add final ManifestDirPath to SbomGenerationResult. * Fix typo * Change Summary comment for ManifestDirPath * include sbom files in user's nuget packages (#11) Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Make the task target .net 8 and .net 6 (#13) * Remove unrooted checks (#14) * Downgrade Microsoft.Extensions.Hosting back to 7.0.1 * Remove LocalNuget configuration * Stop tracking nuspec file * Remove unnecessary comments. * Remove reference to Microsoft.Sbom.Targets Nuget * Apply suggestions from the linter and PR comments. --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> Co-authored-by: vpatakottu <47004464+vpatakottu@users.noreply.github.com>
gustavoaca1997
added a commit
that referenced
this pull request
Sep 9, 2024
* Experimenting with dotnet * Add comments * Make the Sbom.Targets project to build. * Add all arguments to GenerateSBOMTask (#1) Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Add call to the SBOM API from GenerateSbomTask#Execute (#2) * Start implementing Execute * Make SBOM Targets test target .NET 8 only. * Make the Component Path not required. * Build the current project in test, and check that the manifest was generated. * Ad a few comments for TODOs. * Validate and Sanitize Arguments (#3) * Validate arguments * ignore case for enum conversion * create method for manifestinfo --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Add tests for Generate SBOM Task (#4) * Add more tests for GenerateSbomTask.Execute logic * Add SBOM Validation to the Generate SBOM Task tests. * Add a utility method that validates the SBOM being generated during tests * Make more tests use the new utility validator method * Pass sbom specification during tests * Refactor GenerateSbomTask tests to be parametrized through the SBOM Specification * Fix typo * Add an abstract method for the Sbom Specification of the AbstractGenerateSbomTaskTests * Address PR suggestions * Made fields internal instead of private in AbstractGenerateSbomTaskTests * Add unit tests for GenerateSbomTask inputs (#6) * add unit tests for GenerateSbomTask inputs * remove console print * Addressing feedback * addressing feedback and adding more tests' --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Add additional unit tests for valid cases (#7) * add additional unit tests for valid cases * address feedback and add few more cases --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Merging Varshita's branch into our feature branch (#12) * setting up imports * Add reference to local Nuget package, for testing purposes * rename targets and props, export them to the build folder * Fix test project * Fix Targets file to include props * Manually adding the Sources Providers that support ProviderType.Packages * Manually add the missing classes for SBOM generation * Add MSBuild properties to our Props file (#8) * Use MSBuild/.NET props for default values of the Generate SBOM task. * Remove hardcoded path from the Targets * Add default value to props file for SbomGenerationManifestDirPath * Add final ManifestDirPath to SbomGenerationResult. * Fix typo * Change Summary comment for ManifestDirPath * include sbom files in user's nuget packages (#11) Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Make the task target .net 8 and .net 6 (#13) * Remove unrooted checks (#14) * Downgrade Microsoft.Extensions.Hosting back to 7.0.1 * Remove LocalNuget configuration * Stop tracking nuspec file * Remove unnecessary comments. * Remove reference to Microsoft.Sbom.Targets Nuget * Apply suggestions from the linter and PR comments. --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> Co-authored-by: vpatakottu <47004464+vpatakottu@users.noreply.github.com> * Fix ubuntu tests (#16) * add users/gustavoca/net-sdk-sbom-tool branch to PR pipelines * Fix Ubuntu tests for Targets project * Update feature branch (#17) * build(deps): bump actions/checkout from 4.1.1 to 4.1.6 (#574) Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.1 to 4.1.6. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@b4ffde6...a5ac7e5) --- updated-dependencies: - dependency-name: actions/checkout dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github/codeql-action from 3.24.3 to 3.25.8 (#591) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.3 to 3.25.8. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@3796146...2e230e8) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Add missing header to AbstractGenerateSbomTaskTests (#598) * Create template tool task (#600) * create template tool task * Make the tests successfully run * Include the SBOM CLI Tool to the .NET Framework package folder. * refactor code a little and address feedback @microsoft-github-policy-service agree company="Microsoft" --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> Co-authored-by: gustavoaca1997 <gustavoaca1997@gmail.com> * Run the Github build also for feature branches. * Implement SBOM CLI ToolTask (#607) * implement ToolTask * addressing feedback * addressing feedback pt. 2 --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Update System.Text.Json * Stop importing the props twice when referencing the Nuget package (#612) * Add tests for the MSBuild Full version of the Generate SBOM task (#613) * Bring changes from feautre branch * Make the Targets.Tests project also target .NET Framework * Remove props file * Implement tests for MSBuild Full version of the task * Simplify how the CLI tool is called from the tests. * Add test for file being in use. * Test the output of the ToolTask. * Change the name of AbstractGenerateSBomTaskInputTests to AbstractGenerateSbomTaskInputTests * Include .NET Framework output in Sbom_Generation_Succeeds_For_Null_Verbosity * Update src/Microsoft.Sbom.Targets/SbomCLIToolTask.cs Co-authored-by: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> * Skip tests that are failing due to known issues * Add debug messages for the test pipeline * Fix .net core tests * Target .NET Framework only on Windows * Remove unnecessary comment. * Update default Verbosity. * Address comments. * Change name of AbstractGenerateSbomTaskInputTests * Address PR Comments --------- Co-authored-by: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> * Update NuGet Package Format and Surface Errors (#619) * update nuget package format and surface errors * simplify sbom output * update targets to use SbomPath output var for ToolTask * fix bad merge * append manifest folder name for manifestdirpath * add path.combine and property checks * append platform version * create ManifestDirPath if needed * temporarily comment out * remove manifestdirpath logic for now * use path.combine and full path --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Add README for Microsoft.Sbom.Targets project (#651) * Adding readme * add code quotes --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Workaround for generating a SBOM manifest at the root level of the Nuget Package (#656) * Add buildMultiTargeting folder to the Nuget package * Unzip and Zip again for including the SBOM into the Nuget package. * Append GUID to the temporary unzipped folder. * Use Path.Combine for Unzip and Nupkg paths (#663) * Add E2E tests for Microsoft.Sbom.Targets project (#658) * add base setup for tests * updates to test * cleanup * Add more tests * update package version * cleanup * mini fix for copying sample project * add unloading step * create separate project for E2E tests * cleanup * rearrange method * cleanup * check for platform * try with locator * disable analyzers for sample project --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Remove GenerateSBOMTest project (#673) * Remove GenerateSBOMTest project * Remove N/A comment * Add ContinueOnError=ErrorAndContinue to the ZipDirectory, GenerateSBOM and Unzip (#672) * User/gustavoca/update with main (#675) * Bump Component Detection version (#624) * Bump Component Detection version * Bump NuGet Config and Framework versions * Raise dependabot PR limit (#629) * build(deps): bump stefanzweifel/git-auto-commit-action (#552) Bumps [stefanzweifel/git-auto-commit-action](https://github.com/stefanzweifel/git-auto-commit-action) from 5.0.0 to 5.0.1. - [Release notes](https://github.com/stefanzweifel/git-auto-commit-action/releases) - [Changelog](https://github.com/stefanzweifel/git-auto-commit-action/blob/master/CHANGELOG.md) - [Commits](stefanzweifel/git-auto-commit-action@8756aa0...8621497) --- updated-dependencies: - dependency-name: stefanzweifel/git-auto-commit-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> * build(deps): bump Microsoft.NET.Test.Sdk from 17.7.2 to 17.10.0 (#630) Bumps [Microsoft.NET.Test.Sdk](https://github.com/microsoft/vstest) from 17.7.2 to 17.10.0. - [Release notes](https://github.com/microsoft/vstest/releases) - [Changelog](https://github.com/microsoft/vstest/blob/main/docs/releases.md) - [Commits](microsoft/vstest@v17.7.2...v17.10.0) --- updated-dependencies: - dependency-name: Microsoft.NET.Test.Sdk dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump MSTest.TestAdapter from 3.1.1 to 3.5.0 (#644) Bumps [MSTest.TestAdapter](https://github.com/microsoft/testfx) from 3.1.1 to 3.5.0. - [Release notes](https://github.com/microsoft/testfx/releases) - [Changelog](https://github.com/microsoft/testfx/blob/main/docs/Changelog.md) - [Commits](microsoft/testfx@v3.1.1...v3.5.0) --- updated-dependencies: - dependency-name: MSTest.TestAdapter dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump Spectre.Console.Cli from 0.48.0 to 0.49.1 (#637) Bumps [Spectre.Console.Cli](https://github.com/spectreconsole/spectre.console) from 0.48.0 to 0.49.1. - [Release notes](https://github.com/spectreconsole/spectre.console/releases) - [Commits](spectreconsole/spectre.console@0.48.0...0.49.1) --- updated-dependencies: - dependency-name: Spectre.Console.Cli dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github/codeql-action from 3.25.12 to 3.25.15 (#625) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.12 to 3.25.15. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@4fa2a79...afb54ba) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump MSTest.TestFramework from 3.1.1 to 3.5.0 (#642) Bumps [MSTest.TestFramework](https://github.com/microsoft/testfx) from 3.1.1 to 3.5.0. - [Release notes](https://github.com/microsoft/testfx/releases) - [Changelog](https://github.com/microsoft/testfx/blob/main/docs/Changelog.md) - [Commits](microsoft/testfx@v3.1.1...v3.5.0) --- updated-dependencies: - dependency-name: MSTest.TestFramework dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump Microsoft.VisualStudio.Threading.Analyzers (#638) Bumps [Microsoft.VisualStudio.Threading.Analyzers](https://github.com/microsoft/vs-threading) from 17.7.30 to 17.10.48. - [Release notes](https://github.com/microsoft/vs-threading/releases) - [Commits](microsoft/vs-threading@v17.7.30...v17.10.48) --- updated-dependencies: - dependency-name: Microsoft.VisualStudio.Threading.Analyzers dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump github/codeql-action from 3.25.15 to 3.26.0 (#654) Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.15 to 3.26.0. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](github/codeql-action@afb54ba...eb055d7) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump MSTest.TestAdapter from 3.5.0 to 3.5.1 (#653) Bumps [MSTest.TestAdapter](https://github.com/microsoft/testfx) from 3.5.0 to 3.5.1. - [Release notes](https://github.com/microsoft/testfx/releases) - [Changelog](https://github.com/microsoft/testfx/blob/main/docs/Changelog.md) - [Commits](microsoft/testfx@v3.5.0...v3.5.1) --- updated-dependencies: - dependency-name: MSTest.TestAdapter dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sarah Oslund <sfoslund@microsoft.com> * build(deps): bump MSTest.TestFramework from 3.5.0 to 3.5.1 (#652) Bumps [MSTest.TestFramework](https://github.com/microsoft/testfx) from 3.5.0 to 3.5.1. - [Release notes](https://github.com/microsoft/testfx/releases) - [Changelog](https://github.com/microsoft/testfx/blob/main/docs/Changelog.md) - [Commits](microsoft/testfx@v3.5.0...v3.5.1) --- updated-dependencies: - dependency-name: MSTest.TestFramework dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sarah Oslund <sfoslund@microsoft.com> * build(deps): bump Moq from 4.17.2 to 4.20.70 (#640) Bumps [Moq](https://github.com/moq/moq) from 4.17.2 to 4.20.70. - [Release notes](https://github.com/moq/moq/releases) - [Changelog](https://github.com/devlooped/moq/blob/main/CHANGELOG.md) - [Commits](moq/moq.spikes@v4.17.2...v4.20.70) --- updated-dependencies: - dependency-name: Moq dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump coverlet.collector from 6.0.0 to 6.0.2 (#641) Bumps [coverlet.collector](https://github.com/coverlet-coverage/coverlet) from 6.0.0 to 6.0.2. - [Release notes](https://github.com/coverlet-coverage/coverlet/releases) - [Commits](coverlet-coverage/coverlet@v6.0.0...v6.0.2) --- updated-dependencies: - dependency-name: coverlet.collector dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump StyleCop.Analyzers (#636) Bumps [StyleCop.Analyzers](https://github.com/DotNetAnalyzers/StyleCopAnalyzers) from 1.2.0-beta.507 to 1.2.0-beta.556. - [Release notes](https://github.com/DotNetAnalyzers/StyleCopAnalyzers/releases) - [Changelog](https://github.com/DotNetAnalyzers/StyleCopAnalyzers/blob/master/documentation/KnownChanges.md) - [Commits](DotNetAnalyzers/StyleCopAnalyzers@1.2.0-beta.507...1.2.0-beta.556) --- updated-dependencies: - dependency-name: StyleCop.Analyzers dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump Microsoft.SourceLink.GitHub from 1.1.1 to 8.0.0 (#645) Bumps [Microsoft.SourceLink.GitHub](https://github.com/dotnet/sourcelink) from 1.1.1 to 8.0.0. - [Release notes](https://github.com/dotnet/sourcelink/releases) - [Commits](dotnet/sourcelink@1.1.1...8.0.0) --- updated-dependencies: - dependency-name: Microsoft.SourceLink.GitHub dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump MinVer from 4.3.0 to 5.0.0 (#634) Bumps [MinVer](https://github.com/adamralph/minver) from 4.3.0 to 5.0.0. - [Changelog](https://github.com/adamralph/minver/blob/main/CHANGELOG.md) - [Commits](adamralph/minver@4.3.0...5.0.0) --- updated-dependencies: - dependency-name: MinVer dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump Microsoft.Extensions.Http, Microsoft.Extensions.Logging.Abstractions and Microsoft.Extensions.DependencyInjection (#649) Bumps [Microsoft.Extensions.Http](https://github.com/dotnet/runtime), [Microsoft.Extensions.Logging.Abstractions](https://github.com/dotnet/runtime) and [Microsoft.Extensions.DependencyInjection](https://github.com/dotnet/runtime). These dependencies needed to be updated together. Updates `Microsoft.Extensions.Http` from 7.0.0 to 8.0.0 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](dotnet/runtime@v7.0.0...v8.0.0) Updates `Microsoft.Extensions.Logging.Abstractions` from 7.0.1 to 8.0.0 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](dotnet/runtime@v7.0.1...v8.0.0) Updates `Microsoft.Extensions.DependencyInjection` from 7.0.0 to 8.0.0 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](dotnet/runtime@v7.0.0...v8.0.0) --- updated-dependencies: - dependency-name: Microsoft.Extensions.Http dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.Extensions.Logging.Abstractions dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.Extensions.DependencyInjection dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump Microsoft.Extensions.Logging.Abstractions and Microsoft.Extensions.DependencyInjection.Abstractions (#650) Bumps [Microsoft.Extensions.Logging.Abstractions](https://github.com/dotnet/runtime) and [Microsoft.Extensions.DependencyInjection.Abstractions](https://github.com/dotnet/runtime). These dependencies needed to be updated together. Updates `Microsoft.Extensions.Logging.Abstractions` from 7.0.1 to 8.0.1 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](dotnet/runtime@v7.0.1...v8.0.1) Updates `Microsoft.Extensions.DependencyInjection.Abstractions` from 8.0.0 to 8.0.1 - [Release notes](https://github.com/dotnet/runtime/releases) - [Commits](dotnet/runtime@v8.0.0...v8.0.1) --- updated-dependencies: - dependency-name: Microsoft.Extensions.Logging.Abstractions dependency-type: direct:production update-type: version-update:semver-major - dependency-name: Microsoft.Extensions.DependencyInjection.Abstractions dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * build(deps): bump Scrutor from 4.2.0 to 4.2.2 (#646) Bumps [Scrutor](https://github.com/khellang/Scrutor) from 4.2.0 to 4.2.2. - [Release notes](https://github.com/khellang/Scrutor/releases) - [Commits](khellang/Scrutor@v4.2.0...v4.2.2) --- updated-dependencies: - dependency-name: Scrutor dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> * Fix tests * Bump Microsoft.Extensions.Hosting --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: José Renan <joserenansl99@gmail.com> Co-authored-by: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Sarah Oslund <sfoslund@microsoft.com> * Update README * Address Feedback (#679) * Address feedback and remove SbomPath * remove whitespace * remove comment --------- Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * address more feedback (#682) Co-authored-by: vpatakottu <vpatakottu@microsoft.com> * Pack each project separately (#681) * Pack each project separately * Remove extra dotnet apck * Inspect the content of the Nuget package instead of extracting to disk during e2e tests. * User/gustavoca/dont extract e2e tests (#684) * Inspect the content of the Nuget package instead of extracting to disk during e2e tests. * Remove extra changes in Directory.Packages.Props * Remove instance of Newtonsoft.Json * Remove not needed Message * Revert "Remove instance of Newtonsoft.Json" This reverts commit 52329d4. --------- Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: Sarah Oslund <sfoslund@microsoft.com> Co-authored-by: vpatakottu <47004464+vpatakottu@users.noreply.github.com> Co-authored-by: vpatakottu <vpatakottu@microsoft.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Co-authored-by: Dave Tryon <45672944+DaveTryon@users.noreply.github.com> Co-authored-by: José Renan <joserenansl99@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.